InstaPAY International Privacy Policy

The opportunities you deserve, the privacy you expect

InstaPAY International (“InstaPAY”) offers a wide range of financial products and services to enable you and your business to meet its financial objectives. At InstaPAY, you can count on us to provide you with the responsive and professional service you deserve, and to protect your privacy and security along the way and at all times.

This Privacy Policy describes how we protect and use your information in a safe, secure and responsible manner. We believe that protecting your privacy is an integral part of the customer service we provide to you. At InstaPAY, we value your relationship, and we work diligently every day to honor the trust you place in us.

Your protection is our priority

We strive to safeguard your data at all times. At InstaPAY:

• We do not sell customer information to third parties.
• We do not share customer information with outside parties who may wish to market their products to you.
• You do not have to take any action or instruct us to keep your information confidential. We will protect your privacy automatically.
• We are committed to protecting your customer information in every transaction, at every level of our organization. For this purpose we have designed policies, standards, technology and procedures for carefully handling your information.
• Within InstaPAY, we safeguard your customer information carefully. We limit employee access to sensitive information and require service providers who do business with InstaPAY to comply with privacy laws.
• We conduct background checks on employees and provide policy training.
• We protect against unauthorized access to customer data using data encryption, authentication, and virus detection technology.
• We monitor our websites through recognized online privacy and security organizations.
• We are committed to helping you protect your privacy every day.

How InstaPAY protects and uses customer information

1. We begin by safeguarding the security and integrity of customer information.

   We are committed to protecting the security and integrity of customer information through procedures and technology designed for this purpose. For example:

   • We limit employee access to customer information to those employees who have a legitimate business reason to know this information. Employees are required to honor our code of conduct, which includes standards to protect customer confidentiality. They are subject to disciplinary action if they fail to do so.
   • We maintain policies and procedures covering the proper physical security of workplaces and records.
   • Our physical, electronic, and procedural safeguards meet or exceed federal standards regarding the protection of customer information.
   • We require independent contractors and outside companies who work with us to adhere to strict privacy standards through their contacts with us.
   • We use technological means (such as backup files, virus detection and eradications software, firewalls, and other computer software and hardware) to protect against unauthorized access or alterations to customer data.
2. We collect and maintain customer information as part of servicing your account and your customer relationship.

   To comply with government regulations, improve our products and services, and better understand your financial needs, we collect and maintain customer and former customer data. We collect information about you from a variety of sources, such as:

   • Information you provide to us on applications or forms, such as your phone numbers, monthly gross sales, etc.
   • Information we receive from an outside company, such as a credit bureau, regarding your credit history or business status.
   • Information about your transactions with us, such as your loan balances, processing volume, payment history and other account information.
3. The customer information we collect is used to serve your accounts and meet your financial needs.

   Information may be used within InstaPAY’s family of companies, as well as with authorized third parties (described in section 4), for a number of purposes, such as:

   • To protect your accounts from unauthorized access or identity theft,
   • To protect your requests for our financial products and services,
   • To service your accounts by issues account statements, and
   • To keep you informed about financial products and services of interest to you.
4. We do not share information with outside parties who may wish to market their products to you.

   InstaPAY does not sell customer information or share it with outside third parties who may wish to market their products to you. We will protect your privacy automatically.

   InstaPAY may disclose some of the information we collect, as described above, with nonaffiliated third parties that are acting on our behalf and/or perform support services for us (such as data processors, technical systems consultants or programmers). InstaPAY requires these third party contractors or vendors to adhere to strict privacy standards and to keep all information confidential.

   Additionally, InstaPAY may disclose customer information to third parties as permitted or required by law, such as government entities, courts or other entities (in response to subpoenas and other legal processes), and those with whom you have requested us to share information.

   Lastly, we may share information within InstaPAY’s family of companies in order to provide you with valuable products and services at a lower cost or with greater convenience.

   It is important to note that we do not share customer information with other companies for the purpose of marketing their products to you, unless you specifically request in advance that we do so.It is not necessary for you to instruct us not to share information with these outside companies, because we will automatically keep your information confidential.

5. Important contact information for current customers.

   Please note that you may receive marketing information by mail about InstaPAY’s products or services or receive survey calls. Marketing information may be included in regular account mailings and statements, or when you visit us online.

About our website

Our systems automatically switch to "secure" mode when you are asked to enter personal information on InstaPAY’s website (such as your monthly sales or account number). To keep your data safe, we use:

• Encryption and authentication technology
• Website design that blocks or limits online display of customer information when not necessary to the transaction
• IDs and passwords to protect customer information

For more details on Internet security, please see our "About Internet Security" section.

Use of cookies, Web beacons and similar files

We design many features of our website so new visitors may anonymously learn about our products and services, and use our educational tools without revealing their identity. For new visitors, we use "cookies" and Web beacons to collect limited data (such as the date, time and areas of our website visited and the website the new visitor came from). When you select one of our products or services, or respond to marketing materials sent to you directly, we will try to identify your browser and may combine information from "cookies," Web beacons and other information collected online with any other data we maintain about you. By improving the marketing and content of our website and making your online experience more convenient, we are able to better serve our customers' financial needs.

How to confirm accuracy of your information

We commit to maintain accurate and up-to-date information on all of our customers. We provide access to account information in many ways - over the phone, in paper and online statements, and other communications. If you believe any of your information is incorrect, please notify us immediately using the customer service number provided on your account statement. We will respond timely to your request to correct inaccurate account or transaction information. However, in order to protect your information, we may ask to verify your identity and for other details to respond to your request.

