Privacy Policy

Fortis Payment Systems, LLC (“Fortis”) is committed to protecting the privacy of our merchants. We have designed the Privacy Policy to inform you about what information we collect and how we use your personal information in order to provide payments processing and other products/services to you.

The Privacy Policy is available in the footer section of the Fortis website (www.fortispay.com). Depending on where you live, a supplemental privacy notice may also apply to you. Please follow the links and review the supplemental privacy notice describing how we process personal information for these regions. To exercise any applicable rights, please follow the instructions provided under the section “Exercising Your Rights” in the supplemental privacy notice.

Supplemental Privacy Notice

California
Colorado
Connecticut
Delaware
Indiana
Iowa
Kentucky
Maryland
Montana
Nebraska

New Hampshire
New Jersey
Nevada
Oregon
Tennessee
Texas
Utah
Virginia
European Economic Area, UK, and Canada
Exercising Your Rights

Notice at Collection: To understand (i) the categories of personal information we collect, (ii) the business or commercial purposes for such collection, (iii) whether your personal information is shared or sold, and (iv) how long Fortis keeps your personal information, please see the Sections in the California Supplemental Privacy Notice titled “Data Collection And Associated Sources,” “Disclosures Of Personal Information,” “Sales And Sharing Of Personal Information.” For information regarding how long we retain your data, please see the Privacy Policy Section titled: “We protect your information and use appropriate security measures.”

From time to time, Fortis may modify portions of this Privacy Policy. We will notify you of any material changes through a notice on the Site home page and if you have an account with us, we will notify you by email to the primary email address specified in your account.

Merchant Consent

Fortis may provide separate privacy notices that apply to specific products or services that we offer; in which case this Privacy Notice does not apply except to the extent that those separate privacy policies indicate otherwise. Where this Privacy Notice applies, Fortis may provide additional or supplemental privacy notices to individuals at the time we collect their data, which will govern how we may process the information provided at that time. We may alter this Privacy Statement as needed for certain products and services and to abide by local laws or regulations around the world, such as by providing supplemental information in certain countries.

Information We Collect

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:

Publicly available information from government records.
Deidentified or aggregated consumer information.
Information excluded from the CCPA’s scope, such as:
health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

When Fortis collects information directly from you, we obtain this personal information in order to provide you with our products and/or services, to provide customer service and to fulfill legal and regulatory requirements.

The information we collect may include your name, physical and mailing address, e-mail address, telephone number, date of birth, and last four digits of your Social Security Number. Fortis receives credit and financial-related personal information from consumer reporting agencies, such as credit bureaus reports and other personal information from other third parties. Fortis also obtains information verifying your business from third party sources. When we obtain information about our merchants from third parties, we use sources that we believe are reputable, including public repositories. Please see the chart in the section below entitled Data Collection and Associated Sources for details regarding the categories of personal information that we collect.

Use of Cookies

To ensure we are publishing content customers need and want, Fortis collects aggregated site-visitation statistics using cookies. When someone visits the site, a cookie is placed on the customer’s machine (if the customer accepts cookies) or is read if the customer has visited the site previously. Most browsers accept Cookies until you change your browser settings. If you do not wish for the Site to collect your information using Cookies, you can typically disable the use of Cookies (or disallow the use of Cookies on specific websites) by changing your browser settings. If you choose to not have your browser accept cookies from Fortis’ website, certain features may not work, and you will need to reenter your personal information each time that you attempt to access premium information.

We may use Google Analytics Advertising features such as demographics and interest reporting to collect anonymized data about the gender, age, and interests of visitors to the Site. You can read Google’s security and privacy policies for Google Analytics at policies.google.com/technologies/partner-sites. You may opt out of having your data used by Google Analytics by accessing Google’s Ads Settings, Ad Settings for mobile apps, or any other available means.

We do not currently honor “do not track” (DNT) signals from a web site browser.

Use of Personal Information

Fortis may use or disclose the personal information that we collect for one or more of the following business or commercial purposes:

To fulfill the reason you provided the information, such as responding to your inquiries regarding an application, evaluating and processing your application, and verifying your information during the approval process.
To process your requests, transactions, and payments and prevent transactional fraud.
To maintain, customize, and secure your Fortis account information, obtain payment for equipment, and keep track of your transactions, payments and fees.
To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
To help maintain the safety, security, and integrity of our website, properties and services, databases and other technology assets.
To provide, offer, support, personalize, or develop our website, properties, and services.
For testing, research, analysis, and product development to develop and improve our website, and related services.
To resolve disputes and enforce our agreements, establish or exercise our legal rights, or defend against legal claims.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.
As otherwise described to you when collecting your personal information.
To provide promotional materials that may be aligned with your interests.

We are committed to protecting the confidentiality of your personal information.

When Fortis collects personal information about you, we handle this information with discretion and confidentiality. Fortis’ policies limit access to the personal information we collect to those Fortis employees and Fortis business relationships that need the information to fulfill their business responsibilities. We require our employees to adhere to Fortis’ Privacy Policy. Employees who violate the Fortis Privacy Policy are subject to disciplinary action.

When Fortis engages vendors and other outside contractors, they are subject to our contractual requirements. For purposes of credit reporting, verification, and risk management, we may disclose information about you with third parties. We will also disclose information in response to a request issued by a court, government agency or regulatory authority.

