Privacy policy

Effective Date March 31, 2014, updated September 20, 2024

CardFlight, Inc. (“CardFlight”, “we”, “our” or “us”) collects information about you when you visit, access or use, as applicable, our websites, products, services, or mobile applications (collectively, the “Services”). We receive information about you from various sources, including: (i) when you request information regarding the Services from our sales and/or customer support team (whether by telephone, email or text); (ii) if you register for the Services, by submitting an application or creating a user account on the Services (your “Account”); (iii) your use of the Services generally; and (iv) from business partners and third party websites and services. This Privacy Policy not only explains how and why we use information that we collect about you, but also how you can access, update or otherwise take control of your personal information.

What does this privacy policy cover?

This Privacy Policy covers the treatment of user information (“User Information”), which may include User Content (defined below), personally identifiable information (“Personal Information”), and Financial Information (defined below), gathered in the course of providing the Services or when you use or access or request information regarding the Services. This Privacy Policy also covers our treatment of any User Information that our business partners share with us or that we share with our business partners.

This Privacy Policy applies to all information we collect through or in connection with our Services, even if you have not submitted an application or signed up for an Account.

This Privacy Policy does not apply to the practices of third parties that we do not own or control, including but not limited to any third party websites, services and applications (“Third Party Services”) that you elect to access through the Service or to individuals that we do not manage or employ. Third Party Services may also include our business partners, such as resellers, through whom other users of our Services, such as merchants, access and/or receive our Services. While we attempt to facilitate access only to those Third Party Services that share our respect for your privacy, we cannot take responsibility for the content or privacy policies of those Third Party Services. We encourage you to carefully review the privacy policies of any Third Party Services you access.

What information do we collect?

We collect the following types of information from users of our Services. Users include: (i) visitors of our website, (ii) any person or entity that uses the Services to make or receive payments, including Account holders and their employees, independent contractors or other authorized representatives (as applicable), (iii) any person or entity requesting information about the Services, or (iv) any customer who authorizes a payment card transaction through the Services.

Information you give us:
We collect any information you provide in relation to the Services.  For example, when you request information regarding the Services from our sales and/or customer support team or when you submit an application or create an Account, you will provide information that could be Personal Information, such as your contact information, username, password and email address. Additionally, we may request Financial Information (as defined below) from you while setting up your Account and/or throughout the course of providing you with the Services. You acknowledge that this information may be personal to you, and by providing Personal Information to us, you allow others, including us, to identify you and therefore may not be anonymous. We may use your contact information to send you information about our Services and for other internal purposes (including sending your contact information to third parties to obtain similar referrals). You may unsubscribe from some types of messages regarding our Services through your Account settings, although we, regardless, reserve the right to contact you when we believe it is necessary, such as for account recovery purposes.

Transaction information:
If you use our Services to make or receive payments, we collect information about the transaction, such as the time and location of the transactions, the payment amounts, and additional details about the transaction. We also may collect information about the devices and payment methods used to complete the transactions.

If you use our Services to make a purchase of products or services, we collect your Personal Information when you authorize the transaction or request a receipt of the transaction. 

User content:
Some features of the Services allow you to provide content to the Services, such as written comments or images you post or upload to the Services (“User Content”). All User Content submitted by you to the Services may be retained by us indefinitely, even after you terminate your Account. We may continue to disclose such content to third parties in a manner that does not reveal Personal Information, as described in this Privacy Policy.

Financial information:
In order to provide the Services, we may collect financial information, such as bank account information, payment method information (card number, type, expiration date or other financial information), and transaction information (collectively, “Financial Information”), from you and/or your customers (if applicable). We may also ask you to provide some of your Financial Information during the account registration process. We also may receive Financial Information from Third Party Services that help us to provide the Services to you.

We collect, store, and process this information using industry-standard security measures. We will only use and disclose Financial Information as needed to provide you, and if applicable your customers, with the Services.

