News

PAYNELA PRIVACY POLICY
Last Updated: March 24, 2026

Paynela LLC and its affiliates and subsidiaries (“Paynela,” “we,” “our,” or “us”) respect your privacy and are committed to protecting personal information entrusted to us. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when you visit our websites, use our mobile applications, access our products and services, interact with us in a business or commercial context, or otherwise engage with us online or offline.

Paynela is a financial technology company that may provide technology, payment, disbursement, account, card, reimbursement, and related administrative services in connection with healthcare-related financial workflows. In some contexts, Paynela may receive or process information on behalf of healthcare providers, health plans, employers, program sponsors, financial institution partners, service providers, or other business customers. Our data practices may vary depending on the product, service, and relationship involved.

This Privacy Policy is intended to provide a transparent overview of our information practices. In certain cases, additional terms, product disclosures, consent forms, authorizations, financial account agreements, cardholder terms, HIPAA notices, or just-in-time notices may also apply.

1. Scope

This Privacy Policy applies to personal information we collect:

  • through our websites, portals, and mobile applications;
  • in connection with our payment, card, disbursement, reimbursement, and related financial technology services;
  • from healthcare providers, employers, benefit sponsors, banking partners, payment processors, identity verification vendors, and other third parties in connection with our services;
  • through customer support, sales, marketing, and business development interactions; and
  • through recruiting and vendor-management processes.

This Privacy Policy does not apply to information that is subject exclusively to another agreement or notice, including a separate HIPAA Notice of Privacy Practices where required, or to information processed solely on behalf of a customer where we act only as a service provider, contractor, or business associate and the customer controls the relevant privacy disclosures.

2. Categories of Information We Collect

Depending on the service and your relationship with us, we may collect the following categories of information:

Identifiers and contact information. Name, alias, postal address, email address, telephone number, account username, online identifiers, IP address, device identifiers, and similar identifiers.

Customer and account information. Date of birth, government-issued identification data, payment card information, bank account information, transaction account details, account credentials, authentication information, and records relating to eligibility or enrollment in a service.

Commercial and transaction information.
Records of products or services obtained, transaction details, payment history, reimbursement data, claims-related payment data, card usage information, billing information, and customer support interactions.

Internet or electronic network activity information. Browsing activity, clickstream data, device and browser type, operating system, referring URLs, app interactions, usage logs, cookies, SDK data, and similar analytics information.

Geolocation data. Approximate location inferred from IP address and, where enabled, more precise device-based location information.

Professional or employment information. Company name, title, business contact details, employer, and information submitted in connection with partnerships, vendor management, or recruiting.

Sensitive personal information. In certain contexts, we may collect financial account credentials, government identification data, precise geolocation, account log-in information, and information concerning health-related payments or benefits. We collect and use sensitive personal information only as reasonably necessary and proportionate for permitted business purposes, service delivery, security, fraud prevention, legal compliance, and other disclosed purposes.

Health or healthcare-related information. Depending on the product, we may receive information relating to medical expenses, benefit eligibility, reimbursement requests, claims-support information, provider details, prescription or treatment-related payment context, or other healthcare-related financial data. Not all health-related information handled by Paynela is protected health information under HIPAA; the applicable treatment depends on the source of the data, the role in which we receive it, and the governing law or contract.

Inferences. We may derive inferences from the information above, such as service preferences, risk indicators, fraud signals, account usage patterns, or customer support needs.

California law requires businesses to describe the categories of personal information collected, the purposes for collection and use, and related disclosures in their privacy policy and notices at collection.

3. Sources of Information

We may collect information from:

  • you directly;
  • your device or browser;
  • our customers, including healthcare providers, employers, program sponsors, and business partners;
  • banks, card issuers, payment processors, and other financial institution partners;
  • identity verification, fraud prevention, sanctions screening, analytics, and security vendors;
  • public databases and government lists where legally permitted;
  • marketing partners and event sponsors; and
  • other third parties you authorize or direct to share information with us.

4. How We Use Information

We may use personal information for the following purposes:

  • to provide, operate, maintain, support, and improve our services;
  • to create, administer, and secure accounts;
  • to process payments, disbursements, reimbursements, and related transactions;
  • to facilitate healthcare-related payment workflows, including administration of cards,
  • reimbursements, claims-support payments, and related services;
  • to verify identity, detect and prevent fraud, and protect against unauthorized access or misuse;
  • to comply with legal, regulatory, contractual, and risk-management obligations, including AML, sanctions, payment network, consumer protection, and recordkeeping obligations;
  • to communicate with you regarding transactions, products, services, updates, and support;
  • to personalize user experience and improve performance, analytics, and functionality;
  • to market our products and services where permitted by law;
  • to establish, exercise, or defend legal claims; and
  • for internal business operations such as audits, compliance reviews, vendor oversight, product development, and corporate transactions.

