Introduction
My Split Pay ("My Split Pay," "we," "us," or "our") operates the My Split Pay platform, a comprehensive commission management and residual tracking solution for Independent Sales Organizations (ISOs) in the payment processing industry. My Split Pay is provided by My Split Pay, Inc., a Texas Corporation.
This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our platform, website, mobile applications, and related services (collectively, the "Services"). By accessing or using our Services, you agree to the collection and use of information in accordance with this policy.
My Split Pay processes sensitive financial and business information on behalf of our customers, including commission and residual data relating to merchants and account representatives. For this data we typically act as a "processor" or "service provider" and handle it only in accordance with our customers' instructions and our agreements with them. We implement appropriate technical and organizational measures and work with reputable service providers to help protect this information and comply with applicable industry requirements.
Information We Collect
We collect information that you provide directly, information generated through your use of our Services, and information from third-party sources.
Information You Provide
| Category | Examples |
|---|---|
| Account Information | Name, email address, phone number, company name, job title, password |
| Organization Information | ISO details, business address, tax identification numbers, contact persons |
| Payment Information | Billing contact details, billing address, limited payment card details (such as card type and last four digits), tax identification numbers; full payment card information is handled by our third-party payment processors |
| Business Information | ISO registration details, merchant portfolio data, commission structures, payout preferences |
| Representative Data | Account representative names, contact information, commission splits, performance metrics |
| Merchant Data | Merchant names, MIDs, processing volumes, residual data, account status |
| Communications | Support tickets, emails, chat messages, feedback submissions |
Information Collected Automatically
When you use our Services, we automatically collect certain information, including:
- Device Information: IP address, browser type and version, operating system, device identifiers, and hardware model
- Usage Data: Pages visited, features used, actions taken, time spent on pages, and navigation patterns
- Log Data: Access times, error logs, referring URLs, and API call records
- Location Data: General geographic location based on IP address
Information from Third Parties
We may receive information about you from third-party sources, including:
- Payment processors and financial institutions
- Identity verification services
- Business data providers
- Integration partners (when you connect third-party services)
How We Use Your Information
We use the information we collect for the following purposes:
Providing Our Services
- Process and manage your account registration and authentication
- Calculate and distribute commissions and residuals
- Generate reports, analytics, and business intelligence
- Process payments and manage billing
- Facilitate communication between ISOs, representatives, and merchants
Improving and Developing Services
- Analyze usage patterns to improve user experience
- Develop new features and functionality
- Conduct research and analytics
- Test and troubleshoot new products
Communication
- Send transactional emails (invoices, payment confirmations, account alerts)
- Provide customer support and respond to inquiries
- Send product updates and announcements
- Deliver marketing communications (with your consent)
Security and Compliance
- Detect and prevent fraud, abuse, and security incidents
- Verify identity and prevent unauthorized access
- Comply with legal obligations and regulatory requirements
- Enforce our terms of service and policies
Role as Controller and Processor
When we collect and use information about our own customers, website visitors, and marketing contacts, My Split Pay acts as an independent "controller" or "business."
When our ISO and merchant customers input or upload personal information into the platform (such as merchant data or account representative information), we typically act as a "processor" or "service provider" and process that information solely on their instructions and in accordance with our agreements with them.
Data Sharing & Disclosure
We do not sell your personal information. We may share your information in the following circumstances:
With Your Consent
We may share information when you direct us to do so or provide explicit consent.
Service Providers
We engage trusted third-party companies to perform services on our behalf, including:
- Cloud hosting and infrastructure providers
- Payment processing services
- Analytics and monitoring services
- Customer support platforms
- Email delivery services
These providers are contractually bound to protect your information and may only use it to provide services to us.
Business Partners
With your authorization, we may share data with payment processors, acquiring banks, and other business partners necessary to deliver our Services.
