Legal

Privacy Policy

Effective May 15, 2026. For questions, contact info@clearfin.dev.

Clearfin's default posture on data is conservative. We collect what the regulated payments stack requires, retain it only while we're obligated to, and never sell it. The detail below explains the why and the how.

This Privacy Policy describes how Clearfin LLC (“Clearfin,” “we,” or “us”) collects, uses, discloses, and protects personal information when you visit our websites, contact us about our payments platform, apply to process payments through us, or otherwise interact with our services.

We act as both a controller (for our marketing, sales, and prospect interactions) and a processor (for payments-related data we handle on behalf of merchants and acquiring partners). This Policy explains both roles.

Information we collect

Information you provide directly

When you contact us, request a sales conversation, or apply for a merchant account, we collect information you submit, which may include your name, business name and registered address, beneficial-owner identity information, contact details, processing history, bank-account details, government-issued identifiers required for KYC and KYB, and any materials you upload during application review.

Information collected automatically

Our websites collect standard log data — IP address, user-agent string, referring URL, pages viewed, and timestamps — to operate the site, prevent abuse, and analyze aggregate traffic patterns. We use Vercel Analytics for privacy-respecting traffic measurement; this does not place tracking cookies on your device for cross-site identification.

Information from third parties

As part of underwriting and ongoing risk monitoring, we obtain information from identity-verification vendors, business-registry providers, sanctions and adverse-media screening services, our acquiring and processing partners, and risk-intelligence providers. Where applicable, we also receive consumer-reporting information consistent with permissible-purpose requirements.

How we use information

  • To evaluate merchant applications and make underwriting decisions.
  • To detect fraud, monitor risk, and meet our anti-money-laundering obligations.
  • To provide, operate, and improve our payments platform and the dashboards used by merchants and our internal operations and risk teams.
  • To respond to support requests and communicate about your account or application.
  • To comply with legal, regulatory, card-network, and acquirer obligations, including record retention, sanctions screening, and reporting.
  • To enforce our agreements and protect the rights, safety, and property of users and the platform.

Legal bases (for users in jurisdictions that require them)

Where applicable, our legal bases for processing include performance of a contract, compliance with a legal obligation, our legitimate interests in operating a safe and compliant payments platform, and your consent where required.

How we share information

We share personal information with:

  • Acquiring and processing partners — to process card transactions and settle funds.
  • Compliance vendors — including identity-verification, KYB, sanctions-screening, and adverse-media providers.
  • Risk and analytics providers — for transaction monitoring and fraud detection.
  • Service providers — including cloud-infrastructure, analytics, customer-support, and email-delivery vendors operating under contract.
  • Authorities and law-enforcement — when legally required, including in response to subpoenas, court orders, suspicious-activity reporting obligations, or to protect the rights and safety of others.
  • Successors — in connection with a merger, acquisition, financing, or sale of assets, subject to confidentiality obligations.

We do not sell personal information.

Data retention

We retain personal information for the period necessary to fulfill the purposes described in this Policy and to satisfy legal, regulatory, card-network, tax, accounting, and recordkeeping requirements. Application records, transaction data, and risk-event logs are typically retained for at least seven years following the end of the relationship, consistent with industry standards.

Security

We maintain administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. Our control plane operates against a SOC 2 program currently in progress. Card data is processed within a PCI DSS Level 1 certified environment and does not traverse our infrastructure unencrypted. No method of transmission or storage is perfectly secure; we encourage you to use strong, unique credentials and notify us promptly of any suspected compromise.

Your rights

Depending on where you live, you may have rights to access, correct, delete, port, or restrict processing of your personal information, and to object to certain processing. Where applicable, residents of California, the EEA, the UK, and other jurisdictions can exercise these rights by contacting us at info@clearfin.dev. We will respond within the timeframe required by applicable law.

International transfers

Personal information may be processed in the United States and other jurisdictions where we, our affiliates, or our service providers operate. Where required, we use appropriate safeguards — including standard contractual clauses — to govern cross-border transfers.

Children

Our services are intended for businesses and adults. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, please contact us at info@clearfin.dev.

Changes to this Policy

We may update this Policy from time to time. The “Effective” date above will be revised when we do. Material changes will be communicated through our platform or by email to active customers.

Contact us

Clearfin LLC
info@clearfin.dev