Cookies Policy

1. Overview

ePayments Network ("EPN", "we", "our", or "us") is a payment processing platform operated by EverExpanse LLC. This Cookies Policy explains what cookies and similar tracking technologies we use, why we use them, and the choices you have.

This policy applies to:

- The EPN marketing website (epayments.network and subdomains)
- The EPN Merchant Dashboard (dashboard.epayments.network)
- The EPN payment pages and checkout iFrames embedded by merchants

Where EPN acts as a payment processor embedded within a merchant's website, that merchant's own cookie policy governs any cookies set by their storefront. Our cookies within the payment iFrame are governed by this policy.

2. What Are Cookies?

Cookies are small text files placed on your device (computer, tablet, or mobile) when you visit a website or interact with online services. They allow websites to recognise your device, remember your preferences, and collect information about how you use the service.

Beyond cookies, we may also use similar technologies:

- Local Storage & Session Storage — Browser-based key-value stores used to persist UI state within a single session or across visits.
- Pixel Tags / Web Beacons — Invisible 1×1 image pixels embedded in web pages or emails that confirm delivery or interaction.
- Device Fingerprinting — A combination of browser attributes (screen resolution, fonts, time zone, etc.) used specifically in our payment flow for fraud detection and PCI-mandated device binding — not for advertising.
- Server-Side Logs — IP addresses, request timestamps, and HTTP headers captured in our infrastructure logs for security monitoring and debugging.

For simplicity, this policy uses the word "cookies" to refer to all of the above technologies.

3. Categories of Cookies We Use

We group the cookies we use into four categories consistent with U.S. regulatory guidance, including FTC online privacy standards, the California Consumer Privacy Act (CCPA/CPRA), and applicable state privacy laws:

Strictly Necessary Cookies — Required for the Services to function. They enable core capabilities such as user authentication, payment session security, fraud prevention, and PCI DSS compliance. These cookies cannot be disabled without breaking the Services. No consent is required for their use.

Performance & Analytics Cookies — Help us understand how visitors use our website and platform so we can improve features and fix issues. Data is aggregated and, where possible, anonymised. These cookies require your consent.

Functional Cookies — Allow us to remember your preferences (language, timezone, theme) and enable features like live chat support. These cookies require your consent.

Targeting & Advertising Cookies — Used on our marketing website to measure the effectiveness of advertising campaigns on platforms such as Google, Meta, and LinkedIn. These cookies are never placed on payment pages or within the merchant dashboard. These cookies require your consent.

4. Cookies We Set

The tables below list every cookie currently in use across EPN properties. We update these tables whenever cookies are added or removed.

5. Legal Authority for Cookie Use

Strictly Necessary Cookies — These cookies are placed on the basis of legitimate business necessity to deliver a secure and compliant payment service. Under FTC Act Section 5 and applicable card network rules (Visa, Mastercard), these technical controls are required for PCI DSS-compliant payment processing. No consent is required to place these cookies.

Performance, Functional & Advertising Cookies — These optional cookies are deployed only with your prior consent, obtained through our cookie preference banner displayed on your first visit to the EPN marketing website. You may withdraw consent at any time (see Section 7).

California Residents (CCPA/CPRA) — Advertising cookies that enable cross-context behavioral advertising may constitute a "sale" or "sharing" of personal information under the CCPA/CPRA. You may opt-out by clicking "Do Not Sell or Share My Personal Information" in the website footer, or by enabling the Global Privacy Control (GPC) signal in your browser. EPN honors GPC signals as a valid opt-out of sale/sharing.

Other State Residents — Residents of Virginia (CDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and other states with active privacy laws have the right to opt-out of targeted advertising using the same mechanisms described above.

6. Cookies on Payment Pages

EPN takes a privacy-first approach to payment pages. When you interact with an EPN-powered checkout (whether hosted by EPN or embedded as an iFrame on a merchant's site):

- No advertising or analytics cookies are placed on payment pages.
- Only strictly necessary cookies are set — specifically those required for session integrity, CSRF protection, fraud detection, and PCI DSS compliance.
- Device fingerprinting on payment pages is used exclusively for fraud prevention and is not shared with advertising networks.
- Payment page data is processed in an isolated, PCI DSS Level 1 certified environment, logically separated from marketing infrastructure.

This approach is consistent with card network rules (Visa, Mastercard) and regulatory guidance that prohibits the use of cardholder data for marketing purposes.

7. Managing Your Cookie Preferences

Cookie Consent Banner — On your first visit to the EPN marketing website, we present a cookie consent banner. You can accept all optional cookies, reject optional cookies, or use the "Manage Preferences" panel to choose by category. Your choice is remembered for 12 months.

Browser Settings — Most browsers allow you to refuse or delete cookies through their settings. Common paths:

- Chrome — Settings → Privacy and security → Cookies and other site data
- Firefox — Settings → Privacy & Security → Cookies and Site Data
- Safari — Preferences → Privacy → Manage Website Data
- Edge — Settings → Cookies and site permissions

Note that disabling strictly necessary cookies will impair or prevent the use of the merchant dashboard and payment flows.

Opt-Out Links — For specific third-party cookies, you can also opt out directly:

- Google Analytics — tools.google.com/dlpage/gaoptout
- Google Ads personalisation — adssettings.google.com
- Meta ad preferences — facebook.com/ads/preferences
- LinkedIn ad opt-out — linkedin.com/psettings/guest-controls

Global Privacy Control (GPC) — EPN honours the GPC browser signal. If your browser broadcasts a GPC signal, we treat it as an opt-out of sale/sharing of personal information for CCPA purposes and will not set advertising cookies during that session.

Do Not Track (DNT) — We currently do not respond to DNT browser signals as there is no uniform standard, but we honour GPC as described above.

8. Third-Party Cookies & Links

Some cookies listed in Section 4 are set by third-party service providers (Google, Meta, LinkedIn, HubSpot, Intercom, Cloudflare, AWS). These third parties have their own privacy and cookie policies, and EPN does not control how they process data collected through their cookies.

EPN's website and dashboard may contain links to third-party websites. Those websites operate independently and are governed by their own cookie and privacy policies. We are not responsible for the cookie practices of external sites.

All third-party vendors we use for analytics and advertising are bound by data processing agreements that restrict their use of data collected on our behalf.

9. Cookie Retention Periods

Individual cookie lifespans are listed in the tables in Section 4. In general:

- Session cookies expire when you close your browser.
- Persistent cookies remain on your device for the duration stated, or until you delete them.

We periodically review the cookies we use and their retention periods, removing any that are no longer necessary. Updates to the cookie tables will be reflected in a revised version of this policy with an updated effective date.

10. Children's Privacy

Our Services are not directed to children under the age of 13, and we do not knowingly place cookies on devices used by children. If you believe a child has used a device to access EPN and cookies were placed without appropriate consent, please contact us at privacy@epayments.network.

11. Updates to This Policy

We may update this Cookies Policy from time to time to reflect changes in the cookies we use, changes in the law, or improvements to our consent management practices. Material changes will be communicated by updating the "Effective Date" at the top of this page and, where appropriate, by displaying a new consent banner. We encourage you to review this policy periodically.

12. Contact Us

If you have questions about this Cookies Policy or wish to exercise your privacy rights, please contact our Privacy Team:

Email: privacy@epayments.network
Mailing Address: ePayments Network — Privacy, EverExpanse LLC, 2201 Double Creek Dr Suite 3001, Round Rock, Austin, Texas USA - 78664

If you are a California resident and believe your CCPA/CPRA rights have not been adequately addressed, you may contact the California Privacy Protection Agency (CPPA) at cppa.ca.gov.