GFT Pay Inc.
PRIVACY POLICY
Effective Date: April 1, 2026
GFT Pay Inc. (“GFT,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Notice explains how we collect, use, share, and protect your personal information when you use GFT’s products and services, including our website, mobile application, digital payment cards, and wallet integrations (collectively, the “Services”). Please note that this Privacy Notice does not apply to websites owned and operated by third parties regardless of whether our Services are linked to them. Websites not owned or operated by us will be subject to their own privacy policies. We have no control over third-party companies or their privacy policies.
Types of Information We Collect
We may collect the following types of information when you use our products, services, or mobile application, or visit our websites:
- “Personal Information” is information that we may collect that identifies you as an individual, customer, or consumer and include your name, phone number, and email address. We may also collect personal information to conduct identity verification, when required by applicable law or regulation, such as date of birth, social security number or tax identification number, driver’s license number, mailing address, government-issued photo identification, and your account number(s). Where identity verification requires the use of a third-party service provider, that provider may process your information, including photographs or biometric data, subject to their own privacy practices and contractual restrictions that limit their use of your information to identity verification purposes only.
- “Non-Personal Information” is information that we may collect that does not identify an individual, customer, or consumer. Examples of non-personal information are the version of internet browser, the computer or mobile device’s operating system, information from tracking technologies (e.g., “Cookies”), websites visited on the applicable device, the device’s IP address, and location information or other data. Non-Personal Information is not necessarily specific to any individual, but is device-specific.
- “Payment Card Data” is information related to the payment instrument used to add funds (“load”), reload, or other transaction with GFT cards and includes card number, expiration date, and CVV. Such information is collected by payment processors, but not stored by GFT. For cards loaded via ACH directly from a bank account, bank account and routing numbers are collected by payment processors, but not stored by GFT.
How We Collect Your Information
We collect Personal Information about you when you request information about, apply for, or use our products or services, register for online or mobile account access, contact us for customer service, communicate with us through social media, or otherwise interact with us. We may also collect Personal Information about you from other sources, such as public databases, credit reporting agencies, social media platforms, affiliated companies, and other third parties.
We also collect Non-Personal Information about your online and mobile activity automatically using the following tracking technologies:
- HTTP cookies (“Cookies”) are pieces of information that are stored directly on the device you are using. Cookies provide us with anonymous online and mobile activity information such as the time of your site visits and the pages you viewed. Cookies are commonly used with internet browsers, and do not harm your computer or device. You may manage your device’s cookie settings through the settings on your device and/or browser.
- Mobile advertising ID’s (MAIDs) are similar to Cookies but are used in connection with a mobile device. MAIDs are user-specific, resettable identifiers provided by your mobile device operating system. When we use MAIDs, your identity is not directly associated with the MAIDS identifier. You can reset your MAIDS by following these steps: (a) for Google Android, open Google Settings on your Android device, tap the Ads Menu under Services, tap “reset advertising ID”, and confirm the reset when the confirmation prompt is displayed; (b) for Apple devices, open the Settings app, tap Privacy, scroll down to the bottom of the page and tap Advertising, tap “reset Advertising Identifier”, confirm this choice by tapping “reset Advertising Identifier” again. Please note that the prior steps may be modified by Google and/or Apple at their discretion at any time.
- Web beacons and pixel tags (“Beacons and Tags”) are technologies that allow tracking of your online activity and websites you visited. Beacons and Tags may gather anonymous information such as your device’s operating system, your device’s IP address, and time and duration of your website visits.
You may disable these tracking technologies or opt-out of targeted advertising generally in the settings menu of your internet browser, computer or mobile device, or some combination thereof depending on your browsing device or application usage. For Apple devices, open the Settings app, tap Privacy, scroll down to the bottom of the page and tap Advertising, then turn the Limit Ad Tracking button to “ON”. For Android devices, tap Menu, tap Google Settings, tap Ads, and then check the box identified as “Opt-out of interest-based ads.” Note: These settings may change at any time and without notice to GFT by either Apple or Google.
How We Use Collected Information
We use information we collect about you to:
- process your requests for our products or services and provide those products or services to you;
- provide relevant information to you about our products and services, including, but not limited to, important changes to our policies and terms and conditions;
- make improvements to and personalize our products and services;
- communicate with you about your account(s) and transactions, including inviting you to participate in surveys, contests, and other promotions;
- track the effectiveness of our advertisements;
- detect, respond to, and protect against illegal activity, activity which may violate our business policies, or activity which may compromise our business operations or security;
- detect, respond to, and protect against fraud, security breaches, identity theft, and other risks of harm;
- maintain and service your account; respond to your requests;
- comply with applicable legal and regulatory obligations;
- honor your personal settings (e.g., font size, location);
- enhance your online and mobile experience; and/or
- improve our products and services; and provide targeted marketing to you.
Sharing Your Information
If you are our customer or former customer, we will share your information in order to process transactions or otherwise make the products and services operational, including sharing with the issuing bank, the payment card networks, and our vendors or service providers.
We may also share your personal information, including contact information and transaction history (but not Payment Card Data), with the merchant whose program you participate in. That merchant’s use of your information is governed by their own privacy notice and applicable law. Because this sharing is necessary to provide the gift card or stored value program you enrolled in, it is not subject to an opt-out under applicable financial privacy laws.
