Invoice Cloud, Inc. Privacy Policy

Last Updated:  January 1, 2023

This “Privacy Policy” describes the privacy practices of Invoice Cloud, Inc. (“Invoice Cloud”, “we”, “us”, or “our”) in connection with the www.InvoiceCloud.net website, Invoice Cloud service portals, and any other website we own or control and which posts or links to this Privacy Policy (collectively referred to as, the “Services”), and the rights and choices available to individuals with respect to their information. 

This Privacy Policy does not cover or address the personal data and privacy practices relating to Invoice Cloud employees or other personnel.

This Privacy Policy is not a contract and does not create any legal rights or obligations.

Customer Data

Data protection laws sometimes differentiate between “controllers” and “processors” of personal data. A “controller” determines the purposes and means (or the why and the how) of processing personal data. A “processor,” which is sometimes referred to as a “service provider,” processes personal data on behalf of a controller subject to contractual restrictions.

As part of our business relationship with our customers, we are often asked to receive, gather, store, analyze, or otherwise process information, which may include personal data, on behalf of our customers. We refer to this type of information and personal data as “customer data.” When we process customer data, we generally act as a processor. This means we process customer data on behalf of our customers subject to restrictions set forth in our contracts with them.

This Privacy Policy does not cover or address how we or our customers process customer data in connection with our role as our customers’ processor. Instead, this Privacy Policy only covers our processing of personal data in our capacity as a controller. In addition, we are generally not permitted to respond to individual requests relating to customer data. As a result, we recommend referring to the privacy notice of the business or government organization with which you have a relationship for information on how they engage processors, like us, to process customer data on their behalf.

Region-Specific Disclosures

Depending on your country, region, or state of residence certain privacy rights may apply to you. Please refer below for disclosures that may be applicable to you:

Table of Contents

Page
Personal Data We Collect

How We Use Your Personal Data

How We Share Your Personal Data

Your Choices

Other Sites, Mobile Applications, and Services

International Data Transfers

Children

Notice to European Users

Retention

Information for Visitors from Outside of the United States

Changes to this Privacy Policy

How to Contact Us

Invoice Cloud, Inc. Cookie Policy

Additional U.S. Privacy Disclosures

 

What is Personal Data?

When we use the term “personal data” in this Privacy Policy, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to a person or household. It does not include aggregated or de-identified information that is maintained in a form that is not reasonably capable of being associated with or linked to a person.

Personal Data We Collect

Personal data you provide to us through the Services, or otherwise, may include:

  • Identifiers, such as your name, postal address, IP address, email address, phone number, and online account information;
  • Commercial information, such as records of the Services you have licensed or use, credit card, debit card, and related payment information;
  • Professional information, such as the name of your employer and your job title;
  • Internet and other electronic network activity information, such as your IP address, your device information, the length of time you spend with our Services, how often you use our Services, and other usage data; and
  • Other information that we may collect which is not specifically listed here, but which we use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection.

Information we obtain from social media platforms.  We may maintain pages for our Company on social media platforms, such as Facebook, LinkedIn, Twitter, Google, YouTube, and other third-party platforms.  When you visit or interact with our pages on those platforms, the platform provider’s privacy policy will apply to your interactions and their collection, use, and processing of your personal data.  You, or the platforms, may provide us with information through the platform, and we will treat such information in accordance with this Privacy Policy.

Cookies and other information collected by automated means.  We, our service providers, and our business partners may automatically log information about you, your computer, or mobile device, and activity occurring on or through the Services.  The information that may be collected automatically includes information about your computer or mobile device that may provide insight into the device operating system type and version number, manufacturer and model, device identifier, browser type, IP address, general location information such as city, state, or geographic area, and information about your use and actions on the Services, such as parts of the Services you viewed, how long you spend on a page or screen, navigation between pages or screens, information about your activity on a page or screen, access times, and length of access.  Our service providers and business partners may collect this type of information over time and across third-party websites and mobile applications.

On our webpages, this information may be collected using cookies, browser web storage (also known as locally stored objects), web beacons, or similar technologies, and our emails may also contain web beacons.  Dependent on your browser, you may configure your web browser to refuse all cookies or to indicate when a cookie is being sent, however, some features of the Service may not function properly if the ability to accept cookies is disabled.  Full details can be found on our Cookie Policy below.