We do not use sensitive personal information to infer characteristics about individuals except as permitted by law and where reasonably necessary for the disclosed business purposes.

5. Cookies, Analytics, and Similar Technologies

We and our service providers may use cookies, pixels, software development kits, session replay tools, local storage, and similar technologies to operate our websites and apps, authenticate users, remember preferences, analyze traffic, detect fraud, and improve performance.

These technologies may collect identifiers, device information, usage data, and interactions with our websites or applications. You may be able to adjust your browser or device settings to limit cookies or tracking technologies, though some functionality may be affected.

Where required by applicable law, we will provide notice and choice regarding non-essential cookies or similar tracking technologies.

6. How We Disclose Information

We may disclose personal information to the following categories of recipients:

Service providers, contractors, and vendors. We may disclose information to vendors that provide hosting, cloud storage, customer support, analytics, payment processing, card issuance support, fraud prevention, identity verification, sanctions screening, email delivery, legal, audit, or security services.

Banking, payment, and network partners. We may disclose information to sponsor banks, issuing banks, acquiring institutions, payment processors, card networks, ACH operators, reimbursement administrators, and similar financial ecosystem participants as needed to provide the services.

Healthcare ecosystem participants. Where applicable, we may disclose information to healthcare providers, health plans, pharmacies, benefits administrators, TPAs, employer sponsors, and similar entities to support healthcare-related payment or reimbursement workflows.

Customers and business partners. If you access Paynela through a business customer or program sponsor, we may disclose information to that customer or sponsor consistent with the relevant arrangement and applicable law.

Corporate affiliates and transaction counterparties. We may disclose information to our affiliates and to parties involved in a merger, acquisition, financing, restructuring, sale of assets, or similar corporate transaction.

Regulators, law enforcement, and legal process recipients. We may disclose information as required by law, regulation, subpoena, court order, examination request, or other valid legal process, or when reasonably necessary to protect rights, safety, and security.

With your direction or consent. We may disclose information when you direct us to do so or otherwise consent.

We do not sell personal information in exchange for monetary consideration. We do not share personal information for cross-context behavioral advertising unless specifically disclosed in a supplemental notice and accompanied by any required opt-out rights.

7. Data Retention

We retain personal information for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, including to provide services, maintain accounts, complete transactions, resolve disputes, enforce agreements, comply with legal and regulatory obligations, support audits and examinations, detect and prevent fraud, and preserve evidence relevant to claims or investigations.

Retention periods vary based on the type of information, the product or service involved, applicable contractual requirements, legal obligations, and our operational needs. We may retain deidentified or aggregated information for longer periods where permitted by law.

California law requires that collection, use, retention, and sharing of personal information be reasonably necessary and proportionate to the disclosed purposes.

8. Data Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, destruction, loss, alteration, disclosure, or misuse. These safeguards may include encryption, access controls, network monitoring, vendor oversight, training, authentication measures, and incident response procedures.

No method of transmission over the internet or method of storage is completely secure. Accordingly, we cannot guarantee absolute security.

9. Your Choices and Rights

Depending on your jurisdiction and relationship with us, you may have certain rights regarding your personal information, including rights to:

  • access or know the personal information we collect, use, disclose, or retain;
  • request deletion of certain personal information;
  • request correction of inaccurate personal information;
  • opt out of the sale or sharing of personal information, where applicable;
  • limit certain uses or disclosures of sensitive personal information, where applicable;
  • appeal denial of a request, where required by law; and
  • receive information in a portable format, where applicable.

We may need to verify your identity before processing a request. In some cases, we may deny or limit a request where permitted by law, including where an exemption applies, we cannot verify identity, or the request conflicts with legal retention or compliance obligations.

You may submit requests by contacting us at privacy@paynela.com.

You may also designate an authorized agent to act on your behalf where required by law, subject to verification requirements.

10. California Privacy Notice

This section applies to California residents and supplements the rest of this Privacy Policy. California residents have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act. The CCPA and its regulations require businesses subject to the law to provide a privacy policy that describes categories of personal information collected, sources, purposes, categories of disclosures, retention information, and California consumer rights.

