Privacy Notice

Last Updated: June 1, 2026 | Effective: June 1, 2026

This Privacy Notice (“Notice”) applies to personal data PayMitto, LLC (“PayMitto,” “we,” “us,” or “our”) collects when you visit our website (https://www.paymitto.com, or the “Site”), create an account with us, apply for a job with us, or otherwise share your personal information with us. This Notice describes our practices for using and protecting your personal data and covers rights and choices related to your personal data.

Data We Collect

We collect data about you in different ways. For example, we collect data:

Directly from you. This includes when you make an account, fill out the interactive form on our website, sign up to get our emails, or contact us.
Automatically. This includes through cookies, server logs, and other tools on our website or software development kit.
From other sources. These can include our affiliates, vendors, social media, publicly available sources, and other companies.

The following are a few examples of our collection and use of data:

Context	Examples of Personal Data	Primary Purpose and Legal Basis
Account Registration	In some contexts, we may provide our business partners with account log-in credentials. We typically collect your name and contact information, as well as process your log-in credentials, when we issue you an account. We also collect data on the actions that you perform while logged in.	We use this information to provide account-related functionalities to users.
Client Information	We collect the name and contact information of our corporate clients and their employees with whom we may interact.	We use this information to contact our corporate clients and communicate with them about business activities such as projects, services, and billing.
Feedback / Support	If you provide feedback or contact us for support, we will collect your name and email address, as well as other content that you send us.	We use this information to receive and act upon feedback, and provide support to resolve any issues for our clients.
Job Applicants	If you apply for a job or provide us with your personal information for purposes of employment, we collect information needed to process your application. This will include document(s) that establish your identity and document(s) that establish employment authorization as well as your social security number and any information on your resume. Providing this information is required for employment.	In some contexts, we are required by law to collect data about applicants. We also use this information to evaluate your application or consider you for other positions. If you become an employee, we may collect additional information from you not described in this privacy notice.
Mailing List (Email or Mail)	When you sign up for our mailing lists, we collect your contact information.	We use this information to share information about our products and services.
Mobile Devices	We collect information your device broadcasts when you visit our website.	We use this information to identify unique visitors and understand how users engage with us on their mobile device.
Payments B2C — Latitude	We provide a global digital payment and reimbursement service to businesses for items such as refunds and corporate funded incentive payments. As part of that service, we receive data from our business clients concerning the individuals to whom they are attempting to send payments or reimbursements. We also receive data from individuals that may receive a reimbursement, in order to facilitate the transaction.	When we receive data from a business client, we act as a service provider to that client. As a result, the data that we receive is not governed by this privacy notice. It is governed by the privacy notice of our client. When we receive data from an individual that may receive a reimbursement, we are a service provider to the sponsor bank that facilitates the reimbursement. The privacy notice of the sponsor bank that was identified when data is solicited from us controls how that information is collected, processed, and shared.
Payments P2P — ReadyRemit	We provide a cross-border remittance service to financial institutions. As part of that service, we may collect data from the financial institution about its customers, such as the customer’s name and instructions as to where they are attempting to send funds. Any remittances are processed by one of our sponsor bank(s).	We are a service provider to the sponsor bank that facilitates the ReadyRemit service. The privacy notice of the sponsor bank identified when a person initially registers, and each time they initiate a remittance transfer, controls how data is collected, processed, and shared.
Surveys	We collect data you share through surveys. If a third-party offers a survey, the third party’s privacy notice also applies to the collection, use, and disclosure of your data.	We use this information to understand your opinions.
Use of Our Website	We sometimes use technology (e.g., a cookie or a pixel) to learn how you engage with our websites. This may include which links you click or what information you type into our online forms. We may also track your IP address, the website that referred you to us, and data about your device.	We use this information to make our website operate properly, understand how you interact with it, gather analytics, improve it, and learn your preferences. We may also use this data to help detect and prevent fraud. Where required by law, we base the use of technologies upon consent.
Website Tracking Technology — Other Purposes	We may utilize third party provided tracking technology on our website (e.g., a cookie or a pixel), in order to improve performance, provide enhanced functionality, or create analytics.	Where required by law, we base the use of third-party tracking technologies upon consent. Users should see our Cookie Preference Center for more information.
Website Targeted Advertising Technology	We may let third parties place tracking technology on our websites (e.g., a cookie or a pixel). The third party might also collect data over time and across other websites to serve ads tailored to your interests, which may include ads about our products or services.	Where required by law, we base the use of third-party tracking technologies upon consent. Users should see our Cookie Preference Center for more information. You can also find more information in the Your Choices section below.
Website Contact Form	If you provide your information in the interactive form on our website to request more information about our products and services, we collect information you send through that form.	We use this information to provide you with information about our products and services and understand your opinions.

