TROY Pay Privacy Policy
Ready to get started?
Privacy Policy
TROY Group, Inc. (“TROY,” “we,” “our,” or “us”) respects your privacy and is committed to protecting your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you access or use TROY Pay and our related software-as-a-service offerings (collectively, the “Services”), including payment processing functionality provided through third-party financial service providers. By using the Services, you acknowledge the data practices described in this Privacy Policy.
Notice
Troy uses personal information to provide, operate, maintain, and improve the Services, including account administration, payment processing, identity verification, fraud prevention, and customer support. Personal information may also be used to comply, and in compliance with, legal and regulatory obligations, including financial services compliance requirements. We take appropriate administrative, technical, and organizational measures to safeguard personal information. TROY will not sell, rent or lease your personal information to others.
This Privacy Policy covers personal information collected through the Services, as well as aggregated or de-identified information derived from such data. “Personal Information” means information that identifies, relates to, describes, or could reasonably be linked to an individual or household. We may also collect usage data and technical information that does not directly identify you, which may be aggregated or de-identified for analytics and service improvement purposes. Aggregated or de-identified information may be used to analyze platform performance, improve functionality, and enhance user experience.
What we collect
When you access or use TROY Pay and our Services, you may be asked to provide business and account information that may include personal information, such as your name, business name, address, phone number, email address, user credentials (such as usernames and encrypted passwords), billing information, and payment-related information necessary to facilitate transactions.
We may collect technical and usage information to operate, secure, and improve the services. This may include IP addresses, browser types, device identifiers, log data, authentication information, and activity within the platform. We use cookies, session technologies, and similar tools for security, analytics, and user authentication purposes. We do not use your financial or payment information for marketing personalization purposes.
TROY Pay is intended for business use only and is not directed at nor intended to be used by individuals under the age of 18. We do not knowingly collect personal information from children under 18.
How we use it
We use the information we collect to operate, maintain, and improve TROY Pay and to provide payment automation services. This includes facilitating and processing payment transactions such as check issuance, ACH payments, and positive pay file generation. We use the collected information to verify business identities and financial accounts in connection with payment processing services, to communicate with you regarding your account and transactions, to provide customer support and technical assistance, and to comply with applicable legal, regulatory, and financial compliance obligations. We also use information to prevent fraud, unauthorized activity, and security incidents.
We may use contact information to send service-related communications, product updates, or important administrative notices. You may opt out of non-essential and marketing communications using the options described below or in the message you receive. Financial and payment-related information is used solely for transaction processing, account verification, fraud prevention, regulatory compliance, and operational purposes and is not used for unrelated marketing activities.
We may aggregate and anonymize technical and usage data to analyze platform performance, enhance security, improve functionality, and optimize the overall user experience. Aggregated data does not identify individual users or businesses.
Who we share it with
We do not sell, rent, or lease your personal information. We share information only as necessary to provide the Services, operate our business, comply with legal obligations, and protect our rights.
We may share information with trusted third-party service providers that perform services on our behalf, including payment processing, financial account verification, identity verification, authentication, hosting, analytics, customer support, check printing and mailing, and security services. These service providers are contractually obligated to maintain the confidentiality and security of the information and are restricted from using it for purposes other than providing services to us.
Payment processing, ACH transactions, financial account verification, and business identity verification (KYC/KYB) services are performed by third-party financial service providers, including but not limited to Stripe. For the avoidance of doubt, TROY Pay and the TROY Group do not hold or transmit funds directly. All payment processing and movement of funds are handled by third-party financial services providers. In order to facilitate transactions, verify accounts, comply with financial regulations, and prevent fraud, we may share payment instructions, bank account information, business identity documentation, and related data with such providers. These providers process financial information in accordance with their own privacy policies, terms of service, and regulatory obligations. We recommend you review these providers’ privacy policies and terms of service closely, as you may be required to accept them during onboarding, and they are binding on you.
If you choose to upload data exported from an ERP or accounting system, or if you enable future integrations with third-party systems, we may transmit relevant data to or receive data from such systems solely for the purpose of delivering payment automation services.
We may also disclose information if required to do so by law, regulation, legal process, or governmental request, or if we believe disclosure is reasonably necessary to enforce our agreements, prevent fraud or abuse, protect the security of our Services, or protect the rights, property, or safety of TROY, our customers, or others.
