Privacy Policy

Effective Date: January 17, 2026

This Privacy Policy describes how Revenue Security Services (“RSS,” “we,” “us,” “our”) collects, uses, discloses, and protects information in connection with (a) our websites and digital properties (the “Site”) and (b) our products and services (collectively, the “Services”), which may include returned-payment recovery, check/ACH risk screening, payment-related processing, and related loss-prevention and collections support.

1. Scope and roles:

RSS operates in two primary modes:

1. Direct relationship with businesses: We provide Services to merchants, lenders, and other business clients (“Clients”).
2. Processing on behalf of Clients: When RSS processes consumer/payment data for a Client (e.g., check data, ACH account data, identity data), RSS may act as a service provider/processor and the Client controls the business purpose for that data. In those cases, the Client’s privacy notice may also apply.

2. Information we collect:

Depending on how you interact with RSS (Site visitor, Client, or consumer transaction related to a Client), we may collect the following categories:

A. Identifiers and contact information

• Name, mailing address, email address, phone number
• Business contact details (company, role/title)

B. Payment and financial information

• Bank account and routing numbers (where provided for ACH processing/validation)
• Check-related information (including check number, MICR line data, and, where applicable, images or data derived from checks)
• Transaction details (amount, date, merchant/location, authorization/decision data, and return/exception codes)

C. Identity and verification information (as applicable)

• Government-issued ID or ID number (where collected by a Client and provided to RSS)
• Date of birth (where permitted/necessary for verification)
• Device or phone verification signals (e.g., SMS confirmation metadata)

D. Collections and recovery information (as applicable)

• Account status, repayment arrangements, communications history, dispute information

E. Site and device data

• IP address, device identifiers, browser type, operating system, pages viewed, referring URLs
• Cookie and similar tracking data (see Section 7)

F. Communications

• Emails, calls, chats, webform submissions, and support tickets (and metadata)

We collect information from:

• You (directly)
• Clients (when they send us transaction or customer data)
• Service providers (hosting, analytics, communications, fraud/risk tools)
• Public/third-party sources where permitted (e.g., identity/business verification signals)

3. How we use information:

RSS uses information to:

• Deliver, operate, and improve the Services (including authorization/decisioning, validation, recovery workflows, reporting, and customer support)
• Prevent fraud, reduce loss, manage risk, and enforce policy controls
• Process transactions and operational exceptions (including returns and disputes)
• Communicate with Clients and end users regarding transactions, support, or service updates
• Comply with legal obligations, respond to lawful requests, and protect rights and safety
• Maintain security, monitor performance, and debug issues
• Conduct analytics, benchmarking, and internal business operations

Where RSS acts as a service provider/processor for a Client, we use information only to provide Services to that Client and for compatible operational/security purposes.

4. How we disclose information:

We may disclose information to:

A. Clients and their authorized parties
To support the Services and provide reporting, transaction outcomes, and recovery status.

B. Service providers and vendors
Hosting, cloud storage, analytics, communications (email/SMS/voice), customer support tooling, security monitoring, and other vendors acting under contract.

C. Payment ecosystem participants (as applicable)
Banks, processors, networks, and counterparties needed to execute ACH or payment-related operations, handle returns, resolve disputes, or complete settlements.

D. Legal and compliance
Regulators, law enforcement, courts, auditors, and advisors when required or appropriate.

E. Business transfers
In connection with a merger, acquisition, financing, reorganization, or sale of assets (subject to standard confidentiality and notice practices where required).

We do not sell personal information in the conventional “data broker” sense. If RSS uses cookies that may be interpreted as “sharing” under certain state laws for cross-context behavioral advertising, we address that in Section 7 and provide opt-out mechanisms as applicable.

5. Data retention:

We retain information for as long as reasonably necessary to:

• Provide the Services and fulfill contractual obligations
• Maintain accurate records, resolve disputes, and enforce agreements
• Comply with legal/regulatory requirements and audit obligations
  Retention periods vary by data type, Client program requirements, and applicable law.

6. Security:

RSS uses administrative, technical, and physical safeguards designed to protect information (e.g., access controls, least-privilege permissions, encryption in transit where supported, monitoring, and vendor security requirements). 

7. Cookies and tracking technologies:

RSS may use cookies, pixels, and similar technologies to:

• Operate the Site (session management, security)
• Understand usage and performance (analytics)
• Improve marketing effectiveness (as applicable)

You can control cookies through browser settings. If RSS implements an on-site cookie banner/consent tool, you may use it to manage preferences. Some browsers offer “Do Not Track”; the Site may not respond uniformly to those signals.

8. Your choices and rights:

Depending on your relationship with RSS and your jurisdiction, you may have rights such as:

• Access to certain personal information
• Correction of inaccurate information
• Deletion (subject to legal/operational exceptions)
• Opt-out of certain sharing/targeted advertising (if applicable)
• Non-discrimination for exercising privacy rights

Important operational note: If RSS processes information on behalf of a Client, you may need to direct certain requests to that Client (the controller/business). RSS will support Clients in fulfilling verified requests as required.

Submitting requests: Contact us using the details in Section 12. We may need to verify your identity before processing requests.

9. Children’s privacy:

The Site and Services are not directed to children under 13 (or under the applicable age of digital consent). We do not knowingly collect personal information from children through the Site.

10. International visitors:

RSS is based in the United States. If you access the Site or Services from outside the U.S., your information may be processed and stored in the U.S. and other jurisdictions where our service providers operate, subject to applicable law.

11. Changes to this Privacy Policy:

We may update this Privacy Policy from time to time. We will revise the “Effective Date” above when changes are posted. Material changes may be communicated via the Site or via Client communications where appropriate.

12. Contact information:

For privacy questions or requests, contact:

Revenue Security Services – Privacy
Email: info@revenuesecurityservices.com
Phone: 800-711-9155