Privacy Policy

Last Updated December 1, 2019

1. Introduction

Melio Payments Inc. (“Melio”, “we”, “us” or “our”) provides a digital bill payment solution for small businesses. This Privacy Policy describes our practices concerning the information we receive or collect when you visit our website located at www.meliopayments.com (“Website”) or access our online platform through the website of one of our partners (collectively, “Services”). Specifically, it describes the information we collect, how and for which purposes we may use such information, where we store it and for how long we retain the information, with whom we may share it, our use of tracking technologies and communications, our security practices, your choices and rights regarding such information, our policy concerning children, and how to contact us if you have any concerns regarding this Policy or your privacy.

Please read this Privacy Policy and make sure that you fully understand and agree to it. If you do not agree to this Policy, please discontinue and avoid using our Services.


2. Information Collection

We collect the following main categories of information (and to the extent one or more of them may enable the identification of a specific person or is linked to such potentially identifying data, we will deem it “Personal Information”):

Information You Provide. You may provide us Personal Information such as your name, e-mail address, phone number, and hashed password when you use our Services, create a user account, or contact us. If you choose to make any payments via our Services, you may also provide us with your payment information and preferences, as well as information about any vendors receiving payment.

Information We Collect Automatically. When you visit, interact with or use our Services, we may collect certain technical data about you. We collect or generate such data either independently or with the help of third party services, including through the - 2 -


use of “cookies” and other tracking technologies (as further detailed in Section 6 below). Such data consists of sensor, location, connectivity, technical and aggregated usage data, such as your GPS/GNSS location data; home and work locations; IP addresses, wireless networks, cell towers and Wi-Fi access points; non-identifying data regarding a device, operating system, and browser; activity, communication, and performance logs; issues and bugs; and user activity on our Services. This data does not enable us to learn your true identity or contact details, and serves mostly to improve the overall performance of our Services, and to better understand how our users typically use our Services and how we could improve their user experience.

Information from Third Parties. We may receive information about you from third parties. For example, we may receive information about you from outside records of third parties, such as marketing-related or demographic information. We may supplement the information we collect about you through the Website and the Services with such information from third parties in order to enhance our ability to serve you, to tailor our content to you and/or to offer you opportunities to purchase products or services that we believe may be of interest to you. If we combine such data with information we collect through the Website or the Services, such information is subject to this Privacy Policy unless we have disclosed otherwise.

3. Information Use

We use your Personal Information as necessary for the performance of our Services; for complying with applicable law; and based on our legitimate interests in maintaining and improving our Services and offerings, understanding how our Services are used, optimizing our marketing, customer service and support operations, and protecting and securing our users, ourselves, and members of the general public.

Specifically, we use Personal Information for the following purposes:

• To facilitate, operate, and provide our Services;

• To authenticate the identity of our users, and to allow them to access and use our Services;

• To provide our users with assistance and support; - 3 -


• To further develop, customize and improve the Services and your user experience, based on common or personal preferences, experiences, and difficulties;

• To contact our users with general or personalized service-related messages (such as password-retrieval); or with promotional messages (such as newsletters, special offers, new features etc.); and to facilitate, sponsor and offer certain events and promotions;

• To support and enhance our data security measures, including for the purposes of preventing and mitigating the risks of fraud, error, or any illegal or prohibited activity;

• To create aggregated statistical data, inferred non-personal data or anonymized or pseudonymized data (rendered non-personal), which we or our business partners may use to provide and improve our respective services;

• To enforce our Terms of Service and any other agreements between you and Melio; and

• To comply with any applicable laws and regulations

4. How We Share Your Information in Connection with the Services

a. Payors and Payees. In connection with the Melio Services, we may share some of your Personal Information with the business with which you are transacting in order to effect your transaction.

b. Melio Partners. If you access our online platform through the website of one of Melio’s partners, then we may share your Personal Information with that partner.