A. Categories of Personal Information Collected

In the preceding 12 months, we may have collected the following categories of personal information:

  • identifiers;
  • California customer records information;
  • protected classifications where voluntarily provided or legally required;
  • commercial information;
  • internet or electronic network activity information;
  • geolocation data;
  • professional or employment-related information;
  • sensitive personal information;
  • health or healthcare-related payment information; and
  • inferences drawn from the categories above.

B. Sources

We collect these categories from the sources described in the “Sources of Information” section above.

C. Business and Commercial Purposes

We collect, use, and disclose these categories for the purposes described in the “How We Use Information” and “How We Disclose Information” sections above.

D. Categories of Recipients

We may disclose these categories to service providers, contractors, banking and payments partners, healthcare ecosystem participants, customers, affiliates, transaction counterparties, regulators, and other parties as described above.

E. Sale / Sharing / Sensitive Personal Information

Paynela does not sell personal information for monetary consideration. Paynela does not share personal information for cross-context behavioral advertising unless expressly disclosed elsewhere in a supplemental notice. Paynela uses sensitive personal information only for purposes authorized by law and reasonably necessary to provide services, ensure security, prevent fraud, maintain quality, and comply with legal obligations.

F. California Rights

California residents may request:

  • the categories of personal information collected;
  • the categories of sources;
  • the business or commercial purposes for collecting, using, or disclosing personal information;
  • the categories of third parties to whom personal information is disclosed;
  • the specific pieces of personal information collected about them;
  • correction of inaccurate personal information;
  • deletion of personal information, subject to exceptions; and
  • information about sensitive personal information and rights relating to it where applicable.

California residents also have the right not to receive discriminatory treatment for exercising privacy rights.

G. Verification and Authorized Agents

We may verify your identity by matching information you provide with information we maintain. Authorized agents may submit requests on your behalf, subject to proof of authorization and identity verification.

H. Shine the Light / Do Not Track

California’s “Shine the Light” law may provide certain rights regarding direct marketing disclosures. At this time, our websites do not respond to browser do-not-track signals in a standardized manner unless and until required by applicable law or implemented through an accepted opt-out framework.

11. HIPAA and Health Information

This section explains how Paynela addresses health information and Protected Health Information (“PHI”) where applicable.

Paynela may receive, use, maintain, or disclose healthcare-related information in different roles. In some cases, Paynela may act on behalf of a covered entity or business associate and may be contractually required to protect PHI in accordance with HIPAA, the HITECH Act, and applicable business associate agreements. In other cases, information handled by Paynela may be health-related but not PHI under HIPAA.

When HIPAA applies, Paynela will use and disclose PHI only as permitted or required by applicable law, contract, and the relevant HIPAA documentation. Depending on the arrangement, PHI may be used or disclosed for treatment, payment, healthcare operations, legal compliance, public health activities, fraud prevention, or other purposes permitted by HIPAA.

Where Paynela is required to provide a HIPAA Notice of Privacy Practices, that notice will govern the use and disclosure of PHI to the extent of any conflict with this Privacy Policy. HIPAA requires covered entities to provide a Notice of Privacy Practices describing uses and disclosures of PHI, individual rights, duties, complaint rights, and an effective date. HHS provides model notices and states that material changes require prompt revision and redistribution where applicable.

Where applicable, individuals may have HIPAA rights including the right to access, amend, and receive an accounting of certain disclosures of PHI, request restrictions, request confidential communications, and obtain a copy of the applicable Notice of Privacy Practices.

Paynela will implement reasonable and appropriate safeguards for PHI and will report or respond to incidents involving PHI as required by applicable law and contract.

12. Deidentified and Aggregated Information

We may create, use, or disclose deidentified, anonymized, or aggregated information where permitted by law. We will not attempt to reidentify deidentified information except as permitted by law.

13. Children’s Privacy

Our services are not directed to children under 13 unless specifically offered in a context that allows such use under applicable law and with appropriate notices, consents, and controls. We do not knowingly collect personal information directly from children under 13 through our public-facing websites without appropriate authorization.

14. Third-Party Links and Services

Our websites or apps may contain links to third-party websites, portals, or services not operated by us. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy notices.

15. Cross-Border Processing

Paynela may process personal information in the United States and other jurisdictions where our service providers operate, subject to applicable legal requirements and appropriate safeguards.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or business practices. We will post the updated version with a revised “Last Updated” date. Where required by law, we will provide additional notice or obtain consent.

17. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at privacy@paynela.com.

If you believe your privacy rights have been violated, you may also have the right to submit a complaint to a regulator, including the U.S. Department of Health and Human Services Office for Civil Rights where HIPAA applies.