If you make a purchase of products or services through the Services, information about your payment method may be collected and stored either by us or our third party payment processing company (the “Payment Processor”).  Use and storage of that information by a Payment Processor is governed by the Payment Processor’s applicable terms of service and privacy policy.

Location information:
If you access the Services on a mobile device, we may receive information about the location of the device through which you access the Services. Your mobile device operating system will prompt you before allowing us to collect your location information to ask for your consent. If you do not see the prompt, or if you subsequently decide you would like to opt out of such collection, you may do so by changing the appropriating settings in your mobile device. However, please note that opting out may affect your ability to use some or all of the Services.

IP Address Information, Device Information, and Other Information Collected Automatically:
We automatically receive and record information from your web browser when you interact with the Services, including your IP address and cookie information. This information is used for fighting spam/malware and also to facilitate collection of data concerning your interaction with the Services (e.g., what links you have clicked on).

Generally, the Services automatically collect usage information, such as the number and frequency of visitors. We may use this data in aggregate form, that is, as a statistical measure, but not in a manner that would identify you personally. This type of aggregate data enables us and third parties authorized by us to figure out how often individuals use parts of the Services so that we can analyze and improve them.

We may collect device-specific information from users who access our Services from their mobile devices. Device information may include but is not limited to unique device identifiers, network information, and hardware model, as well as information about how the device interacts with our Services.

Email communications:
We may receive a confirmation when you open an email from us or click on a link in an email we send. We use this confirmation to improve our customer service.

Information containing cookies:
Cookies are pieces of text that may be provided to your computer through your web browser when you access a website. Your browser stores cookies in a manner associated with each website you visit. We use cookies to enable our servers to recognize your web browser and tell us how and when you visit our websites and otherwise use the Services through the Internet.

Our cookies do not, by themselves, contain Personal Information, and we do not combine the general information collected through cookies with other Personal Information to tell us who you are. As noted, however, we do use cookies to identify that your web browser has accessed aspects of the Services and may associate that information with your Account if you have one.

Most browsers have an option for turning off the cookie feature, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allowing you to decide on acceptance of each new cookie in a variety of ways. We strongly recommend that you leave cookies active, because they enable you to take advantage of the most attractive features of the Services.

This Privacy Policy covers our use of cookies only and does not cover the use of cookies by third parties. We do not control when or how third parties place cookies on your computer. For example, third party websites to which a link points may set cookies on your computer.

Information Related to Advertising and the Use of Web Beacons:
To support and enhance the Services, we may serve advertisements, and also allow third party advertisements, through the Services. These advertisements are sometimes targeted and served to particular users and may come from third party companies called “ad networks.” Ad networks include third party ad servers, ad agencies, ad technology vendors and research firms.

Advertisements served through the Services may be targeted to users who fit a certain general profile category and may be based on anonymized information inferred from information provided to us by a user, including Personal Information (e.g., gender or age), may be based on the Services usage patterns of particular users, or may be based on your activity on Third Party Services. We do not sell Personal Information to any ad networks for use outside of the Services for monetary compensation.

To increase the effectiveness of ad delivery, we may deliver a file (known as a “web beacon”) from an ad network to you through the Services. Web beacons allow ad networks to provide anonymized, aggregated auditing, research and reporting for us and for advertisers. Web beacons also enable ad networks to serve targeted advertisements to you when you visit other websites. Because your web browser must request these advertisements and web beacons from the ad network’s servers, these companies can view, edit or set their own cookies, just as if you had requested a web page from their site.

Information Collected From Third Parties:
We may collect information from third parties in connection with the verification of Financial Information or the facilitation of transactions made through the Services.

Aggregate Information:
We collect statistical information about how both unregistered and registered users, collectively, use the Services (“Aggregate Information”). Some of this information is derived from Personal Information. This statistical information is not Personal Information and cannot be tied back to you, your Account or your web browser.

How, and with whom, is my information shared?

IP Address Information:
While we collect and store IP address information, that information is not made public. We do at times, however, share this information with our partners, service providers and other persons with whom we conduct business, and as otherwise specified in this Privacy Policy.