We provide important information for individuals located in the European Union, European Economic Area, and United Kingdom (collectively, “Europe’ or “European”) below.

How We Use Your Personal Data

We use your personal data for the following purposes, and as otherwise described in this Privacy Policy or at the time of collection:

To operate the Services.  We use your personal data to:

  • Provide, operate, and improve the Services;
  • Provide information about our products and Services;
  • Establish and maintain your payer or biller profile on the Services;
  • Enable security features of the Services, such as by sending you security codes via email or SMS, and remembering devices from which you have previously logged in;
  • Communicate with you about the Services, including by sending you announcements, updates, security alerts, and administrative messages;
  • Communicate with you about events or surveys in which you participate;
  • Understand your needs and interests, and personalize your experience with the Services and our communications;
  • Provide support and maintenance for the Services; and
  • To respond to your requests, questions, and feedback.

For research and development.  We analyze use of the Services to improve the Services and to develop new products and services.  This includes studying user demographics and use of the Services.

To send you marketing and promotional communications.  We may send you Invoice Cloud-related marketing communications, as permitted by law.  You will have the ability to opt-out of our marketing and promotional communications as described in the “Opt-out of email communications” section below.

To display advertisements.  From time to time we may work with advertising partners to display advertisements elsewhere online.  These advertisements are delivered by our advertising partners and may be targeted based on your use of the Services or your activity elsewhere online.  To learn more about your choices in connection with advertisements, please see our Cookie Policy.

To manage our recruiting and process employment applications.  We use personal data, such as information submitted to us in a job application, to facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity and monitoring recruitment statistics.

To comply with law.  We use your personal data as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.

For compliance, fraud prevention, and safety.  We may use your personal data as we believe necessary or appropriate to:  (a) protect our, your, or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern the Services; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

With your consent.  In some cases, we may specifically ask for your consent to collect, use or share your personal data, such as when required by law.

To create Aggregate and De-Identified Information.  We may aggregate and/or de-identify any information collected so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”).  We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties at our discretion.

How We Disclose Your Personal Data

We may disclose your personal data in the following ways:

Affiliates.  We may share your personal data with our subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.

Customers.  We may share your personal data to enforce or apply the terms of any of our customers’ service or license agreements. Such data may be “customer data” as described above.

Partners.  We may share your personal data with our partners that help us offer the Services to you or who offer related services to you.  These third parties may use your personal data consistent with their privacy policies.

Service providers.  We may share your personal data with third party companies and individuals that provide services on our behalf or help us operate the Services (such as customer support, hosting, analytics, email delivery, marketing, and database management services).  These third parties may use your personal data only as directed or authorized by us and in a manner consistent with this Privacy Policy and are prohibited from using or disclosing your information for any other purpose.

Co-branded resources.  We may share your personal data with third party companies that partner with us on co-branded resources (such as case studies or contest).  These third parties may use your personal data consistent with their privacy policies.

Professional advisors.  We may disclose your personal data to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services they render to us.

To comply with law.  We may share your personal data as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.

For compliance, fraud prevention and safety.  We may share your personal data for the compliance, fraud prevention and safety purposes described above.

Business transfers.  We may sell, transfer or otherwise share some or all of our business or assets, including your personal data, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.

Aggregate/De-Identified information.  We may share Aggregate/De-Identified data from your personal data and other individuals whose personal data we collect for our lawful business purposes, including to analyze and improve the Services and promote our business.

Your Choices

In this section, we describe the rights and choices available to all users.  Users who are located within Europe can find additional information about their rights below.  Individuals who are residents of California, Nevada, and Virginia in the United States can find additional information about their rights below

Opt-out of email communications.  You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us at privacy@InvoiceCloud.com.  In some cases, we may need to send you “transactional” emails related to normal business operations.  For example, we may email you a reminder about an action you need to take related to the Services or about updates to the technology we use to provide the Services. You may not opt out of such service-related emails.

