Last updated: September 2, 2025
Your privacy is important to us.
1.1. Merchants: Upon registration, we collect your personal details (name, email address and profile image through your Google account), details about your business (through Stripe Connect), and information about the service(s) you will use with Small Transfers (name, website, callback URL). We also store information about the charges you add to your customers' accounts and the transfers to you.
1.2. Customers: Upon registration, we collect your personal details (name, email address and profile image through your Google account). We also store information related to your authorizations and usage of Small Transfers services, basic information about your payment methods (card type, last 4 digits, expiration date), and information about the payments.
1.3. Website Visitors: We use tools like Google Analytics and LogRocket to collect website analytics and session logs. We make every effort to follow the privacy laws.
2.1. Merchants: We use the information you provided during onboarding for Know Your Business purposes (performed by Stripe). In addition, we use your name and email to send you transactional emails related to the service provided to you. The name and the website of your service(s) are shown to customers on the authorization screen for your service. We use the information about your the charges you add to your customers' accounts to determine the Customer payment amounts and the transfer amounts to you. If you subscribe to our newsletter, we may occasionally send you emails; you can unsubscribe anytime.
2.2. Customers: We use your name and email to send you transactional emails related to your account and the service(s) you authorized. We use information about your usage of the Merchants' services to determine how much you owe. We use your payment methods to charge you for you usage. When you authorize a merchant, they are given your name and your email address. If you subscribe to our newsletter, we may occasionally send you emails; you can unsubscribe anytime.
2.3. Website Visitors: We use the analytics and session logs to improve our website and services.
3.1. Postmark: We use a third-party service for sending emails. Your email address is not shared with other third parties or used for any other purpose.
3.2. Stripe: We use an external service for processing payments. We don't store or see your full card details — they are securely handled by our payment provider.
3.3. Google Analytics: We use a third-party service for website analytics. Your information is anonymized.
3.4. LogRocket: We use a third-party service for session logs. We may link your name and email to specific session logs to better understand what happened in a specific session.
4.1. Storage: The data is stored in a secure cloud database. We use industry best practices to protect your data from unauthorized access. All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
4.2. Servers: Our service is hosted in a secure cloud.
4.3. Google APIs: The use of information received from Google APIs adheres to the Google API Services User Data Policy. We use the information obtained from Google APIs only as described in this document.
4.4 Compliance: We operate from the United States and handle personal information in accordance with applicable privacy laws. If you reside in a jurisdiction that grants specific privacy rights (for example, GDPR or CCPA/CPRA), you may exercise those rights by contacting us through the online form. When we transfer personal data from the European Economic Area or the United Kingdom to the United States, we rely on Standard Contractual Clauses or another approved transfer mechanism. We do not knowingly collect personal data from children under 13. Our primary legal bases for processing are (i) "performance of a contract" (providing the Platform) and (ii) our "legitimate interest" in operating and securing the service.
4.5 Data Retention: Account and transaction data is retained for up to seven years after account closure or last payment, as required by anti-money-laundering laws or card-scheme rules.
5.1. Right to Know: You may request that we disclose the personal information we have collected about you in the preceding 12 months.
5.2. Right to Delete: You may request that we delete personal information we have collected from you, subject to certain exceptions.
5.3. Right to Correct: You may request that we correct inaccurate personal information we maintain about you.
5.4 Do Not Sell or Share: We honour "Do Not Sell or Share" rights and recognize the Global Privacy Control (GPC) browser signal.
5.5. Right to Opt-Out of Sale/Share: We do not sell or share your personal information for cross-context behavioral advertising. If this changes, we will provide a mechanism to opt out as required by law.
5.6. Submitting Requests: To exercise any of these rights, please contact us using the online form. We will verify your request using the information associated with your account and respond within the timeframes required by law.
6.1. We may update this policy from time to time. Any significant changes will be communicated to you.
7.1. For questions, please contact us using the online form.
7.2. Postal address (no in-person visits or mail processing):