In addition, when Fortis obtains personal information about consumers indirectly through our merchants, we require our merchants to provide these consumers with their own timely and complete privacy notice.

We protect your information and use appropriate security measures.

We take reasonable administrative, technical and physical security measures to protect your information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction, and to help ensure that it is used in accordance with this Privacy Policy. Fortis employs advanced technology to protect personal information collected against unauthorized access, disclosure, alteration or destruction. These measures may include, among others, encryption, physical access security and other appropriate technologies. Fortis continually reviews and enhances its security systems, as necessary. Please note, however, that no data security measures can be guaranteed to be completely effective, and we cannot guarantee the safety or security of your information.

We will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless longer retention is required by law or for auditing purposes. To determine the appropriate retention period for personal information, we consider applicable laws, the nature of the personal information, its purpose, and the potential risk of harm from its unauthorized use or disclosure.

We strive to maintain our privacy standards.

Your privacy is important to us. Fortis enforces its privacy program standards by doing the following:

Employee privacy training and employee compliance related to the Privacy Policy
Periodic assessments of Fortis’ compliance with this Privacy Policy
Periodic management review to ensure that Fortis actively participates in appropriate privacy activities, including self-regulatory initiatives

We give you choices about how your information will be used.

When we obtain personal information as part of our direct relationship with you, we will not disclose this information with nonaffiliated third parties, except in the following circumstances:

In accordance with the Fortis Privacy Policy
To facilitate and complete merchant-initiated or authorized transactions
To comply with federal, state and local laws, including credit reporting laws and card association rules
To combat fraud
To offer products and services that Fortis believes may be of interest to you.

As a general policy, we use personal information and message data, if applicable, for internal purposes only. We do not sell or rent information about you. We will not disclose personal information or message data to third parties without your consent, except as explained in this Privacy Policy.

Since your needs may change, and Fortis continuously develops new products and services, we may contact you to determine if we can provide you with additional services. Most of our customers appreciate hearing about our new products and services and prefer that we continue to contact them. If you would prefer not to be contacted, we will make information available to you about how you may request to have your name removed from any Fortis-owned marketing lists.

You may also opt out of hearing about our products and services by providing Fortis with your e-mail address by calling us at 855-465-9999.

We maintain procedures to assure the quality of information we collect, and, in some instances, we inform you how you can access your information and make corrections, if necessary.

Fortis employs appropriate measures to assure the quality of information that we collect directly from you. In some instances, where Fortis collects information directly from you, Fortis informs you how to correct any erroneous or out-of-date information stored in our database. These requirements and procedures may vary by each Fortis business activity. We abide by applicable laws related to such information.

Fortis’ websites may be linked to other websites.

Fortis may create links to third-party websites. Fortis is not responsible for the content or privacy practices employed by third-party websites that are linked to our website. Neither does Fortis control or warrant the products or services offered at third-party websites.

CALIFORNIA RESIDENTS

California’s Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (the “CCPA”) requires that we tell you about the categories of personal information collected by Fortis and the sources from which we collect personal information, the categories of your personal information that we disclose, and the kinds of third parties to whom we disclose your personal information. We have included that information in this Notice to comply with the CCPA and any terms defined in the CCPA have the same meaning when used within this policy document. Please note that this policy applies to personal information that we collect from Fortis’s job applicants, business contacts, and contractors who reside in California. A separate privacy policy governs the data collected and processed about Fortis’s employees, and therefore this policy does not apply to employees’ data.

Data Collection and Associated Sources

We collected the categories of personal information specified below in the preceding 12 months.

Category	Examples	Collected
A. Identifiers	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.	YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.	YES
C. Protected classification characteristics under California or federal law.	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	YES
D. Commercial information.	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	YES
E. Biometric information.	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.	NO
F. Internet or other similar network activity.	Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.	YES
G. Geolocation data.	General physical location based on IP address.	YES
H. Sensory data.	Audio, electronic, visual, thermal, olfactory, or similar information.	NO
I. Professional or employment-related information.	Current or past job history or performance evaluations.	YES
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	NO
K. Inferences drawn from other personal information.	Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	NO
L. Non-public sensitive personal information (“SPI”) as defined in Cal. Civ. Code § 1798.140(ae).	Personal information that reveals social security numbers, driver’s license numbers, state ID cards, passport numbers, consumers’ account log-in access information, geolocation, racial/ethnic origin, religious or philosophical believes, union membership, consumers’ mail/email/text content, genetic data; the processing of biometric information for the purpose of uniquely identifying a consumer; or personal information concerning a consumer’s health, sex life, or sexual orientation.	YES

The Geolocation data indicated in row G above is limited to general location data associated with the IP address used to access the Fortis website. We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Our sources for the collection of personal information identified above are: you (directly), independent sales agents, business partners, service providers, third parties, and public records.

Disclosures of Personal Information

In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:

Category A: Identifiers.

Category B: California Customer Records personal information categories.

Category C: Protected classification characteristics.

Category D: Commercial information.

Category F: Internet or other similar network activity.

Category G: Geolocation Data.

Category L: Non-public sensitive personal information.

