Skip to content
Home » Blog » Privacy Policy

Privacy Policy

  • by

Privacy Policy

SECTION 1 – INFORMATION WE COLLECT

When you use Bankful’s websites, dashboards, APIs, plug-ins, or related services (collectively, the “Services”), Bankful collects information necessary to provide, secure, and improve those Services, including:

  • Identification & Contact Information: Name, address, phone number, email, business details, tax ID.
  • Account & Authentication Data: User IDs, credentials, permissions, audit logs.
  • Billing & Transaction Data: Amounts, dates, merchant IDs, masked card or token data (Bankful never stores full PANs for direct gateway use).
  • Device & Network Data: IP address, browser type, operating system, device ID, diagnostics.
  • Usage & Telemetry: Feature use, performance, crash logs.
  • Support Records: Tickets, chat, and call logs.

When you visit our sites, we automatically receive your IP address and related technical data to ensure platform security and functionality.

SECTION 1A – RISK & COMPLIANCE PROCESSING

By applying for or using the Services, you expressly consent to Bankful’s collection, analysis, and retention of personal and business information for:

  • Risk assessment and fraud prevention
  • Know-Your-Customer (KYC) and Anti-Money-Laundering (AML) compliance
  • Merchant onboarding and underwriting
  • Regulatory and card-network obligations

Bankful may obtain and share information with acquiring banks, payment processors, identity-verification vendors, credit bureaus, or compliance partners to perform these functions. Such processing is essential to deliver the Services and is conducted under lawful bases including performance of contract, legitimate interests, and regulatory compliance.

SECTION 2 – CONSENT & COMMUNICATIONS

When you provide personal information or submit a merchant application, you authorize Bankful to collect, verify, store, and analyze that information to evaluate your application and provide Services.
You also authorize Bankful to obtain credit, business, or banking information from third-party sources as needed for underwriting.

Transactional Communications: By providing your phone or email, you consent to receive essential transactional, risk, and service-related messages (e.g., account alerts, security notices, billing updates).
Marketing Communications: If you opt in separately, Bankful may send promotional messages via email, SMS, or phone.
You may withdraw consent by replying STOP to SMS, clicking Unsubscribe in emails, or adjusting preferences in your account.
Bankful uses commercially reasonable efforts to process opt-out requests promptly; however, automated or pre-scheduled communications may continue briefly due to processing delays.
If you continue receiving unwanted communications after a reasonable period, contact support@bankful.com for manual removal, and Bankful will promptly update your preferences.

SECTION 3 – INFORMATION SHARING

Bankful may share information:

  • With service providers and processors under contract who assist in hosting, analytics, compliance, or support.
  • With acquiring banks, payment processors, and financial institutions selected by you or required for settlement.
  • To comply with law, regulations, or card-network rules, or to enforce our Agreement.
  • To protect rights, property, security, or integrity of Bankful or others.
  • In connection with a merger, acquisition, financing, or sale of assets.

By using the Services, you authorize these disclosures and acknowledge that Bankful exercises commercially reasonable diligence in selecting partners but is not responsible for their independent compliance or security practices.
Bankful does not sell personal information and does not share it for cross-context behavioral advertising.

SECTION 4 – DATA STORAGE & SECURITY

Bankful stores data in secure, access-controlled environments.
All direct payment gateways follow PCI DSS standards. Card data is tokenized or handled through PCI-compliant providers; Bankful does not store full card numbers.
Bankful implements administrative, technical, and physical safeguards designed to protect data; however, no security system is impenetrable, and Bankful cannot guarantee absolute security.
By using the Services, you acknowledge inherent risks in Internet transmissions.
Retention: Bankful retains data as long as necessary for operational, regulatory, and risk purposes—including up to seven (7) years after account closure—to meet audit, tax, and legal obligations.

SECTION 4A – COOKIES & ANALYTICS

We use necessary cookies to operate the Services and optional analytics cookies to improve performance.
Analytics data is aggregated or de-identified where feasible.
You can control cookie settings through your browser preferences.

SECTION 5 – THIRD-PARTY SERVICES & LINKS

Certain third-party services (e.g., payment gateways, hosting, analytics) operate under their own privacy policies.
When you connect third-party platforms or processors, their collection and use of data are governed by their terms.
Bankful is not responsible for the data handling practices of such providers once information has been transferred for legitimate business purposes.

SECTION 6 – USER RIGHTS & REGIONAL DISCLOSURES

A. General Rights
Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or port certain data, and to object to specific processing.

To exercise rights, contact support@bankful.com. We will verify and respond within timeframes required by applicable law.

B. California Residents
Under the California Consumer Privacy Act (CCPA), you may request to know, delete, or correct personal information and to limit use of sensitive data. Bankful does not sell personal information.

C. EU / UK Residents (GDPR)
Bankful maintains appropriate safeguards for cross-border data transfers and ensures adequate protection under GDPR.
You may exercise rights to access, rectify, erase (“right to be forgotten”), restrict, or object to processing, including automated decision-making used for risk or underwriting.
To submit a request, contact support@bankful.com; proof of identity may be required.

SECTION 7 – AGE OF CONSENT

By using the Services, you represent that you are at least the age of majority in your jurisdiction.
The Services are not intended for children under 13, and Bankful does not knowingly collect information from minors.

SECTION 8 – CHANGES TO THIS POLICY

Bankful may modify this Privacy Policy at any time. Revisions take effect immediately upon posting. Material changes will be communicated by email or other electronic means where applicable.
If Bankful is acquired or merged, your data may be transferred to the successor entity to continue providing Services.

SECTION 9 – CONTACT INFORMATION

For privacy questions, rights requests, or complaints, contact:
Bankful Privacy Compliance Team
support@bankful.com
2985 E. Hillcrest Dr., Suite 209
Thousand Oaks, CA 91362 USA
or 196e Campden Hill Road, London W8 7TH U