End User Privacy Policy

1. Overview

ePayments Network ("EPN", "we", "our", or "us") is a payment processing platform operated by EverExpanse. This End User Privacy Policy explains how we collect, use, disclose, and safeguard personal information about individuals ("end users") who make purchases or otherwise transact with merchants that use the EPN platform to process payments. This policy is separate from the privacy policy that governs the relationship between EPN and its merchant customers.

2. Information We Collect

We collect the following categories of personal information when you interact with a merchant powered by EPN:

Payment & Transaction Data — Transaction amounts, approval or decline codes, masked card reference (e.g., last 4 digits and card type), and payment token issued by EPN's gateway partner. For ACH transactions: masked bank account and routing details. Raw card numbers, full CVV/CVC codes, and full expiration dates are collected directly by EPN's PCI DSS certified gateway partners and never transmitted to or stored on EPN's systems.

Identity & Contact Information — Full legal name, email address, phone number, and shipping address where provided during checkout.

Device & Technical Data — IP address, browser type, operating system, device identifiers, and session data collected to detect fraud and secure transactions.

Behavioral Data — Interaction patterns within the payment flow used solely for fraud prevention and service improvement.

We do not collect sensitive categories of personal information (such as health data or government-issued identification numbers) unless strictly required to fulfill a specific transaction.

3. How We Use Your Information

We process your personal information only for the following purposes:

- Transaction Processing — To authorize, settle, and reconcile payment transactions initiated at a merchant's checkout.
- Fraud Prevention & Security — To detect, investigate, and prevent fraudulent transactions, chargebacks, and unauthorized access.
- Legal & Regulatory Compliance — To meet obligations under applicable financial regulations, including PCI DSS, Bank Secrecy Act (BSA), and anti-money-laundering (AML) requirements.
- Dispute Resolution — To assist merchants and card networks in resolving payment disputes or chargebacks.
- Service Improvement — To analyze aggregated, de-identified transaction patterns and improve the reliability and security of the EPN platform.

We do not sell your personal information and do not use it for targeted advertising.

4. Sharing & Disclosure

We share end-user personal information only in the following circumstances:

With the Merchant — The merchant you transact with receives transaction confirmation details including your name, email, and shipping address as needed to fulfill your order.

With Payment Networks & Processors — Visa, Mastercard, and other card networks, as well as acquiring banks and settlement processors, receive data necessary to complete the transaction.

With Service Providers — We engage vetted third-party vendors (e.g., fraud detection, identity verification, cloud infrastructure) who process data on our behalf under strict data processing agreements.

For Legal Requirements — We may disclose information in response to lawful requests by public authorities, court orders, or as required by applicable law.

Business Transfers — In the event of a merger, acquisition, or sale of assets, personal information may be transferred subject to equivalent privacy protections.

We do not share your personal information with any third party for their own marketing purposes.

5. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce our agreements. Transaction records are generally retained for a minimum of five (5) years to satisfy financial regulatory requirements. Fraud-related data may be retained longer where necessary for ongoing investigations. We apply data minimization principles and delete or anonymize data when it is no longer required.

6. Security

ePayments Network is a payment technology platform that routes transactions through its network of certified payment gateway partners. Cardholder data you enter at checkout — including your card number, CVV, and expiration date — is collected and processed directly within those gateway partners' PCI DSS certified environments. That data does not transit or reside on EPN's own servers. EPN receives only a secure payment token, masked card reference (e.g., last 4 digits), and transaction result from the gateway.

For the merchant account and transaction metadata that EPN does handle on its own systems, we apply:

- TLS 1.2+ encryption for all data in transit
- AES-256 encryption for sensitive data stored at rest
- Continuous intrusion detection and security monitoring
- Multi-factor authentication on all internal systems
- Regular third-party security assessments of EPN's platform

If you believe your payment data has been compromised, contact the merchant and your card issuer immediately.

7. Your Privacy Rights

ePayments Network operates exclusively in the United States. The following rights apply to residents of U.S. states with applicable privacy laws:

Right to Know — You may request the categories and specific pieces of personal information we have collected about you and the purposes for which it is used.

Right to Access & Portability — Request a copy of the personal information we hold about you in a portable format.

Right to Correction — Request correction of inaccurate personal information we maintain about you.

Right to Deletion — Request deletion of your personal information, subject to legal and regulatory retention obligations (e.g., five-year financial record requirements under the Gramm-Leach-Bliley Act and the Bank Secrecy Act).

California Residents (CCPA/CPRA) — California residents have the right to know, delete, correct, limit use of sensitive personal information, and opt-out of the sale or sharing of personal information. EPN does not sell or share personal information as defined under the CCPA/CPRA.

Other State Residents — Residents of Virginia (CDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and other states with enacted privacy legislation may exercise equivalent rights under their respective state law.

To exercise your rights, submit a verified request to privacy@epayments.network. We will respond within 45 days, with a single 45-day extension where permitted by applicable law.

8. Cookies & Tracking Technologies

EPN uses strictly necessary cookies and similar technologies within the payment flow to maintain session integrity, prevent fraud, and comply with security requirements. We do not deploy advertising or analytics cookies on payment pages. For information about cookies used on a merchant's storefront outside of the EPN payment iframe, please refer to that merchant's own cookie policy.

9. Third-Party Links & Services

The EPN payment interface may be embedded within third-party merchant websites or mobile applications. This policy applies only to personal information processed by EPN. We are not responsible for the privacy practices of merchants or other third-party websites you may access before or after completing a payment. We encourage you to review the privacy policy of each site you visit.

10. Children's Privacy

EPN's payment processing services are not directed to children under the age of 13, and we do not knowingly collect personal information from children. If you believe a child has submitted personal information through a transaction on the EPN platform, please contact us at privacy@epayments.network and we will take steps to delete that information.

11. Data Processing Location

ePayments Network is headquartered and operates entirely within the United States. All personal information collected through the EPN platform is stored and processed on servers located in the United States, subject to U.S. federal and state privacy law, including the Gramm-Leach-Bliley Act (GLBA) and the California Consumer Privacy Act (CCPA/CPRA). Our Services are designed exclusively for U.S.-based merchants and their customers. If you access our Services from outside the United States, you acknowledge that your information will be transferred to and processed in the U.S.

12. Changes to This Policy

We may update this End User Privacy Policy periodically to reflect changes in our practices or applicable law. Material changes will be communicated by updating the "Effective Date" at the top of this page. We encourage you to review this policy each time you make a payment through an EPN-powered merchant.

13. Contact Us

If you have questions, concerns, or requests relating to this End User Privacy Policy or EPN's handling of your personal information, please contact our Privacy Team:

Email: privacy@epayments.network
Mailing Address: ePayments Network — Privacy, EverExpanse LLC, 2201 Double Creek Dr Suite 3001, Round Rock, Austin, Texas, USA - 78664

If you are a California resident and believe your CCPA/CPRA rights have not been adequately addressed, you may contact the California Privacy Protection Agency (CPPA) at cppa.ca.gov.