Header Preview
Privacy Policy | EmeraldPay
Legal

Privacy Policy

How EmeraldPay collects, uses, shares, and protects your personal information, and the rights you have over it.

Last updated: May 4, 2026 Effective: May 4, 2026 Version: 3.0

The short version

  • We are Emerald Business Solutions, LLC, doing business as EmeraldPay, a Florida company providing merchant payment processing to businesses in the United States.
  • EmeraldPay is a registered Independent Sales Organization of Fiserv, sponsored by Citizens Bank. Your processing account ultimately runs on those partners' systems.
  • We collect information from website visitors, merchant applicants, and active merchants, and we receive information from our processing and underwriting partners.
  • We use information to operate our services, manage merchant accounts, prevent fraud, comply with financial laws, and market our products.
  • We do not sell personal information for money. Some of our website advertising activity qualifies as "sharing" under California law, and you can opt out at any time.
  • You have rights over your information, including the right to know, delete, correct, and opt out. See Your Privacy Rights or email [email protected].

01 About this Policy

This Privacy Policy explains how Emerald Business Solutions, LLC, doing business as EmeraldPay ("EmeraldPay," "we," "us," or "our"), collects, uses, shares, and protects information about you when you visit emeraldpay.com, apply for or use our merchant payment processing services, or otherwise interact with us.

This Policy applies only to EmeraldPay and the website at emeraldpay.com. Other brands or services that we or our affiliates operate are governed by their own separate privacy policies.

EmeraldPay's services are designed for businesses, not consumers. Most of the people whose information we collect are business owners, authorized signers, or employees acting on behalf of a business. The protections in this Policy still apply to information about identifiable individuals regardless of the business context.

If you are a consumer who paid a merchant that uses our payment services, this Policy describes how we handle the payment information that passes through our systems. The merchant who collected your payment is the primary controller of your information; please refer to that merchant's privacy policy for their own practices.

02 Our Role in Payments

Understanding how money and information flow through the payment system helps explain who has your data and why. Here is our role:

  • EmeraldPay is a registered Independent Sales Organization (ISO) of Fiserv. That means we resell Fiserv's payment processing services and act as the customer-facing relationship for sales, account setup, and ongoing service.
  • Citizens Bank is our sponsor bank. Card network rules require that every merchant account be sponsored by a member bank. Citizens Bank performs that role for the merchants we onboard.
  • Fiserv handles the underlying processing, underwriting, and risk monitoring. When you submit an application through EmeraldPay, the application data is passed to Fiserv (and to Citizens Bank where required) for review and approval. Fiserv operates the systems that authorize transactions, settle funds, and manage chargebacks for your account.
  • The card networks (Visa, Mastercard, American Express, Discover, Diners Club, JCB, and others) carry transaction data through their own systems and apply their own rules to how it can be used.
  • Other payment methods we support (PayPal, Apple Pay, Google Pay, Alipay, ACH, and similar) involve their own networks and providers, each with their own terms.

Your information is therefore not held only by us. It is also held and used by Fiserv, Citizens Bank, the card networks, and the providers of any non-card payment methods you use. Each of those parties has its own privacy practices.

03 Who This Policy Covers

This Policy describes our practices with respect to three categories of individuals:

  • Website visitors: anyone who visits emeraldpay.com, requests a quote, downloads content, or otherwise interacts with our public website or marketing.
  • Merchant applicants: business owners and authorized representatives who fill out a Merchant Processing Agreement (MPA) or other application to open an account with us.
  • Active merchants and their authorized users: business owners, signers, employees, and other contacts of merchants that have an active processing relationship with us.

The information we collect, how we use it, and who we share it with vary based on which of these categories you fall into. The sections below describe each.

04 Information We Collect

From website visitors

When you visit emeraldpay.com, we collect:

  • Information you submit: name, business name, email address, phone number, and any details you include in a contact or quote request form.
  • Information collected automatically: IP address, approximate location derived from IP, browser and device type, operating system, referring URL, pages visited, time on page, links clicked, and similar diagnostic data.
  • Live chat information: if you use the live chat tool on our website, we collect the messages you send, your contact details if you provide them, and basic technical information about your session. The chat is operated through a third-party service provider on our behalf.