Information You Elect to Share:
You may access other Third Party Services through the Services, for example by clicking on links to those Third Party Services. We are not responsible for the privacy policies and/or practices of these Third Party Services, and you are responsible for reading and understanding those Third Party Services’ privacy policies. This Privacy Policy only governs information collected on the Services.

Aggregate Information:
We share Aggregate Information with our partners, service providers and other persons with whom we conduct business. We share this type of statistical data so that our partners can understand how and how often people use our Services and their services or websites, which facilitates improving both their services and how our Services interface with them. In addition, these third parties may share with us non-private, aggregated or otherwise non-Personal Information about you that they have independently developed or acquired.

Communications with You:
As part of the Services, we may contact you directly or through a third party service provider regarding products or services you have signed up or purchased from us, such as necessary to deliver transactional or service related communications or communications relating to your Account. We may also contact you with offers for additional services we think you will find valuable, which you hereby consent to receiving.  These contacts may include:

  • Email
  • Text (SMS) messages
  • Telephone calls


You may opt-out of receiving promotional communications from us and/or our partners by emailing support@cardflight.com.  You can also stop receiving promotional email communications from us by clicking on the “unsubscribe link” provided in such communications. We make every effort to promptly process all unsubscribe requests. Please note that you may not opt out of Service-related communications (e.g., account verification, changes/updates to features of the Service, technical and security notices). If you have any questions about reviewing or modifying your account information, you can contact us directly at support@cardflight.com.

Information Shared with a Mutual Business Partner:
There may be an intermediate business partner that connects us to you. We may share your information with these business partners in accordance with this Privacy Policy or obtain your information from them, in order to provide you with the Services. For example, if you are a merchant user, we may share information we collect from your use of the Services to the reseller through whom you receive our Services. However, please note that we do not control any other party’s collection and use of your information, which is governed by the terms of the other party’s privacy policy. Please be sure to read their privacy policy very carefully.

Information Shared with Our Third Party Service Providers:
We employ and contract with third parties that perform certain tasks on our behalf in furtherance of the Services, including financial institutions, processors, payment card associations, and other entities that are part of the payment process. We may need to share User Information with such third parties in order to provide products or services to you. To that extent, unless we tell you differently, the contract executed with such third party describes the purpose for which such User Information is shared and requires the third party to both keep that User Information confidential and not use it for any purpose except performing the contract. You hereby consent to our sharing of User Information with such third parties.

We may share information you provide to us with our processors, banks, or other financial institutions, including without limitation when you perform a transaction through the Services, for (a) regulatory or compliance purposes, (b) management and maintenance of the Service, (c) creating and updating customer records about you, (d) assisting us and financial institutions in better serving you, and (e) our risk management process. By using the Services and/or signing up for an Account, you authorize us to review and share your information with such third parties.

CardFlight uses Plaid Technologies, Inc. (“Plaid”) to gather your data from financial institutions. By using the Services, you grant CardFlight and Plaid the right, power, and authority to act on your behalf to access and transmit your Personal Information and Financial Information from the relevant financial institution. You agree to your Personal Information and Financial Information being transferred, stored and processed by Plaid in accordance with the Plaid Privacy Policy available at https://plaid.com/legal.

Information Disclosed Pursuant to Business Transfers:
In some cases, we may choose to buy or sell assets. In these types of transactions, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your User Information as set forth in this Privacy Policy.

Information Disclosed for Our Protection and the Protection of Others:
We also reserve the right to access, read, preserve, and disclose any information as we reasonably believe is necessary to:

i. satisfy any applicable law, regulation, legal process or governmental request;

ii. enforce this Privacy Policy or our Terms of Service, including investigation of potential violations hereof;

iii. detect, prevent, or otherwise address fraud, security or technical issues;

iv. respond to user support requests; or

v. protect our rights, property or safety, our users and the public. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.Information We Share With Your Consent:
Except as set forth above, you will be notified when your User Information may be shared with third parties, and you will be able to prevent the sharing of this information by emailing support@cardflight.com.