c. Melio Service Providers. We may engage selected third party companies and individuals to perform services complementary to our own (e.g. hosting and server co-location services, data analytics services, marketing and advertising services, data and cyber security services, fraud detection and prevention services, payment processing services, e-mail and SMS distribution and monitoring services, session recording, and our business, legal and financial advisors) (collectively, “Service Providers”). These Service Providers may have access to your Personal - 4 -


Information, depending on each of their specific roles and purposes in facilitating and enhancing our Services, and may only use it for such purposes.

d. Subsidiaries and Affiliated Companies. We may share Personal Information internally within our family of companies, for the purposes described in this Policy.

e. Business Transfers. Should Melio or any of its affiliates undergo any change in control, including by means of merger, acquisition, or purchase of substantially all of its assets, your Personal Information may be shared with the parties involved in such event. If we believe that such change in control might materially affect your Personal Information then stored with us, we will notify you of this event and the choices you may have via e-mail or prominent notice on our Services.

f. Legal Compliance. We may disclose or allow government and law enforcement officials access to certain Personal Information, in response to a subpoena, search warrant, or court order (or similar requirement), or in compliance with applicable laws and regulations. Such disclosure or access may occur if we have a good faith belief that we are legally compelled to do so, or that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing.

g. Protecting Rights and Safety. We may share your Personal Information with others if we believe in good faith that this will help protect the rights, property, or personal safety of Melio, any of our users, or any members of the general public.

h. With Your Permission. Melio may share your Personal Information pursuant to your explicit consent.

5. Location, Retention, and Protection of Information

a. Your Personal Information may be maintained, processed, and stored by Melio and our authorized affiliates and Service Providers in the United States of America, Israel, and other jurisdictions, as necessary for the proper delivery of our Services, or as may be required by law. While privacy laws may vary between jurisdictions, - 5 -


Melio, its affiliates, and Service Providers are each committed to protect Personal Information in accordance with this Policy and industry standards, regardless of any lesser legal requirements that may apply in their jurisdiction.

b. We will retain your Personal Information for as long as you use the Services or as necessary to fulfill the purpose(s) for which it was collected, provide our products and services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable law. If we are required to maintain a record of any information, you may not be able to delete such information due to such requirements. Please be aware that your personal information may be stored on backup tapes and locations, third-party servers, and other repositories that may not be erasable and residual information may be retained. We are under no obligation to store such information indefinitely and disclaim any liability arising out of, or related to, the destruction of such information.

c. We maintain administrative, technical, and physical safeguards that are designed to protect the privacy and security of your Personal Information. For example, all information you provide is accessible only to designated staff. In addition, all information is protected by SSL/TLS encryption when it is exchanged between your web browser and the Website or via the Services. We note, however, that the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of information transmitted to our Website or via the Services. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website. In addition, where you have chosen a password for access to certain parts of our Website, you are responsible for keeping this password confidential.

6. Cookies and Tracking Technologies

Session Trackers. In operating the Website and the Services, we may use cookies and similar session tracking technologies (“Session Trackers”). Session Trackers help - 6 -


provide additional functionality to the Website, customize users’ experiences with the Website and help us analyze Website usage more accurately for research and product development purposes. We (including third parties that we work with) may place session trackers on your device for security purposes, to facilitate navigation of the Website or the Services, and to personalize your experience while using our Website or the Services. If you would prefer not to accept Session Trackers when using the Website or the Services, please follow the instructions provided by your website or mobile browser (usually located within the “Help”, “Tools” or “Edit” facility) to modify your Session Tracker settings. Please note that if you disable Session Trackers, you may not be able to access certain parts of our Website or Services and other parts of our Website or Services may not work properly. As a result, we recommend that you leave Session Trackers turned on when accessing the Website or the Services because they allow you to take advantage of some of the Website and Services’ features.