Online advertising and tracking.  Please refer to our Cookie Policy to learn more about how we work with third party partners to collect data through tracking technologies for various purposes, including analytics, advertising, and to understand your choices.  Opting-out of this type of advertising will not prevent you from seeing ads.  Ads that you do see will be randomly generated or based on the digital property in which they are displayed, rather than being tailored to you.

Cookies & Browser Web Storage.  We may allow service providers and other third parties to use cookies and similar technologies to track your browsing activity over time and across the Services and third-party websites.  In doing so, a cookie may enable us to determine what you look at and relate your use of the Services to your personal data.  You can set your browser to not accept cookies by following the instructions for your chosen browser, but this may limit your ability to use the Site.  For more details, see our Cookie Policy below.

Do Not Track.  Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit.  We currently do not respond to “Do Not Track” or similar signals.  To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Other Sites, Mobile Applications, and Services

The Services may contain links to other websites, mobile applications, and other online services operated by third parties as well as our affiliates or partners.  These links are not an endorsement of, or representation that we are affiliated with, any third party.  In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us.  We do not control third party websites, mobile applications or online services, and we are not responsible for their actions.  Other websites and services follow different rules regarding the collection, use and sharing of your personal data.  We encourage you to read the privacy policies of the other websites and mobile applications and online services you use.

International Data Transfers

We are headquartered in the United States.  If you are located outside the United States and submit personal data to us, you should be aware that the personal data will be transferred to our servers located in the United States.  Your submission of personal data to us constitutes your consent to the transfer.  Laws generally applicable to the protection of personal data in the United States may not be as stringent as those in your home jurisdiction.

European Union users should read the important information provided below about transfer of personal data outside of the European Union.

Children

The Services are not directed to, and we do not knowingly collect personal data from, anyone under the age of 13.  If you are under 13, please do not provide us your personal data.  If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at privacy@InvoiceCloud.com.  We will delete such information from our files as soon as reasonably practicable.  We encourage parents with concerns to contact us as outlined below.

Notice to European Users

The information provided in this “Notice to European Users” section applies only to individuals in Europe.

Personal data.  References to “personal data” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.

Processor.  Invoice Cloud is the processor of your personal data covered by this Privacy Policy for purposes of European data protection legislation.

Processing purpose

Details regarding each processing purpose listed below are provided in the section above titled “How we use your personal data”.

Legal basis
To operate the Services Processing is necessary to perform the contract governing our provision of the Services or to take steps requested by our customers, merchants, software providers, or partners prior to signing up for the Services.  If we have not entered into a contract with you, we process your personal data based on our legitimate interest in providing the Services.
These activities constitute our legitimate interests.  We do not use your personal data for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
To comply with law Processing is necessary to comply with our legal obligations.
With your consent Processing is based on your consent.  Where we rely on your consent you have the right to withdraw it any time by contacting us as outlined below.

 

Use for new purposes.  We may use your personal data for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it.  If we need to use your personal data for an unrelated purpose, we will notify you and explain the applicable legal basis.

Sensitive personal data.  We ask that you not provide us with any sensitive personal data (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services, or otherwise to us.

If you provide us with any sensitive personal data to us when you use the Services, you must consent to our processing and use of such sensitive personal data in accordance with this Privacy Policy.  If you do not consent to our processing and use of such sensitive personal data, you must not submit such sensitive personal data through our Services.

Retention

We retain personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

When we no longer require the personal data we have collected about you, unless prohibited by applicable law, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.  If we anonymize your personal data (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.

Information for Visitors from Outside of the United States

We are located in the United States, where the laws may be different and, in some cases, less protective than the laws of other countries.  By providing us with your personal data and using the Services, you acknowledge that your personal data will be transferred to and processed in the United States and other countries where we and our vendors operate.  If we receive or transfer your personal data from Europe, including the UK or Switzerland, to a third country and are required to apply additional safeguards to your personal data under European data protection legislation, we use good faith efforts to do so.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time.  If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it in a conspicuous location on the Services.  We may, and if required by law will, also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail (if you have an account where we have your contact information) or another manner through the Services.

Any modifications to this Privacy Policy will be effective upon our posting the new terms and/or upon implementation of the new changes on the Services (or as otherwise indicated at the time of posting).  In all cases, your continued visiting or use of the Services after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.

How to Contact Us

Please direct any questions or comments about this Privacy Policy or privacy practices to privacy@InvoiceCloud.com.