We disclose the indicated categories of your personal information for a business purpose to the following categories of third parties:

Independent sales agents (Data Categories A, B, C, D, L)
Debt collectors (Data Categories A, B, D, L)
Payment processors (Data Categories A, B, C, D, L)
Banks (Data Categories A, B, C, D, L)
Service providers (Data Categories A, B, D, F, G, I, L)

Sales and Sharing of Personal Information

In the preceding twelve (12) months, we have not sold personal information to any third parties in exchange for money. However, in the preceding twelve (12) months personal information has been disclosed to service providers in return for “valuable consideration” within the CCPA’s definition of a “sale.” However, please note that we do not currently “sell” personal information to third parties within the scope of the CCPA’s definition.

In the preceding twelve (12) months we have disclosed information to third parties for the purpose of targeted or behavioral advertising, within the CCPA’s definition of “sharing” personal information, relating to data categories A, F, and G above.

Use of Sensitive Personal Information

Fortis collects, processes, and discloses sensitive personal information as indicated above. Fortis does not process sensitive personal information beyond what is necessary to perform the services or provide the goods reasonably expected by an average consumer.

California Rights and Choices

Subject to certain restrictions, the CCPA gives California residents certain rights to request access to personal information that Fortis has about you, to request deletion of personal information that we collect and maintain, and to opt-out of the sale of personal information about you. This section describes how you can exercise those rights and our process for handling your requests. In addition to any specific guidance provided in the following subsections, please see Section T below, “Exercising Your Rights,” for guidance on how to exercise these rights.

Right to Request Access to Your Personal Information

California residents have the right to request a copy of the following:

the categories of personal information we collected about you;
the categories of sources from which the personal information is collected;
the business or commercial purpose for collecting or, if applicable, sharing or selling, the personal information;
the categories of third parties to whom we disclose personal information; and
the specific pieces of personal information we have collected about you.
Whether we sold, shared, or otherwise disclosed your personal information for a business purpose, separately disclosing:
Sales, identifying the personal information categories that each category of recipient purchased;
Sharing, identifying the personal information categories that we shared with each category of recipient; and
Disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

To submit a request, please email us at privacy@fortispay.com or call us at 1-855-465-9999.

California residents can empower an “authorized agent” to submit requests on their behalf. We will require the authorized agent to have a written authorization confirming that authority. We cannot respond to your request to provide any personal information if we cannot verify your identity using the information provided.

b) Right to Request Deletion of Personal Information

You have the right to request that Fortis delete personal information that we collected from you and retained, subject to certain exceptions. To submit a request, please email us at privacy@fortispay.com or call us at 1-855-465-9999.

The CCPA requires us to verify the identity of the individual submitting the request before providing a substantive response to the request. A request must be provided with sufficient detail to allow us to understand, evaluate and respond. The requester must provide sufficient information to allow us to reasonably verify that the individual is the person about whom we collected information. California residents can empower an “authorized agent” to submit requests on their behalf. We will require the authorized agent to have a written authorization confirming that authority. We cannot respond to your request to provide any personal information if we cannot verify your identity using the information provided.

Right to Correct Inaccurate Information

You have the right to request that we correct inaccurate personal information, taking into account the nature of the personal information and the purposes for processing the personal information. Once we receive and confirm your verifiable consumer request, we will use commercially reasonable efforts to correct the inaccurate personal information.

Right to Limit “Sharing” of Personal Information.

Under the CCPA, “sharing” data means disclosing, disseminating, or transferring a consumer’s personal information to a third party for cross-context behavioral advertising. You have the right to opt out of our practice of sharing your data as described above. To do so, please click here: Do Not Sell or Share My Personal Information

Additional Rights

California residents may also exercise their right to opt out of data sales (although Fortis does not sell your personal information), right to limit the processing of sensitive personal information(although Fortis does not process sensitive personal information beyond what is necessary to perform the services or provide the goods reasonably expected by an average consumer), and right to restrict automated decision-making.

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits California residents that use our website to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.

Right to Non-Discrimination for the Exercise of Privacy Rights

California residents have the right to not be discriminated against for exercising their rights as described in this Notice. We will not discriminate against you for exercising your CCPA rights.

COLORADO RESIDENTS

Last Updated: 2/18/2025

This supplements the information contained the Privacy Policy and applies solely to individuals who reside in the State of Colorado. To exercise any of the rights described below consistent with applicable law, please follow the instructions provided in the “Exercising Your Rights” section of this document.

1. How We Collect, Use, Disclose, and Sell Information.

We collect information that is linked or reasonably linkable to an identifiable individual and does not include de-identified data or publicly available information (“personal information”). For more information about the information we collect and how we use, disclose, and sell personal information, please read the Privacy Policy.

2. Your Rights.

Right to Access and Data Portability

You have the right to confirm whether Fortis is processing personal information and to access this personal information. You may obtain the information in a portable and readily usable format, to the extent technically feasible.

Right to Correct

You have the right to correct inaccuracies in your personal information, taking into account the nature of, and purposes for, processing the personal information.

Right to Delete

You have the right to delete your personal information.

Right to Appeal Consumer Rights Request Responses

You may appeal Fortis’s refusal to take action on your consumer rights request within a reasonable time after you received Fortis’s decision. We will endeavor to notify you within 45 days of receipt of your appeal (and we will notify you if Fortis requires an additional 60 days) what action Fortis has taken in our written response. You may contact the state Attorney General if you have concerns about the result of the appeal.

Right to Opt Out

You have the right to opt out of your information being processed:

• For targeted advertising

• For the sale of personal information, or

• For profiling to make decisions that produce legal or similarly significant effects.