Notification of changes

If we make any changes to this Privacy Policy, we will revise the policy effective date below, so that you can keep track of when those changes occur. The policies and practices described in this disclosure are subject to change, but we will communicate any significant changes to you as required by applicable law. The policies and practices described in this disclosure replace all previous notices or statements regarding this subject.

If you have any questions about our Privacy Policy, please send an e-mail message to info@instapayerp.com

About Internet Security

How Does Browser Security Work?

Recent versions of most internet browsers support the encrypted transmission of online documents and the data you enter on a web page. This means that instead of sending readable text, both your browser and the website's secure server encode all text using a security key. That way, personal data sent to your browser or data you send back would be extremely difficult to decode in the unlikely event it was intercepted by an unauthorized party. The key used for encoding is a random number that is unique to your session at the secure website.

There are two grades of internet security: International-grade encryption uses a 40-bit random number negotiated between your browser and the web-server. This means that only one out of about 1,000,000,000,000 possible decoding keys can be used to decipher your data. Domestic-grade encryption uses a 128-bit key, so that the number of possible keys is vastly larger. The InstaPAY site uses the highest grade of encryption supported by your browser and your internet connection.

How Do I Know If Security Is Operating?

Your internet session is encrypted if your security-enabled browser is connected to a website using the Secure Hypertext Transport Protocol. URL strings beginning with "HTTPS://" instead of the usual "HTTP://" indicate that the secure protocol is in effect. Your browser may also tell you if security is operating. For example, Mozilla's Firefox will display the icon in the lower right corner of your screen in secure mode. Microsoft Internet Explorer shows an icon. Note that security may be operating without any visible indication if the web page you are viewing employs frames (see below). If secure transmission is not in effect or only part of a frame-based page is secure, Firefox shows the "red-slashed lock" icon, and Explorer does not show the "lock" icon.

Most browsers can be set to give you a pop-up announcement when you enter or leave a secure web page. In Firefox, these settings are on the Security section when you select "Options" on the Tools menu. In IE, the setting is on the "Advanced" tab when you select "Options" on the View menu.

Secure Mode and Frame-Based Web Pages

Security may be operating without displaying any security icons (or Firefox may show the "red-slashed lock" icon) if only part of a frame-based page is employing security. You can verify the security of a page within a frame by opening it in a new browser window. Both IE and Firefox allow you to open a link in a new window by right-clicking on the link and selecting that option from the pop-up context menu. When a secure page is open in its own window, instead of being viewed within a frame, you can then see the security icons provided by your browser as well as the "https://" secure protocol prefix in the URL string.

Cookies

When you visit a website, a small file called a "cookie" may be saved to your computer’s hard drive during your visit. When you revisit the site, the website’s server may open the cookie file and access the stored information. You can usually set your browser to limit or let you know about cookies that a website places on your computer.

Web Beacons

A Web beacon is a graphic image (such as a pixel tag or clear GIF) that is placed on a web page or in an e-mail message to monitor user activity (such as whether the web page or e-mail message is read or clicked). They are often invisible because they are very small in size. They are also used on many web pages for alignment purposes. We sometimes use Web beacons to provide an independent accounting of how many people visit our websites or to gather statistics about browser usage at our websites. Some of our web pages and HTML-formatted e-mail newsletters use Web beacons in conjunction with cookies. It is difficult for you to limit the use of Web beacons because there is no easy way to distinguish their use from alignment and other purposes. They may be loaded from a different web server than the rest of the page.

Similar Devices

For example, we include URLs in e-mail marketing materials sent directly to you (such as special offers) so that we can identify that it is you responding to the campaign and provide details on the offer available to you.

What are Shared Secrets?

Shared secrets are the most common security method for accessing confidential information. A shared secret is something known to both the user and the holder of the confidential information. The most common shared secrets are a user ID and password. These shared secrets allow the user to log into the site of the holder of confidential information such as a financial institution or online merchant. Shared secrets form an integral part of user authentication in today's online environment.

Protecting Your Shared Secrets

Protecting your shared secrets ensures that information accessed via those shared secrets is protected. You should never record your shared secrets electronically such as in documents or spreadsheets. In the event of a compromise of your computer hard drive, your shared secrets can be compromised as well placing all the data protected by those shared secrets at banks and merchants at risk. Likewise you should never store credit card numbers, expiration dates, bank account number, social security numbers, driver’s license number or other personal identifying information electronically on your computer for the same reason.

Your shared secrets should never be revealed in response to unsolicited e-mails. Criminals attempt to obtain individual’s personal identifying information and use that information illegally such as to open and/or use credit cards, obtain phone or utility accounts, obtain loans, work, open bank accounts and/or pass fraudulent checks using a technique called "phishing". Criminals may also attempt to obtain that information over the phone posing as a survey taker, telemarketer or other unsolicited caller ("pretexting").

Common Shared Secrets

To minimize the potential compromise of your shared secrets, you should avoid commonly used secrets such as names (yours, your spouse's, your children's, parents), common terms that appear in the dictionary (brute force attacks to crack passwords often use dictionaries in an attempt to randomly match the password), exclusively numbers (numbers range from 0 to 9 for each character where letters range from a to z creating 26 potential variations or 52 if case sensitive). The best passwords are a combination of both letters and numbers where the letters do not spell words that could be found in a dictionary and the password is of sufficient length, 6 characters or preferably more, to make brute force attacks harder.

We suggest you do not use shared secrets across multiple domains (e.g. websites). If you use the same logon and password while shopping or surfing online as you use for your bank, if one of the online merchant sites is compromised, your user ID and password could then be used to access your bank information. Not all websites apply the same level of security to their database. The use of a single logon ID and password across multiple sites is only as secure as the least secure site.