Except as set forth in this notice, we will not share your information unless required to do so by law, such as to comply with federal, state, or local laws or to comply with a properly issued subpoena or summons by Federal, state, or local authorities.
Except as described in this notice, we will not sell or lease the information we collect about you to unaffiliated third parties for their direct marketing of products or services unrelated to the stored value card program you enrolled in.
Keeping Your Information Secure
We are committed to keeping your information secure. To protect your information from unauthorized access and use, we use security measures designed to comply with federal and state law and meet recognized industry standards. This includes the use of encryption technology, contractual limitations on the use of your information with our service providers and subcontractors, and identity verification procedures.
Children’s Online Privacy
Our products and services are not directed to children under the age of 13. We do not knowingly solicit or collect Personal Information from children under the age 13. If we discover or have reason to believe that a user is under the age of 13, we will promptly delete their Personal Information and deny or terminate access to our products and services. If you are a parent or guardian of a child under the age of 13 and become aware that he or she disclosed Personal Information to us, please contact us at privacy@gftpay.com. For more information about the Children’s Online Privacy Protection Act, visit the Federal Trade Commission’s website at https://www.ftc.gov/.
Mobile App Privacy
Our mobile application may request access to information stored on your device such as location, contact lists, external storage, camera/photo information, contacts, or other features you are enrolled in to simplify your user experience, improve our services, and provide additional security to protect your account. The mobile application may also access other information as outlined in this notice.
It is important to understand that:
- Before granting access to this information, you will be prompted to give the application that permission.
- If you do not wish to grant that permission, you may decline.
- If you later change your mind, you may update those permissions in your device settings.
International Users
Our services are designed primarily for U.S. users, but may be accessed abroad. By using the services outside the U.S. you consent to your data being processed and stored in the United States.
IMPORTANT PRIVACY INFORMATION FOR CALIFORNIA RESIDENTS
GFT provides the following disclosures in accordance with applicable California privacy laws. These disclosures may also be relevant to users in other states with similar privacy rights. California’s “Shine the Light” Law, California Civil Code Section 1798.83, permits you to request and obtain from us once a year, free of charge, a list of all third parties to which we have disclosed personally identifiable information as defined under California law for such third parties’ direct marketing purposes in the preceding calendar year. If you are a California resident and would like to make such a request, see the Contact Information section below.
The California Online Privacy Protection Act requires us to disclose how we respond to Do Not Track signals set in your browser. We do not support Do Not Track browser settings. If you enable Do Not Track settings in the browser you are using, we will not respond to them. The California Consumer Privacy Act (“CCPA”) grants you specific rights in regard to Personal Information we have collected about you. Under the CCPA, you have the right to request from us, free of charge, a list of all the categories and/or specific pieces of Personal Information we have collected about you and that we delete such Personal Information. In the 12 months prior to the Effective Date of this Online Privacy Notice, we have collected the following categories of Personal Information about our customers:
| Category | Examples | Collected |
|---|---|---|
| Identifiers | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. | YES |
| Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. | YES |
| Protected classification characteristics under California or federal law | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | NO (except where voluntarily supplied by job applicants) |
| Commercial information | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | YES |
| Biometric information | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | NO (except where required for identity verification, in which case processing is performed by a third-party vendor) |
| Internet or other similar network activity | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | YES |
| Geolocation data | Physical location or movements. | YES |
| Sensory data | Audio, electronic, visual, thermal, olfactory, or similar information. | NO |
| Professional or employment-related information | Current or past job history or performance evaluations. | NO (except job applicants) |
| Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | NO |
| Inferences drawn from other personal information | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | NO |
Right to Request
The CCPA also grants you the right to request that your Personal Information not be sold to third-parties. GFT does not sell Personal Information about our customers to third parties and has not sold any Personal Information about our customers in the 12 months prior to the Effective Date of this notice. To exercise your rights under the CCPA, please contact us using the information listed in the Contact Information section below.
Record Retention and Deletion
We retain personal information only as long as necessary for the purposes described, considering the type of data, contractual and regulatory requirements, and security needs, after which we delete or de-identify it. Subject to certain exceptions, you have the option to delete Personal Information about you that we have collected from you.
Data Portability
You have the right to receive the personal information you have previously provided to us and that we have collected.
SMS and RCS Messaging
GFT collects and uses your mobile phone number and messaging preferences solely to deliver SMS and RCS messages that you have explicitly opted in to receive. We do not sell, share, rent, or disclose SMS or RCS opt-in data, phone numbers, or consent information to third parties for their own marketing or independent purposes. This data may be shared only with service providers and technology partners who assist in delivering messages on our behalf, and only as necessary to operate the messaging program.
Changes to this Privacy Notice
We may make changes to this Privacy Notice at any time. When we do, we will update the Effective Date and, where required by applicable law, provide advance notice before the change takes effect. Please revisit this notice to ensure you understand how we collect and use your information.
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. If you choose to exercise your rights under the CCPA, we will not deny you goods or services, charge you different prices, impose different interest rates or fees, or provide you with a different level of quality of goods or services.
Contact Information
If you have any questions or comments about this notice, the ways in which we collect and use your personal information, your choices and rights regarding our use of personal information, or wish to exercise your rights under the CCPA, please contact us at: privacy@gftpay.com.