State privacy rights and information for California residents
This section provides additional details about the personal information we collect and the rights available under applicable state privacy laws, including the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, the “CCPA”). More details about the personal information we have collected over the last 12 months, including the categories of personal information and sensitive personal information we have collected, are shown in the tables below. Please note that while examples of each category are shown for reference, we do not necessarily collect data for each example listed. For more details on the personal information we collect, see “What we collect,” above.
|
Personal Information Category |
Examples |
Collected |
|
Identifiers |
Name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. |
Yes |
|
California Customer Records |
Name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. |
Yes |
|
Commercial information |
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
Yes |
|
Internet or other similar network activity |
Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. |
Yes |
In the course of providing our products and services to you, we may also collect certain categories of sensitive personal information. In the past 12 months we have collected the categories of sensitive personal information shown in the table below.
|
Sensitive Personal Information Category |
Collected |
|
Government identifiers, such as your Social Security number, driver's license, state identification card, or passport number. |
Yes |
|
Complete account access credentials, such as usernames, account numbers, or card numbers combined with required access/security code or password. |
Yes |
We may collect these categories of personal information and sensitive personal information from you directly, or from third parties who provide it to us on your or our behalf. We retain your personal information and sensitive personal information only for as long as necessary to fulfill the business purpose for which it was collected or for which you provided it.
We do not sell the personal information or sensitive personal information that we collect. Over the past 12 months we may have disclosed those categories of personal information to our service providers and/or trusted third parties for our business purposes. For more details on how and why we may share these categories of information, see “Who we share it with,” above.
Subject to certain limitations, the CCPA and other state privacy laws provide consumers a right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.
California consumers and residents of certain states may make a request pursuant to their rights by contacting us at customerservice@troygroup.com or online at www.troygroup.com/contact. We will verify your request using the information associated with your account, including email address. Government identification may be required. Consumers can also designate an authorized agent to exercise these rights on their behalf.
Right to Know. You have the right to know and see what data we collected about you over the past 12 months. This includes:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
- The specific pieces of personal information we collected about you (also called a data portability request).
Right to Delete. You have the right to request that we delete the personal information we have collected from you (and direct our service providers to do the same), subject to certain exceptions, including when such information is necessary to complete your transaction or to provide you with the requested services. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Once you have submitted a deletion request, and we have received verification from you that the request is authentic, you will be provided with the opportunity to agree with what personal information will be deleted.
We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our Service Providers to take similar action.
Right to Correct Inaccurate Information. You have the right to correct any inaccurate personal information about you that we have in our possession (the “right to correct”). Once we receive your request and confirm your identity, we will disclose to you the specific pieces of personal information that we have collected about you. You will then have the opportunity to direct us to correct the pieces of information which you believe are inaccurate.
We may deny your request to correct if we believe the updated information is incorrect or is being used for any fraudulent or deceptive purpose.
Right to Restrict Sensitive Personal Information Processing. Under certain state privacy laws, you have the right to restrict our processing of your sensitive personal information (the “right to restrict”).
The Right to Opt Out of the Processing and Sale of Personal Information. You have the right to direct us to not process your personal information for targeted advertising and to not sell your personal information at any time (the "right to opt-out"). Once we receive your request, we will no longer use or process your personal information for the purpose of providing targeted advertising to you based on your activity and interests. We will also no longer sell (as that term is defined by relevant and applicable state law) your personal information to third parties for targeted advertising purposes.
Some browsers and browser extensions support the Global Privacy Control (“GPC”) that can send a signal to process your request to opt out from certain types of data processing, including data "sales" as defined under certain laws. When we detect such a signal, we will make reasonable efforts to respect your choices indicated by a GPC setting as required by applicable law.
The Right to Opt Out of the Sharing of Personal Information for Cross-Contextual Behavioral Advertising. You have the right to opt out of the sharing of your personal information with third parties for cross-contextual behavioral advertising. Once we receive your request, we will no longer use or process your personal information for the purpose of advertising to you based on your individual activity.
The Right to Opt Out of Profiling. You have the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects to you. Once we receive your request, we will no longer use or process your personal information for making decisions that produce a legal or similarly significant effect on you.