Sensitive Information Disclosure. We collect the following categories of sensitive personal data (as defined under relevant laws): a social security, driver’s license, state identification card, or passport number; account log-in, password, or credentials allowing access to an account. We collect this data to process transactions, comply with laws, manage our business, or provide services. Note that we do not use such data for any purposes that are not identified within Cal. Civ. Code § 1798.121. We do not “sell” or “share” sensitive personal data for cross-context behavioral advertising, although we may transfer it to third parties when you instruct us to do so. When that occurs, third parties will use it for the purposes indicated in their privacy notices.

How We Use Data

We use data to:

Identify you when you visit our sites.
Improve or create services and products.
Conduct analytics.
Connect with you (e.g., addressing your requests, inquiries, issues, or feedback).
Market our products or services.
Market the products or services of our business partners.
Find and prevent malicious, deceptive, fraudulent, or illegal activity.
Find and prevent security incidents.
Enforce our policies and agreements.
Debug, find, and fix errors that impair our website and services.
Comply with legal or regulatory obligations.
Establish or exercise our rights.
Defend against legal claims.
Manage our relationships.
For other reasons with your consent.

The sections above describe our main purposes in collecting your data, but often we have multiple purposes. We also maintain that data so that we can easily address questions about the services we provide.

To the extent we store and use deidentified personal data, we will not try to reidentify the information, except to test our deidentification methods. If we share deidentified data, we will prohibit the recipient from reidentifying, or attempting to reidentify, such data.

In addition to the specific situations discussed elsewhere in this Notice, we may share personal data in the following situations:

Affiliates and Acquisitions. We may share data with our affiliates (e.g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control). If a company acquires or enters negotiations to acquire, our company, business, or assets, we may share data with that company.
Other Disclosures without Your Consent. We may share data to cooperate with law enforcement, participate in a legal process, or for legal and compliance reasons. We may share your data to establish or exercise our rights, to defend against legal claims, to investigate, prevent, or act on possible illegal activities, threats to safety of person or property, or a violation of our policies.
Service Providers. We may share your data with service providers. Service providers may help us to run our website, conduct surveys, provide technical support, and more.
Professional Services. We may share personal data with our professional service providers, such as auditors or lawyers.
Other Disclosures with Your Consent. We may share your data with third parties when you consent or direct us to.

Some areas require us to disclose whether we collect the following categories of personal data for our own purposes, and, if we do, whether we share them with third parties for a “business purpose,” “sell” them, or transfer them for “valuable consideration.” The table below indicates the categories of personal data we collect and transfer in a variety of contexts. We do not “sell” your personal data for money. Because our services are not intended for children, we have no actual knowledge that we share for targeted advertising any personal data of individuals who are under 16 years of age.

Category of Personal Data	Disclosures for a Business Purpose	Sharing for Targeted Advertising
Identifiers — this may include things like name, alias, postal address, unique personal identifier, online identifier, email address, or account name.	Affiliates or subsidiaries. Data analytics providers. Internet service providers. Joint marketing partners. Other Service Providers. Professional services organizations, which may include auditors and law firms.	Advertising networks and/or social media.
Government Issued Identification — this may include things like social security number, passport number, driver’s license number, or state issued identification number.	Affiliates or subsidiaries. Other Service Providers. Professional services organizations, which may include auditors and law firms.	Not shared
Financial Information — this may include bank account number, credit card number, debit card number, and other financial information.	Affiliates or subsidiaries. Other Service Providers. Professional services organizations, which may include auditors and law firms.	Not shared
Internet or other electronic network activity information — this may include browsing history, search history, and information regarding an individual’s interaction with an internet website or ad.	Affiliates or subsidiaries. Data analytics providers. Other Service Providers. Professional services organizations, which may include auditors and law firms.	Advertising networks and/or social media.
Geolocation data — this refers to non-precise geolocation information such as your city, state, or neighborhood.	Affiliates or subsidiaries. Data analytics providers. Other Service Providers. Professional services organizations, which may include auditors and law firms.	Not shared
Professional or employment-related information — this includes, for example, information submitted by job applicants.	Affiliates or subsidiaries. Other Service Providers. Professional services organizations, which may include auditors and law firms.	Not shared
Non-public education information (as defined in the Family Educational Rights and Privacy Act).	Affiliates or subsidiaries. Other Service Providers. Professional services organizations, which may include auditors and law firms.	Not shared
Inferences drawn from any of the information listed above.	Other Service Providers. Professional services organizations, which may include auditors and law firms.	Not shared
Additional categories of personal data described in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) — this may include signature, physical characteristics, or description.	Affiliates or subsidiaries. Other Service Providers. Professional services organizations, which may include auditors and law firms.	Not shared

