Privacy Policy
SecondSwype Inc. ("SecondSwype," "we," "us," or "our") provides merchant-of-record recovery processing services. This Privacy Policy explains how we handle personal data for two groups: the merchants who use our platform, and the cardholders whose declined transactions we process on behalf of those merchants.
1. Information We Collect
From merchants:
- Account data: name, email address, company name, and billing/settlement information provided during onboarding.
- Usage data: log files, IP addresses, browser type, pages visited, and feature interactions with the dashboard.
- Communications: messages you send us via email or support channels.
From or about cardholders (in connection with recovery transactions):
- Transaction data: tokenized payment credentials and non-sensitive payment metadata. We do not receive or store raw Primary Account Numbers (PAN) or card security codes; card data is tokenized by VGS at the point of capture.
- Transaction and contact details necessary to process a recovered transaction as merchant of record, and to handle related billing, refunds, disputes, and customer inquiries.
2. How We Use Information
We use information to:
- Provide, operate, and improve the SecondSwype platform and S2 Engine.
- Evaluate declined transactions and process eligible recovery transactions as merchant of record.
- Handle billing, settlement, refunds, chargebacks, and disputes.
- Send transactional emails, statements, and service updates.
- Detect and prevent fraud, abuse, or security incidents.
- Comply with applicable legal, financial, and card-network obligations.
3. Cardholder Data and Our Role
When SecondSwype processes a recovered transaction as merchant of record, we act as a controller of the cardholder personal data necessary to complete and support that transaction — including processing the payment, issuing receipts, and handling refunds, disputes, and inquiries. We process this data to fulfill the transaction, to meet our legal and card-network obligations, and to prevent fraud. Cardholders may contact us at the address in Section 9 to exercise applicable rights.
4. Sharing of Information
We do not sell personal data. We share information only as follows:
- Service providers: VGS (tokenization vault), AWS (infrastructure), and our payment gateways and acquiring partners process data on our behalf or to complete transactions, under appropriate confidentiality and data-protection terms.
- Legal requirements: when required by law, court order, card-network rule, or government authority.
- Business transfers: in connection with a merger, acquisition, or sale of assets, with notice provided.
5. Data Retention
We retain merchant account data for the duration of the contract and for up to seven (7) years thereafter to satisfy legal and financial record-keeping obligations. Transaction data and tokenized signals are retained for up to [____] years to support recovery operations, dispute handling, and improvement of the S2 Engine. We retain data as long as necessary for the purposes described, or as required by law, and delete or de-identify it thereafter. You may request deletion subject to applicable retention requirements.
6. Your Rights
Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or port your personal data, and to object to certain processing. These rights apply to merchants and cardholders as provided under applicable law, including the CCPA (California), GDPR (EU/EEA), and PIPEDA (Canada). To exercise these rights, contact us at privacy@secondswype.com.
7. Cookies
We use essential cookies for authentication and session management, and anonymized analytics cookies to understand product usage. You can disable non-essential cookies in your browser settings without affecting core functionality.
8. Security
SecondSwype employs appropriate security controls, including TLS encryption in transit, AES-256 encryption at rest, and role-based access controls. Raw card data is never stored in our environment; tokenization occurs at the point of capture via VGS.
9. Contact
For privacy-related questions or requests, contact our privacy team at privacy@secondswype.com.