From merchant applicants

When you apply for an EmeraldPay account, we collect (or pass through to Fiserv) the information needed to set up and underwrite a merchant account, including:

  • Business information: legal business name, DBA, business address, business phone, federal tax identification number (EIN), formation type, date established, industry, website, and product or service description.
  • Owner and authorized signer information: name, home address, date of birth, Social Security Number (SSN), driver's license or other government ID number, ownership percentage, and contact information.
  • Banking information: bank account and routing numbers for funding deposits and processing fee debits.
  • Processing history: estimated monthly volume, average ticket, prior processor information, and any history of chargebacks or terminations.
  • Supporting documents: articles of incorporation or formation, bank statements, voided checks, prior processing statements, photo ID, and other documentation requested as part of underwriting.
  • Signatures and acceptance records: electronic signatures, timestamps, IP address at time of signing, and similar evidence of acceptance for the MPA and related agreements (collected through Jotform Sign or other secured form providers).

From active merchants and authorized users

  • Account contact data: contact people, billing contacts, technical contacts, and login credentials for any merchant tools you use.
  • Transaction data: records of card transactions processed on your account, including amount, date, time, card brand, last four digits of the card, and authorization status. Full card numbers are not stored on our systems; see Payment Card Data and PCI.
  • Servicing communications: emails, support tickets, chat messages, and notes from interactions with our team.
  • Risk and compliance data: chargeback records, fraud alerts, compliance review notes, and other information related to managing the account.

Categories under California law

The CCPA, as amended by the CPRA, organizes personal information into specific categories. The categories we collect are summarized below.

CCPA CategoryExamples of what we collect
IdentifiersName, postal address, email, phone number, business EIN, owner SSN (for underwriting), IP address, device identifiers, online identifiers
Customer recordsBusiness records, signatures, banking information, government IDs
Commercial informationProducts or services considered or purchased, transaction history, processing volume, chargeback history
Internet or network activityBrowsing on our site, pages viewed, referring URLs, ad and email engagement, cookie identifiers
GeolocationApproximate location from IP address. We do not collect precise GPS location.
Audio or visualPhotos of government ID submitted during onboarding. We do not record customer phone calls.
Professional informationJob title, role within the merchant business, business industry
InferencesRisk and creditworthiness signals from underwriting, audience attributes for marketing
Sensitive personal informationSSN, driver's license or government ID number, financial account numbers, account credentials

05 Sources of Information

We collect personal information from the following sources:

  • Directly from you when you visit our site, contact us, or submit an application.
  • Automatically from your devices when you interact with our website or emails.
  • From Fiserv regarding underwriting decisions, account status, transaction processing, and risk monitoring.
  • From Citizens Bank as our sponsor bank, regarding account approval and ongoing compliance.
  • From card networks and other payment networks regarding transaction details, chargebacks, and account status.
  • From consumer reporting agencies and identity verification services as part of underwriting (this work is performed by Fiserv on our behalf).
  • From government and public records when verifying business registration, ownership, or compliance status.
  • From advertising platforms and analytics providers regarding ad performance and how visitors interact with our website.
  • From other service providers acting on our behalf.

06 How We Use Information

We use personal information for the following purposes:

Operating our services

  • Reviewing and processing applications, including passing application data to Fiserv and Citizens Bank for underwriting.
  • Setting up, maintaining, and servicing merchant accounts.
  • Communicating about your account, transactions, fees, and service updates.
  • Providing customer support and resolving issues.

Compliance, security, and risk

  • Verifying your identity and the legitimacy of your business.
  • Detecting, preventing, and investigating fraud, money laundering, and unlawful activity.
  • Meeting our obligations under federal and state financial laws, the Bank Secrecy Act, OFAC sanctions screening, the rules of the card networks, and the PCI Data Security Standard.
  • Enforcing our agreements and resolving disputes.

Marketing and growth

  • Sending marketing emails about our products and services to people who have given us their contact information.
  • Sending text messages to people who have opted in. See SMS and Text Messaging.
  • Showing relevant ads on third-party platforms such as Google and Meta, and measuring how those ads perform.
  • Analyzing site usage to improve our website, content, and customer experience.

Other lawful business purposes

  • Evaluating mergers, acquisitions, financings, restructurings, or sales of business assets.
  • Responding to subpoenas, court orders, and lawful requests by public authorities.
  • Protecting the rights, property, or safety of EmeraldPay, our customers, or others.

We do not use your personal information for purposes that are materially different from those described in this Policy without first providing notice and, where required, obtaining your consent.