Right to Consent to the Processing of Sensitive Personal Information

You have a right to consent to the processing of your sensitive personal information, including:

• Personal information revealing racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, sex life or sexual orientation, or citizenship status,

• Genetic or biometric data processed for the purpose of uniquely identifying an individual, or

• Personal information from a known child.

CONNECTICUT RESIDENTS

Last Updated: 2/18/2025

This supplements the information contained the Privacy Policy and applies solely to individuals who reside in the State of Connecticut. To exercise any of the rights described below consistent with applicable law, please follow the instructions provided in the “Exercising Your Rights” section of this document.

How We Collect, Use, Disclose, and Sell Information.

Your Rights.
Right to Access and Data Portability

Right to Correct

You have the right to correct inaccuracies in your personal information, taking into account the nature of and purposes for processing the personal information.

Right to Delete

You have the right to delete your personal information.

Right to Appeal Consumer Rights Request Responses

Right to Opt Out

You have the right to opt out of your personal information being processed:

• For targeted advertising;

• For the sale of personal information; or

• For profiling to make automated decisions that produce legal or similarly significant effects.

Right to Consent to the Processing of Sensitive Personal Data

You have a right to consent to the processing of your sensitive personal information, including:

• Personal information revealing racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, sex life or sexual orientation, citizenship or immigration status,

• Genetic or biometric data processed for the purpose of uniquely identifying an individual,

• Personal information from a known child, or

• Precise geolocation information.

DELAWARE RESIDENTS

Last Updated: 2/18/2025

This supplements the information contained the Privacy Policy and applies solely to individuals who reside in the State of Delaware. To exercise any of the rights described below consistent with applicable law, please follow the instructions provided in the “Exercising Your Rights” section of this document.

How We Collect, Use, Disclose, and Sell Information.

Your Rights.
Right to Access and Data Portability

Right to Correct

You have the right to correct inaccuracies in your personal information, taking into account the nature of and purposes for processing the personal information.

Right to Delete

You have the right to delete your personal information.

Right to Appeal Consumer Rights Request Responses

Right to Opt Out

You have the right to opt out of your personal information being processed:

• For targeted advertising;

• For the sale of personal information; or

• For profiling to make automated decisions that produce legal or similarly significant effects.

Right to Consent to the Processing of Sensitive Personal Data

You have a right to consent to the processing of your sensitive personal information, including:

• Personal information revealing racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, sex life or sexual orientation, status as transgender or nonbinary, national origin, citizenship or immigration status,

• Genetic or biometric data,

• Personal information from a known child, or

• Precise geolocation information.

INDIANA RESIDENTS

Last Updated: 2/18/2025

This supplements the information contained the Privacy Policy and applies solely to individuals who reside in the State of Indiana. To exercise any of the rights described below consistent with applicable law, please follow the instructions provided in the “Exercising Your Rights” section of this document.

How We Collect, Use, Disclose, and Sell Information.

Your Rights.
Right to Access and Data Portability

Right to Correct

You have the right to correct inaccuracies in your personal information, taking into account the nature of and purposes for processing the personal information.

Right to Delete

You have the right to delete your personal information.

Right to Appeal Consumer Rights Request Responses

Right to Opt Out

You have the right to opt out of your personal information being processed:

• For targeted advertising;

• For the sale of personal information; or

• For profiling to make automated decisions that produce legal or similarly significant effects.

Right to Consent to the Processing of Sensitive Personal Data

You have a right to consent to the processing of your sensitive personal information, including:

• Genetic or biometric data processed for the purpose of identifying a specific individual,

• Personal information from a known child, or

• Precise geolocation information.

IOWA RESIDENTS

Last Updated: 2/18/2025

This supplements the information contained in the Privacy Policy and applies solely to individuals who reside in the State of Iowa. To exercise any of the rights described below consistent with applicable law, please follow the instructions provided in the “Exercising Your Rights” section of this document.

1. How We Collect, Use, Disclose, and Sell Information.

We collect information that is linked or reasonably linkable to an identifiable individual and does not include de-identified data, aggregated data, or publicly available information (“personal information”). For more information about the information we collect and how we use, disclose, and sell personal information, please read the Privacy Policy.

2. Your Rights.

Right to Access and Data Portability

You have the right to confirm whether Fortis is processing personal information and to access this personal information. You may obtain personal information you previously provided Fortis in a portable and readily usable format, to the extent technically feasible.

Right to Delete

You have the right to delete the personal information you provided to Fortis.

Right to Opt Out

You have the right to opt out of the sale of your personal information.

Right to Appeal Consumer Rights Request Responses

You may appeal Fortis’s refusal to take action on your consumer rights request within a reasonable time after you received Fortis’s decision. Within 60 days of receipt of your appeal, we will notify you via a written response about the action Fortis has taken or not taken. You may contact the state Attorney General if you have concerns about the result of the appeal.

Right to Opt Out of the Processing of Sensitive Personal Data

You have a right to opt out of the processing of your sensitive personal information, including:

• Personal information revealing racial or ethnic origin, religious beliefs, sexual orientation, citizenship or immigration status, and mental or physical health diagnosis (except to the extent such data is used to avoid discrimination on the basis of a protected class),

• Genetic or biometric data processed for the purpose of uniquely identifying an individual,

• Personal information collected from a known child, or

• Precise geolocation information.

