Privacy Policy

Effective Date: May 11, 2026 · Last updated: May 11, 2026

This Privacy Policy explains how Von Financial LLC, doing business as Von Payments (“Von Payments,” “we,” “us,” or “our”), collects, uses, shares, and protects personal information in connection with our merchant onboarding and payment processing platform, our website at vonpay.com, our merchant application at app.vonpay.com, our checkout product at checkout.vonpay.com, and any related services (collectively, the “Services”).

By using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please do not use the Services.

1. Scope and Who This Policy Covers

This policy applies to personal information we collect from:

• Merchants and merchant applicants — business owners, authorized representatives, and beneficial owners who apply for or use a Von Payments merchant account
• Consumers — end users who make payments through merchants using the Von Payments checkout product
• Website visitors — individuals who browse vonpay.com or interact with our marketing surfaces

This policy does not apply to information collected directly by merchants on their own platforms or by third-party services we link to from our Services.

2. Information We Collect

2.1 Information You Provide Directly

• Account information — name, email address, phone number, password (where applicable), and authentication credentials
• Business information — legal business name, doing-business-as name, business address, tax identification number, formation documents, industry, expected transaction volume, and other underwriting information
• Beneficial ownership and control-person information — names, dates of birth, residential addresses, social security numbers (or government identifiers), and ownership percentages required by applicable know-your-customer (KYC) and anti-money-laundering (AML) regulations
• Identity verification information — government-issued identification documents, selfies for liveness checks, and other identifying documentation collected to satisfy identity verification requirements
• Banking and payout information — bank account number, routing number, and account holder information used to fund and settle transactions
• Communications — content of emails, support tickets, chat messages, and call recordings (where lawfully recorded with notice)

2.2 Information We Collect Automatically

• Device and connection information — IP address, browser type, operating system, device identifiers, and approximate geographic location
• Usage information — pages viewed, features used, time spent, referring URLs, and interactions with the Services
• Cookies and similar technologies — see Section 7 below
• Error and performance telemetry — diagnostic information about errors or performance issues, with personally identifying fields redacted at the source before transmission

2.3 Information We Receive From Third Parties

• Banking-connectivity providers — when you connect a bank account through a service such as Plaid, we receive bank account and routing numbers, account ownership confirmation, account balances, and related verification data (see Section 6 for our Plaid-specific disclosures)
• Identity verification providers — verification results, risk scores, and watchlist screening outcomes from KYC and AML vendors
• Payment processors and card networks — settlement, chargeback, dispute, and reconciliation information
• Credit and fraud reporting agencies — fraud signals, sanctions and watchlist screening results, and business credit information
• Public records and business registries — corporate registration, licensing, and beneficial ownership data

3. How We Use Personal Information

We use personal information to:

• Provide, operate, and maintain the Services
• Onboard merchants — including identity verification, KYC, AML screening, sanctions and watchlist screening, and underwriting
• Process payments, refunds, chargebacks, and settlements
• Detect, investigate, and prevent fraud, unauthorized activity, and violations of our agreements
• Comply with legal and regulatory obligations, including Bank Secrecy Act, anti-money-laundering, sanctions, tax reporting, and card-network rules
• Communicate with you about your account, transactions, security, product changes, and customer support inquiries
• Improve, secure, and develop new features of the Services, including through aggregated and de-identified analytics
• Send marketing communications, where permitted by law, with the ability to opt out at any time

4. How We Share Personal Information

We do not sell personal information. We share personal information only as described below:

4.1 Service Providers and Subprocessors

We engage third-party service providers to perform services on our behalf — including cloud hosting, database management, identity verification, banking connectivity, payment processing, card vaulting, transactional email, error telemetry, and customer support. These service providers are contractually obligated to protect personal information and to use it only for the purposes we authorize.

4.2 Banking, Payment, and Compliance Partners

We share information with banking partners, sponsor banks, payment processors, card networks, and regulatory bodies as necessary to provide, settle, and report on the Services. This may include information required by card-network rules, the Bank Secrecy Act, the USA PATRIOT Act, and equivalent regulations.

4.3 Legal Requirements and Protection of Rights

We may disclose personal information when we believe in good faith that disclosure is necessary to comply with applicable law, respond to lawful requests from public authorities, enforce our agreements, investigate or prevent fraud or security incidents, or protect the rights, property, or safety of Von Payments, our users, or others.

4.4 Business Transfers

If Von Payments is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred as part of that transaction. Where required by law, we will provide notice before personal information is transferred and becomes subject to a different privacy policy.

4.5 With Your Consent

We may share personal information for other purposes with your consent or at your direction.

5. International Data Transfers

Von Payments is headquartered in the United States, and personal information we collect is processed in the United States. If you access the Services from outside the United States, you understand that your information may be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your jurisdiction. Where required, we implement appropriate safeguards (such as standard contractual clauses) for international transfers.