You may also write to us via postal mail at:

Invoice Cloud, Inc.

Attention:  Compliance
30 Braintree Hill Office Park, Suite 101
Braintree, MA 02184

Invoice Cloud, Inc. Cookie Policy

Last Updated:  January 1, 2023

This Cookie Policy explains how Invoice Cloud, Inc. (“Invoice Cloud”, “we”, “us” or “our”) uses cookies, web beacons, tracking pixels, and other technologies in connection with the www.InvoiceCloud.com website, Invoice Cloud service portals, and any other website we own or control and which posts or links to this Cookie Policy (collectively, the “Services”).  We may use cookies, and similar technologies to help customize the Services and improve your experience.

Information about the cookies we use may be updated from time to time and we will alert you about any changes by updating the “Last Updated” date at the beginning of this Cookie Policy.  Any changes or modifications will be effective immediately upon posting the updated Cookie Policy, and you waive the right to receive specific notice of each such change or modification.

You are encouraged to periodically review this Cookie Policy to stay informed of updates.  You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Cookie Policy by your continued use of the Services after the date such revised Cookie Policy is posted.

What are cookies?

A “cookie” is a string of information which assigns you a unique identifier that we store on your computer.  Your browser then provides that unique identifier to us each time you submit a query to the Services.  We use cookies on the Services to, among other things, keep track of your use of the Services, record registration information, record your user preferences, keep you logged into the Services, and track the pages you visit.  Cookies help us understand how the Services are being used and help us improve your user experience.

What types of cookies does Invoice Cloud use?

Our Services may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them).

More specifically, the following types of cookies may be used when you visit the Services:

Advertising Cookies

Advertising cookies are placed on your computer by advertisers and ad servers in order to display advertisements that are most likely to be of interest to you.  These cookies allow advertisers and ad servers to gather information about your visits to the Services and other websites, alternate the ads sent to a specific device, and track how often an ad has been viewed and by whom.  

Analytics Cookies

Analytics cookies monitor how users reached the Services, and how they interact with and move around once on the Services.  These cookies let us know what features on the Services are working the best and what features on the Services can be improved.

Our Cookies

Our cookies are “first-party cookies” and can be either permanent or temporary.  These are necessary cookies, without which the Services may not work properly or be able to provide certain features and functionalities.  Some of these may be manually disabled in your browser but disabling these cookies may affect the functionality of the Services.

Personalization Cookies

Personalization cookies are used to recognize repeat visitors to the Services.  We use these cookies to record your browsing history, the pages you have visited, and your settings and preferences each time you visit the Services.

Security Cookies

Security cookies help identify and prevent security risks.  We use these cookies to authenticate users and protect user data from unauthorized parties.

Service Management Cookies

Site management cookies are used to maintain your identity or session on the Services so that you are not logged off unexpectedly, and any information you enter is retained from page to page.  These cookies cannot be turned off individually, but you can disable all cookies in your browser.

Third-Party Cookies

Third-party cookies may be placed on your computer by our service providers and business partners when you visit the Services.  These cookies allow the third parties to gather and track certain information about you.  These cookies can be manually disabled in your browser.

Other Tracking Technologies

In addition to cookies, we may use web beacons, pixel tags, and other tracking technologies on the Services to help customize the Services and improve your experience.  A “web beacon” or “pixel tag” is tiny object or image embedded in a web page or email.  They are used to track the number of users who have visited particular pages, viewed emails, or acquire other statistical data.  They collect only a limited set of data, such as a cookie number, time and date of page or email view, and a description of the page or email on which they reside.  Web beacons and pixel tags cannot be declined.  However, you can limit their use by controlling the cookies that interact with them.

In addition to cookies, our Services may use other technologies, such as Flash technology, to collect information automatically.