Your Choices

Some jurisdictions give you a right to make the following choices:

Access. You may request access to your personal data or confirmation that we have data about you. In certain limited cases, you may ask to receive access to your data in a portable, machine-readable form.
List of Third-Party Recipients. In some areas, you may have the right to obtain a list of specific third parties to which we have disclosed personal information. Please note, some areas also allow you to obtain a list of the categories of third parties to which we have disclosed personal information. You can find that information in the table above under the “How We Share Data” section.
Change. You can ask us to correct inaccurate or incomplete data by contacting us at the address below. We may keep historical data in our backup files as permitted by law.
Deletion. You may ask us to delete your personal data. If required by law, we will grant such a request, but note that in many cases, we must keep your personal data to comply with legal obligations, resolve disputes, enforce agreements, or for other business purposes.
Opt out of Website Targeted Advertising. You may opt out of online targeted advertising (e.g., cookies) by clicking the cookie settings link here. Note that if you change browsers or devices, or if you clear your browser’s cache, you may need to click the link again to apply your preference. We recognize Global Privacy Control (GPC) signals broadcast from web browsers as a valid opt-out request where required by applicable law. Please note that the GPC will apply only to your current browser. We do not recognize the “Do Not Track Signal.” If there is a conflict between the GPC signal and a manual choice that you have made on our website regarding targeted advertising, we will honor your manual choice.
Promotional Emails. You may provide us with your email address to allow us to send newsletters, surveys, offers, or other promotional content, as well as targeted offers from third parties. You can stop receiving such emails by following the unsubscribe instructions at the bottom of those emails. If you choose not to receive such emails, we may still send you service-related communications.
Promotional Text Messages. If you get a text message from us that has promotional content, you can opt-out of future text messages by replying “STOP.”
Revocation of Consent. Where we process your personal data based upon consent, you may revoke consent. Note, if you revoke consent for processing personal data, we may no longer be able to provide you some types of services.
California Shine the Light. If you would like more information on the categories of personal data (if any) we share with third parties or affiliates for those parties to use for direct marketing, submit a written request using the information in the Contact Information section.

Not all the rights above are absolute, and they do not apply in all circumstances. We may limit or deny a request because the law permits or requires us to. We will not discriminate against individuals who exercise a privacy right.

Submitting Requests

You may exercise the above rights by contacting us via the contact information below. If you disagree with our denial of a request, you may appeal our decision by contacting us with the subject line “Appeal.”

We will require you to prove your identity when making most types of requests. We may verify your identity by phone or email. Depending on your request, we will ask for information such as your name, email address, or the date of your last interaction with our services. We may also ask you to send us a signed declaration confirming your identity.

In some circumstances, you may designate an authorized agent to exercise rights on your behalf. If you are an authorized agent, you must attach a copy of a completed Authorized Agent Designation Form which shows that you may act on another’s behalf.

How We Protect and Retain Data

No method of internet transmission or electronic storage is fully secure. While we use reasonable efforts to protect personal data, we cannot guarantee its security. If we are required to inform you about a security incident, we will do so electronically, in writing, or by phone, as the law permits.

We keep your personal data for only as long as necessary to fulfil the purposes in this Notice unless a longer retention period is required or permitted by law. This includes the purposes of satisfying legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the data. We also weigh the potential risk of harm from unauthorized use or disclosure of the data, the purposes for which we obtained the data and whether we can meet those purposes through other means, as well as applicable legal requirements.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Third-Party Applications/Websites

We may provide links to websites and other third-party content or services that we do not own or operate. We have no control over the privacy practices of websites or services we do not own. For details about such third parties’ privacy practices, see their privacy notices.

Changes To This Privacy Notice

We may change our Notice and privacy practices. New notices will be published on our website. If changes are material, the Notice that was in place when you submitted personal data to us will generally govern that data unless you consent to the new Notice. Our Notice shows “effective” and “last updated” dates. The effective date is the date the current version took effect. The last updated date is the date the current version was last substantively changed.

Contact Information

If you have questions, comments, or complaints on our privacy practices, or if you need to access this Notice in a different form due to a disability, please contact us. We will try to address your requests and provide you with additional privacy-related information.

PayMitto, LLC
900 Circle 75 Parkway SE, Suite 1100
Atlanta, GA 30339
compliance@paymitto.com

If you are not satisfied with our response and are in the European Union or United Kingdom, you may have a right to lodge a complaint with your local supervisory authority.