DBA: USD GoPay
2913 Avenue V, Brooklyn, NY 11229
Phone: 212-840-5091

Effective Date: March 28, 2026

Last Updated: March 28, 2026

Introduction

United Software Developers Inc., doing business as USD GoPay (“Company,” “we,” “us,” or “our”), values privacy and is committed to protecting personal information.

This Privacy Policy explains how we collect, use, disclose, store, and safeguard information when you access or use our websites, software platforms, applications, APIs, and services, including our CRM platform BrokersOnTheGo.com (collectively, the “Services”).

This Privacy Policy is incorporated by reference into our Terms and Conditions.

Historical Services and Policy Updates

The Company has been providing software platforms, technology services, and related solutions for many years prior to the Effective Date of this Privacy Policy.

This Privacy Policy represents a consolidated and updated statement of the Company’s privacy practices and applies to all continued and future use of the Services as of the Effective Date, regardless of when you first accessed or used the Services.

If you accessed or used the Services prior to the Effective Date, your continued access or use on or after the Effective Date constitutes acceptance of this Privacy Policy, to the fullest extent permitted by law.

Scope of This Privacy Policy

This Policy applies to:

• Website visitors
• Business customers and their authorized users
• Merchants using USD GoPay merchant services and CRM platforms
• Consumer users, where applicable
• Individuals whose information is processed through customer use of the Services

This Policy does not apply to third-party websites, products, or services not operated or controlled by the Company.

Information We Collect

A. Information You Provide Directly

We may collect personal or business information you voluntarily provide, including:

• Name, company name, job title
• Email address, phone number, mailing address
• Account credentials and authentication information
• Merchant onboarding and underwriting information
• Business, operational, and financial information submitted through the Services
• Documents, images, or files uploaded to our platforms
• Communications with sales, support, compliance, or technical teams

B. Information Collected Automatically

When you use the Services, we may automatically collect:

• IP address and device identifiers
• Browser type, operating system, and settings
• Login activity, timestamps, and log files
• Pages viewed, features used, and interactions
• Cookies and similar tracking technologies

C. Information Processed on Behalf of Customers

As a service provider, we may process information provided by customers relating to third parties, such as:

• Driving record information
• Business or property-related data
• Contact and messaging information used in CRM or communications

Such data is processed only in accordance with customer instructions, applicable agreements, and this Privacy Policy.

How We Use Information

We use information for purposes including:

• Operating, maintaining, and supporting the Services
• Authenticating users and managing accounts
• Providing CRM, messaging, and workflow functionality
• Facilitating merchant onboarding and payment-related services
• Delivering customer support and communications
• Monitoring security, fraud, and abuse
• Improving system performance and developing features
• Complying with legal, regulatory, and contractual requirements

Merchant Services and Payment Information

USD GoPay provides merchant services software and CRM technology. The Company does not directly process payment card transactions.

Payment card data and sensitive financial information are processed by independent third-party payment processors and acquiring banks, including but not limited to TSYS, in accordance with their privacy and security obligations.

The Company does not store full payment card numbers or sensitive authentication data unless expressly disclosed.

SMS and Communications Data

If you use SMS or messaging features:

• We process phone numbers and message content solely to transmit communications
• Customers are responsible for obtaining legally required consent from message recipients
• Data may be shared with messaging providers and carriers to deliver messages and enforce compliance

The Company does not independently market to message recipients using customer message data.

Driving Records, Property Data, and Non-FCRA Use

Driving record and property data services are provided for informational and administrative purposes only.

The Company does not operate as a consumer reporting agency and does not provide consumer reports under the Fair Credit Reporting Act (FCRA).

The Company does not control or monitor downstream customer decision-making beyond contractual restrictions and acceptable use requirements.

Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain authentication sessions
• Enhance security
• Analyze performance and usage trends
• Improve user experience

You may manage cookies through browser settings; however, disabling cookies may affect functionality.

Cloud Hosting, Infrastructure, and Sub-Processors

Cloud Hosting and Storage

The Company uses Amazon Web Services (“AWS”) for cloud hosting, infrastructure, and data storage. User-submitted information and uploaded documents may be stored and processed using AWS services, including Amazon S3.

AWS acts as a data processor and is contractually required to maintain appropriate security and confidentiality controls.

Managed IT Services Provider

We engage an independent AWS-certified managed IT services provider to administer, monitor, and maintain our AWS-based infrastructure.

This provider acts solely on our behalf and is subject to confidentiality, data protection, and security obligations.

International Data Processing

Data stored on AWS infrastructure may be processed in the United States or other jurisdictions where AWS operates data centers. Where required by law, appropriate safeguards are implemented.

Email Integration With Google Gmail and Microsoft Outlook (BrokersOnTheGo.com CRM)

Permissions We Request

When you connect your Gmail or Outlook account to BrokersOnTheGo.com, we may request permission to:

• Send email on your behalf
• Access your basic profile information (email address, display name)

We do not request permission to:

• Read your inbox
• Read your sent mail folder
• Access message history
• Access contacts
• Access calendars
• Modify or delete emails

How We Use Email Integration

We use these permissions solely to:

• Allow you to send emails from within the CRM
• Attach files you choose to include
• Display a history of emails you sent through the CRM only

We do not:

• Import or store incoming emails
• Access your mailbox
• Store client replies
• Analyze email content
• Use email data for advertising
• Sell or share email data

Storage of Email Data and Attachments

Email Content Stored by the CRM

We store only:

• The content of emails you send from within the CRM
• Metadata (recipient, subject, timestamp)

Attachments Are Not Stored by the CRM

When you send an email with attachments:

• Attachments are not stored on our servers
• They are stored directly on your Google Gmail or Microsoft Outlook server
• We store only a record that an email was sent

Attachment Availability

If you delete the email or attachments from your Gmail or Outlook account:

• The CRM will still show the email history entry
• Attachments will no longer be accessible

Human Access to Data

We do not allow human access to Gmail or Outlook data except:

• With your explicit permission for troubleshooting
• When necessary for security or fraud prevention
• When required by law

How to Disconnect Your Email Account

Google Users

Revoke access at: https://myaccount.google.com/permissions (myaccount.google.com in Bing)

Microsoft Users

Revoke access at: https://account.live.com/consent/Manage

Once revoked:

• We can no longer send emails on your behalf
• No new email data will be processed
• Previously stored CRM-sent email history remains until you delete it

How We Share Information

We may share information:

• With service providers and sub-processors (hosting, IT administration, analytics, support)
• With payment processors, banks, and card networks
• With messaging providers and telecom carriers
• To comply with laws, regulations, court orders, or governmental requests
• In connection with corporate transactions
• With your consent or at your direction

The Company does not sell personal information.

Data Security and SOC 2 Certification

We maintain commercially reasonable administrative, technical, and physical safeguards designed to protect information.

The Company is SOC 2 Certified, demonstrating adherence to recognized standards for data security, availability, and confidentiality.

Despite these measures, no system is completely secure.

Data Retention

Information is retained only as long as necessary to:

• Provide and support the Services
• Meet legal, regulatory, and contractual obligations
• Resolve disputes and enforce agreements

Retention periods vary based on data type and applicable law.

Your Privacy Rights

U.S. Residents

Depending on your jurisdiction, you may have rights to access, correct, or delete certain personal information, subject to legal exceptions.

International Users

International users may have additional rights under applicable data protection laws, including rights of access, correction, deletion, objection, and portability.

Requests may be submitted using the contact details below.

Children’s Privacy

The Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from minors.

Third-Party Links

The Services may contain links to third-party websites. We are not responsible for third-party privacy practices or content.