______________________________________________________________

KENTUCKY RESIDENTS

Last Updated: 2/18/2025

This supplements the information contained in the Privacy Policy and applies solely to individuals who reside in the State of Kentucky. To exercise any of the rights described below consistent with applicable law, please follow the instructions provided in the “Exercising Your Rights” section of this document.

1. How We Collect, Use, Disclose, and Sell Information.

2. Your Rights.

Right to Access and Data Portability

Right to Correct

You have the right to correct inaccuracies in your personal information, taking into account the nature of and purposes for processing the personal information.

Right to Delete

You have the right to delete your personal information.

Right to Appeal Consumer Rights Request Responses

You may appeal Fortis’s refusal to take action on your consumer rights request within a reasonable time after you received Fortis’s decision. Within 45 days of receipt of your appeal, we will notify you via a written response about the action Fortis has taken or not taken. You may contact the state Attorney General if you have concerns about the result of the appeal.

Right to Opt Out

You have the right to opt out of your personal information being processed:

• For targeted advertising;

• For the sale of personal information; or

• For profiling to make decisions that produce legal or similarly significant effects.

Right to Consent to the Processing of Sensitive Personal Data

You have a right to consent to the processing of your sensitive personal information, including:

• Personal information revealing racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, information about a person’s sex life, sexual orientation, citizenship or immigration status,

• Genetic or biometric data processed for the purpose of uniquely identifying an individual,

• Personal information from a known child, or

• Precise geolocation information.

MARYLAND RESIDENTS

Last Updated: 2/18/2025

This supplements the information contained in the Privacy Policy and applies solely to individuals who reside in the State of Maryland. To exercise any of the rights described below consistent with applicable law, please follow the instructions provided in the “Exercising Your Rights” section of this document.

How We Collect, Use, Disclose, and Sell Information.

Your Rights.
Right to Access and Data Portability

Right to Correct

You have the right to correct inaccuracies in your personal information, taking into account the nature of and purposes for processing the personal information.

Right to Delete

You have the right to delete your personal information.

Right to Appeal Consumer Rights Request Responses

Right to Opt Out

You have the right to opt out of your personal information being processed:

• For targeted advertising;

• For the sale of personal information; or

• For profiling to make decisions that produce legal or similarly significant effects.

Right to Consent to the Processing of Sensitive Personal Data

You have a right to consent to the processing of your sensitive personal information, including:

• Genetic or biometric data,

• Personal information from a known child, or

• Precise geolocation information.

MONTANA RESIDENTS

Last Updated: 2/18/2025

This supplements the information contained in the Privacy Policy and applies solely to individuals who reside in the State of Montana. To exercise any of the rights described below consistent with applicable law, please follow the instructions provided in the “Exercising Your Rights” section of this document.

How We Collect, Use, Disclose, and Sell Information.

Your Rights.
Right to Access and Data Portability

Right to Correct

You have the right to correct inaccuracies in your personal information, taking into account the nature of and purposes for processing the personal information.

Right to Delete

You have the right to delete your personal information.

Right to Appeal Consumer Rights Request Responses

Right to Opt Out

You have the right to opt out of your personal information being processed:

• For targeted advertising;

• For the sale of personal information; or

• For profiling to make decisions that produce legal or similarly significant effects.

Right to Consent to the Processing of Sensitive Personal Data

You have a right to consent to the processing of your sensitive personal information, including:

• Genetic or biometric data processed for the purpose of uniquely identifying an individual,

• Personal information from a known child, or

• Precise geolocation information.

NEBRASKA RESIDENTS

Last Updated: 2/18/2025

This supplements the information contained in the Privacy Policy and applies solely to individuals who reside in the State of Nebraska. To exercise any of the rights described below consistent with applicable law, please follow the instructions provided in the “Exercising Your Rights” section of this document.

How We Collect, Use, Disclose, and Sell Information.

Your Rights.
Right to Access and Data Portability

Right to Correct

You have the right to correct inaccuracies in your personal information, taking into account the nature of and purposes for processing the personal information.

Right to Delete

You have the right to delete your personal information.

Right to Appeal Consumer Rights Request Responses

Right to Opt Out

You have the right to opt out of your personal information being processed:

• For targeted advertising;

• For the sale of personal information; or

• For profiling to make decisions that produce legal or similarly significant effects.

Right to Consent to the Processing of Sensitive Personal Data

You have a right to consent to the processing of your sensitive personal information, including:

• Personal information revealing racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, sexuality, citizenship or immigration status,

• Genetic or biometric data processed for the purpose of uniquely identifying an individual,

• Personal information from a known child, or

• Precise geolocation information.

NEW HAMPSHIRE RESIDENTS

Last Updated: 2/18/2025

This supplements the information contained the Privacy Policy and applies solely to individuals who reside in the State of New Hampshire. To exercise any of the rights described below consistent with applicable law, please follow the instructions provided in the “Exercising Your Rights” section of this document.

How We Collect, Use, Disclose, and Sell Information.

Your Rights.
Right to Access and Data Portability

Right to Correct

You have the right to correct inaccuracies in your personal information, taking into account the nature of, and purposes for, processing the personal information.

Right to Delete

You have the right to delete your personal information.