Third Party Data Collection and Online Advertising

We participate in interest-based advertising and use third-party advertising companies to serve you targeted advertisements based on your browsing history.  We permit third-party online advertising networks, social media companies and other third-party services, to collect information about your use of our online Services over time so that they may play or display ads on the Services, on other websites, or services you may use, and on other devices you may use.  Typically, though not always, the information used for interest-based advertising is collected through tracking technologies, such as cookies, web beacons, embedded scripts, location-identifying technologies, and similar technology (collectively, “tracking technologies”), which recognize the device you are using and collect information, including click stream information, browser type, time and date you visited the site, AdID, precise geolocation and other information.  We may share a common account identifier (such as a hashed email address or user ID) with our third-party advertising partners to help identify you across devices.  We and our third-party partners use this information to make the advertisements you see online more relevant to your interests, as well as to provide advertising-related services such as reporting, attribution, analytics and market research.  We may also use services provided by third parties (such as social media platforms) to serve targeted ads to you and others on such platforms.  We may do this by providing a hashed version of your email address or other information to the platform provider.  See “Your Choices About Online Ads” below, to learn more about the choices you may have regarding interest-based advertising.

Google Analytics and Advertising.  We use Google Analytics to recognize you and link the devices you use when you visit our websites or Services on your browser or mobile device, log in to your account on the Services, or otherwise engage with us.   We share a unique identifier, like a user ID or hashed email address, with Google to facilitate the service.  Google Analytics allows us to better understand how our users interact with the Services and to tailor our advertisements and content to you.   For information on how Google Analytics collects and processes data, as well as how you can control information sent to Google, review Google’s site “How Google uses data when you use our partners’ sites or apps” located at  www.google.com/policies/privacy/partners/.  You can learn about Google Analytics’ currently available opt-outs, including the Google Analytics Browser Ad-On here https://tools.google.com/dlpage/gaoptout/.

For California, Nevada, and Virginia Residents: To exercise your right to opt-out of the sale or sharing of personal data as it relates to the use of cookies and other tracking technologies for analytics and targeted ads, email privacy@InvoiceCloud.com.

Your Choices About Cookies

Most browsers let you remove or reject cookies.  To do this, follow the instructions in your browser settings.  Many browsers accept cookies by default until you change your settings.  Please note that if you set your browser to disable cookies, the Services may not work properly.

For more information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org.  If you do not accept our cookies, you may experience some inconvenience in your use of the Services.  For example, we may not be able to recognize your computer or mobile device and you may need to log in every time you use the Services.

Your Choices About Online Ads

We support the self-regulatory principles for online behavioral advertising (Principles) published by the Digital Advertising Alliance (DAA).  This means that we allow you to exercise choice regarding the collection of information about your online activities over time and across third-party websites for online interest-based advertising purposes.  More information about these Principles can be found at www.aboutads.info.  If you want to opt out of receiving online interest-based advertisements on your internet browser from advertisers and third parties that participate in the DAA program and perform advertising-related services for us and our partners, please follow the instructions at www.aboutads.info/choices or http://www.networkadvertising.org/choices/ to place an opt-out cookie on your device indicating that you do not want to receive interest-based advertisements.   Opt-out cookies only work on the internet browser and device they are downloaded onto.  If you want to opt out of interest-based advertisements across all your browsers and devices, you will need to opt out on each browser on each device you actively use.  If you delete cookies on your device generally, you will need to opt out again. If you want to opt out of receiving online interest-based advertisements on mobile apps, please follow the instructions at http://www.aboutads.info/appchoices.

Cookie Management and the Right to Opt Out of the Sale or Sharing of Personal Data for Targeted Advertising Purposes

For California, Nevada, and Virginia Residents: Unless you have exercised your Right to Opt Out (as described in the “Your Privacy Choices” section of our Additional U.S. Privacy Disclosures), we may “sell” or “share” your personal data to third parties for targeted or cross-context behavioral advertising purposes.  The third parties to whom we sell or share personal data may use such information for their own purposes in accordance with their own privacy statements, which may include reselling or sharing this information to additional third parties.

You do not need to create an account with us to exercise your Right to Opt Out.  However, we may ask you to provide additional personal data so that we can properly identify you in our dataset and to track compliance with your opt-out request.  We will only use personal data provided in an opt-out request to review and comply with the request.  If you chose not to provide this information, we may only be able to process your request to the extent we are able to identify you in our data systems.

To exercise your right to opt-out of the sale or sharing of personal data as it relates to the use of cookies and other tracking technologies for analytics and targeted ads, email privacy@InvoiceCloud.com.

