Privacy Policy

1. Information Collected via sagepaymentsgroup.com

Sage Payments Group LLC collects information to provide and improve our B2B high-risk payment processing services. Personal and business data is collected through forms and interactions on sagepaymentsgroup.com, including contact forms, demo requests, and merchant sign-up inquiries. We collect Personally Identifiable Information (PII) such as names, email addresses, phone numbers, and job titles. We also collect business data and website transaction metadata (such as IP addresses and browser types). We do not collect raw consumer cardholder data directly through this Site.

2. High-Risk Merchant Onboarding Data

Due to the regulated nature of high-risk merchant services, businesses applying for our services must undergo enhanced due diligence. During the onboarding process, we collect highly sensitive Know Your Business (KYB) and Know Your Customer (KYC) documentation. This includes, but is not limited to, government-issued identification for principal owners, articles of incorporation, business licenses, voided checks, processing history statements, and comprehensive financial records.

3. How Information Is Used

We use the information collected via sagepaymentsgroup.com to:

• Evaluate merchant eligibility and conduct underwriting risk assessments.
• Facilitate the placement of merchant accounts with acquiring banks.
• Communicate with you regarding your application, account status, and customer support inquiries.
• Monitor compliance with regulatory frameworks and card network rules.
• Improve the functionality, security, and user experience of our Site.

4. PCI DSS and HIPAA Cardholder and PHI Data Handling Disclaimers

Sage Payments Group LLC acts as a payment facilitator and gateway provider. We maintain compliance with the Payment Card Industry Data Security Standard (PCI DSS v4.0). We facilitate the secure transmission of cardholder data but do not store raw cardholder data on our proprietary corporate systems. For telemedicine merchants, while we mandate that you maintain HIPAA-compliant systems for Protected Health Information (PHI), Sage Payments Group LLC processes payment data and does not directly store or manage medical records or PHI.

5. Cookies and Tracking Technologies on sagepaymentsgroup.com

We use cookies, web beacons, and similar tracking technologies to enhance your experience on our Site. Cookies are small data files stored on your device that help us understand web traffic, remember your preferences, and track the effectiveness of our marketing. These cookies and tracking technologies apply specifically to sessions on sagepaymentsgroup.com. You can manage your cookie preferences through your browser settings.

6. Data Sharing with Third Parties

To provide our high-risk processing services, we must share your business and personal data with strictly vetted third parties. These include acquiring banks, payment processors, card networks (Visa, Mastercard, Discover, American Express), fraud prevention platforms, and compliance verification vendors. We only share the data necessary to secure your merchant account, process transactions, and satisfy legal and regulatory mandates. We do not sell your personal data to third parties for their own marketing purposes.

7. Data Retention and Deletion Policy

We retain your personal and business information for as long as your merchant account is active, or as needed to provide you with services. Because we operate in a highly regulated financial sector, we are legally required to retain certain onboarding data, KYC/KYB records, and transaction metadata for specific periods (typically up to seven years) to comply with anti-money laundering (AML) laws, financial reporting requirements, and card network regulations, even after an account is closed.

8. Security Safeguards

We implement robust, industry-standard security measures to protect the sensitive data we collect. This includes data encryption in transit and at rest, multi-factor authentication, strict internal access controls, and regular vulnerability assessments. Our security practices are aligned with the Gramm-Leach-Bliley Act (GLBA) and HIPAA safeguard frameworks to ensure the confidentiality and integrity of your financial and business data.

9. California Resident Rights (CCPA/CPRA)

Under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), California residents have specific rights regarding their personal information. These include the right to request access to the personal data we collect, the right to request the deletion of their personal data (subject to our legal retention requirements), and the right to opt-out of the sale or sharing of their personal data. To exercise these rights, please contact us using the information in Section 13.

10. Florida Resident Rights (Florida DEPA)

In compliance with the Florida Digital Bill of Rights (Florida DEPA), eligible Florida residents possess rights concerning the collection, processing, and protection of their personal data. You have the right to confirm whether we are processing your personal data, access that data, and request corrections or deletions where legally permissible.

11. Children's Privacy

sagepaymentsgroup.com is a B2B platform intended solely for use by adult business owners and representatives. Our Site is not directed at children under the age of 13, and we do not knowingly collect personal information from minors in compliance with the Children's Online Privacy Protection Act (COPPA).

12. Do Not Sell or Share My Personal Information

Sage Payments Group LLC does not sell your personal or business data. We only share information with acquiring banks and operational partners necessary to facilitate your payment processing services. If you wish to manage your data sharing preferences, you may submit a request through the contact methods below.

13. Contact for Privacy Requests

If you have questions about this Privacy Policy, wish to exercise your state-specific privacy rights, or need to manage your data, privacy requests and inquiries should be directed via the contact page at sagepaymentsgroup.com or by email at contact@sagepaymentsgroup.com.

14. Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices, regulatory environments, or technology. The current version of the Privacy Policy is always available at sagepaymentsgroup.com/privacy-policy. The "Effective Date" at the top of this document indicates when the latest changes were made.