Privacy Policy

§ 01 — Summary

Eliopi LLC ("Eliopi", "we") provides a payment platform built on Stripe Connect. We process two distinct categories of personal data:

Merchant data — information about the businesses that use Eliopi, their representatives, and beneficial owners. We are the controller of this data for our own legitimate business purposes (account management, billing, KYB, fraud monitoring).
End-cardholder data — information about the customers who pay through merchants using Eliopi. We act as a processor on behalf of the merchant, who is the controller. We process only what is necessary to facilitate payment and dispute response.

The licensed payment processor is Stripe, Inc. Cardholder PAN, CVV, and full track data are captured by Stripe Elements directly in the cardholder's browser and stored by Stripe. Eliopi's PCI scope is SAQ-A; we never receive or store cardholder card numbers.

§ 02 — Roles & relationships

Under GDPR, UK GDPR, and CCPA terminology:

For merchant account data (representative name, beneficial owners, business EIN, payout bank account, login email, dashboard activity): Eliopi is the controller / business.
For end-cardholder data processed in the course of facilitating a charge (customer email, name and billing address as provided by the merchant, payment-method token, charge amount, transaction metadata): the merchant is the controller / business; Eliopi is the processor / service provider.
For full cardholder data (PAN, CVV, expiry): Stripe is the processor directly contracted with the merchant under the Stripe Services Agreement. Eliopi has no access to this data.

A standard data processing addendum (DPA) is available to merchants on request to privacy@eliopi.com. The list of named sub-processors is at /sub-processors.

§ 03 — What we process

Merchant data we collect directly:

Account fields: business name, representative name, work email, password (hashed), phone number, business address, EIN or local equivalent, role.
KYB fields: beneficial-owner name, date of birth, address, identity-document images. (Most of this is collected by Stripe Identity directly; we receive only a verification status from Stripe.)
Operational telemetry: dashboard logins, IP address, browser User-Agent, audit log of administrative actions.

End-cardholder data we process on behalf of merchants:

Stripe-issued payment-method token, charge ID, payment-intent ID.
Card brand, last four digits, BIN (first six digits), country of issuance — Stripe-provided metadata, not the PAN.
Customer email, name, and billing address — only if provided by the merchant or required for 3DS.
Order metadata supplied by the merchant (order ID, line items, currency).
3DS authentication status and result.
IP address and User-Agent of the cardholder at the time of checkout, where collected by the merchant's site for fraud purposes.

§ 04 — What Stripe handles, not Eliopi

Eliopi does not receive or store:

Full cardholder PAN.
Cardholder CVV / CVC / authentication secrets.
Raw card expiry as entered by the cardholder (Stripe-issued exp_month / exp_year may be present as PaymentMethod metadata returned by Stripe — this is metadata about a token, not raw card data).
Track 1 / Track 2 magnetic-stripe data.
Merchant payout bank account credentials (these are submitted to Stripe via Stripe Elements; we receive only metadata such as bank name and last four digits).
Beneficial-owner government identity-document images at full resolution (these are uploaded directly to Stripe Identity in most flows; we receive verification status, not the documents themselves).

§ 05 — Purposes & legal bases

Provide the platform (contract, GDPR Art. 6(1)(b)): authenticating users, creating connected Stripe accounts, processing charges, displaying dashboards, calculating application fees.
Comply with legal obligations (legal obligation, GDPR Art. 6(1)(c); CCPA business purpose): KYB, AML screening (OFAC/EU/UK lists), tax reporting, retention of transaction records.
Secure the platform (legitimate interest, GDPR Art. 6(1)(f)): fraud and abuse detection on the platform itself, rate-limiting, audit logs, vulnerability management.
Improve the platform (legitimate interest): aggregate analytics on platform usage; we do not profile end-cardholders.
Communicate (legitimate interest / consent): transactional emails (charge receipts, payout notifications), service announcements, security alerts.

We share personal data only with sub-processors acting on our written instructions, or as required by law. Our principal sub-processors:

Stripe, Inc. — payment processing, KYB, identity verification, sub-processor for cardholder PAN.
Cloud infrastructure (AWS, Vercel, Railway) — hosting and compute.
Error tracking (Sentry) — diagnostic data, with PII scrubbing.
Transactional email (Resend or Postmark) — service emails to account contacts.
CDN/WAF (Cloudflare) — content delivery and edge security.

Full named list with purpose and jurisdiction: /sub-processors. Material additions are announced to controllers (account contacts and merchants) at least 30 days before taking effect.

§ 07 — International transfers

Eliopi LLC is established in the United States. Personal data we process is hosted on infrastructure located in the United States and the European Union (per the regional choice of the deployment). Where personal data is transferred from the EU/UK to the US, we rely on the EU Standard Contractual Clauses (and the UK International Data Transfer Addendum), with supplementary measures where appropriate. A copy of our SCCs is available on request.

§ 08 — Retention

Merchant account records — retained for the duration of the relationship and for 5 years after termination, per US tax and record-keeping obligations.
Transaction records (charges, refunds, payouts, application-fee ledger) — 7 years, per Stripe's record-keeping obligations and our financial-record retention.
KYB verification records — 5 years after account closure, per AML/BSA recordkeeping rules.
Operational logs & audit trails — 13 months.
Web analytics — 14 months, aggregated.

§ 09 — Your rights

Depending on where you live, you may have rights under GDPR, UK GDPR, CCPA, or other applicable laws — including access, rectification, erasure, restriction, portability, objection, and (for CCPA) opt-out of "sale" or "sharing" of personal data. We do not sell or share personal data for cross-context behavioural advertising as defined under CCPA.

To exercise a right, write to privacy@eliopi.com. We respond within 30 days. If Eliopi is acting as processor for your merchant employer, we route the request to the merchant (controller) and assist them in responding.

If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with your local data-protection authority. In the EU, you may contact your national DPA; in the UK, the Information Commissioner's Office (ICO).

§ 10 — Security

TLS 1.2+ for all network traffic;
Encryption at rest for stored personal data and audit logs;
Principle of least privilege for employee access, with auditable trails;
Hardened cloud infrastructure with WAF, rate-limiting, and DDoS protection at the edge;
Independent security assessment (SOC 2 Type II) — in progress;
Vulnerability disclosure email: security@eliopi.com — please use subject line "[security]".

§ 11 — Cookies

Eliopi uses strictly necessary cookies for session authentication and CSRF protection. We do not deploy advertising or cross-site tracking cookies. We use a privacy-respecting first-party analytics tool to count page views — no fingerprinting, no third-party trackers.

§ 12 — Changes

We may update this Privacy Policy as the platform evolves. Material changes are announced by email to account contacts at least 14 days before taking effect. The version date at the top of this page reflects the current edition.

§ 13 — Contact

The data controller is Eliopi LLC, principal office at 1975 E Ridge Rd, Layton, UT 84040, USA. For privacy questions: privacy@eliopi.com · phone: +1 (435) 264-8967.

Privacy policy.