Once you make an opt-out request, you may change your mind and opt-in at any time by returning to this Cookie Policy and clicking the above link or contacting us at privacy@InvoiceCloud.com.

In addition, by visiting www.privacyrights.info or www.optout.privacyrights.info/?c=1, you can opt out from sales and sharing of this type of personal data by businesses that participate in the DAA’s CCPA App-based Opt-Out Tool.  To make opt-out requests related to mobile apps on your device for businesses participating in the opt out tool, you can download the appropriate app at https://www.privacyrights.info/appchoices. Please note that when you opt out of receiving interest-based advertisements, this does not mean you will no longer see advertisements from us or on our online Services.   It means that the online ads that you do see from DAA program participants should not be based on your interests.  We are not responsible for the effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs.  In addition, third parties may still use cookies to collect information about your use of our online Services, including for analytics and fraud prevention as well as any other purpose permitted under the DAA’s Principles.

For more information about how we collect, use and share your information, see our Privacy Policy above.

Contact Us

Please direct any questions or comments about this Cookies Policy, or Invoice Cloud’s privacy practices, to privacy@InvoiceCloud.com.  You may also write to us via postal mail at:

Invoice Cloud, Inc.
30 Braintree Hill Office Park, Suite 101
Braintree, MA 02184

Additional U.S. Privacy Disclosures

Last Updated:  January 1, 2023

These Additional U.S. Privacy Disclosures (the “U.S. Privacy Disclosures”) supplement the information contained in our Privacy Policy regarding the Invoice Cloud websites, products and service offerings, mobile applications and services that post or link to these U.S. Privacy Disclosures and apply solely to individual residents of the State of California, Nevada, and Virginia (“data subjects” or “you”).

These U.S. Privacy Disclosures provide additional information about how we collect, use, disclose and otherwise process personal data of individual residents of the State of California, Nevada, and Virginia, either online or offline.

Unless otherwise expressly stated, all terms in these U.S. Privacy Disclosures have the same meaning as defined our Privacy Policy.

Notices to Payers

Data protection laws sometimes differentiate between “controllers” and “processors” of personal data. A “controller” determines the purposes and means (or the why and the how) of processing personal data. A “processor,” which is sometimes referred to as a “service provider,” processes personal data on behalf of a controller subject to contractual restrictions.

Invoice Cloud provides online payment services as a “processor” or “service provider”, which help our business customers collect payments from individuals who pay their bills online (“Payers”).  For example, we may help your electric company collect and process your payments for your monthly electricity bill.

If you are a Payer and make payments through our services, we may collect personal data about you, such as your name, address, email, payment information, and payment history.  Our business customers (such as your electric company) are primarily responsible for how we use and disclose the personal data we collect in our role as a service provider.  For example, we only collect and process your payment information so that we can facilitate the payment of your bill on behalf of the business entity (our business customer) who is billing you.

If we process your personal data on behalf of one of our business customers, and you have questions about how we process your personal data, we may direct any inquiries about our use of your personal data to that business customer.

How We Collect and Use Personal Data

Our Privacy Policy contains a general description of the types of personal data we collect.  Please review the Personal Data We Collect,  How We Use Your Personal Data, and How We Disclose Your Personal Data sections of our Privacy Policy to learn more. While we do not “sell” personal data in the traditional sense, we do, however, sell or share personal data for the purpose of displaying advertisements that are selected based on personal data obtained or inferred over time from an individual’s activities across businesses or distinctly-branded websites, applications, or other services (otherwise known as “targeted advertising” or “cross-context behavioral advertising”).

Within the past 12 months, we may have collected the following categories of personal data:

  • Identifiers, such as name, postal address, IP address, email address, phone number, and online account information;
  • Commercial information, such as records of the Services purchased from us;
  • Professional information, such as employer name and job title;
  • Internet and other electronic network activity information, such as IP address, device information, the length of time spent with our Services, how often the Services are used, and other usage data;
  • Geolocation data, such as physical location made available through IP address or other means;
  • Sensory information, such as audio, electronic, visual, olfactory, or similar information;
  • Biometric information, such as facial imagery, a voiceprint, or similar information.
  • Inferences drawn from personal data to create a profile, such as reflecting preferences, characteristics, attitudes, behavior, etc.

