Privacy Notice

Updated: March 27, 2023

Important Information 

Paymerang LLC takes privacy very seriously and are committed to protecting your data. The policies set forth in this Privacy Notice are for the use of the Payment Automation and Invoice Automation services offered through our online application and email/phone-based customer support (collectively, the “Service”) which is owned and maintained by Paymerang, LLC (“Paymerang,” “we” or “us”).  

This Notice is provided to help you better understand how we collect, use, disclose, and protect all your data including but not limited to your Nonpublic Personal Information (“NPI”), Personally Identifiable Information (“PII”), and Protected Health Information (“PHI”). 

By using the Service, you are accepting the practices described in this Privacy Notice. If you access or continue to use the Services, you are therefore agreeing with the data practices provided in this Privacy Notice. 

What Information Do We Collect? 

Paymerang collects different kinds of information.  Some information is personally identifiable, which means information that identifies, or could be used by or on behalf of Paymerang to identify, an individual.  Additionally, some information is aggregated or non-identified (“Usage Data”), which helps us to understand usage trends, consider new features, or otherwise enhance the Service.  The types of information we receive or collect include: 

Client and Prospective Client Information:  When you register for or seek to use our Service for yourself or on behalf of your organization as a Client, we receive: 

  • Personal information, including but not limited to, the names of your employees and authorized users, addresses, phone numbers, and email addresses. 
  • Related information, including but not limited to, the Client’s name, tax identification number, website, and Bank account information. 

Vendor informationIn using the Service, Paymerang’s Clients will provide a list of vendors they conduct business with and wish to be able to make payments to via the Service. The vendor information we receive, includes, but is not limited to: 

  • Vendor names, contact names, addresses, phone numbers, and email addresses. If the Vendor opts to receive electronic payments from Paymerang, we may receive additional personal information of the Vendor’s authorized users and the Vendor’s financial account information. 
  •  Certain remittance information from the Client and/or Vendor required to make the necessary payments with the Paymerang Service. 

Log data:  We collect certain information automatically and store it in log files, including internet protocol address, browser, operating system, and date/time stamp.  We use this information to analyze usage trends, administer and maintain the Service, support audit requests, or track activity within the Service. 

Usage data:  We collect information about how you interact with the Service including the date and number of times you log in. 

Device informationWe may collect information about the device you’re using the Service on, including what type of device it is, what operating system and browser along with the versions of each you’re using, and device settings. 

Geo-location information:  We may determine your approximate location using IP addresses received from your browser or device. 

Voice Biometric information: We record phone calls between our employees, clients and vendors for quality assurance and training purposes. Participants are notified the call is being recorded prior to any information being shared between parties. Voice recordings are deleted within 30 days of the completed quality assurance analysis. 

Cookies:  Paymerang uses cookies to recognize your device and provide optimal Service functionality.  These session-based cookies have short expiration windows and are automatically deleted when you log-out of the Service.  You can manage the use of cookies at the individual browser level; however, if you reject cookies, your ability to use some features of the Service may be limited.  Paymerang does not currently recognize or respond to browser initiated Do Not Track signals. 

Marketing and Sales Information (including your web browsing activity if cookies are enabled):  Paymerang may collect information such as sales orders from third party lead generation resources and marketing list vendors, or from publicly available sources. We may receive information about your browsing activities on websites outside of We also receive information from marketing partners and event sponsors where we co-host events and webinars and from digital advertising partners, business partners, advertising networks, analytics providers, and search information providers. 

Our use and disclosure of your data 

Depending on the Service our Client may engage us to provide, Paymerang may have access to Personally Identifiable Information (“PII”), Protected Health Information (“PHI”) governed by the Health Insurance Portability and Accountability Act and its implementing regulations (“HIPAA”), Nonpublic personal information or financial information governed by the Gramm-Leach-Bliley Act (“GLBA”) and payment card data (“PCD”) covered by the Payment Card Industry Data Security Standards (“PCI DSS”) in order to provide our service obligations to our clients. 

Paymerang uses your information for the following: 

Providing the Service. We use information you provide to identify and authenticate you in order to deliver the Service and process payments via the Service. 

Contact and communication about, and use of, the Service.  We use your information to respond to problems, questions, or concerns or to otherwise contact you about the Service. 

Improving content and functionality of the Service.  We use your information to analyze usage trends to consider new features or otherwise enhance the Service. 

Any other purpose with your consent. 

Additional Consideration for HIPAA: HIPAA establishes national standards for the protection of PHI in the United States. Paymerang provide services as a business associate (“BA”) and transmits, processes, or stores data that can be classified as PHI for a client that is a Covered Entity or BA under healthcare privacy regulations (“BA Agreement”). 

We may use PHI for patient refund payment processing and legal obligations to the extent such use of PHI is permitted or required by the BA Agreement and not prohibited by law. We may use or disclose PHI on behalf of, or to provide services to, Covered Entities for purposes of fulfilling our service obligations, if such use or disclosure of PHI is permitted or required by the BA Agreement and would not violate the HIPAA Privacy Rule. 