Right to Appeal Consumer Rights Request Responses

Right to Opt Out

You have the right to opt out of your information being processed:

• For targeted advertising

• For the sale of personal information, or

• For profiling to make decisions that produce legal or similarly significant effects.

Right to Consent to the Processing of Sensitive Personal Information

You have a right to consent to the processing of your sensitive personal information, including:

• Personal information revealing racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, sex life or sexual orientation, or citizenship or immigration status,

• Genetic or biometric data processed for the purpose of uniquely identifying an individual,

• Personal information from a known child, or

• Precise geolocation data.

NEW JERSEY RESIDENTS

Last Updated: 2/18/2025

This supplements the information contained the Privacy Policy and applies solely to individuals who reside in the State of New Jersey. To exercise any of the rights described below consistent with applicable law, please follow the instructions provided in the “Exercising Your Rights” section of this document.

How We Collect, Use, Disclose, and Sell Information.

Your Rights.
Right to Access and Data Portability

Right to Correct

You have the right to correct inaccuracies in your personal information, taking into account the nature of, and purposes for, processing the personal information.

Right to Delete

You have the right to delete your personal information.

Right to Appeal Consumer Rights Request Responses

Right to Opt Out

You have the right to opt out of your information being processed:

• For targeted advertising

• For the sale of personal information, or

• For profiling to make decisions that produce legal or similarly significant effects.

Right to Consent to the Processing of Sensitive Personal Information

You have a right to consent to the processing of your sensitive personal information, including:

• Financial information, including your account number, account log-in, financial account, or credit or debit chard number, in combination with any required security code, access code, or password,

• Genetic or biometric data processed for the purpose of uniquely identifying an individual,

• Personal information from a known child, or

• Precise geolocation information.

Nevada RESIDENTS

NEVADA RESIDENTS

Last Updated: 2/18/2025

This supplements the information contained the Privacy Policy and applies solely to individuals who reside in the State of Nevada. To exercise any of the rights described below consistent with applicable law, please follow the instructions provided in the “Exercising Your Rights” section of this document.

How We Collect, Use, Disclose, and Sell Information.

We collect information about Nevada residents through a website or online service: first and last name; home or physical address; email address; telephone number; social security number; online or physical identifier; or other information that, combined with an identifier, makes the information personally identifiable (“covered information” or “personal information”). For more information about the information we collect and how we use, disclose, and sell personal information, please read the Privacy Policy.

Reviewing and Requesting Changes to Your Information.

You may review and request changes to your personal information collected through Fortis’s website or online services.

Opting Out of the Sale of Personal Information.

You may submit a verified request that Fortis not sell your personal information.

OREGON RESIDENTS

Last Updated: 2/18/2025

This supplements the information contained in the Privacy Policy and applies solely to individuals who reside in the State of Oregon. To exercise any of the rights described below consistent with applicable law, please follow the instructions provided in the “Exercising Your Rights” section of this document.

How We Collect, Use, Disclose, and Sell Information.

We disclose the following categories of personal information to the following third parties and service providers:

Third Party Categories of Personal Information

We disclose the indicated categories of your personal information for a business purpose to the following categories of third parties:

Independent sales agents (Data Categories A, B, C, D, L)
Debt collectors (Data Categories A, B, D, L)
Payment processors (Data Categories A, B, C, D, L)
Banks (Data Categories A, B, C, D, L)
Service providers (Data Categories A, B, D, I, L)

The nature of each category is described below. For more details, please see the data collection chart within our California Privacy Policy.

Category A: Identifiers.

Category B: California Customer Records personal information categories.

Category C: Protected classification characteristics.

Category D: Commercial information.

Category F: Internet or other similar network activity.

Category G: Geolocation Data.

Category L: Non-public sensitive personal information.

Your Rights.
Right to Access and Data Portability

Right to Correct

You have the right to correct inaccuracies in your personal information, taking into account the nature of and purposes for processing the personal information.

Right to Delete

You have the right to delete your personal information.

Right to Appeal Consumer Rights Request Responses

Right to Opt Out

You have the right to opt out of your personal information being processed:

• For targeted advertising;

• For the sale of personal information; or

• For profiling to make decisions that produce legal or similarly significant effects.

Right to Consent to the Processing of Sensitive Personal Data

You have a right to consent to the processing of your sensitive personal information, including:

• Personal information revealing racial or ethnic background, national origin, religious beliefs, a mental or physical health condition or diagnosis, sexual orientation, status as transgender or nonbinary, status as a victim of a crime, citizenship or immigration status,

• Genetic or biometric data,

• Personal information from a child, or

• Precise geolocation information.

TENNESSEE RESIDENTS

Last Updated: 2/18/2025

This supplements the information contained the Privacy Policy and applies solely to individuals who reside in the State of Tennessee. To exercise any of the rights described below consistent with applicable law, please follow the instructions provided in the “Exercising Your Rights” section of this document.

How We Collect, Use, Disclose, and Sell Information.

Your Rights.
Right to Access and Data Portability

Right to Correct

You have the right to correct inaccuracies in your personal information, taking into account the nature of and purposes for processing the personal information.

Right to Delete

You have the right to delete your personal information.

Right to Appeal Consumer Rights Request Responses

Right to Opt Out

You have the right to opt out of your personal information being processed:

• For targeted advertising;

• For the sale of personal information; or

• For profiling to make automated decisions that produce legal or similarly significant effects.