We use personal data primarily to provide services to our business customers, which is described in more detail in our Privacy Policy.  Within the past 12 months, our use of personal data will depend on the interaction with us.  For example:

  • If an account exists, we may have used identifiers, commercial information, and internet and other electronic network activity information to create, register, manage, and service that account.
  • If our services have been used, we may have used identifiers, commercial information, and internet and other electronic network activity information to provide customer support services.
  • From time to time, we may have used identifiers, commercial information, and professional information to send information and updates regarding our services.
  • If an inquiry was submitted, feedback provided through a survey, or otherwise contacted us, we may have used identifiers and the other information provided to respond and /or implement that request.
  • We may also have used personal data to verify identity, maintain the security of our platforms, enhance user experience, deliver personalized content, and otherwise improve our websites, portals and other services.

Sensitive Information

The following personal data elements we collect may be classified as “sensitive” under certain privacy laws (“sensitive information”):

  • Account name and password;
  • Driver’s license number;
  • Credit/debit card number plus expiration date and security code (CVV); and
  • Biometric Information.

As described in our Privacy Policy, we use account name and password, as well as payment card information and driver’s license number, and biometric information, to provide certain of our products and services. 

We do not sell or share sensitive information, and we do not process or otherwise share sensitive information for the purpose of targeted advertising.

Deidentified Information

We may at times receive, or process personal data to create, deidentified information that can no longer reasonably be used to infer information about, or otherwise be linked to, a particular individual or household. Where we maintain deidentified information, we will maintain and use the information in deidentified form and not attempt to reidentify the information except as required or permitted by law.

How We Disclose Personal Data

In order to provide our services, we may disclose personal data to third parties for certain business purposes.  In the past 12 months, we have disclosed personal data to the following categories of third parties for the business purposes described above in “How We Collect and Use Personal Data”:

  • To our service providers:  We may have shared personal data with third-party service providers, such as payment processors, clearinghouses, payment settlement organizations, platform hosting providers, and website analytics providers, who help us provide Services to business customers.  We require that our service providers not use or disclose personal data for any purpose other than for providing services to us.
  • To your respective Payers:  We may have shared personal data with business customer respective payers only to the extent necessary to process transactions.
  • To our affiliates for operational or other business purposes:  We may have shared personal data with our affiliates for operational or business purposes such as those outlined above.
  • As part of a reorganization event:  In the event we go through a business transition, such as a merger, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or sale of all or a portion of our assets, we may have disclosed Personal data to the party or parties of such transaction.
  • To law enforcement or other governmental authorities:  From time to time, we may have disclosed personal data to law enforcement or government agencies (i) when we, in good faith, believed there was unlawful activity; (ii) when we believed it was necessary or appropriate to satisfy any law, regulation or other governmental request; (iii) to respond to government-issued subpoenas, warrants or court orders; (iv) to otherwise comply with our legal obligations; and (v) when we believed disclosure was necessary to protect the health and safety of our personnel, our users and the general public.

Your Privacy Rights

Depending on your state of residence, you may be able to exercise some or all of the following rights in relation to the personal data we have collected about you:

The Right to Know The right to confirm whether we are processing personal data about you and, under California law only, to obtain certain personalized details about the personal data we have collected about you, including:

  • The categories of personal data collected;
  • The categories of sources of the personal data;
  • The purposes for which the personal data were collected;
  • The categories of personal data disclosed to third parties (if any), and the categories of recipients to whom this personal data were disclosed;
  • The categories of personal data sold (if any), and the categories of third parties to whom the personal data were sold; and
  • The categories of personal data shared for targeted advertising purposes (if any), and the categories of recipients to whom the personal data were disclosed for these purposes.
The Right to Access & Portability The right to obtain access to the personal data we have collected about you and, where required by law, the right to obtain a copy of the personal data in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.
The Right to Correction The right to correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes of the processing of the personal data.
The Right to Request Deletion The right to request the deletion of personal data that we maintain about you, subject to certain exceptions.
The Right to Control Over Sensitive Information The right to direct us to limit the use of your sensitive personal data to certain purposes, including to perform the services or provide the goods reasonably by an average consumer who requests those goods or services.
The Right to Opt Out of Sales or Sharing for Targeted Advertising Purposes The right to direct us not to sell or share personal data for certain targeted or cross-context behavioral advertising purposes.
“Shine the Light” California residents that have an established business relationship with us have rights to know how their information is disclosed to third parties for their direct marketing purposes under California’s “Shine the Light” law (Civ. Code §1798.83).