Information We Use to Provide the Services
We use your User Information to further our legitimate interests to:

i. understand who our customers and potential customers are and their interests in our products and services;

ii. manage our relationship with you and other customers;

iii. perform the Services and/or to fulfill regulatory obligations;

iv. help detect, prevent, or investigate security incidents, fraud and other abuse and/or misuse of our products and services;

v. verify or maintain quality or improve or upgrade a Service;

vi. provide, support, personalize, and develop our Services such as to perform warranty related services or other post-sale activities such as product monitoring or repairs;

vii. create, maintain, customize, and secure your Account with us;

viii. process your requests, transactions, and payments and prevent transactional fraud;

ix. provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses;

x. help maintain the safety, security, and integrity of our Services, databases and other technology assets and business;

xi. develop and improve our Services and for testing, research, analysis, and product development;

xii. inform you about any of our other products and services in order to induce you to purchase these products and services, subject to compliance with applicable laws regarding direct marketing;

xiii. respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.

How long is my information retained?

We will retain your User Information as long as needed to provide you with the Services and thereafter for a variety of legitimate legal or business purposes. These might include retention periods:

  • mandated by law, contract or similar obligations applicable to our business operations;
  • for preserving, resolving, defending or enforcing our legal/contractual rights; or
  • needed to maintain adequate and accurate business and financial records.

If you ask us to delete specific Personal Information from your Account (see “How can I delete my account?” below) and that data is necessary for the products or services you have purchased, we will honor this request only to the extent it is no longer necessary for any Services purchased or required for our legitimate business purposes, like billing for the Services, or legal or contractual record keeping requirements.

Is information about me secure?

Your Account information will be protected by a password for your privacy and security. You need to prevent unauthorized access to your Account and User Information by selecting and protecting your password appropriately and limiting access to your computer and browser by signing off after you have finished accessing your Account. We use industry standard methods to protect Account information and other information collected through the Services, both during transmission and once received and stored, including utilization of encryption where appropriate. However, we cannot guarantee the security of any information. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. We do not guarantee or warrant that such techniques will prevent unauthorized access to information about you that we store, User Information or otherwise.

What Information of Mine Can I Access?

If you are a registered user, you can access information associated with your Account by logging into your Account. Registered and unregistered users can access and delete cookies through their web browser settings.

How can I delete my account?

Should you ever decide to delete your Account or specific personal information from your Account, you may do so by emailing support@cardflight.com. Please note, however, that if you terminate your Account, any association between your Account and information we store will no longer be accessible through your Account.

Information for California Residents

We are required by the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (“CCPA”) to provide to California residents an explanation of how we collect, use and disclose their Personal Information, and of the rights and choices we offer California residents regarding our handling of the Personal Information.  Personal information does not include:

  • Publicly available information from government records.
  • Deidentified or aggregated consumer information.
  • Information excluded from the CCPA’s scope, like:
  • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
  • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.

Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • The categories of Personal Information we collected about you.
  • The categories of sources for the Personal Information we collected about you.
  • Our business or commercial purpose for collecting, sharing or selling that Personal Information.
  • The categories of Personal Information about you that we “shared” or sold and the categories of third parties with whom we “shared” or to whom we sold the Personal Information about you.
  • The categories of Personal Information about you that we disclosed for a business purpose, and the categories of third parties to whom we disclosed that information for a business purpose.
  • The specific pieces of Personal Information we collected about you, including a copy of such Personal Information in a portable format (also called a data portability request).


Deletion Request Rights
You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

  • Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products or services to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.) or other applicable laws.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.


Sale or Sharing of Personal Information

We do not sell your Personal Information to any third-party for monetary compensation.

Our websites and online services may use analytics and advertising tools that enable us and our analytics and marketing partners to collect and disclose internet or other electronic network activity information based on your activity across our services and sites, including to analyze your usage of our services and to serve you advertisements that are relevant to you (collectively, “cross-context behavioral advertising”). However, please note that we do not knowingly sell or share the Personal Information of consumers under 16 without consent.

