PAYFULL

PRIVACY POLICY

Effective Date: March 9, 2026

Last Updated: March 9, 2026

1. INTRODUCTION

NV PIF ENTERPRISES LLC, a Nevada limited liability company, doing business as PAYFULL ("PAYFULL," "Company," "we," "us," or "our"), is committed to protecting the privacy and security of personal information. This Privacy Policy describes how we collect, use, disclose, retain, and protect personal information in connection with our consulting services, proprietary platform, dashboard, and transaction facilitation tools (collectively, the "Services").

This Privacy Policy applies to:

  •      Business clients ("Clients") who engage our consulting services

  •      End users, customers, or prospects of our Clients ("End Users") whose transaction data may be processed through our Platform

  •      Visitors to our website and other digital properties

  •      Individuals who communicate with us

IMPORTANT NOTICE: PAYFULL is a consulting firm that provides advisory and integration services related to third-party financing solutions, including buy now, pay later ("BNPL") platforms. PAYFULL is not a lender, bank, financing company, credit card issuer, BNPL provider, or funding source. We do not underwrite, approve, deny, issue, guarantee, or service any financing or funding. All financing decisions are made solely by independent third-party providers, each of which maintains its own privacy policy.

By using our Services, accessing our Platform, or otherwise providing personal information to us, you acknowledge that you have read and understood this Privacy Policy.

2. DEFINITIONS

For purposes of this Privacy Policy:

"Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. This includes, but is not limited to, names, addresses, email addresses, phone numbers, financial information, transaction data, and online identifiers.

"Sensitive Personal Information" means Personal Information that reveals: (a) social security, driver's license, state identification card, or passport numbers; (b) account log-in credentials, financial account numbers, debit card numbers, or credit card numbers in combination with any required security or access code, password, or credentials allowing access to an account; (c) precise geolocation; (d) racial or ethnic origin, religious or philosophical beliefs, or union membership; (e) contents of mail, email, or text messages (unless we are the intended recipient); (f) genetic data; (g) biometric information processed for the purpose of uniquely identifying an individual; (h) health information; (i) sex life or sexual orientation information; or (j) citizenship or immigration status.

"Platform" means PAYFULL's proprietary dashboard, tools, integrations, and systems provided to Clients for the facilitation and management of Transactions.

"Transaction" means each individual sale, purchase, or payment event processed through or facilitated by the Platform in connection with a BNPL solution or other third-party financing or funding provider.

"BNPL Provider" means any third-party buy now, pay later solution, financing provider, or funding source accessed through or facilitated by PAYFULL's consulting services and Platform.

3. CATEGORIES OF PERSONAL INFORMATION WE COLLECT

We collect Personal Information in various ways depending on how you interact with us. The categories of Personal Information we have collected in the preceding twelve (12) months include:

3.1 Information Collected from Clients

Identifiers and Contact Information:

 Business name, legal entity type, and state of formation

  Names and titles of business owners, officers, and authorized representatives

  Business and personal addresses

 Email addresses and phone numbers

  Tax identification numbers (EIN/SSN for sole proprietors)

Financial Information:

   Bank account information for payment processing and fee collection

   Payment card information

   Billing and invoicing records

   Transaction history and volume data

   Chargeback and dispute records

Commercial Information:

● Business type, industry, and product/service offerings

    Average transaction values and sales volume

   Customer acquisition and retention data

  Marketing and advertising practices

Professional Information:

Business licenses and permits

    Professional certifications

   Business operating history

Internet and Network Activity:

● Platform usage data and access logs

● IP addresses and device identifiers

● Browser type and operating system

Pages viewed and features used within the Platform

3.2 Information Collected About End Users

When Clients process Transactions through our Platform, we may receive certain End User information in connection with facilitating those Transactions. This may include:

    Names and contact information

   Transaction details (purchase amounts, dates, products/services purchased)

   Payment method information (limited to what is necessary for Transaction facilitation)

   Transaction status and outcome data

   Chargeback and dispute information

IMPORTANT: We do not collect credit scores, credit reports, employment information, income verification, or other underwriting data about End Users. Such information, if required for financing decisions, is collected directly by third-party BNPL Providers subject to their own privacy policies.