Right to Consent to the Processing of Sensitive Personal Data

You have a right to consent to the processing of your sensitive personal information, including:

• Personal information revealing racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, sex life or sexual orientation, citizenship or immigration status,

• Genetic or biometric data for the purpose of uniquely identifying a person,

• Personal information from a known child, or

• Precise geolocation information.

TEXAS RESIDENTS

Last Updated: 2/18/2025

This supplements the information contained in the Privacy Policy and applies solely to individuals who reside in the State of Texas. To exercise any of the rights described below consistent with applicable law, please follow the instructions provided in the “Exercising Your Rights” section of this document.

How We Collect, Use, Disclose, and Sell Information.

Your Rights.
Right to Access and Data Portability

Right to Correct

You have the right to correct inaccuracies in your personal information, taking into account the nature of and purposes for processing the personal information.

Right to Delete

You have the right to delete your personal information.

J. Right to Appeal Consumer Rights Request Responses

Right to Opt Out

You have the right to opt out of your personal information being processed:

• For targeted advertising;

• For the sale of personal information; or

• For profiling to make decisions that produce legal or similarly significant effects.

Right to Consent to the Processing of Sensitive Personal Data

You have a right to consent to the processing of your sensitive personal information, including:

• Personal information revealing racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, sexuality, citizenship or immigration status,

• Genetic or biometric data processed for the purpose of uniquely identifying an individual,

• Personal information from a known child, or

• Precise geolocation information.

UTAH RESIDENTS

Last Updated: 2/18/2025

This supplements the information contained in the Privacy Policy and applies solely to individuals who reside in the State of Utah. To exercise any of the rights described below consistent with applicable law, please follow the instructions provided in the “Exercising Your Rights” section of this document.

How We Collect, Use, Disclose, and Sell Information.

Your Rights.
Right to Access and Data Portability

Right to Delete

You have the right to delete the personal information you provided to Fortis.

Right to Opt Out

You have the right to opt out of your personal information being processed:

• For targeted advertising; or

• For the sale of personal information.

Right to Opt Out of the Processing of Sensitive Personal Data

You have a right to opt out of the processing of your sensitive personal information, including:

• Personal information revealing racial or ethnic origin, religious beliefs, sexual orientation, citizenship or immigration status, medical history, mental or physical health condition, medical treatment, or diagnosis by a health care professional,

• Genetic or biometric data processed for the purpose of uniquely identifying an individual, or

• Precise geolocation information.

VIRGINIA RESIDENTS

Last Updated: 2/18/2025

This supplements the information contained in the Privacy Policy and applies solely to individuals who reside in the Commonwealth of Virginia. To exercise any of the rights described below consistent with applicable law, please follow the instructions provided in the “Exercising Your Rights” section of this document.

How We Collect, Use, Disclose, and Sell Information.

Your Rights.
Right to Access and Data Portability

Right to Correct

You have the right to correct inaccuracies in your personal information, taking into account the nature of and purposes for processing the personal information.

Right to Delete

You have the right to delete your personal information.

Right to Appeal Consumer Rights Request Responses

Right to Opt Out

You have the right to opt out of your personal information being processed:

• For targeted advertising;

• For the sale of personal information; or

• For profiling to make decisions that produce legal or similarly significant effects.

Right to Consent to the Processing of Sensitive Personal Data

You have a right to consent to the processing of your sensitive personal information, including:

• Personal information revealing racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, sex life or sexual orientation, citizenship or immigration status,

• Genetic or biometric data processed for the purpose of uniquely identifying an individual,

• Personal information from a known child, or

• Precise geolocation information.

Changes to Our Privacy Notice

This privacy notice was last updated on February 18, 2025. Fortis reserves the right to amend this privacy notice at its discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on our website and update the notice’s effective date.

How the Fortis Privacy Policy applies to you.

The information contained in this Privacy Policy are examples only and are not intended to be all-inclusive. If you decide to close your merchant account or become inactive, or if we close or suspend your account, our Privacy Policy, will continue to apply. We may amend this Privacy Policy at any time, and we will inform you of changes as required by law. You may have other privacy protections under state laws, and we will comply with applicable state laws when we disclose information about you.

If you supply us with personal data and request information from us, we will contact you to provide you with the information you requested. We may also contact you to follow up on your job opportunity inquiries, or we may send you other information about Fortis and its products or services that we believe you would find interesting or helpful.

If you have any questions or comments about the Fortis Privacy Policy, please contact privacy@fortispay.com.

Fortis Payment Systems, LLC (“Fortis”)

6111 West Plano Parkway

Ste 2700

Plano, TX 75093

Date Last Revised: 2/18/2025

European Economic Area and United Kingdom PRIVACY NOTICE

This supplemental privacy notice (“Privacy Notice”) provides individuals in the European Economic Area (“EEA”) and United Kingdom (UK”) individuals additional information required by the EU General Data Protection Regulation (“EU GDPR”) and the UK General Data Protection Regulation (“UK GDPR”). These provisions, together with the statements in the general Fortis Privacy Policy above (“Privacy Policy”), set forth our practices with regard to EEA personal data. For EEA individuals, if there is a conflict between this Privacy Notice and the Privacy Policy, this Privacy Notice governs.