07 Sensitive Information

Several state privacy laws define a special category called "sensitive personal information." For us, this includes:

  • Government identifiers such as Social Security Number, driver's license, or other government ID number.
  • Financial account information such as bank account and routing numbers.
  • Account credentials.

We collect and use sensitive information only for the purposes the law expressly permits: verifying identity, opening and servicing your account, processing payments, preventing fraud, and meeting our legal and regulatory obligations. We do not use sensitive information to infer characteristics about you, and we do not use it for advertising.

Because we already limit our use of sensitive information to permitted purposes, no additional limitation is required from you. If you have questions or concerns, contact us at [email protected].

08 Cookies and Tracking

We and our service providers use cookies and similar tracking technologies on emeraldpay.com to operate the site, understand how visitors use it, and deliver and measure advertising.

What we use

ToolWhat it does
Google Analytics 4Measures website traffic, user flow, and engagement. Sets first-party cookies (such as _ga) that identify a returning browser.
Google AdsHelps us run and measure ads on Google's network, including conversion tracking and remarketing audiences. Sets cookies such as _gcl_au.
Meta (Facebook) PixelHelps us run and measure ads on Facebook and Instagram, including conversion tracking and audience building. Sets cookies such as _fbp and may share information with Meta.
Strictly necessary cookiesUsed to make the site work, including security and load balancing. Cannot be disabled.

Cookies can be "session" cookies (deleted when you close your browser) or "persistent" cookies (which remain until they expire or you delete them). Some of the tools above also use related technologies such as web beacons and SDKs, which work in similar ways.

Your choices

You can manage cookies through your browser settings, including blocking or deleting them. Disabling certain cookies may affect site functionality. Many advertising platforms also offer their own opt-out tools, including the Digital Advertising Alliance opt-out, the Network Advertising Initiative opt-out, the Google Ads Settings, and the Meta Ads Settings.

Global Privacy Control

We honor the Global Privacy Control (GPC) signal as a valid opt-out of "sale" and "sharing" of personal information for advertising purposes, where applicable. If your browser sends a GPC signal, we will treat it as an opt-out for that browser and device.

Do Not Track

We do not currently respond to "Do Not Track" browser signals beyond GPC because no consistent industry standard for DNT exists.

09 How We Share Information

We share personal information with the following categories of recipients:

Fiserv, Citizens Bank, and the card networks

To provide our services, we share information with Fiserv (our processor), Citizens Bank (our sponsor bank), and the card networks (Visa, Mastercard, American Express, Discover, Diners Club, JCB, and others). These entities use your information for their own legal and operational purposes, including underwriting, authorization, settlement, fraud prevention, and compliance with network rules.

Other payment method providers

If your account accepts non-card payment methods such as PayPal, Apple Pay, Google Pay, Alipay, or ACH, we share information with the providers of those services as needed to enable them on your account.

Service providers and contractors

We share information with companies that perform services on our behalf, such as website hosting, analytics, advertising operations, email and SMS delivery, live chat, electronic signature and form services, identity verification, document storage, and professional services (including accountants and attorneys). These providers are contractually limited to using your information only for the services we have engaged them to perform.

Affiliates

We may share information with our subsidiaries and other entities under common ownership or control with us, for the purposes described in this Policy.

Legal, safety, and corporate transactions

We may disclose information when we believe in good faith that disclosure is necessary to comply with a legal obligation or lawful request, to protect our rights or the safety of others, or in connection with the sale, merger, financing, reorganization, or transfer of all or part of our business.

With your direction

We share information at your direction or with your consent.

10 Sale and Sharing of Information

We do not sell personal information for money.

However, the term "sale" under California and certain other state laws can include disclosures for non-monetary consideration, and the term "sharing" specifically covers disclosures to third parties for cross-context behavioral advertising. Our use of the Meta Pixel and Google Ads tags on our website may qualify as "sharing" under those laws because data about your visit can be used by Meta and Google for advertising purposes that extend beyond our own site.

The categories of information involved in these activities are limited to online identifiers, internet activity, and inferences derived from your interactions with our website and ads. We do not knowingly share or sell information of consumers under 16 years of age, and we do not share or sell sensitive information for advertising.

You have the right to opt out at any time:

Do Not Sell or Share My Information See all your rights

You can also opt out by enabling Global Privacy Control in a supported browser. We will treat that signal as a valid opt-out for that browser and device.

