EazePay
Get access
PlatformLead flowAgentsMarketplaceIndustriesFAQGet access
Legal

Privacy Policy

Last updated: June 2, 2026

This Privacy Policy explains how EazePay Inc. (“EazePay,” “we,” “us,” or “our”) collects, uses, discloses, secures, retains, and protects information about you when you visit our websites, contact us, apply for or use financing, make or accept payments, or otherwise use our payment-orchestration, prequalification, lending-marketplace, and related products and services (collectively, the “Services”). It also describes the choices and legal rights you have over your information. Please read it carefully. By using the Services, you acknowledge the practices described in this Policy.

1. Who we are; controller and processor roles

EazePay Inc. is a financial-technology company that provides the infrastructure: prequalification software, automated decisioning agents, a lender marketplace, an orchestration waterfall, application tracking, and payment processing, that powers consumer- and merchant-facing brands such as MedPay, TradePay, CoachPay, and VetPay.

For some processing we act as a business / controller that determines the purposes and means of processing (for example, operating our website and corporate relationships). For other processing we act as a service provider / processor on behalf of a business customer (such as a merchant or partner) under their instructions and contract; in those cases that customer's own privacy notice governs, and we process the information only as needed to provide the Services and as permitted by law.

2. Scope and updates to this Policy

This Policy applies to information processed through our public websites, hosted application pages, APIs, and SDKs. It does not apply to third-party websites, products, or services we do not own or control, including the lenders, processors, financial institutions, and verification vendors to whom an application or transaction may be routed; their handling of your information is governed by their own notices. We may update this Policy from time to time as described in Section 21.

3. Categories of information we collect

The specific information we collect depends on how you interact with the Services. Over the preceding 12 months, we may have collected the following categories:

(a) Information you provide directly

  • Identifiers and contact data, name, email address, postal address, phone number, business name, job title, and account credentials.
  • Application and financial information, information submitted through a prequalification or financing form, which may include date of birth, the last four digits of a Social Security number or other government identifier, income, employment, housing, requested amount, and similar details necessary to evaluate an application.
  • Payment information, card, bank-account, or other payment-instrument details used to process a transaction. Card data is tokenized and handled within a scope-minimized, PCI-aware environment; we do not store full primary account numbers on our general systems.
  • Communications and support content, the contents of messages, support tickets, survey responses, and call notes you share with us.

(b) Information collected automatically

  • Device and connection data, IP address, device and browser type, operating system, language, and mobile identifiers.
  • Usage and analytics data, pages and screens viewed, referring/exit pages, links clicked, session duration, timestamps, and similar interactions, collected via cookies, pixels, SDKs, and server logs.
  • Approximate location, derived from IP address for security, fraud prevention, and localization. We do not collect precise geolocation without consent.

(c) Information from third parties

  • Verification and risk data, from identity-verification vendors, consumer-reporting agencies (via soft inquiries that do not affect a credit score unless otherwise disclosed to you), fraud and device-intelligence providers, and sanctions / watchlist screening providers.
  • Business-customer and partner data, information our merchants and partners provide about applicants and transactions routed through the Services.

4. Sensitive information

Some information we process may be considered “sensitive” under applicable law, such as financial-account information, government identifiers, and precise data needed to evaluate an application. We use sensitive information only for the purposes permitted by law and necessary to provide the Services (such as completing a transaction, verifying identity, and preventing fraud), and we apply heightened safeguards. We do not use sensitive information to infer characteristics about you for advertising.

5. How we use information

  • To provide, operate, maintain, secure, and improve the Services;
  • To evaluate prequalification and financing requests and route them in parallel to appropriate lenders and partners;
  • To process payments, disbursement, settlement, refunds, and reconciliation;
  • To verify identity and to detect, investigate, prevent, and respond to fraud, money laundering, sanctions risk, and other unlawful or prohibited activity;
  • To create de-identified, aggregated, or statistical data, which we may use for any lawful business purpose;
  • To communicate with you, respond to inquiries, and send administrative, transactional, and (where permitted) marketing messages;
  • To comply with legal, regulatory, audit, tax, and recordkeeping obligations and to establish, exercise, or defend legal claims; and
  • For any other purpose disclosed to you at the time of collection or with your consent.

6. Legal bases for processing (EEA/UK)

Where the GDPR or UK GDPR applies, we rely on one or more of these legal bases: (a) performance of a contract with you; (b) compliance with a legal obligation; (c) our legitimate interests in operating, securing, and improving the Services and preventing fraud, balanced against your rights; and (d) your consent, which you may withdraw at any time without affecting prior processing.

7. How and with whom we share information

We may disclose information to the following categories of recipients:

  • Lenders and financing partners, to evaluate, decision, and fund an application you submit;
  • Payment processors, networks, and financial institutions, to authorize, process, and settle transactions;
  • Service providers and sub-processors, cloud hosting, data storage, analytics, identity verification, fraud prevention, customer support, and communications vendors who process information on our behalf under written agreements that restrict their use of the information;
  • Our business customers, the merchant or partner whose branded experience you used;
  • Professional advisors and auditors, lawyers, accountants, and auditors under confidentiality obligations;
  • Authorities and other parties, when required by law, regulation, subpoena, court order, or legal process, or to protect the rights, property, or safety of EazePay, our users, or the public, and to enforce our agreements; and
  • Successors, in connection with a merger, financing, acquisition, reorganization, bankruptcy, or sale of all or part of our assets, subject to this Policy.