3.3 Information Collected Automatically

When you visit our website or use our Platform, we automatically collect certain information, including:

     IP address and general geographic location

     Device type, browser type, and operating system

     Referring URLs and exit pages

     Date and time of access

     Pages viewed and time spent on pages

     Click patterns and navigation paths

     Cookies and similar tracking technologies (see Section 11)

3.4 Information from Third Parties

We may receive Personal Information from third parties, including:

     BNPL Providers (Transaction status, approval/denial outcomes, settlement data)

     Payment processors and financial institutions

     Business verification and identity verification services

     Marketing and analytics providers

     Publicly available sources and databases

4. HOW WE USE PERSONAL INFORMATION

We use the Personal Information we collect for the following business and commercial purposes:

4.1 Providing and Improving Our Services

     Delivering consulting, advisory, and support services

     Facilitating Platform access and Transaction processing

     Managing Client accounts and relationships

     Processing payments and collecting fees

     Providing technical support and troubleshooting

     Improving and optimizing our Services and Platform

     Developing new features and services

4.2 Communications

     Responding to inquiries and requests

     Sending service-related communications and updates

     Providing Transaction notifications and alerts

     Sending marketing communications (with consent where required)

4.3 Security and Fraud Prevention

     Detecting, investigating, and preventing fraud and unauthorized access

     Monitoring for security threats and vulnerabilities

     Verifying identity and preventing identity theft

     Managing Chargebacks and disputes

4.4 Legal and Compliance

     Complying with applicable laws, regulations, and legal processes

     Responding to lawful requests from law enforcement and government agencies

     Enforcing our terms of service and agreements

     Protecting our legal rights and interests

     Conducting audits and maintaining records as required by law

4.5 Business Operations

     Conducting internal analytics and reporting

     Managing business relationships with BNPL Providers

     Administering referral and affiliate programs

     Facilitating corporate transactions (mergers, acquisitions, etc.)

5. HOW WE DISCLOSE PERSONAL INFORMATION

We may disclose Personal Information to the following categories of recipients for the business purposes described below:

5.1 Service Providers and Contractors

We engage third-party service providers and contractors to perform services on our behalf, including:

     Cloud hosting and data storage providers

     Payment processors and financial service providers

     Customer relationship management (CRM) providers

     Analytics and business intelligence providers

     Email and communication service providers

     Security and fraud prevention services

     Professional advisors (attorneys, accountants, consultants)

These service providers are contractually obligated to use Personal Information only for the purposes of providing services to us and to maintain appropriate security measures.

5.2 BNPL Providers and Financial Partners

In connection with facilitating Transactions and BNPL integrations, we share information with third-party BNPL Providers and financial partners. This sharing is necessary to:

     Process and facilitate Transactions

     Enable BNPL Provider approval and funding decisions

     Manage settlements and disbursements

     Handle Chargebacks, disputes, and refunds

Note: BNPL Providers are independent third parties with their own privacy policies. We encourage you to review their privacy practices.

5.3 Clients (for End User Information)

We share End User Transaction information with the applicable Client in connection with the services we provide to that Client. Clients are responsible for their own privacy practices with respect to End User information.

5.4 Legal and Regulatory Disclosures

We may disclose Personal Information when we believe in good faith that disclosure is necessary to:

     Comply with applicable laws, regulations, or legal processes

     Respond to lawful requests from law enforcement or government agencies

     Protect the rights, property, or safety of PAYFULL, our Clients, End Users, or others

     Detect, prevent, or address fraud, security, or technical issues

     Enforce our agreements and policies

5.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, Personal Information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your Personal Information.

5.6 SMS Communications

If you provide your phone number through our website or other forms and expressly consent to receive SMS messages from NV PIF ENTERPRISES LLC (operating as PayFull), you agree to receive text messages related to account notifications, onboarding updates, payment alerts, and other service-related communications.

Users provide consent by entering their phone number and affirmatively checking a consent checkbox at the time of submission. Where applicable, a separate optional checkbox is provided for marketing or promotional messages.

Message frequency may vary. Message and data rates may apply. You may opt out of receiving SMS messages at any time by replying STOP. For assistance, reply HELP.

SMS consent and phone numbers collected for SMS purposes will not be shared with third parties or affiliates for marketing purposes. This information may only be shared with trusted service providers, such as messaging platforms and telecommunications carriers, strictly for the purpose of delivering SMS communications.

5.7 With Your Consent

We may disclose Personal Information for other purposes with your express consent.

We may disclose Personal Information for other purposes with your express consent.

We may disclose Personal Information for other purposes with your express consent.

6. SALE AND SHARING OF PERSONAL INFORMATION

We Do Not Sell Personal Information. PAYFULL does not sell Personal Information for monetary consideration.

Sharing for Cross-Context Behavioral Advertising. We do not share Personal Information for cross-context behavioral advertising purposes.

If our practices change in the future, we will update this Privacy Policy and provide you with notice and the opportunity to opt out as required by applicable law.