Legal Requirements
We may disclose information when required by law, regulation, legal process, or governmental request, including:
- Responding to subpoenas, court orders, or legal processes
- Cooperating with law enforcement or regulatory agencies
- Protecting the rights, property, or safety of My Split Pay, our users, or others
- Enforcing our agreements and policies
Business Transfers
In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.
Data Security
We implement comprehensive security measures to protect your information from unauthorized access, alteration, disclosure, or destruction.
Technical Safeguards
- Encryption: We use industry-standard encryption to protect data in transit (such as TLS) and strong encryption for data at rest (such as encryption offered by our infrastructure providers), where supported.
- Access Controls: Role-based access control, authentication requirements, and other measures to help ensure that only authorized personnel and systems can access personal information.
- Infrastructure Security: Network and infrastructure security measures such as firewalls, segmentation, and monitoring to help protect our production environment.
- Monitoring: Security monitoring and automated alerting to help detect and respond to unusual or suspicious activity.
Compliance Standards
- Industry Best Practices: We follow industry standards and guidance relevant to the secure handling of business and financial data.
- Security Reviews: We periodically review our systems and, where appropriate, carry out or commission security testing and vulnerability assessments.
- Employee Training: We provide security and privacy awareness training for team members who have access to personal information.
No method of transmission over the internet or method of electronic storage is completely secure. You are responsible for maintaining the confidentiality of your account credentials, restricting access to your account, and promptly notifying us if you believe your account or information has been compromised.
Data Retention
We retain your information for as long as necessary to provide our Services and fulfill the purposes described in this policy. Retention periods vary based on the type of data and legal requirements:
| Data Type | Retention Period |
|---|---|
| Account Information | Duration of account plus 7 years after closure |
| Transaction Records | 7 years (regulatory requirement) |
| Commission & Payout Data | 7 years (tax compliance) |
| Support Communications | 3 years after resolution |
| Usage Analytics | 2 years (aggregated data may be retained longer) |
| Marketing Preferences | Until you opt out or close your account |
When data is no longer needed, we securely delete or anonymize it in accordance with our data destruction policies.
Your Rights & Choices
Depending on your location, you may have certain rights regarding your personal information:
Access & Portability
You can request a copy of the personal information we hold about you in a structured, commonly used format.
Correction
You can request that we correct inaccurate or incomplete personal information.
Deletion
You can request deletion of your personal information, subject to certain exceptions (such as legal retention requirements).
Restriction & Objection
You can request that we restrict processing of your data or object to certain processing activities.
Withdraw Consent
Where processing is based on consent, you can withdraw that consent at any time.
Marketing Opt-Out
You can opt out of marketing communications at any time by clicking the "unsubscribe" link in emails or updating your preferences in account settings.
To exercise any of these rights, please contact us at support@mysplitpay.com. We may take steps to verify your identity before processing certain requests and will respond within the time period required by applicable law (typically within 30–45 days).
California Residents
California residents have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). These include the right to (a) know the categories of personal information we collect, use, disclose, and, if applicable, sell or share; (b) request access to and deletion or correction of personal information; (c) opt out of the sale or sharing of personal information; and (d) not be discriminated against for exercising these rights. We do not sell or share personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA. If you are a California resident, you can exercise your rights by contacting us using the details in the "Contact Us" section below.
European Economic Area Residents
If you are located in the EEA, you have rights under the GDPR, including those listed above. You also have the right to lodge a complaint with your local data protection authority.
International Data Transfers
My Split Pay is headquartered in the United States. If you access our Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.
When we transfer personal information internationally, we implement appropriate safeguards to protect your information, including:
- Standard Contractual Clauses approved by the European Commission
- Data Processing Agreements with all service providers
- Certification under applicable privacy frameworks
By using our Services, you acknowledge that your information may be transferred to and processed in countries with different data protection laws than your country of residence.
Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page and, if changes are material, provide additional notice (such as by email or an in-app notification).
We encourage you to review this Privacy Policy periodically to stay informed about our data practices.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
My Split Pay
For European Union residents, you may also contact your local data protection authority if you have concerns about our data practices.