Privacy Policy

Privacy and online safety are important to Carmel Solutions LLC. (“Carmel”). We offer a software
platform and services to facilitate consumer payments through the NACHA system, and perform
backup servicing activities for our clients. We collect data about businesses and their customers
(“Data”) when they use the platform, the services, and our websites (collectively, “Services”). This
privacy policy describes how we collect, use and disclose Data.
In this privacy policy, we sometimes refer to “You”. “You” may be a visitor to one of our websites, a
user of one or more of our Services (“User”), or a customer of a User (“Customer”). This policy does
not apply to third-party websites, products, or services even if they link to our Services, and You
should consider the privacy practices of those third-parties carefully. If You disagree with the
practices described in this policy, You should (a) take the necessary steps to remove cookies from
Your computer after leaving our website, and (b) discontinue Your use of our Services. Finally, we
have also put together a Cookie Policy that describes in detail how we use cookies and similar


1. Overview.


The Data we collect depends on how our Services are used. Sometimes we receive Data directly,
such as when a Carmel account is created, test transactions are submitted through our website, or
we receive an email. Other times, we get Data by recording interactions with our Services by, for
example, using technologies like cookies and web beacons. We also get Data from third parties, like
our financial partners or identity verification services.
The collection and use of data from a variety of sources is essential to our ability to provide our
Services – and to help keep the Services safe. Data is critical in helping us to increase the safety, and
reduce the risk of fraud, money laundering and other harmful activity.

2. Data We Collect.


a. Personal Data.


We call Data that identifies, or that could reasonably be used to identify, You as
an individual as “Personal Data”. We collect Personal Data in different ways. For example, we collect
Personal Data when a business registers for a Carmel account, a Customer makes payments or
conducts transactions through a User’s website or application, or a person responds to Carmel
emails. We also receive Personal Data from other sources, such as our partners, financial service
providers, identity verification services, and publicly available sources. Personal Data does not
include Data that has been aggregated or made anonymous such that it can no longer be reasonably
associated with a specific person. The Personal Data that we may collect includes:
Contact details, such as name, postal address, telephone number, email address.
Financial and transaction Data, such as credit or debit card number, and bank account information;
and Other Personal Data, such as date of birth, SSN or EIN.


b. Other Data.


We call Data other than Personal Data “Other Data”. We collect Other Data through a
variety of sources. One of our sources for Other Data is cookies and other technologies that record
Data about the use of our websites, websites that implement our Services, and the use of our
Services generally. Other Data that we may collect include:
Browser and device data, such as IP address, device type, operating system and Internet browser
type, screen resolution, operating system name and version, device manufacturer and model,
language, plug-ins, add-ons and the version of the Services You are using; Transaction data, such as
purchases, purchase amount, date of purchase, and payment method; Cookie and tracking
technology data, such as time spent on the Services, pages visited, language preferences, and other
anonymous traffic data; and Company data, such as a company’s legal structure, product and
service offerings, jurisdiction, and company records.


3. How We Use Data.


a. Personal Data.


We and our service providers use Personal Data to: (i) provide the Services; (ii)
detect and prevent fraud; (iii) mitigate financial loss or other harm to Users, Customers, and
Carmel; and (iv) promote, analyze and improve our products, systems, and tools. Examples of how
we may use Personal Data include:
To verify an identity for compliance purposes;
To evaluate an application to use our Services;
To conduct manual or systematic monitoring for fraud and other harmful activity;
To respond to inquiries, send service notices and provide customer support;
To process a payment, communicate regarding a payment, and provide related customer service;
For audits, regulatory purposes, and compliance with industry standards;
To develop new products;
To send marketing communications;
To improve or modify our Services; and
To conduct aggregate analysis and develop business intelligence that enable us to operate, protect,
make informed decisions, and report on the performance of, our business.


b. Other Data.


We may use Other Data for a range of different purposes, provided we comply with
applicable law and our contractual commitments.


4. How We Disclose Data.


Carmel does not sell or rent Personal Data to marketers or unaffiliated third parties. We share Your
Personal Data with trusted third parties, including:


a. Carmel Affiliates.


We share Data with entities that we control, are controlled by us, or are
under our common control, to provide our Services. Carmel is the party responsible for overall
management and use of the Data by these affiliated parties;


b. Carmel Service Providers.


We share Data with service providers who help us provide the
Services. Service providers help us with things like payment processing (i.e., banks, credit bureaus,
payment method providers), website hosting, data analysis, information technology and related
infrastructure, customer service, email delivery, and auditing;


d. Authorized Third Parties.


We share data with parties directly authorized by a User to receive
Data. The use of Data by an authorized third party is subject to the third party’s privacy policy;


e. Third Parties.


We will share Data with third parties in the event of any reorganization, merger,
sale, joint venture, assignment, transfer or other disposition of all or any portion of our business,
assets or stock (including in connection with any bankruptcy or similar proceedings); and


f. Safety.


Legal Purposes and Law Enforcement. We use and disclose Data as we believe
necessary: (i) under applicable law, or payment method rules; (ii) to enforce our terms and
conditions; (iii) to protect our rights, privacy, safety or property, and/or that of our affiliates, You or
others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies,
and other public and government authorities, which may include authorities outside Your country
of residence.


5. Security.


We use reasonable organizational, technical, and administrative measures to protect Personal Data
within our organization. Unfortunately, no data transmission or storage system can be guaranteed
to be 100% secure. If You have reason to believe that Your interaction with us is no longer secure
(for example, if You feel that the security of Your account has been compromised), please contact us


6. Retention Period.


We will retain Personal Data for the period necessary to fulfill the purposes outlined in this Privacy
Policy in keeping with required retention period based on fulfilment of business obligations and
regulatory requirements. Please note that we have a variety of obligations to retain the Data that
You provide to us, including to ensure that transactions can be appropriately processed, settled,
refunded or charged-back, to help identify fraud and to comply with anti-money laundering and
other laws and rules that apply to us and to our financial service providers. Accordingly, even if You
close Your Carmel Account, we will retain certain Data to meet our obligations. There may also be
residual Data that will remain within our databases and other records, which will not be removed.


7. Carmel as a Data Processor.



We may collect, use and disclose certain Personal Data about Customers when acting as the User’s
service provider. Our Users are responsible for making sure that the Customer’s privacy rights are
respected, including ensuring appropriate disclosures about third party data collection and use. To the extent that we are acting as a User’s data processor, we will process Personal Data in
accordance with the terms of our agreement with the User and the User’s lawful instructions.


8. Updates to this Privacy Policy and Notifications.



We may change this Privacy Policy. Any changes are effective when we post the revised Privacy
Policy on the Services.
We may provide You with disclosures and alerts regarding the Privacy Policy or Personal Data
collected by posting them on our website and, if You are a User, by contacting You at the email
address and/or the physical address listed in Your Carmel account. You agree that electronic
disclosures and notices have the same meaning and effect as if we had provided You with hard copy
disclosures. Disclosures and notices in relation to this Privacy Policy or Personal Data shall be
considered to be received by You within 24 hours of the time they are posted to our website or, in
the case of Users, sent to through one of means listed in this paragraph.


9. Contact Us.


If You have any questions about this Privacy Policy, please contact us at
[] or at:

Carmel Solutions LLC
969 Keystone Way, Suite 110
Carmel, Indiana 46032

Sensitive Information.

Because email communications are not always secure, please do not
include credit card or other sensitive Data in Your emails to us.