Privacy Policy

SecondSwype Inc. · Effective date: June 29, 2026

SecondSwype Inc. ("SecondSwype," "we," "us," or "our") provides merchant-of-record recovery processing services. This Privacy Policy explains how we handle personal data for two groups: the merchants who use our platform, and the cardholders whose declined transactions we process on behalf of those merchants.

1. Information We Collect

From merchants:

From or about cardholders (in connection with recovery transactions):

2. How We Use Information

We use information to:

3. Cardholder Data and Our Role

When SecondSwype processes a recovered transaction as merchant of record, we act as a controller of the cardholder personal data necessary to complete and support that transaction — including processing the payment, issuing receipts, and handling refunds, disputes, and inquiries. We process this data to fulfill the transaction, to meet our legal and card-network obligations, and to prevent fraud. Cardholders may contact us at the address in Section 9 to exercise applicable rights.

4. Sharing of Information

We do not sell personal data. We share information only as follows:

5. Data Retention

We retain merchant account data for the duration of the contract and for up to seven (7) years thereafter to satisfy legal and financial record-keeping obligations. Transaction data and tokenized signals are retained for up to [____] years to support recovery operations, dispute handling, and improvement of the S2 Engine. We retain data as long as necessary for the purposes described, or as required by law, and delete or de-identify it thereafter. You may request deletion subject to applicable retention requirements.

6. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or port your personal data, and to object to certain processing. These rights apply to merchants and cardholders as provided under applicable law, including the CCPA (California), GDPR (EU/EEA), and PIPEDA (Canada). To exercise these rights, contact us at privacy@secondswype.com.

7. Cookies

We use essential cookies for authentication and session management, and anonymized analytics cookies to understand product usage. You can disable non-essential cookies in your browser settings without affecting core functionality.

8. Security

SecondSwype employs appropriate security controls, including TLS encryption in transit, AES-256 encryption at rest, and role-based access controls. Raw card data is never stored in our environment; tokenization occurs at the point of capture via VGS.

9. Contact

For privacy-related questions or requests, contact our privacy team at privacy@secondswype.com.