Articles of agreement

Privacy notice

Effective May 15, 2026. For questions, contact legal@clearfin.dev.

A short note from the house. We collect what a regulated clearing house is required to collect, hold it for as long as the rules say to hold it, and never sell it. The detail below explains what each item is, why we keep it, and what to do if you would like a copy or a correction.

This Privacy notice (the “Notice”) applies to the websites, application forms, dashboards, signed agreements, telephone and email correspondence, and other interactions you have with Clearfin LLC(the “house”, “we”, or “us”). It explains what personal information we collect, the purposes for which we use it, the parties with whom we share it, the periods for which we retain it, and the rights you may exercise.

We act as a controller of personal information when we correspond with a prospective merchant, an applicant, or a member of the public. We act as a processor of personal information when we are running clearing-house operations for an operator on the books, on instructions from that operator and from our acquiring partners. The two roles are addressed separately below.

1. What we collect

1.1 What you give us directly

When you write to the house, request an underwriting read, apply to be taken onto the books, or sign an operating agreement, we record what you send: your given name and surname, the registered name of your business and any trading name, your service and registered addresses, beneficial-owner identity material, contact addresses for telephone and email, your prior processing history where you choose to share it, the deposit account where settlement will be sent, the government-issued identifiers required for know-your-customer and know-your-business checks, and any documents you upload during application review.

1.2 What our websites observe

Our websites record standard log entries — the originating internet address, the user-agent string, the referring URL where applicable, the resources requested, and the timestamps. This is used to operate the websites, to discourage abuse, and to count traffic in aggregate. We use a privacy-respecting analytics service (Vercel Analytics) that does not place a cross-site tracking cookie on your device.

1.3 What we obtain from third parties

For underwriting and ongoing oversight, we obtain information from identity-verification vendors, business-registry providers, sanctions and adverse-media screening services, our acquiring and processing partners, and risk-intelligence providers. Where applicable, we obtain consumer-reporting information consistent with permissible-purpose rules.

2. Why we hold it

  • To read and decide on a merchant application.
  • To detect and disrupt fraud, to monitor risk, and to discharge our anti-money-laundering obligations.
  • To run the books, to operate the dashboards used by operators, and to support our own underwriting and risk staff.
  • To answer correspondence and to communicate with you about your account or application.
  • To meet legal, regulatory, card-network, and acquirer requirements, including record retention, sanctions screening, and reporting.
  • To enforce our agreements, and to protect the rights, safety, and property of users and the house.

3. Lawful bases (for users in jurisdictions that require them)

Where applicable, our lawful bases for processing are: the performance of a contract you are a party to or have asked us to consider entering into; compliance with a legal obligation; our legitimate interests in operating a safe and compliant clearing house; and your consent where required.

4. With whom we share

We disclose personal information to the following recipients:

  • Acquiring and processing partners. To present card transactions to the network and to settle funds.
  • Compliance vendors. Identity-verification, know-your-business, sanctions-screening, and adverse-media providers.
  • Risk and analytics providers. For transaction monitoring and fraud detection.
  • Service providers. Cloud-infrastructure, analytics, customer-correspondence, and email-delivery vendors operating under written contracts.
  • Authorities and law enforcement. Where compelled by law, including in response to subpoenas, court orders, suspicious-activity reporting requirements, or to protect the rights and safety of others.
  • Successors. In connection with a merger, acquisition, financing, or sale of assets, subject to confidentiality obligations.

We do not sell personal information. Selling is not part of how the house earns its keep.

5. How long we hold it

We retain personal information for the period reasonably necessary to carry out the purposes set out above and to satisfy our legal, regulatory, card-network, tax, accounting, and recordkeeping obligations. Application records, transaction data, and risk-event logs are typically retained for at least seven years after the operating relationship ends, in line with industry practice.

6. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information from unauthorised access, disclosure, alteration, and destruction. The control plane operates against a SOC 2 program currently underway. Card data is presented within a PCI DSS Level 1 certified environment and does not traverse our infrastructure unencrypted. No method of transmission or storage is perfect; please use strong, unique credentials and write to the house promptly if you suspect a compromise.

7. Your rights

Depending on where you live, you may have rights to obtain a copy of your personal information, to correct it, to delete it, to port it, or to restrict or object to certain processing. Residents of California, the European Economic Area, the United Kingdom, and other jurisdictions may exercise these rights by writing to the house at info@clearfin.dev. We will reply within the period required by applicable law.

8. Cross-border processing

Personal information may be processed in the United States and in other jurisdictions where the house, its affiliates, or its service providers operate. Where required, we use appropriate safeguards — including the standard contractual clauses approved by the European Commission — to govern transfers across borders.

9. Children

The clearing house operates as a service to businesses and to the adults authorised to act on their behalf. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, please write to info@clearfin.dev and we will remove it.

10. Changes to this Notice

We may revise this Notice from time to time. The effective date above will be revised when we do. Material changes will be communicated through the dashboard or by email to active operators on the books.

11. How to write to the house

Clearfin LLC
Cheyenne, Wyoming, United States
info@clearfin.dev