Privacy Policy

We collect personal data that you provide to us directly, as well as information that is collected automatically or from third parties, as needed to provide our Services. The types of information we may collect include:

• Identification and Contact Information: This includes your name, email address, telephone number, and mailing address. For corporate or public sector customers, this may also include your job title, department, and organization name.
• Account Credentials: When you create an account, we collect a username and password (which is stored in an encrypted form). If we support single sign-on or federated identity (e.g., Google OAuth), we may collect tokens or IDs from those providers with your permission.
• Government IDs and Tax Information: In certain cases, particularly for payees receiving payments or organizations setting up payment services, we may collect government-issued identification numbers. For example, we might collect your Social Security Number (SSN) or Tax Identification Number (TIN/EIN) if needed for tax reporting (such as IRS Form 1099-K) or for compliance with KYC/AML regulations. We handle such sensitive identifiers with a high level of security and only request them when necessary.
• Financial Information: To facilitate payments, we collect information about your linked financial accounts. This may include bank account and routing numbers for ACH transfers, credit or debit card numbers and expiration dates for card payments, and details of any digital wallets or other payment methods you use with our Services. Glass Pay typically does not store full bank login credentials or full payment card numbers on our servers.
• Transaction Information: We maintain records of payments that you initiate or receive through Glass Pay, including date, time, amount, currency, payment method, sender and recipient names (or IDs), and any descriptions or metadata associated with the transaction.
• Device and Usage Information: We automatically collect certain information about your device and how you interact with our Services, including IP address, browser type, device type, operating system, and usage data such as pages visited and actions taken.
• Location Information: We may derive an approximate location from your IP address or during transactions to detect fraudulent activities or comply with region-specific regulations.
• Communications with Us: If you contact Glass Pay support or communicate with us via email, phone, chat, or otherwise, we will collect the information you provide.
• Public Sector Client Data: If you are using Glass Pay as part of a service to a public sector entity, Glass Pay may receive personal data on individuals from the public sector client necessary to issue payments.

We do not knowingly collect personal information from children under the age of 13 (or under the age of 16 in certain jurisdictions, or as defined by local law) as our Services are not directed to children.

Glass Pay uses the collected information for various legitimate business purposes, including:

• Providing and Improving the Services: We use personal data to operate the Glass Pay platform and provide you with the features and functionality you expect.
• Verification and Security: We use personal and financial information to verify your identity and protect against fraud, unauthorized transactions, claims, or other liabilities.
• Payment Execution: We use the relevant details to carry out your payment instructions and track transaction status.
• Communication: We use your contact information to communicate with you about the Services, including transactional confirmations, receipts, and account alerts.
• Compliance with Legal Obligations: We may process and retain your information as necessary to comply with financial regulations, tax reporting, sanctions screening, and other legal requirements.
• Enforcement of Terms and Policies: We may use data to enforce our Terms of Service and other policies.
• Aggregated and Anonymized Analytics: We may aggregate or anonymize personal data to perform analytics on payment trends, platform usage, and performance.

We will only process your personal data for the purposes outlined above or for compatible purposes. If we need to use your personal data for an unrelated new purpose, we will notify you and obtain your consent or ensure we have a lawful basis as required by applicable law.

Glass Pay respects your privacy and shares personal data only as necessary. We do not sell your personal information to third parties. We may share your information in the following contexts:

• With Payment Processing Partners:We share relevant information with third parties like Stripe, Finix, Plaid, Veem, Bank of America, and Brex in order to facilitate the financial services you've requested.
• With Other Service Providers: We use third-party service providers to perform certain business functions on our behalf, including cloud hosting, email and SMS delivery, analytics, and compliance tools.
• Within Our Corporate Group: We may share your information with affiliated entities for purposes consistent with this Privacy Policy.
• With Counterparties to Transactions: In the context of a payment, certain information necessarily will be shared with the other party of the transaction.
• Legal Compliance and Protection: We may disclose your information if required to do so by law or to protect the rights, property, or safety of Glass Pay, our users, our partners, or the public.
• Business Transfers: Your information may be transferred as part of a merger, acquisition, reorganization, bankruptcy, or sale of company assets.
• With Your Consent: We will share your information with third parties when you explicitly consent or request it.

Glass Pay requires any third parties with whom we share personal data to protect it in accordance with appropriate security and confidentiality standards.

Glass Pay uses cookies and similar technologies to recognize you and your device, to store preferences, and to understand usage of our Services. For example, we use cookies to keep you logged in as you navigate our site, or to remember your language preference.

