This Privacy Notice describes how daVinci Payments, Inc. (“we”, “our”, “us” or “daVinci”) manages the personal data we collect about users of our Web sites and mobile applications, as well as the personal data we collect in providing our products and services or when individuals communicate with us about our Web sites, mobile apps, products or services. It explains (1) what personal data we collect, (2) how we use the personal data we collect, (3) how long we hold the data, (4) what and with whom we share it with, (5) how to control your privacy options with daVinci, (6) what are your rights, and (7) certain other privacy information. In addition to these items, we also process personal data on behalf of our clients and card or payment issuers When we do so, we process personal data solely to provide services to program sponsors (also referred to as “clients”) and card or payment issuers, we collect, use and disclose the data only under the instructions of the program sponsor or the card or payment issuer, and our processing of the data is subject to their instructions and privacy notices. Please read the agreement and terms and conditions provided in conjunction with your payment for further details regarding your payment issuer. For access to each payment issuer’s privacy policy, please click on each name:


daVinci may collect Personal Data, for example through the use of our products, accessing our websites or when you contact customer service. Personal Data may include the following, as applicable:

  • Full name, personal or business contact information including physical mailing address, email address, telephone number, and in some instances date of birth and/or national identification number (e.g., SSN).
  • Contact preferences and other business information that helps us do business with you.
  • Technical information such as login information, IP address, device and operating system.
  • Other data with your consent or as allowed or required by applicable law.


We collect Personal Data about you to operate and to support our services and products only. We may use this Personal Data to:

  • Send administrative material to you, such as changes to our terms, conditions, and policies.
  • Provide access to our website and customer service.
  • Provide technical support.
  • Send you alerts that you requested.
  • Identify areas where our products and services can be enhanced.
  • Detect and protect against errors, fraud, or other criminal activity.

We may also use your Personal DaAta in other instances with your consent or as allowed or required by law.


We may hold Personal Data as long as needeWe may hold Personal Data as long as needed or relevant for the practices described in this Privacy Notice or as otherwise applicable by law. Actual hold periods differ depending on the type of services and products. The principles we use to determine the holding periods include the following:d or relevant for the practices described in this Privacy Notice or as otherwise applicable by law. Actual hold periods differ depending on the type of services and products. The principles we use to determine the holding periods include the following:

  • Personal Data needed to provide our services and products as described in this Privacy Notice;
  • Personal Data needed for auditing purposes;
  • Personal Data needed to troubleshoot problems or to assist with investigations;
  • Personal Data needed to enforce our policies;
  • Personal Data needed to comply with legal requirements.

Regulations require financial institutions to obtain, verify, and record information that identifies each person for whom we open or have established an account. With respect to such records, daVinci generally holds those records for a minimum of seven years.


We do not share your Personal Information with third-parties for joint marketing purposes or so they can market to you, without your prior express consent. We may share your Personal Data:

  • With organizations and partners that help us operate our business by providing services such as website hosting, data analysis, information technology, customer service, email delivery, auditing and other similar services.
  • With partners and other vendors that perform services on our behalf, such as network services support, including data processing services, customer service, call center services, information technology services, internal audit, management, or administrative purposes.
  • To comply with the law or other legal responsibilities such as responding to subpoenas, including laws and other legal duties outside your country of residence.
  • To answer requests from government authorities including authorities outside your country of residence.
  • To protect our rights, business operations and possessions, or that of our users, employees and partners.
  • To investigate, stop, or take action concerning possible or suspected illegal activities, fraud, or violations of our terms and conditions.


You can update your account profile online or by email. We maintain electronic records of your Personal Data for the purposes described in this Privacy Notice. You will be able to access and edit your Personal Data on the website listed on the back of the card. Otherwise, you may contact us at the e-mail address listed at the bottom of this Notice. Your right to access, correct or delete your Personal Data indicated in our records is subject to applicable law including our right to retain documentation of our compliance with applicable legal requirements and technology limitations. We may take reasonable steps to confirm your identity before giving access or making modifications to your Personal Data.

If we receive data from other sources, we may direct you to contact those sources. Please note that we are not responsible for permitting you to review, or for updating or deleting personal data that you provide to those sources or any other third-party.


We may use cookies, browser data, and location information, to uniquely recognize your computer or device and the pages you see on our website. We use tracking tools to:

  • Identify new or past users;
  • Save your password if you are registered on our website;
  • Enhance our website and troubleshoot issues.
  • Investigate, stop, or take action concerning possible or suspected illegal activities, fraud, or violations of our terms and conditions.

For more information, please read our Cookie Policy.

You can adjust cookies and tracking tools on our Website. Your web browser may give you the ability to adjust cookies. How you do so depends on the type of cookie. Certain web browsers can be set to clear past and reject future cookies. If you block cookies on your browser, certain features of our website may not work. Additionally, if you limit or delete cookies, not all of the tracking activities we have defined here will stop. The choices you make are both browser and device specific. For more information on cookies and how to manage them, visit www.allaboutcookies.org.


When you provide us with your Personal Data it is only used for the purposes of providing products and services as described in this Privacy Notice. You have the option to opt-out of certain uses and disclosures of your Personal Data as outlined in this Notice. If you would like to opt-out of these uses or disclosures of your Personal Data, you may contact us at the email address listed at the bottom of this Notice.