Contact Information:

Fortis Payment Systems, LLC (“Fortis”)

6111 West Plano Parkway

Ste 2700

Plano, TX 75093

Fortis is based in the United States.

This Privacy Notice sets forth our reasons for processing your personal information. Certain capitalized terms used but not defined in this Privacy Notice shall have the meanings set forth in our Privacy Statement.

Legal basis and purposes for data processing:

We only process personal information when we have a legal basis for the processing, including to complete a contractual necessity, to serve our legitimate interests, to comply with a legal obligation, to perform a task in the public interest, or to process your personal information with your consent. We may also process your personal information for the purposes of our own legitimate interests or for the legitimate interests of others so long as that processing does not outweigh your rights and freedoms. Specifically, we will only process your personal information consistent with the uses listed in Fortis’ general Privacy Policy, stated here.

Automated decision making and profiling:

We make automated-decisions and profile potential merchant partners based on risk and credit profiles, using information such as credit card processing statements, bank statements, and tax documents to generate profiles regarding potential merchant partners. We do not use personal information for automated decision making and profiling purposes with respect to individuals.

Personal information requirements:

You are generally not required to provide any personal information to Fortis, with the exception that if you become a Fortis employee, Fortis will collect personal information that Fortis is required to process to maintain the employment relationship. If you engage or access our services as a vendor partner, you are required to provide certain personal information to enable us to perform the services that you request, including your name and contact information. Customers of our vendor partners may be subject to additional personal information processing requirements imposed by our vendor partners, such as name, contact information, address, telephone number, and e-mail address.

Your rights:

You have choices regarding how we use your personal information. You are entitled to the following:

The right to access: You have the right to request copies of your personal information. We may charge you a minor fee for this service.

The right to rectification: You have the right to request that we correct any information that you believe is inaccurate. You also have the right to request that we complete information that you believe is incomplete.

The right to erasure: You have the right to request that we erase your personal information under certain conditions.

The right to object to processing: You have the right to object to our processing of your personal information, under certain conditions.

The right to data portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

In addition, when Fortis provides its services or acts as a data processor, we receive your personal information from third parties as needed to provide services. If Fortis is processing your personal information as a data processor, we will refer you to our client for assistance with these requests. We support our clients with responding to requests required by law.

You may also decline our marketing communications.

To exercise these rights, please contact us via email at privacy@fortispay.com or write to the address above. Note that for your protection, we may need to verify your identity before we can process your request.

If you believe that we have violated applicable law in our processing of your personal information, please contact us at privacy@fortispay.com or contact a supervisory authority.

Data Retention:

Your personal information will be retained for as long as the information is needed for the purposes set forth in our Privacy Statement and this supplemental Privacy Notice and for any additional period that may be required or permitted by law. The retention period depends on the purpose(s) for which the data was collected, how it is used, and applicable law. You may request that we delete your personal information by contacting us via email at privacy@fortispay.com or writing to us at the address above. If we do not have a legal basis for retaining your information, we will delete it as required by applicable law.

CANADA RESIDENTS

If you are a resident of Canada, you may have additional rights regarding your data.

Residents of Canada: Subject to our verification of your identity and to the extent provided by law, you have the rights to:

access your personal information that we hold
correct and update your personal information held by us
withdraw your consent to our use or communication of your personal information.

To exercise any of these rights or to make a complaint: please contact us at privacy@fortispay.com

EXERCISING YOUR RIGHTS

Depending on where you live, the rights described in this supplement may apply to you. To exercise your rights compatible with applicable law, please submit a verifiable consumer request via 1-855-465-9999; or email us at privacy@fortispay.com.

Verifiable Consumer Requests

Your verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected information, and describe your request in sufficient detail that allows us to properly respond to it. We cannot respond to your request if we cannot verify your identity and confirm that the information relates to you.

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To designate an authorized agent, please contact us via the methods noted above. If you are a California resident, you can designate an authorized agent to make a request on your behalf only if: (1) the authorized agent is a natural person or a business entity registered with the Secretary of State of California; and (2) you sign a written declaration that you authorize the authorized agent to act on your behalf. If you use an authorized agent under California law to submit a request to exercise your rights, please have the authorized agent take the following steps in addition to the steps described above:

Mail a copy of your signed written declaration authorizing the authorized agent to act on your behalf; and
Provide any information we request in our response to your email to verify your identity. The information requested will depend on your prior interactions with us and the sensitivity of the personal information at issue.

If you provide an authorized agent with power of attorney pursuant to California Probate Code sections 4121 to 4130, it may not be necessary to perform these steps and we will respond to any request from such authorized agent in accordance with the CCPA.

California, Iowa, Kentucky, Tennessee, Texas, Nebraska, and Virginia residents may make a verifiable consumer request twice within a 12-month period, free of charge, unless the request is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. Colorado, Connecticut, Delaware, Indiana, Montana, New Hampshire, New Jersey, Oregon, and Utah residents may make a verifiable consumer request, free of charge, once within a 12-month period; subsequent requests from residents in these states may warrant a fee.

Response Time

We will respond to verifiable consumer requests within the time allotted under applicable law, generally forty-five (45) days of its receipt. If we require more time (up to 45 days), we will inform you of the reason and extension period in writing in compliance with applicable law.

Response Content

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance in compliance with applicable law.

Method of Response

You do not need to create an account with us to make a verifiable consumer request. However, if you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.