You have control over cookies. Most web browsers allow you to delete or reject cookies. However, if you disable cookies, some features of the Services may not function properly.

Glass Pay takes the security of your personal information seriously. We implement a combination of technical, administrative, and physical safeguards to protect the data we collect and store:

• Encryption: All communications between your browser/app and our servers are encrypted using TLS (HTTPS). We also encrypt sensitive data at rest in our databases.
• Payment Data Protection: We do not store full credit card numbers or bank login credentials on our systems. Card data is handled by PCI-DSS compliant processors such as Stripe and Finix.
• Access Controls: We restrict access to personal data to authorized employees, contractors, and agents who need such access to operate, develop, or support our Services.
• Third-Party Security:We choose reputable third-party providers with strong security track records and compliance certifications. Links to some of our partners' security and compliance resources are available on our Security & Compliance page.
• Network Security: Our servers are protected by firewalls and network security measures, with regular vulnerability scans and penetration tests.
• Data Backups and Recovery: We perform regular backups of critical data with encrypted storage and disaster recovery plans.
• Monitoring and Incident Response: We have systems in place for monitoring the integrity and availability of the Services, with an incident response plan for data breaches or security incidents.

While we strive to protect your information, no system can be 100% secure. Choose a strong, unique password and notify us immediately if you suspect unauthorized activity in your account.

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Policy, or as required or permitted by law. For example:

• Transaction records, account information, and KYC data are typically kept for a minimum period to comply with financial regulations.
• If you close your Glass Pay account, we will either delete or anonymize your personal data within a reasonable time after account closure, except for information we are required to retain.
• We also retain logs and security records for a shorter period unless those logs are being used in an ongoing security investigation or legal matter.
• Aggregated or anonymized information may be retained for longer periods for analytics without further notice.

When we have no ongoing legitimate business need or legal obligation to process your personal information, we will securely dispose of it.

Glass Pay is based in the United States, and the majority of our data processing occurs in the U.S. If you are accessing the Services from outside the U.S., your personal information will likely be transferred to, stored in, and processed in the United States and possibly other countries.

When we transfer personal data internationally, we take steps to ensure that appropriate safeguards are in place, including Standard Contractual Clauses, adequacy decisions, and other mechanisms as required by applicable law.

If you are a user in a jurisdiction with data transfer restrictions, by using Glass Pay you acknowledge that your data will be transferred to the U.S. and processed there.

You may have certain rights regarding your personal information, depending on local laws. These rights may include:

• Access and Portability: You have the right to request a copy of the personal data we hold about you.
• Rectification (Correction): You have the right to ask us to correct inaccurate or incomplete personal information.
• Erasure: You have the right to request that we delete your personal data, subject to legal retention requirements.
• Restriction of Processing: You may request that we restrict processing of your data in certain circumstances.
• Objection to Processing: You have the right to object to certain processing, including direct marketing.
• Withdraw Consent: If we process your data based on consent, you may withdraw it at any time.
• Non-Discrimination: Glass Pay will not discriminate against you for exercising your privacy rights.

To exercise your rights, contact us using the details in the Contact Us section below. We may need to verify your identity before responding to your request.

We recognize that some of our clients are public sector entities and that special rules may apply to personal data handled in those contexts:

• If you are an individual whose data was provided to Glass Pay by a public sector client, Glass Pay is acting as a data processor on behalf of that public agency for much of your data. Your rights with respect to that data may need to be exercised through the relevant public agency.
• Glass Pay will handle government-related personal data in compliance with applicable regulations and in line with any contracts or agreements we have with the public entity. We will cooperate with our public sector clients to facilitate lawful disclosures under FOIA or state public records laws, and we will notify the related public sector client when requests are directed at us as a contractor, to the extent allowed by law.

We may update or revise this Privacy Policy from time to time. When we make changes, we will post the updated policy on our website and update the “Last Updated” date. For substantial changes, we will provide a more prominent notice. If you continue to use Glass Pay after any changes become effective, it constitutes your acceptance of the revised policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or about how your information is handled, please contact our Data Protection Officer (DPO) or Privacy Team at:

Social Glass, Inc.
Email: inbox@pay.glass
Address: 415 Mission St, Floor 37, San Francisco, CA 94105, USA
Attn: Privacy & Compliance

We will do our best to address and resolve any privacy issues you have. If you feel we have not addressed your question or concern satisfactorily, you may also contact your local data protection authority or regulatory body.

Thank you for trusting Glass Pay with your payments and personal information. We are committed to keeping that trust by continuously safeguarding your privacy.