Privacy Policy

Information We Collect

2.1 BUSINESS & MERCHANT INFORMATION

When you apply for merchant services or engage GreenLink, we collect:

Business name, legal entity type, EIN/tax ID, and state of incorporation
Business address, website URL, and industry classification
Owner/officer names, dates of birth, Social Security numbers (for underwriting)
Bank account and routing numbers (for settlement purposes)
Government-issued identification documents
Processing history, chargeback ratios, and financial statements
Product/service descriptions and business model details

2.2 CONTACT & COMMUNICATION INFORMATION

When you contact us, complete a form, or communicate with our team:

Name, email address, phone number (including mobile)
Job title, company name, and business description
Contents of messages, inquiries, and support requests

2.3 TECHNICAL & USAGE INFORMATION

When you visit our website, we automatically collect:

IP address and approximate geographic location
Browser type, operating system, device type
Pages viewed, time spent, clickstream data, and referring URL
Form submission events and interaction data

2.4 TRANSACTION DATA

In the course of providing payment processing services, GreenLink may process or have access to transaction-level data including payment amounts, timestamps, and partial card data, handled in compliance with PCI DSS standards (see Section 6).

3. How We Use Your Information

We use collected information to:

Evaluate and process merchant account applications
Conduct underwriting, risk assessment, and identity verification
Provide and manage payment processing and gateway services
Communicate about account status, updates, and approvals
Send SMS, phone, and email communications (where consented)
Detect and prevent fraud, chargebacks, and financial crime
Comply with legal, regulatory, and banking partner requirements
Respond to inquiries, disputes, and support requests
Improve our website, services, and client experience
Meet obligations to our banking partners, card networks, and acquiring banks

We do not sell your personal information to third parties for their marketing purposes.

4. SMS / Text Message Communications (A2P Compliance)

GreenLink Merchants may send SMS/MMS text messages to individuals who have provided express written consent. Our SMS practices comply with the Telephone Consumer Protection Act (TCPA), A2P 10DLC messaging standards, and CTIA Messaging Principles and Best Practices.

4.1 HOW CONSENT IS OBTAINED

GreenLink obtains express written consent to send SMS through:

An SMS opt-in checkbox on our contact or application forms, with clear disclosure of the sender, program, frequency, rates, and opt-out method
Verbal agreement during a business call, confirmed in writing
Reply to an initial opt-in message sent by GreenLink

4.2 OPT-OUT RIGHTS

You may withdraw SMS consent at any time by replying STOP, QUIT, CANCEL, END, or UNSUBSCRIBE to any message, or by contacting us at jon@greenlinkmerchants.com. Opt-outs are processed promptly and a confirmation message will be sent.

4.3 DATA SHARING FOR SMS

Mobile phone numbers and SMS opt-in/opt-out data are never sold or shared with third parties for their marketing purposes. Phone numbers may be shared only with our SMS technology providers strictly to facilitate message delivery, under binding data processing agreements. SMS opt-in records are retained for a minimum of 4 years per TCPA requirements.

5. Email Communications & CAN-SPAM

GreenLink sends service-related emails (application confirmations, account updates, document requests) and, with your consent, business development communications. All marketing emails comply with the CAN-SPAM Act and include a functional unsubscribe mechanism and our physical address. To unsubscribe from marketing emails, click the “Unsubscribe” link in any email or contact jon@greenlinkmerchants.com. Transactional emails related to active accounts (risk alerts, compliance notices, settlement confirmations) may continue as required by our service obligations.

6. Payment Data & PCI DSS Compliance

GreenLink does not directly store, process, or transmit full cardholder data (Primary Account Numbers, CVV codes, or full magnetic stripe data) in an unsecured manner. All payment processing infrastructure is hosted by PCI-compliant technology partners.

As a merchant services provider, GreenLink requires all merchant clients to maintain their own PCI DSS compliance obligations applicable to their processing environment. Failure to maintain PCI compliance may result in account suspension and may expose merchants to card network fines and penalties. For questions about PCI compliance obligations, contact our team at jon@greenlinkmerchants.com.

7. Healthcare Data & HIPAA Considerations

Where GreenLink acts as a Business Associate to a HIPAA-covered entity, we:

Enter into a Business Associate Agreement (BAA) with the covered entity
Use and disclose Protected Health Information (PHI) only as permitted by the BAA
Implement appropriate safeguards to protect PHI in our custody
Report to the covered entity any breaches of unsecured PHI as required by HIPAA

Healthcare merchants using GreenLink’s services remain responsible for their own HIPAA compliance obligations as covered entities.