Web Beacons. In addition to Session Trackers, we may use web beacons (also known as “clear GIFs”), which are transparent graphic images placed on a web page or in an email and indicate that a page or email has been viewed or tell your browser to get content from another server. We use web beacons to measure traffic to or from, or use of, our online forms, tools or content items and related browsing behavior and to improve your experience when using the Website or the Services. We may also use customized links or other similar technologies to track hyperlinks that you click and associate that information with your Information in order to provide you with more focused communications.

7. Managing Your Preferences

a. We want to communicate with you in the most effective manner, whether by sending you relevant marketing materials or by operating an intuitive and informative website. At the same time, we appreciate that your preferences regarding marketing, promotions, and online privacy will continue to evolve. This section provides you with information on how you can fine-tune your preference settings. - 7 -


b. We may use your Personal Information to provide you with marketing or other promotional communications via mail or email. If, at any time, you would like to stop receiving these promotional e-mails, you may follow the opt-out instructions contained in any such e-mail or by contacting us as set out below. Please note that by opting out, you may prohibit Melio from informing you of offerings that may be of interest to you. It may take up to ten (10) business days for us to process opt-out requests.

c. In addition, we may use your Personal Information to send you push notifications from time-to-time in order to update you about any events or promotions that we may be running. If you no longer wish to receive these types of communications, you may turn them off on your device.

8. Accessing, Updating, and Correcting Your Information

a. Updating Your Information. If you are a registered user of the Services, you may update and correct your information and delete inaccuracies through your account. Specifically, you can review and edit specific types of information at any time by logging in to the Website or the Services and making changes.

b. Correcting Information from Third Parties. Melio may receive from its customers Personal Information about third parties (notably, payees) and may have no direct relationship with the individuals to whom that information relates. An individual who is not a Melio registered user who seeks to access, correct, amend, or delete data provided to us by our customers should direct those requests to the customer as they will have access to that information through their own account. If requested to remove data, we will respond within a reasonable timeframe.

9. Social Media

You may also find additional information regarding the Services on our social media sites such as Facebook, LinkedIn, or Twitter. Please keep in mind that any information you share through such social media sites is visible to all participants on these social media sites and you should never post any sensitive information (such as account - 8 -


numbers) to such social media sites. Please carefully review the terms of use and privacy policies of these social media sites as they may be different from our own policies.

10. Other Websites and Businesses

This Privacy Policy covers the privacy practices of Melio only. This Privacy Policy does not apply to the practices of third party websites, services, or applications, including third parties with which we partner. These third party services are governed by their own privacy policies. Melio is not responsible for the privacy policies and practices of these third parties.

11. Do-Not-Track Settings

Do Not Track (“DNT”) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third-parties. We do not respond to DNT signals.

12. Children Under 13 Years of Age

Our Services are not directed to children under 13 years of age, and we do not knowingly collect information from children under 13. If we become aware that a child under 13 has provided us with Personal Information, we will prohibit and block such use and will make all efforts to promptly delete any Personal Data stored with us with regard to such child.

13. Your California Privacy Rights

California law provides California residents the right to request from Melio: (i) a list of the categories of Personal Information that we have disclosed to third parties for direct marketing purposes; and (ii) the names and addresses of all such third parties. If you would like to request this information, please email your request to support@meliopayments.com. In your request, please specify that you want a “Your Melio California Privacy Rights Notice”. Please allow thirty (30) days for a response.

14. Contact Us - 9 -


If you have questions or concerns regarding this Privacy Policy, please contact us by mail at 69 Mercer St, New York, NY 10012 or by email at support@meliopayments.com.

15. Changes to This Privacy Policy

Please read this Privacy Policy carefully. Melio will occasionally update this Privacy Policy. When we do, we will also revise the “last updated” date at the top of this page. Any changes to our Privacy Policy will become effective upon our posting of the revised Privacy Policy on the Website. Use of the Website following such changes constitutes your acceptance of the revised Privacy Policy then in effect. To the extent Melio makes any material change to this Privacy Policy, it will provide you with notice via email, on the Website, or through the Services prior to the change becoming effective.