11 Marketing Communications

If you give us your contact information, we may send you marketing emails about products, services, and offers that may be of interest. Every marketing email includes an unsubscribe link. You can also email us at [email protected] to opt out at any time.

Unsubscribing from marketing email does not stop transactional or account-related communications, such as messages about your application, account status, fees, fraud alerts, or legally required notices.

We may also use information about your interests and prior interactions to deliver relevant ads on third-party platforms. See Cookies and Tracking and Sale and Sharing for more about our advertising practices and how to opt out.

12 SMS and Text Messaging

If you provide your phone number and consent to receive text messages from us, we may send you transactional and marketing text messages. We follow the Telephone Consumer Protection Act (TCPA), CTIA messaging guidelines, and the A2P 10DLC carrier registration requirements applicable to business text messaging in the United States.

  • Consent: You consent to receive messages by checking the SMS opt-in box on a form, replying to a confirmation message, or otherwise affirmatively opting in. Consent to receive marketing texts is not a condition of any purchase.
  • Frequency: Message frequency varies based on your account activity and the campaigns you are enrolled in.
  • Cost: Message and data rates may apply, depending on your carrier and plan.
  • Opt out: Reply STOP to any message at any time to unsubscribe from that program.
  • Help: Reply HELP to any message for assistance, or contact us at [email protected].

We do not sell or share mobile phone numbers or SMS opt-in information with third parties for their own marketing purposes. Mobile information is shared only with the service providers needed to deliver the messages you have requested.

13 Underwriting and Decisions

When you apply for an EmeraldPay merchant account, we collect the application data and pass it to Fiserv (our processor) and Citizens Bank (our sponsor bank) for underwriting review. Underwriting decisions are made by Fiserv and the sponsor bank in accordance with their own criteria, the rules of the card networks, and applicable law.

The underwriting process may involve automated tools and risk-scoring systems that consider factors such as business type, ownership information, processing volume estimates, public records, identity verification results, and consumer reports. An automated system may flag, decline, or approve an application without human review.

You have the right to:

  • Be informed when a decision affecting you was made through automated processing.
  • Receive meaningful information about the categories of factors used.
  • Request human review of an automated decision that produces a significant effect on you, such as a declined application.

To request a human review or to ask questions about an underwriting decision, contact us at [email protected] or call 1-888-593-0096. Where the underlying decision was made by Fiserv or Citizens Bank, we will work with them to assist you.

14 Credit Reporting (FCRA)

As part of underwriting, Fiserv (acting as our processing partner) may obtain a consumer report on the business owner or authorized signer of an application. The disclosures and consents required for this under the federal Fair Credit Reporting Act (FCRA) are contained in the Merchant Processing Agreement (MPA) you sign when you apply.

If an application is declined or terms are adjusted in whole or in part because of information in a consumer report, the FCRA requires that you be notified and given the contact information of the consumer reporting agency that supplied the report, along with information about your rights to obtain a free copy of the report and to dispute its accuracy. We and Fiserv provide these notices as required by law.

15 Payment Card Data and PCI

When a payment card is used to complete a transaction at one of our merchants, the cardholder data flows through systems that are subject to the Payment Card Industry Data Security Standard (PCI DSS).

  • We do not store full card numbers, full magnetic stripe data, CVV/CVC values, or PIN data on our own systems.
  • Card data is transmitted to Fiserv and the card networks using strong encryption.
  • Cardholder information is used only for processing the transaction, settlement, fraud prevention, chargeback handling, and other purposes permitted by card network rules and applicable law.
  • We comply with PCI DSS requirements applicable to our role in the payment ecosystem.

If you are a cardholder with a question about a transaction, please contact the merchant where you made the purchase. Your card-issuing bank can also help with disputes through their standard chargeback process.

16 Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy, including providing our services, complying with legal and regulatory obligations, resolving disputes, and enforcing our agreements.

Typical retention periods include:

  • Merchant account records: for the life of the account and at least 5 years after closure, in line with card network and Bank Secrecy Act requirements.
  • Transaction data: typically retained for at least 5 years to support chargebacks, audits, and tax reporting.
  • Underwriting and identity verification records: retained for at least 5 years after an account closes or an application is declined.
  • Marketing contact records: retained until you opt out or for 24 months of inactivity, whichever comes first.
  • Website analytics and advertising cookie data: typically retained for up to 14 months by default in our analytics tools.
  • Customer support records: typically retained for 12 to 24 months.