7. DATA RETENTION

We retain Personal Information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Our retention periods are determined based on:

     The duration of our relationship with the Client or individual

     Contractual obligations and business needs

     Applicable legal and regulatory requirements

     Statute of limitations for potential legal claims

     Industry standards and best practices

General Retention Periods:

     Client account information: Duration of the business relationship plus seven (7) years

     Transaction records: Seven (7) years from the date of the Transaction

     Chargeback and dispute records: Seven (7) years from resolution

     Communications and correspondence: Three (3) years

     Website and Platform usage data: Twenty-four (24) months

     Marketing preferences: Until opt-out or account termination

Upon expiration of the applicable retention period, we will securely delete or anonymize Personal Information in accordance with our data retention and destruction policies.

This is a Paragraph Font

This is a Paragraph Font

8. DATA SECURITY

We implement and maintain reasonable administrative, technical, and physical security measures designed to protect Personal Information from unauthorized access, disclosure, alteration, and destruction. These measures include:

Administrative Safeguards:

     Written information security policies and procedures

     Employee training on data protection and privacy

     Access controls limiting data access to authorized personnel

     Vendor management and due diligence programs

     Incident response and breach notification procedures

Technical Safeguards:

     Encryption of data in transit and at rest

     Secure Socket Layer (SSL) / Transport Layer Security (TLS) protocols

     Firewalls and intrusion detection systems

     Multi-factor authentication for Platform access

     Regular security assessments and penetration testing

     Secure software development practices

Physical Safeguards:

     Secure data center facilities with restricted access

     Environmental controls and monitoring

     Secure disposal of physical media

No Guarantee of Security. While we strive to protect Personal Information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security, and you provide Personal Information at your own risk.

9. YOUR PRIVACY RIGHTS

Depending on your state of residence, you may have certain rights regarding your Personal Information. We are committed to honoring these rights in accordance with applicable law.

9.1 Rights Under California Law (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know. You have the right to request that we disclose: (a) the categories of Personal Information we have collected about you; (b) the categories of sources from which we collected Personal Information; (c) our business or commercial purpose for collecting, selling, or sharing Personal Information; (d) the categories of third parties to whom we disclose Personal Information; and (e) the specific pieces of Personal Information we have collected about you.

Right to Delete. You have the right to request that we delete Personal Information we have collected from you, subject to certain exceptions.

Right to Correct. You have the right to request that we correct inaccurate Personal Information we maintain about you.

Right to Opt-Out of Sale/Sharing. You have the right to opt out of the sale of your Personal Information or the sharing of your Personal Information for cross-context behavioral advertising. As stated in Section 6, we do not currently sell or share Personal Information for these purposes.

Right to Limit Use of Sensitive Personal Information. You have the right to limit our use and disclosure of Sensitive Personal Information to uses necessary to perform our Services or as otherwise permitted by law.

Right to Non-Discrimination. You have the right not to receive discriminatory treatment for exercising your privacy rights.

9.2 Rights Under Other State Privacy Laws

If you are a resident of Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have similar rights under your state's privacy law, including the rights to:

     Access and obtain a copy of your Personal Information

     Delete your Personal Information

     Correct inaccurate Personal Information

     Opt out of targeted advertising, sale of Personal Information, or profiling

     Appeal our decision regarding your privacy request

9.3 How to Exercise Your Rights

To exercise any of the rights described above, you may submit a request by:

     Email: [email protected]

     Mail: NV PIF Enterprises LLC d/b/a PayFull, Attn: Privacy Request, 1057 Whitney Ranch Dr, Suite 350, Henderson, NV 89014

Verification. We will verify your identity before processing your request. For Clients, we may verify your identity through your account credentials. For other individuals, we may request additional information to verify your identity, such as your email address, phone number, or other identifying information.

Authorized Agents. You may designate an authorized agent to submit a request on your behalf. We may require the authorized agent to provide proof of authorization and may still require you to verify your identity directly with us.

Response Timing. We will respond to verifiable requests within forty-five (45) days of receipt. If we require additional time (up to an additional forty-five days), we will inform you of the reason and extension period in writing.

9.4 Global Privacy Control

We recognize and honor Global Privacy Control (GPC) signals as valid opt-out requests for the sale or sharing of Personal Information under applicable state laws. If your browser or device transmits a GPC signal, we will treat this as a request to opt out of sale/sharing to the extent applicable.

10. THIRD-PARTY LINKS AND SERVICES

Our Services may contain links to third-party websites, applications, or services, including BNPL Providers and financial partners. This Privacy Policy does not apply to any third-party sites or services. We are not responsible for the privacy practices of third parties, and we encourage you to review their privacy policies before providing any Personal Information.

Third-party BNPL Providers have their own privacy policies that govern their collection, use, and disclosure of Personal Information. When you apply for or use financing through a BNPL Provider, you are subject to that provider's privacy policy.

11. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies to collect information about your use of our website and Platform. These technologies help us:

     Remember your preferences and settings

     Authenticate your identity and maintain session security

     Analyze website traffic and usage patterns

     Improve our Services and user experience

     Detect and prevent fraud and security threats

Types of Cookies We Use:

     Essential Cookies: Required for basic website functionality and security

     Functional Cookies: Remember your preferences and settings

     Analytics Cookies: Help us understand how visitors use our website

     Performance Cookies: Monitor and improve website performance

Managing Cookies. Most web browsers allow you to control cookies through their settings. You can typically set your browser to notify you when you receive a cookie, giving you the choice to accept or reject it. Please note that disabling certain cookies may affect the functionality of our website and Platform.

Do Not Track. Some browsers transmit "Do Not Track" (DNT) signals. We currently do not respond to DNT signals, but we do recognize and honor Global Privacy Control signals as described in Section 9.4.

12. CHILDREN'S PRIVACY

Our Services are designed for businesses and are not directed to children under the age of sixteen (16). We do not knowingly collect Personal Information from children under 16. If we learn that we have collected Personal Information from a child under 16, we will take steps to delete such information as soon as possible.

If you are a parent or guardian and believe that your child has provided Personal Information to us, please contact us at [email protected] so that we can take appropriate action.

13. INTERNATIONAL DATA TRANSFERS

PAYFULL is based in the United States. If you access our Services from outside the United States, please be aware that your Personal Information may be transferred to, stored, and processed in the United States or other countries where our service providers are located. These countries may have data protection laws that are different from the laws of your country.

By using our Services or providing Personal Information to us, you consent to the transfer, storage, and processing of your Personal Information in the United States and other countries as described in this Privacy Policy.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

     Update the "Last Updated" date at the top of this Privacy Policy

     Provide notice through our website, Platform, or by email (for material changes)

     Obtain your consent where required by applicable law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your Personal Information. Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

15. CONTACT INFORMATION

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

NV PIF Enterprises LLC d/b/a PayFull

Attn: Privacy Officer

1057 Whitney Ranch Dr, Suite 350

Henderson, NV 89014

Email: [email protected]

We will respond to your inquiry as soon as reasonably practicable.

16. ADDITIONAL NOTICES FOR CALIFORNIA RESIDENTS

This section provides additional disclosures required by the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

Categories of Personal Information Collected. In the preceding twelve (12) months, we have collected the following categories of Personal Information:

     Identifiers (name, address, email, phone number, IP address)

     Personal information categories listed in Cal. Civ. Code § 1798.80(e) (name, address, telephone number, financial information)

     Commercial information (transaction records, purchasing history)

     Internet or other electronic network activity information (browsing history, search history, Platform usage)

     Professional or employment-related information (business title, company information)

     Inferences drawn from the above categories

Categories of Sensitive Personal Information Collected. We may collect the following categories of Sensitive Personal Information:

     Account log-in credentials in combination with required access codes

     Financial account, debit card, or credit card numbers in combination with required access codes

Sources of Personal Information. We collect Personal Information from: (a) directly from you; (b) automatically through your use of our Services; (c) from third-party service providers; (d) from BNPL Providers and financial partners; and (e) from publicly available sources.

Business or Commercial Purposes. We collect and use Personal Information for the business purposes described in Section 4 of this Privacy Policy.

Disclosure of Personal Information. We disclose Personal Information to the categories of third parties described in Section 5 of this Privacy Policy for business purposes.

Retention. We retain Personal Information as described in Section 7 of this Privacy Policy.

"Shine the Light" Law. Under California Civil Code Section 1798.83, California residents may request information about our disclosure of Personal Information to third parties for their direct marketing purposes. We do not disclose Personal Information to third parties for their direct marketing purposes. If you have questions, please contact us at [email protected].

17. ADDITIONAL NOTICES FOR NEVADA RESIDENTS

Under Nevada Revised Statutes Chapter 603A, Nevada residents may opt out of the sale of certain "covered information" collected by operators of websites or online services. We do not sell covered information as defined under Nevada law. If you have questions, please contact us at [email protected].

18. ACCESSIBILITY

We are committed to ensuring that this Privacy Policy is accessible to individuals with disabilities. If you have difficulty accessing this Privacy Policy, please contact us at [email protected], and we will provide the information in an alternative format.

19. GOVERNING LAW

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Nevada, without regard to its conflict-of-law principles, except where preempted by applicable federal law or where specific state privacy laws provide otherwise.

This Privacy Policy was last updated on March 9, 2026. Please retain a copy for your records.

Financing Infrastructure for High-Ticket Businesses

PAYFULL is a financing enablement and payment orchestration platform. PAYFULL is not a lender, merchant of record, or payment processor. PAYFULL does not hold client funds. Revenue projections referenced are scenario-based illustrations and are not guarantees of performance. Results depend on individual business factors including offer quality, sales execution, and compliance.

© PayFull 2026 All rights reserved.