 

If you choose to exercise your rights, you have the right not to receive retaliatory or discriminatory treatment. That means, that if you exercise some of these rights, it may limit our ability to process your personal data and provide certain features of our Services to you. In addition, the exercise of the rights described above may result in a different price, rate, or quality level of product or service where that difference is reasonably related to the impact the right has on our relationship or is otherwise permitted by law.

How to Exercise Your Privacy Rights

To exercise any of these rights you may,

    • Requestor’s first and last name;
    • Primary e-mail address;
    • Primary phone number; 
    • State of residency; and
    • Type of request.

We will take steps to verify your identify before processing your request.

We will not fulfill your request unless you have provided sufficient information for us to reasonably verify your identity.  For example:

  • If you have an account with us, we may use our existing account authentication practices to verify your identity.

 

  • If you do not have an account with us, we may request additional information about you to verify your identity.  As a result, we require requests to include name, email address, and state of residency. Although we try to limit the personal data collected in connection with a request to exercise any of the above rights, certain requests may require us to obtain additional personal data from you.  In certain circumstances, we may decline a request, particularly where we are unable to verify your identity or locate your information in our systems, or where you are not a resident of one of the eligible states. We will only use the personal data provided in the verification process to verify your identity and to track and document request responses, unless you have initially provided the information for another purposes.

To Exercise the Right to Opt Out of the Selling or Sharing of Personal Data for Targeted Advertising Purposes

Unless you have exercised your Right to Opt Out, we may “sell” or “share” your personal data to third parties for targeted or cross-context behavioral advertising purposes. The third parties to whom we sell or share personal data may use such information for their own purposes in accordance with their own privacy statements, which may include reselling or sharing this information to additional third parties. 

You do not need to create an account with us to exercise your Right to Opt Out. However, we may ask you to provide additional personal data so that we can properly identify you in our dataset and to track compliance with your opt out request.  We will only use personal data provided in an opt out request to review and comply with the request.  If you chose not to provide this information, we may only be able to process your request to the extent we are able to identify you in our data systems.

To exercise your right to opt-out as it relates to the use of cookies and other tracking technologies for analytics and targeted ads, please email privacy@invoicecloud.com

Authorized Agents

In certain circumstances, you may use an authorized agent to submit requests on your behalf through the designated methods set forth above where we can verify the authorized agent’s authority to act on your behalf. In order to verify the authorized agent’s authority, we generally require evidence of either (i) a valid power of attorney or (ii) a signed letter containing your name and contact information, the name and contact information of the authorized agent, and a statement of authorization for the request. Depending on the evidence provided and your state of residency, we may still need to separately reach out to you to confirm the authorized agent has permission to act on your behalf and to verify your identity in connection with the request.  To protect your personal data, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf.

Appealing Privacy Rights Decisions

Depending on your state of residency, you may be able to appeal a decision we have made in connection with your privacy rights request. All appeal requests should be submitted by emailing us at  privacy@invoicecloud.com with the subject line, “Privacy Request Appeal.”

Minors Under 16 Years Old

We do not sell the personal data of consumers we know to be less than 16 years of age.  Please contact us at privacy@invoicecloud.com to inform us if you, or your minor child, are under the age of 16..

Updates to these U.S. Privacy Disclosures

We will update these U.S. Privacy Disclosures from time to time.  When we make changes to these U.S. Privacy Disclosures, we will change the “Last Updated” date at the beginning of this notice.  If we make material changes to these U.S. Privacy Disclosures, we will notify you by email to your registered email address, by prominent posting on our online services, or through other appropriate communication channels. All changes shall become effective from the “Effective Date,” unless otherwise provided in the notice.

Contact Us

If you have any questions or concerns in connection with these U.S. Privacy Disclosures or other privacy-related matters, please email us at privacy@invoicecloud.com or by calling 1-888-603-0094.