8. We do not sell your personal information

We do not sell your personal information for monetary consideration, and we do not “share” it for cross-context behavioral advertising as those terms are defined under California and other state laws. We do not knowingly sell or share the personal information of anyone under 16. If our practices change, we will update this Policy and provide any opt-out mechanism required by law.

9. Financial privacy (GLBA)

Certain information we handle is “nonpublic personal information” under the Gramm-Leach-Bliley Act and its implementing regulations. We limit the collection, use, and disclosure of such information to what is permitted by law; maintain an information-security program with administrative, technical, and physical safeguards designed to protect it; and provide the privacy notices required of financial institutions where applicable. We do not disclose nonpublic personal information about you except as permitted by law or as described in this Policy.

10. Cookies and similar technologies

We use the following categories of cookies and similar technologies:

  • Strictly necessary, required to operate the site, authenticate sessions, balance load, and maintain security. These cannot be switched off in our systems.
  • Functional, remember your preferences and settings.
  • Analytics / performance, help us understand how the site is used so we can improve it. Used only where permitted.

You can control non-essential cookies through your browser settings or any cookie-preference controls we provide. Because there is no industry-standard response, we do not currently respond to browser “Do Not Track” signals, but we honor recognized opt-out preference signals (such as Global Privacy Control) where required by law.

11. Marketing communications and your choices

Where permitted, we may send you marketing about features and products that may interest you. You can opt out at any time by following the unsubscribe instructions in our emails or by contacting us. We will still send you non-promotional, transactional, and administrative messages about your account or transactions.

12. Data retention

We retain personal information for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law. To determine the appropriate period, we consider the amount, nature, and sensitivity of the information; the potential risk of harm from unauthorized use or disclosure; the purposes for which we process it; and applicable legal, tax, accounting, audit, anti-fraud, and regulatory requirements. Financial and transaction records may be retained for the multi-year periods required by applicable law. When information is no longer needed, we delete, de-identify, or securely archive it.

13. Information security

We maintain a written information-security program with administrative, technical, and physical safeguards designed to protect information against unauthorized access, use, alteration, disclosure, and loss. Measures include encryption in transit and at rest, tokenization of sensitive payment data, role-based and least-privilege access controls, network segmentation, logging and monitoring, vulnerability management, vendor due diligence, and employee training. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

14. Automated processing and decisioning

The Services use automated agents and models to support intake, scoring, routing, and fraud prevention. EazePay does not make final credit decisions; financing decisions are made by independent lenders. Where required by applicable law, you may have rights with respect to automated decisions that produce legal or similarly significant effects, including the right to request human review or information about the decision. Contact us to exercise any such right.

15. Your privacy rights

Depending on your jurisdiction, you may have the right to: (a) know and access the personal information we hold about you; (b) request correction of inaccurate information; (c) request deletion; (d) obtain a portable copy; (e) opt out of certain processing, including any “sale,” “sharing,” or targeted advertising; (f) limit the use of sensitive information; (g) withdraw consent; and (h) be free from unlawful discrimination for exercising your rights.

16. U.S. state privacy rights

Residents of states with comprehensive privacy laws, including California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and a growing number of others, may exercise the rights granted by those laws. Note that the GLBA and other sector-specific laws may exempt certain financial information from some of these rights.

California

California residents may request to know, access, delete, and correct personal information, and may direct us not to sell or share it and to limit the use of sensitive personal information. We do not sell or share personal information as defined by the CPRA. You may designate an authorized agent to submit requests on your behalf. We will not discriminate against you for exercising your rights.

17. How to exercise your rights

To make a request, email support@eazepay.com. We will verify your identity using information reasonably necessary to confirm it before acting, and we will respond within the timeframe required by applicable law. If we decline a request, you may appeal by replying to our decision; where required by law, we will inform you of any further appeal options, including contacting your state attorney general. Authorized agents must provide proof of authorization.

18. International data transfers

We are based in the United States and may process and store information in the United States and other countries that may have data-protection laws different from those in your country. Where we transfer personal information internationally in a manner governed by the GDPR or UK GDPR, we use appropriate safeguards such as the European Commission's Standard Contractual Clauses and the UK Addendum, and we take steps to ensure your information receives an adequate level of protection.

19. Children's privacy

The Services are intended for adults and are not directed to children under 18, and we do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will take appropriate steps to delete it.

20. Third-party links and services

The Services may contain links to, or interoperate with, third-party websites and services. We are not responsible for the privacy practices of those third parties, and we encourage you to review their privacy notices.

21. Changes to this Policy

We may update this Policy from time to time. We will post the revised Policy with a new “Last updated” date and, where required by law, provide additional notice or obtain your consent. Changes are effective when posted unless stated otherwise. Your continued use of the Services after the effective date constitutes acceptance.

22. Contact us and complaints

If you have questions, requests, or complaints about this Policy or our privacy practices, contact us:

EazePay Inc., Privacy Team
Email: support@eazepay.com

If you are in the EEA or UK, you also have the right to lodge a complaint with your local data-protection supervisory authority, although we encourage you to contact us first so we can address your concern.