6. Plaid and Banking-Connectivity Disclosures

When you choose to connect a financial institution to your Von Payments account, we use Plaid Inc. (“Plaid”) to gather your data from your financial institution. By using the Services, you grant Von Payments and Plaid the right, power, and authority to act on your behalf to access and transmit your personal and financial information from your financial institution.

We use this information to:

• Verify that you are the owner of the bank account being connected
• Confirm that the bank account is open, in good standing, and capable of receiving payouts or originating debits
• Verify identity and combat fraud
• Read transaction history where required for underwriting, ongoing risk management, or as you have authorized

You agree to your personal and financial information being transferred, stored, and processed by Plaid in accordance with the Plaid End User Privacy Policy. You may review and revoke Plaid’s permission to share your data at any time through the Plaid Portal.

Von Payments does not store your financial institution login credentials. Banking-connectivity access tokens are stored in a managed secure vault and are not exposed to our application code in plain form.

7. Cookies and Similar Technologies

We and our service providers use cookies, web beacons, and similar technologies to operate the Services, remember preferences, authenticate sessions, measure performance, and analyze usage. You can control cookies through your browser settings. Disabling cookies may prevent some features of the Services from working.

We use the following categories of cookies:

• Strictly necessary — required to authenticate sessions and operate the Services
• Functional — remember preferences and settings
• Analytics and performance — measure usage and improve the Services

8. Data Retention

We retain personal information for as long as necessary to provide the Services and to satisfy our legal, regulatory, accounting, and reporting obligations. Retention periods vary by category and by the legal or regulatory requirement that governs the data. For example:

• Identity verification and KYC records — retained for at least five years following the closure of the related merchant account, as required by the Bank Secrecy Act and related regulations
• Transaction records — retained for at least seven years for tax, audit, and dispute-resolution purposes
• Authentication and audit-trail events — retained per our internal Logging and Monitoring Policy
• Marketing communications — retained until you opt out

When personal information is no longer required, we delete or anonymize it using methods appropriate to its sensitivity.

9. Data Security

We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction. Safeguards include encryption of data in transit and at rest, phishing-resistant multi-factor authentication for personnel and consumers accessing sensitive flows, least-privilege access controls, continuous logging and monitoring, vulnerability management, and routine third-party security review. Payment data is handled in accordance with PCI DSS requirements.

No method of transmission or storage is one hundred percent secure. While we use commercially reasonable measures to protect your information, we cannot guarantee absolute security. If we become aware of a security incident that materially affects your personal information, we will notify you and the appropriate authorities as required by applicable law.

10. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access — request a copy of the personal information we hold about you
• Correction — request that we correct information that is inaccurate or incomplete
• Deletion — request that we delete personal information, subject to our legal and regulatory retention obligations
• Portability — request a machine-readable copy of certain personal information
• Restriction or objection — request that we restrict certain processing or object to it
• Withdrawal of consent — withdraw consent where processing is based on consent (this will not affect processing already performed)
• Marketing opt-out — opt out of marketing communications at any time using the unsubscribe link or by contacting us

To exercise these rights, contact us using the information in Section 14 below. We will respond within the time period required by applicable law. We may need to verify your identity before fulfilling your request. We will not discriminate against you for exercising these rights.

11. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act and California Privacy Rights Act provide you with additional rights regarding your personal information:

• The right to know the categories and specific pieces of personal information we collect, use, disclose, and sell or share
• The right to request deletion of personal information we have collected from you, subject to certain exceptions
• The right to correct inaccurate personal information
• The right to limit the use and disclosure of sensitive personal information to that which is necessary to perform the Services
• The right to opt out of the sale or sharing of personal information. We do not sell personal information and we do not share personal information for cross-context behavioral advertising as those terms are defined under California law
• The right to non-discrimination for exercising these rights

To exercise these rights, contact us using the information in Section 14 below. An authorized agent may make a request on your behalf with proof of authorization and verification of your identity.

12. Children’s Privacy

The Services are not directed to children under the age of sixteen, and we do not knowingly collect personal information from children under sixteen. If we learn that we have collected personal information from a child under sixteen, we will delete it. If you believe a child has provided us with personal information, please contact us using the information in Section 14.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to the Services, applicable law, or our business practices. We will post the updated policy on this page and update the “Last updated” date at the top. For material changes, we will provide additional notice as required by applicable law (for example, by email or by prominent notice in the Services). Your continued use of the Services after the effective date of the updated policy constitutes your acceptance of the changes.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our processing of your personal information, contact us at:

Von Financial LLC
d/b/a Von Payments
Email: privacy@vonpay.com
General support: support@vonpay.com