8. Sharing of Information

We do not sell personal information. We may share your information only as follows:

Banking Partners & Acquiring Banks: Required for merchant account underwriting, approval, and settlement processing
Card Networks: Visa, Mastercard, and other networks as required for transaction processing and compliance
Technology Partners: Payment gateway providers, CRM platforms, SMS/ email platforms — strictly for service delivery under confidentiality obligations
Identity Verification & Fraud Prevention: Third-party KYC/AML service providers used during merchant onboarding
Legal & Regulatory Compliance: When required by law, court order, subpoena, or a government or regulatory authority (including FinCEN, FTC, or state regulators)
Business Transfer: In connection with a merger, acquisition, or sale of substantially all business assets
With Your Consent: Any other purpose you explicitly authorize in writing

All third-party service providers are contractually prohibited from using your data for their own marketing or commercial purposes.

9. Data Retention

We retain personal and business information for as long as necessary to:

Maintain active merchant accounts and deliver contracted services
Comply with legal, tax, banking, and card network record-keeping requirements
Resolve disputes, chargebacks, and legal claims

Merchant application and underwriting records are generally retained for a minimum of 5 years following account closure. Transaction records may be retained for up to 7 years in compliance with banking regulations. SMS opt-in and opt-out records are retained for a minimum of 4 years per TCPA requirements. When retention periods expire, data is securely deleted or anonymized.

10. Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to support site functionality, analyze traffic, and improve user experience. We may use first-party and third-party cookies, including analytics tools such as Google Analytics.

You may manage cookie preferences through your browser settings. Disabling cookies may affect the functionality of certain website features. We do not use cookies to collect payment card or sensitive financial data.

11. Colorado Privacy Act (CPA) Rights

As a Colorado-based company, GreenLink complies with the Colorado Privacy Act (CPA), effective July 1, 2023. Colorado residents have the following rights regarding their personal data:

Right to Access: Confirm whether we process your personal data and request access to it
Right to Correction: Request correction of inaccurate personal data
Right to Deletion: Request deletion of personal data we hold about you, subject to legal exceptions
Right to Data Portability: Obtain a copy of your data in a portable, readily usable format
Right to Opt-Out: Opt out of the processing of personal data for purposes of targeted advertising, sale of personal data, or profiling in furtherance of legal or similarly significant decisions

To exercise your CPA rights, submit a request to jon@greenlinkmerchants.com with the subject line “Colorado Privacy Request.” We will respond to verifiable requests within 45 days, with a possible 45-day extension for complex requests. You may appeal a denial of your request by contacting us with the subject “CPA Appeal.” If your appeal is denied, you may submit a complaint to the Colorado Attorney General at coag.gov.

12. California Residents – CCPA Rights

California residents have rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

Right to Know: The categories and specific pieces of personal information collected, sources, purposes, and third parties with whom it is shared
Right to Delete: Request deletion of your personal information, subject to exceptions
Right to Correct: Request correction of inaccurate personal information
Right to Opt-Out: Opt out of the sale or sharing of personal information (GreenLink does not sell personal information)
Right to Limit Sensitive Data Use: Limit the use of sensitive personal information to what is necessary for service delivery
Right to Non-Discrimination: We will not discriminate for exercising any of these rights

Submit CCPA requests to jon@greenlinkmerchants.com. We will respond to verified requests within 45 days.

13. Data Security

GreenLink implements administrative, technical, and physical security safeguards appropriate to the sensitivity of the information we handle, including:

Encrypted data transmission (TLS/SSL) for all web communications
Access controls and role-based permissions for internal data systems
Secure document storage and handling for merchant onboarding materials
Vendor security assessments for third-party integrations

In the event of a data breach that affects your rights, we will notify affected individuals as required by applicable state and federal law, including Colorado’s HB 18-1128 breach notification requirements and applicable federal regulations.

14. Third-Party Links & Integrations

Our website contains links to third-party websites and references to payment technology partners (IMS POS, Kore, Proteus, GreenBox, Adilas, Indica Online, Tool Studios). GreenLink is not responsible for the privacy practices of these third parties. We encourage you to review their individual privacy policies before sharing personal information.

15. Children’s Privacy

GreenLink’s website and services are directed exclusively to business professionals and merchants. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have inadvertently collected information from a minor, we will delete it promptly. Contact us at jon@greenlinkmerchants.com to report any concerns.

16. International Data Transfers

GreenLink is based in the United States and our services are directed at US-based businesses. If you are located outside the United States, please be aware that information you provide will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. Material changes will be indicated by an updated “Last Updated” date at the top of this page. We encourage periodic review. Continued use of our website or services after changes are posted constitutes acceptance of the revised Policy.

18. Contact Us

For questions, privacy rights requests, or concerns about this Policy:

GreenLink Merchants
1790 30th St, Suite 425 Boulder, CO, 80301 United States
Email: jon@greenlinkmerchants.com
Phone: 303-875-0670

Company Information