CCPA Notice

Effective date: January 1, 2020. Last reviewed on: July 1, 2020

This notice supplements the information contained in the SwipeSimple Privacy Policy as well as any other agreement you have with CardFlight, Inc. (“CardFlight”, “we”, “us” or “our”).  Specifically, this is a written agreement that addresses our responsibilities as a business and as a service provider to you, whether you are a business or a consumer. Any capitalized terms we use in this notice that are not defined here will have the meanings we give them in the SwipeSimple Privacy Policy.

This notice does not apply to employment-related personal information collected from California-based employees, job applicants, contractors, or similar individuals. Where noted in this notice, the CCPA (as defined below) temporarily exempts personal information reflecting a written or verbal business-to-business communication (“B2B personal information”) from some of its requirements.

Application of CCPA.
This notice pertains to your personal information. Personal information is defined in the California Consumer Privacy Act of 2018 (“CCPA”), and we use that definition within this notice.  We will also reference some other terms from the same law, such as "consumer," "business," “service provider,” “business purpose,” or “commercial purpose,” and those also have the definitions set out in that law. When we talk about a “sale,” or “selling,” personal information, we are using the definitions of “sale,” and “sell” as defined in the CCPA. This means that we don’t sell, rent, or otherwise disclose your personal information in exchange for money or something else of value.

CardFlight’s relationship with you under California law
The SwipeSimple Privacy Policy discusses the purposes for which we collect, use and disclose personal information in your Account. For the purposes of the CCPA, we act as a service provider for User Information. As such, we collect, retain, use, and disclose personal information only as necessary to provide the services we have agreed to provide. In other words, we use the personal information we have strictly for business purposes. You can read more about our business purposes for each type of personal information in the SwipeSimple Privacy Policy.

Information we collect
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:

  • Publicly available information from government records.
  • Deidentified or aggregated consumer information.
  • Information excluded from the CCPA’s scope, like: health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.

In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:

We obtain the categories of personal information listed above from the following categories of sources:

Directly from you.
For example, from forms you complete or products and services you purchase or from communications with you such as when you contact CardFlight (whether in person, by mail, by phone, online, via electronic communication or by any other means).

Indirectly from you.
For example, from observing your actions in connection with your use of the Services.

From other third parties.
From our resellers. We may receive information about you from our independent resellers.

Third party service providers. For example, when you choose to make an electronic payment through a merchant or reseller, we may receive personal information about you from third parties such as payment services providers, for the purposes of that payment.

From other third parties. We may collect information from third parties such as consumer data resellers.

From public sources.
For example, we may collect information from public records.

Sharing of personal information.
We may disclose your personal information to a third party for a business purpose. We use third party service providers to fulfill our obligations under our agreement with you and for our own business purposes. When we do use service providers, we have entered into a written contract that includes terms substantially similar to this notice. We may also sell your personal information to third parties, subject to your right to opt-out of those sales (see “Personal Information Sales Opt-Out” below).

Disclosures of Personal Information for a Business Purpose
In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:

  • Category A: Identifiers.
  • Category B: California Customer Records personal information categories.
  • Category D: Commercial information.
  • Category F: Internet or other similar network activity.
  • Category G: Geolocation data.
  • Category K: Inferences drawn from other personal information.

We disclose your personal information for a business purpose to the following categories of third parties:Service providers.Resellers.

Sales of Personal Information

In the preceding twelve (12) months, we have sold the following categories of personal information:

  • A. Identifiers.
  • B. California Customer Records personal information categories.
  • C. Commercial information.
  • D. Inferences drawn from other personal information.

We sell your personal information to the following categories of third parties: Resellers

Your access and deletion rights.

Subject to certain exceptions, you may request that certain personal information be deleted, retrieved, or its use restricted by emailing so that you may comply with your obligations under the CCPA with respect to responding to requests from consumers. We will provide reasonable and timely assistance to assist you in complying with your obligations with respect to consumer access and deletion requests under the CCPA. If additional assistance requires going above and beyond what Support can provide, further assistance may be at your expense.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  • complete the transaction for which we collected the personal information, provide the Service that you requested, or otherwise take actions reasonably anticipated within the context of our ongoing business relationship with you;
  • detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
  • debug Services to identify and repair errors that impair existing intended functionality;
  • comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
  • enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
  • comply with a legal obligation; or make other internal and lawful uses of that information that are compatible with the context in which you provided it.

We do not provide these deletion rights for B2B personal information.

Personal Information Sales Opt-Out and Opt-In Rights

If you are 16 years of age or older, you have the right to direct us to not sell your personal information at any time (the “right to opt-out”). Our Services are not intended for minors. We do not sell the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is at least 13 but not yet 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to personal information sales may opt-out of future sales at any time.

To exercise the right to opt-out, you (or your authorized representative) may submit a verifiable consumer request to us by emailing

You do not need to create an account with us to exercise your opt-out rights. We will only use personal information provided in an opt-out request to review and comply with the request.

Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales. However, you may change your mind and opt back in to personal information sales at any time.

Data retention and deletion of personal information.
If our agreement with you terminates, we will automatically delete any stored personal information thirty days after the termination effective date, except as otherwise required by applicable law.  If we must retain any personal information after termination of our agreement with you, we will ensure we maintain the same security protections on such personal information and will ensure that such personal information is processed only as necessary for the purpose specified in this notice and no other purpose.

We will implement and maintain reasonable security procedures and practices appropriate to the nature of the personal information we process. In the event that we become aware of a security breach that involves User Information, we will make reasonable efforts to identify and, to the extent any security incident is caused by our violation of the requirements of this notice, remediate the cause of the security incident. We will provide reasonable assistance to you in the event that you are required by law to notify a regulatory authority or any individuals of a security incident.

Material changes in our practices or in the law.

We may modify this notice where required, such as due to a material change in our business practices with respect to your personal information or due to a material change in the CCPA. If this happens, we will post the updated notice on the Site or through the Services and update the notice’s effective date.

Your continued use of our Services following the posting of changes constitutes your acceptance of such changes.