Privacy policy

Assurna (“Assurna,” “we,” “our,” or “us”) provides merchant services and payment processing to businesses in the United States. This Privacy Policy explains how we collect, use, share, and protect information about visitors to assurna.com, businesses that request a quote, and merchants whose payments we process.

This policy applies to (a) general visitors to the site, (b) businesses and their representatives who submit a quote request or contact form, and (c) merchants in onboarding/underwriting or with an active processing account.

When we process card transactions, we do so on behalf of the merchant and in accordance with the rules of the card networks (Visa, Mastercard, American Express, and Discover) and the Payment Card Industry Data Security Standard (PCI DSS). Cardholder data is handled under those rules, as described in Section 7.

We process personal information in accordance with applicable U.S. federal and state laws, including the Gramm-Leach-Bliley Act (GLBA) as a provider of financial services, the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Texas Data Privacy and Security Act (TDPSA), and other state privacy laws that may apply.

Depending on your state of residence, you may have rights to access, correct, delete, port, or limit the use of personal information we hold about you. Certain financial information governed by the GLBA may be exempt from some state-law rights. See Section 10 (“State privacy rights”) for how to exercise these rights.

We collect the following categories of information:

• Business and contact information, business legal name, DBA, website, email, phone, mailing address, and the names and contact details of the principals or representatives who contact us or apply.
• Quote information, business type, monthly card volume, how you take payments (online, in person, recurring), and your current processor. Used to prepare a custom no-markup quote.
• Application, underwriting, and KYC information (merchants only), business formation documents, tax identification number (EIN), beneficial-ownership and control-person identification, government-issued ID, bank account and settlement details, processing statements, and financial information required to underwrite and monitor a merchant account under card-network rules and anti-money-laundering law (the Bank Secrecy Act).
• Transaction and cardholder data (merchants only), information needed to process and settle payments. We minimize, encrypt, and tokenize cardholder data, and we handle it as a service provider on the merchant’s behalf under PCI DSS and card-network rules. We do not use cardholder data for our own marketing.
• Site usage information, IP address, device type, browser, pages viewed, referring URL, session timestamps. Collected via cookies and similar technologies. See Section 9.

We use information to:

• Respond to inquiries, prepare custom quotes, and onboard merchants.
• Underwrite, board, and monitor merchant accounts as required by our sponsor bank and the card networks.
• Process, authorize, settle, and reconcile payment transactions and manage chargebacks and disputes.
• Detect, prevent, and investigate fraud, and comply with anti-money-laundering (BSA) and sanctions (OFAC) obligations.
• Provide support, account management, and service communications.
• Comply with card-network rules, financial regulations, and other legal obligations.
• Improve our website and services using aggregated, de-identified analytics.

We do not sell personal information for monetary consideration, and we do not use cardholder data for purposes other than processing the merchant’s transactions and meeting our legal and network obligations.

We share information only as needed to provide merchant services and operate the business:

• Sponsor bank and card networks, we share underwriting and transaction information with our sponsoring acquiring bank and with Visa, Mastercard, American Express, and Discover as required to board and process a merchant account.
• Processors and gateways, the payment processors, gateways, and terminal providers that help authorize, settle, and report transactions.
• Risk, identity, and compliance vendors, KYC/identity-verification, sanctions-screening, underwriting, and fraud-prevention providers.
• Service providers, hosting, CRM, communications (including our SMS delivery vendor), accounting, and analytics vendors who process information on our behalf under contractual confidentiality and security obligations.
• Legal and regulatory, we may disclose information when required by law, in response to subpoenas or regulatory requests, or to protect rights, safety, or property.
• Business transfer, if Assurna is acquired or merged, information may be transferred to the successor entity, subject to the same privacy commitments.

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising as defined under California law. See Section 10 to formally opt out.

If you check the SMS-consent box on a quote or contact form, you authorize Assurna to send you text messages relating to your inquiry and account, including quote confirmations, scheduling, reminders, and follow-ups from a specialist. Message frequency varies. Message and data rates may apply. Reply STOP at any time to unsubscribe; reply HELP for assistance. Carriers are not liable for delayed or undelivered messages.

In connection with SMS opt-in, we collect the mobile number you provide, the timestamp and source of the opt-in, and a record of the consent language shown to you. We retain this record for the period required by applicable law.

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Mobile opt-in data and consent are excluded from any other information-sharing described in this policy. We may share a phone number with a subcontracted communications provider (for example, our SMS delivery vendor) strictly to deliver the messages you have consented to receive.

We maintain PCI DSS Level 1, the highest level of payment-card security, and use point-to-point encryption (P2PE), tokenization, encryption in transit (TLS) and at rest, role-based access controls, vendor due diligence, and routine review of our security posture. Tokenization and our vault are designed so that raw cardholder data does not touch a merchant’s servers.

No method of transmission or storage is 100% secure. We will notify affected individuals, our sponsor bank, the card networks, and applicable regulators of any security incident affecting personal or cardholder information as required by law and network rules.

We retain personal information for the periods required by:

• Card-network rules and our sponsor-bank agreements (transaction and chargeback records are typically retained for multiple years).
• Anti-money-laundering (BSA) and tax-recordkeeping rules (generally five years or more).
• Legitimate business purposes such as fraud prevention and dispute resolution.

Quote-request submissions from non-merchants are retained for up to 24 months unless you request earlier deletion under Section 10.

We use a limited set of cookies and analytics tools. Strictly necessary cookies support site navigation and form submission. Performance and analytics cookies help us understand which content is useful.

You can configure your browser to refuse cookies. Doing so may affect site functionality. We honor the Global Privacy Control (GPC) signal where applicable.

Depending on your state of residence, you may have rights to know, access, correct, delete, port, opt out of sale or sharing of, and limit the use of personal information we hold about you. To exercise these rights:

• Email privacy@assurna.com with your request and the state you reside in.
• To opt out of sale or sharing under CCPA/CPRA, visit our Do Not Sell or Share My Personal Information page.

We will verify your identity before responding to prevent unauthorized disclosure. We do not discriminate against individuals who exercise their privacy rights. Certain financial information subject to the GLBA may be exempt from deletion or other rights under some state laws.

Our services are intended for businesses and adults. We do not knowingly collect personal information from individuals under 18.

We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the “Last updated” date. Material changes will be communicated by email to active merchants.

Privacy questions or rights requests: privacy@assurna.com. General contact: hello@assurna.com. Mail: Assurna, 9442 Capital of Texas Highway North, Suite 500, Austin, TX 78759.