Non-Discrimination. You have the right not to be discriminated against for exercising any of the rights listed above. Unless permitted by the CCPA or other applicable law, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
Exercising Your Privacy Rights. To request access to or deletion of your personal information, or to exercise any other data rights under applicable law, please contact us by emailing us at info@troypay.io, by writing to us at TROY Group, Attn: Privacy Officer, 3 Bryan Drive, Wheeling, WV, 26003, by calling us at 304-232-0899, or by filling out our contact form on our website at www.troygroup.com/contact. Only you, or someone legally authorized to act on your behalf, may make a request to know or delete your personal information. You may also make a request to know or delete on behalf of your child. You may only submit a request to know twice within a 12-month period. Your request to know or delete must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, and
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. You do not need to create an account with us to submit a request to know or delete. We will only use personal information provided in the request to verify the requestor's identity or authority to make it.
Response Timing and Format. We aim to respond to a consumer request for access or deletion within ten (10) days of receiving requests for disclosure or deletion with information on how the request will be processed. If we need additional time the reasons for that will be stated to you within the ten days. Any substantive response to the request will be given within 45 days of receiving a verified request.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
You may appeal a decision concerning your privacy rights by contacting us at info@troypay.io or writing to us at TROY Group, Attn: Privacy Officer, 3 Bryan Drive, Wheeling, WV, 26003.
Choice
You may choose to receive service-related communications, product updates, and other informational messages from us. You may opt out of non-essential or marketing communications at any time by following the unsubscribed instructions provided in those communications.
Our Services may contain links to third-party websites or services that are not operated by TROY. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any third-party service before providing your personal information, as any information you provide directly to a third party is governed by its privacy policy and not TROY’s.
Onward Transfer
Personal information we collect may be transferred to, processed in, and stored in states or countries other than the jurisdiction in which it was originally collected. These transfers may occur in connection with hosting services, payment processing, financial verification, customer support operations, or other services necessary to provide the Services. If TROY has a business reason to transfer to, process, or store personal information in other jurisdictions, we will ensure adequate transfer mechanisms are in place.
Access & Accuracy (End-user access to Online Store)
Account holders can access and update certain account and profile information through their TROY Pay account settings. We take reasonable steps to verify your identity, including authentication credentials and, where applicable, multi-factor authentication, before granting access to or permitting changes to account information in order to protect your account’s security.
If account information cannot be updated through the platform, requests for access, correction, or updates may be submitted through the “Contact Us” section below, subject to applicable legal and regulatory requirements.
Security
TROY maintains administrative, technical, and physical safeguards designed to protect the security, confidentiality, and integrity of the information collected through TROY Pay. These safeguards are intended to prevent unauthorized access, disclosure, alteration, or destruction of personal and financial information.
Security measures may include encryption of data in transit and at rest, secure authentication controls, role-based access restrictions, monitoring of system activity, and the use of trusted third-party infrastructure and financial service providers that maintain industry-standard security practices. Access to sensitive financial and identity information is limited to authorized personnel and service providers who require such access to perform their responsibilities.
While reasonable security measures are implemented, no method of transmission over the Internet or electronic storage system can be guaranteed to be completely secure. The safety and security of your personal information also depends on you. You are responsible for taking steps to protect your personal information against unauthorized use, disclosure, and access, including by protecting your credentials and not sharing them with anyone for any purpose.
Oversight/Enforcement
Cookies, session technologies, and other analytics tools.
TROY Pay uses cookies, session technologies, and similar tools to support authentication, maintain secure sessions, analyze platform performance, and improve user experience. These technologies help ensure that the Services function properly and allow us to understand aggregate usage patterns.
Most web browsers automatically accept cookies, but browser settings can typically be adjusted to refuse or limit cookies. Disabling certain cookies may affect the functionality, security, or availability of portions of the Services.
We do not serve third-party advertising within TROY Pay. Any third-party services integrated into the platform operate under their own privacy policies and terms of service.
Changes to Privacy Policy
TROY reserves the right to update or modify this Privacy Policy from time to time. Any changes will be posted within the Services or on our website with an updated effective date. Unless otherwise stated, revisions will apply only to information collected after the effective date of the updated Privacy Policy. Continued use of the Services after the effective date constitutes acknowledgment of the updated terms.
Contacting us
Questions, concerns, or requests regarding this Privacy Policy or our data practices may be submitted by email to info@troypay.io. We will make reasonable efforts to respond in a timely manner.
Third-Party Trademarks
All third-party product names, company names, logos, and trademarks referenced in connection with the Services are the property of their respective owners. Any reference to third-party systems, ERP platforms, accounting software, or service providers is for identification purposes only and does not imply endorsement, affiliation, or sponsorship unless expressly stated.