California Residents If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. Effective January 1, 2020, under the California Consumer Privacy Act (CCPA), residents of California have certain rights to access, delete, or otherwise control the use, collection, and/or disclosure of their information. California residents may also opt out of the sale of such information, if applicable. These provisions of the CCPA do not apply to personal information collected, processed, shared, or disclosed by financial institutions pursuant to federal law.

To contact us with questions about our compliance with the CCPA, or exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request by either:

  • Calling us at 866.230.3809
  • Emailing us at: compliance@davincipay.com

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information.

You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

Please note, consumers will not receive discriminatory treatment for the exercise of the privacy rights conferred by the CCPA.

EU & UK Residents

We adhere to applicable data protection laws in the European Union ("EU") and the United Kingdom (“UK”), when relevant and appropriate, including the General Data Protection Regulation (“GDPR”).  In addition, we participate in and comply with the EU-U.S. Privacy Shield Principles as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries (including EEA member countries) and the UK as well as Switzerland, respectively.

As described in our Privacy Shield certification, we comply with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from European Union member countries (including EEA member countries) and the UK as well as Switzerland, respectively. daVinci remains responsible for any of your personal information that is shared under the Onward Transfer Principle with third parties for external processing on our behalf, as described in the “What and Whom We Share” section. To learn more about the Privacy Shield program, and to view Google’s certification, please visit the Privacy Shield website.


Under the Privacy Shield Principles, daVinci is subject to the investigative and enforcement authority of the Federal Trade Commission (FTC), and we may be required to disclose personal information in response to lawful requests by public authorities which may include national security or law enforcement requests. daVinci has liability for onward transfers to third parties unless we can prove we were not a party to the events giving rise to the damages.  Additionally, an individual may be allowed to invoke binding arbitration to resolve disputes under certain limited conditions. If you have an inquiry regarding our privacy practices in relation to our Privacy Shield certification, we encourage you to contact us.

Model Contract Clauses

The European Commission has approved the use of model contract clauses as a means of ensuring adequate protection when transferring data outside of the EEA. By incorporating model contract clauses into a contract established between the parties transferring data, personal data can be protected when transferred outside the EEA to countries which have not been deemed by the European Commission to adequately protect personal data. daVinci offers these model contract clauses for to our clients (also known as Program Sponsors). 

If you are located in the EU or the UK, you have the right to:

  • Request accessrectifyor delete your Personal Data;
  • Objectportor restrict the processing of your Personal Data;
  • Withdraw any consent you have provided to our processing of your Personal Data;

We will make every effort to honor your request, however in some situations, we may not be able to act and/or may impose limitations on your request.  For instance, if your request is likely to adversely affect the rights and freedoms of others, prejudice the execution or enforcement of the law, interfere with pending or future litigation, or infringe on applicable law.

You may exercise these rights free of charge. However, we may charge a reasonable fee or refuse to act on a request if it is manifestly unfounded or excessive, in particular because of its repetitive character.

daVinci commits to resolve complaints about our collection or use of your personal information in accordance with EU/UK data protection regulations and the Privacy Shield Principles.  EU and UK individuals with inquiries or complaints regarding this Policy should first contact daVinci’s Customer Service team.  You have the right under applicable EU and UK privacy law to file a complaint with the relevant Data Protection Authority in your country of residence.

daVinci has further committed to refer unresolved Privacy Shield complaints to the Better Business Bureau (BBB), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit BBB-EU Privacy Shield for more information or to file a complaint.  This service is provided to you at no cost. 

If you wish to exercise any of these rights, please contact us using the email address listed at the bottom of this Notice.


We process your Personal Data, on specific legal grounds. We do so with your consent, to fulfill the contractual requirements we have with you, comply with our legal responsibilities, or as needed to deliver our services and products and for other legitimate business interests for the purposes described in this Privacy Notice.

We protect your Personal Data. We implement security policies, processes and technical security solutions to protect Personal Data which includes various network safeguards, logging and alerting. In order to perform certain obligations, our authorized employees and service providers will need access to your Personal Data. We contractually require our service providers to protect your Personal Data.

Data storage and transfers. We store Personal Data in the United States. If you reside outside of the U.S, you understand that we transfer Personal Data to the United States. Our products and services and associated practices comply with privacy provisions as set forth by the US government, including the US Department of Commerce’s EU Privacy Shield Framework, and GDPR as required by EU/UK. When we transfer your Personal Data to service providers or third parties as outlined in this Privacy Notice, we rely on contractual clauses to administer the transfer of that Personal Data and uphold those entities to protecting the data as described in this Privacy Notice or as required by law.

Our Services are not intended for children. Our Services are meant for adults and are not for children. We do not intentionally collect Personal Data from children under 13 without authorization from a parent or legal guardian. If you think your child under 13 has sent us data, you can contact us at compliance@daVinciPayments.com.

Our Services may link to third-party services that we do not manage. If you click a link to a third-party website, you will be taken to sites that we do not control. This Privacy Notice does not apply to the privacy practices of those websites. Please read the privacy notice of those websites. We are not liable for these third-party practices.

This Privacy Notice may be updated at any time. We may change our Privacy Notice from time to time. We may inform you of any changes to our Privacy Notice as required by law. Please check the Website periodically for updates. This Privacy Notice was last modified on 03/2021.

To contact us, if you have additional questions, concerns or wish to file a complaint regarding your Personal Data, you may e-mail our Data Protection Officer at compliance@daVinciPayments.com. We are committed to resolving any questions you may have.