Conch Labs ("Company," "we," "us," or "our") operates EZBiller (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
1. Information We Collect
Information You Provide
- Account Information: Name, email address, password, phone number
- Business Information: Business name, address, EIN/tax ID, business type
- Identity Verification: Government ID, date of birth, Social Security Number (last 4 digits), and other KYC/KYB information required by our payment processor
- Financial Information: Bank account details for ACH payouts, payment card information (processed by Stripe)
- Customer Data: Information about your customers that you enter into the Service (names, emails, phone numbers, payment history)
- Communications: Information you provide when contacting support or providing feedback
Information Collected Automatically
- Usage Data: Pages viewed, features used, actions taken, time spent
- Device Information: Browser type, operating system, device type, IP address
- Log Data: Access times, error logs, referring URLs
- Cookies: Session cookies for authentication and preferences (see Section 7)
2. How We Use Your Information
We use collected information to:
- Provide the Service: Create accounts, process invoices, facilitate payments, send notifications
- Process Transactions: Enable ACH and card payments, manage refunds, prevent fraud
- Communicate: Send transactional emails, payment confirmations, reminders, and support responses
- Improve the Service: Analyze usage patterns, fix bugs, develop new features
- Ensure Security: Detect fraud, prevent abuse, protect accounts
- Comply with Law: Meet legal obligations, respond to lawful requests
- Marketing: Send promotional communications (with your consent, and you can opt out)
3. How We Share Your Information
We do not sell your personal information. We share information only as follows:
Service Providers
- Stripe: Payment processing, identity verification, fraud prevention
- Mailjet: Transactional email delivery
- Twilio: SMS notifications (for eligible plans)
- Sentry: Error tracking and monitoring
- Cloud Providers: Data hosting and storage
Other Disclosures
- Legal Requirements: When required by law, subpoena, or court order
- Safety: To protect rights, safety, or property of users or the public
- Business Transfers: In connection with a merger, acquisition, or sale of assets
- With Consent: When you direct us to share information
4. Data Retention
We retain your information for as long as necessary to:
- Provide the Service and maintain your account
- Comply with legal obligations (tax records, financial regulations)
- Resolve disputes and enforce agreements
Typical retention periods: Account data is retained while your account is active and for 7 years after closure for tax and legal compliance. Transaction records are retained for 7 years. You may request deletion of certain data (see Section 6).
5. Data Security
We implement industry-standard security measures:
- Encryption: All data is encrypted in transit (TLS/HTTPS) and at rest
- Access Controls: Role-based access, multi-factor authentication for admin systems
- PCI Compliance: Card data is handled by Stripe (PCI DSS Level 1 certified)
- Monitoring: Continuous security monitoring and incident response
- Regular Audits: Security assessments and vulnerability testing
While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
6. Your Rights and Choices
Depending on your location, you may have the following rights:
- Access: Request a copy of your personal information
- Correction: Request correction of inaccurate information
- Deletion: Request deletion of your information (subject to legal retention requirements)
- Portability: Request your data in a portable format
- Opt-Out: Unsubscribe from marketing communications
- Restrict Processing: Request limits on how we use your data
To exercise these rights, contact us at privacy@ezbiller.com. We will respond within 30 days.
7. Cookies and Tracking
We use cookies and similar technologies for:
- Essential Cookies: Authentication, security, session management (required)
- Preference Cookies: Remember your settings and preferences
- Analytics Cookies: Understand how the Service is used (can be disabled)
Most browsers allow you to control cookies through settings. Disabling essential cookies may prevent you from using the Service.
8. Third-Party Services
Our Service integrates with third-party services that have their own privacy policies:
9. Children's Privacy
The Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
10. International Data Transfers
The Service is operated in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, which may have different data protection laws than your country.
11. California Privacy Rights
California residents have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information is collected and how it's used
- Right to delete personal information
- Right to opt-out of the sale of personal information (we do not sell personal information)
- Right to non-discrimination for exercising privacy rights
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 30 days before they take effect. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.
13. Contact Us
For questions about this Privacy Policy or to exercise your privacy rights, contact us at:
Email: privacy@ezbiller.com
Address: Conch Labs, Colorado, USA
For data protection inquiries, you may also contact our Data Protection Officer at dpo@ezbiller.com.