Where law allows, we may retain information for longer periods to defend or pursue legal claims. When personal information is no longer needed, we delete or de-identify it.

17 Data Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure, or access. These safeguards include encryption in transit and at rest where appropriate, access controls, network monitoring, employee training, and vendor management. We comply with PCI DSS requirements applicable to our role in the payment ecosystem and rely on Fiserv and Citizens Bank to maintain controls appropriate to their roles.

No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your information using commercially reasonable means, we cannot guarantee absolute security. If we become aware of a security incident affecting your personal information, we will notify you and applicable regulators where required by law.

18 Your Privacy Rights

Depending on where you live, you may have the following rights over personal information we hold about you:

  • Right to know or access: request the categories and specific pieces of personal information we have about you.
  • Right to delete: request that we delete personal information we have collected from you, subject to legal exceptions.
  • Right to correct: request that we correct inaccurate personal information.
  • Right to portability: receive a copy of your personal information in a portable, machine-readable format.
  • Right to opt out of sale or sharing: as described in Sale and Sharing.
  • Right to limit use of sensitive personal information: as described in Sensitive Information.
  • Right to opt out of profiling or automated decision-making with significant effects, as described in Underwriting and Decisions.
  • Right to non-discrimination for exercising your rights.

These rights apply to residents of California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), Iowa (ICDPA), Delaware (DPDPA), New Jersey (NJDPA), and other states with similar laws. The specific scope of each right depends on the law that applies to you.

How to submit a request

Email a privacy request Call us

You can also submit a written request to the address in Contact Us.

Verification

To protect your information, we will take reasonable steps to verify your identity before responding to a rights request. We may ask you to confirm information we already have on file or to provide additional documentation. We will not use information collected for verification for any other purpose.

Authorized agents

You may use an authorized agent to submit a request on your behalf. The agent must provide written permission from you, and we may still ask you to verify your identity directly.

Response time

We will acknowledge your request within 10 business days and respond substantively within 45 days, with one possible 45-day extension if reasonably necessary. We will let you know if more time is needed.

Appeals

If we decline your request, you may appeal by replying to our response or emailing [email protected] with the subject line "Privacy Request Appeal." We will respond to your appeal within 45 days. Residents of states that provide an additional appeal path to the state attorney general will receive instructions for that path with our response.

California "Shine the Light"

California residents may request information about whether we have shared their personal information with third parties for those third parties' direct marketing purposes. We do not share personal information with third parties for their own direct marketing purposes.

19 B2B Information

Most of the people whose information we collect interact with us in a business capacity, on behalf of a business that is applying for or using our services. Several state privacy laws (including in Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Delaware, and New Jersey) generally exclude information that is collected solely in a business-to-business context from the scope of consumer privacy rights. California and a small number of other states do not currently provide a B2B exemption, which means a Californian who interacts with us in a business capacity is still treated as a consumer under California law.

Even where a state law does not require it, we apply consistent privacy practices across all of our applicants and merchant contacts, and we will respond to reasonable privacy requests in good faith.

20 Children's Privacy

Our services are intended for businesses and adults. We do not direct our website or services to children, and we do not knowingly collect personal information from children under 16 years of age. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected] and we will take appropriate steps to delete the information.

21 International Users

Our services are offered only in the 50 United States and the District of Columbia. We do not currently offer services to merchants in Puerto Rico, U.S. territories, or any other country.

If you access our website from outside the United States, you understand that your information will be transferred to, stored in, and processed in the United States. United States data protection laws may differ from those in your country.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we do not target our services to you and we do not act as a controller of your personal information for purposes of the General Data Protection Regulation. If you believe we hold your personal information and would like to exercise rights under those laws, please contact us at [email protected] and we will respond appropriately.

22 Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page and provide additional notice (such as a banner on our site or an email to account holders) where appropriate. We encourage you to review this Policy periodically.

23 Contact Us

If you have questions about this Policy or our privacy practices, or if you would like to exercise any of your rights, please contact us:

Privacy team

Emerald Business Solutions, LLC

Attn: Privacy Officer

1420 Celebration Ave, STE 200

Celebration, FL 34747

Email: [email protected]

Phone: 1-888-593-0096