You have the right to opt-out of our sale or sharing of your Personal Information by submitting a verifiable consumer request to support@cardflight.com.

Collection, Use, and Disclosure of Sensitive Personal Information

We do not collect, use, or disclose “sensitive personal information” beyond the purposes authorized by the applicable law.  Accordingly, we only use and disclose sensitive personal information as reasonably necessary and proportionate to: providing goods or services as requested; ensuring safety, security, and integrity; countering wrongful or unlawful actions; short term transient use such as displaying first party, non-personalized advertising; performing services for our business, including maintaining and servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of our business; activities relating to quality and safety control or product improvement; and other collection and processing that is not for the purpose of inferring characteristics about an individual. We do not use sensitive personal information beyond these purposes.

Right to Request Correction

To the extent that we may maintain inaccurate Personal Information, you may have the right to request that we correct such inaccurate information taking into account the nature of the Personal Information and the purposes of the processing of the Personal Information. 

How to Exercise Your Rights

If you are a consumer and wish to make a request pursuant to your rights under the CCPA, please submit a verifiable consumer request to support@cardflight.com.  Be sure to use the phrase “Privacy Request” in the subject line. Only you or a person registered with the appropriate regulatory authority that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.

If you are a CardFlight reseller, subject to certain exceptions, you may request that certain personal information be deleted, retrieved, or its use restricted by emailing support@swipesimple.com so that you may comply with your obligations under the CCPA with respect to responding to requests from consumers.  We will provide reasonable and timely assistance to assist you in complying with your obligations with respect to consumer data portability, access and deletion requests under the CCPA.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.  Making a verifiable consumer request does not require you to create an account with us.  We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We attempt to respond to a verifiable consumer request within 45 days of its receipt.  If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.  We will deliver our written response by mail or electronically, at your option.  Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt.  The response we provide will also explain the reasons we cannot comply with a request, if applicable.  For data portability requests, we will select a format to provide your Personal Information that is readily useable.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or unfounded.  If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

What choices do I have regarding my information?

You can always opt not to disclose certain information to us, even though it may be needed to take advantage of some of our features.

You can delete your Account or request to delete certain Personal Information from your Account as provided in this Privacy Policy. Please note that we will need to verify that you have the authority to delete the Account, and activity generated prior to deletion will remain stored by us.

You may choose to not consent to our collection of location information when you receive the initial prompt from your mobile device, or you may stop our collection of location information by changing your mobile device settings.

We will not discriminate against you for exercising any of your privacy rights. Unless permitted under applicable laws, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Children’s Information

Our Services are not designated for children.  We therefore do not knowingly collect Personal Information from individuals under the age of thirteen (13).  In the event that we learn that we have collected Personal Information from a child under age thirteen (13), we will take the appropriate steps to delete this information.  Contact us if you believe that we have mistakenly or unintentionally collected Personal Information from a child under the age of thirteen (13).

Other Terms and Conditions


Message frequency varies per user.

Message and data rates may apply.

Text HELP for help. Text STOP to unsubscribe.

Carriers are not liable for delayed or undelivered messages.

“No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.”

a) Reply Stop to opt-out, Reply Help for Help.

b) Message Frequency May Vary.

c) Data Rates May Apply.

d) Carriers are not liable for undelivered messages

What happens when there are changes to this privacy policy?

This Privacy Policy is effective as of the date last updated listed above. By visiting our website or accessing or using the Services, you consent to the collection and use of information by us as set forth in this Privacy Policy.

We may amend this Privacy Policy from time to time and we will post those changes within this page. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used. If we make changes to this Privacy Policy that materially affects how we collect or use information we previously collected, we will endeavor to notify you, such as by posting notice on our website or within the Services or by sending you an email. Your continued use of the Services is your consent to be bound by any changes to the Privacy Policy.

What if I have questions or concerns?

If you have any questions or concerns regarding privacy using the Services or you would like to know more about how to exercise your rights, please send us a detailed message to support@cardflight.com.  We will provide reasonable and timely assistance to you to resolve your concerns.