In the event that PHI must be disclosed to a subcontractor, we will ensure that the subcontractor or third parties agrees to abide by the same restrictions and conditions that apply to us under the BA Agreement with respect to PHI, including the implementation of reasonable and appropriate safeguards. We may use PHI to report violations of law to appropriate federal and state authorities. 

In the event of an information security breach of unsecured PHI by Paymerang or one of our business associates, we will notify our Covered Entity client, per our BA Agreement, with the Covered Entity then providing a breach of security notification to you. 

Additional Consideration for GLBA: Under the GLBA’s definition, Paymerang is a “financial institution” and therefore required to comply with the GLBA. Provisions of the GLBA Safeguards Rule define and control how financial institutions handle and destroy an individual’s personal information. The GLBA Privacy Rule also requires financial institutions to give customers written privacy notices explaining how they use and share private financial information. Paymerang complies with the GLBA Safeguards Rule and the GLBA Privacy Rule. 

Additional Consideration for CCPA: The Service by design is considered as Business to Business (B2B) where client businesses pay vendor businesses. Knowing this and using the three (3) requirements to determine the scope of obligation for CCPA affecting for-profit organizations, (i) annual gross revenue, (ii) buying or selling of consumer data, and (iii) percent of revenue from selling consumer data, we believe the Service is not affected by CCPA at this time. We will continue to monitor the organization against the three requirements and will revise this Privacy Notice at that time. 

Additional Consideration for VCDPA: The Virginia Consumer Data Privacy Act (VCDPA) went into effect January 1, 2023. Paymerang is considered a “financial institution” under the GLBA definition, making Paymerang exempt from VCDPA requirements. Nonetheless, we abide by all requirements listed within the VCDPA including, listing the categories of processed data, the purpose for data processing, instructions to enable customers to opt out of personal data collection, and disclosure of data processing for sales, targeted advertising or profiling. Paymerang does not sell your personal information.  

Third-Party Service Provider Sharing: Paymerang may disclose your information to our third-party service providers for the following business purposes: 

  • To support the information technology services provided to you; 
  • For customer service management; 
  • To handle check printing and processing on our behalf; and  
  • To process payment file, issue invoices, make payments on behalf of our clients to their respective vendors. 

When we disclose your personal data for a business purpose, we enter a contract that requires that all third-party processors process your NPI, PII, PHI data with the same level of protection and in a manner consistent with the uses agreed upon in this Notice.  

Paymerang does not sell (as such term is defined in the California Consumer Privacy Act) your personal information to any third-party, nor have we sold personal information in the past 12 months. This policy extends to your PHI, NPI, and PII data. 


We use appropriate safeguards to prevent the use or disclosure of PHI, NPI, PII, and PCD other than as provided for in the Service Agreement. 

We have implemented administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of all sensitive information/data that we create, receive, maintain, or transmit on behalf of our Client considered to be a “Covered Entity” under HIPAA regulations and all other client we provide services on its behalf. 

Data quality, access and corrections 

If Paymerang collects data as a processor or service provider, Paymerang will make reasonable efforts to keep personal data accurate, complete and up to date as is necessary to fulfill the purposes for which the information is to be used. Unless Paymerang is permitted or required by law to prohibit access, upon receipt of your written request and by providing enough information to permit us to verify your identity, Paymerang will disclose to you the specific pieces of personal data we collected about you, as well as its source, purpose, and category of third parties with whom we shared and for which we may made a charge, if excessive, repetitive, or manifestly unfounded.  

Upon request, we will follow our internal policy and procedures necessary to correct, amend or delete any personal data that is inaccurate and notify any third-party recipients of the necessary changes. You may update any information you have given to us by contacting us at the address given below.  

You have the right to request the deletion or restriction of your personal data in certain circumstances as provided by applicable law. We will not discriminate against you for the exercise of these rights. Requests to delete personal data are subject to any applicable legal and ethical reporting, any legitimate business purpose that necessities retention, or document retention obligations imposed on us. 

If Paymerang collects personal data as a processor or service provider, Paymerang relies on its clients to supply Paymerang with accurate, complete and up-to-date information. Paymerang makes reasonable efforts to maintain the integrity of the data within its online Services as necessary to fulfill the stated purpose for which the information is used. If a request for personal data is submitted to Paymerang by an individual, Paymerang, in its role as a processor or service provider, will direct the individual to the client for access. 


Paymerang will retain information we process on behalf of Clients and Vendors for as long as your account is active or as needed to provide the Service, whichever time period is shorter.  We may further retain and use this information as necessary to comply with our legal obligations, resolve disputes, maintain accurate accounting, maintain our industry standards and certifications, financial and other operational records, and enforce of our agreements. 

Privacy Notice Changes 

We may make changes to this Privacy Notice at our sole discretion at any time. We encourage you to periodically review this Privacy Notice to stay informed about our collection, processing, and sharing of your Personal Data. Your continued use of the Service after we make changes to the Privacy Notice is deemed to be acceptance of those changes. 

Questions or Concerns 

If you have questions or concerns about what has been provided in this Notice, please contact us by email at, by phone at 804-603-1505, or at our mailing address below: 

7401 Beaufont Springs Drive, Suite 300 

Richmond, VA 23225