Privacy Policy

How MangoErrands Global Payments collects, uses, protects, and shares personal information across our sites and services.

INTRODUCTION

At MangoErrands Global Payments ("MangoErrands," "we," "us," or "our"), trust is the foundation of our relationship with customers, vendors, and partners. We understand your desire for privacy, and we recognize that you trust us with your personal information. This Privacy Policy describes our privacy practices and principles in a format that is easy to navigate, read, and understand. We are dedicated to treating your personal information with care and respect.

1. ONLINE PRIVACY POLICY

MangoErrands Global Payments, a Delaware C-Corporation (dba MangoErrands Payments), has established this privacy policy ("Privacy Policy") to let you know:

  • The kinds of information we may gather on MangoErrands websites and any applications where this Privacy Policy is posted ("Site" or "Sites")

  • How and why we gather the information

  • What we use the information for

  • When we might disclose the information

Important Note: If you or the entity you are authorized to represent (collectively, "you" or "your") have previously entered into a services agreement with MangoErrands that governs the provision of transaction processing services ("Services Agreement"), the Services Agreement, not this Privacy Policy, governs each party's rights and obligations with respect to Cardholder Data, Transaction-related information (as those terms are defined in the Services Agreement) and other information gathered or submitted in connection with the transaction processing services provided under the Services Agreement. If the same information is both gathered by the Site and gathered or submitted in connection with the transaction processing services, the terms of the Services Agreement shall control.

By using the Site, you are accepting the practices described in this Privacy Policy. If you do not agree to the terms of this Privacy Policy, please do not use the Site.

We reserve the right to modify or amend the terms of our Privacy Policy from time to time. We will post any Privacy Policy changes on this page, and if the changes are material, we will provide a more prominent notice. Your continued use of the Sites following the posting of changes to these terms will mean you accept those changes. If we intend to apply the modifications or amendments retroactively or to personal information already in our possession, we will provide you with notice of the modifications or amendments and, if required by law (including GDPR, CPRA, and Jamaica DPA), obtain your consent.

2. WHAT INFORMATION ABOUT ME IS COLLECTED

The information we collect about you falls into general categories: information you provide to us, information that is automatically collected about you when you use one of our Sites, and information we gather from other third parties. This information may be Personal Information or Anonymous Information as described below.

Personal Information

Personal Information refers to information that identifies (whether directly or indirectly) a particular individual or business entity. Examples may include:

  • Your name

  • Postal address

  • Email address

  • Telephone number

  • Transaction records

  • IP address

Important: We do not collect or store full payment card details, bank account numbers, Social Security numbers, or tax identification numbers directly. All payment information is collected by our third-party payment processor, Stripe (see Section 7 below).

Sensitive Personal Information

Sensitive Personal Information (as defined by laws like CPRA and Jamaica DPA) includes information such as racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or sexual orientation. We do not collect Sensitive Personal Information through our platform.

Anonymous Information

Anonymous Information means information that does not directly or indirectly identify, and cannot reasonably be used to identify, a particular individual or business. Examples may include:

  • Information about your internet browser

  • Device information (including unique device ID and non-precise geolocation)

  • Demographic data

  • Usage information and traffic data

3. HOW WE COLLECT INFORMATION

We collect information when you

  • Provide this information to us directly (e.g., when you request products, register, submit an application for services, or contact customer support)

  • Interact with our Sites through technology (e.g., cookies, Flash cookies, and Web beacons)

  • We receive information about you from other online and offline sources, such as public databases and other third parties

Online Tracking Technologies (Cookies)

We and our service providers use cookies, pixel tags, web beacons, and similar tracking technologies to collect information about your browsing activity on our Sites. These technologies help us:

  • Recognize your device and remember your preferences

  • Analyze site usage and improve functionality

  • Deliver personalized content and advertising (where permitted)

  • Maintain security and detect fraudulent activity

Types of Cookies Used

Essential Cookies: Required for the Site to function. Examples are session cookies and authentication cookies.

Analytics Cookies: To understand traffic and user behavior. Examples are Google Analytics.

Functional Cookies: To remember your preferences. Example is User preference cookies. Marketing Cookies: For targeted advertising. We do not currently use marketing cookies.

You can manage your cookie preferences through our cookie consent banner, your browser settings, or tools such as the Digital Advertising Alliance opt-out page (https://www.aboutads.info/choices/). Note that disabling certain cookies may affect Site functionality.

Our Sites do not respond to "Do Not Track" signals at this time. We are evaluating DNT compliance and will update this policy accordingly.

4. LEGAL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION

For users in jurisdictions with comprehensive data protection laws (such as the EEA, UK, Canada, or Jamaica), we process your Personal Information only when we have a legal basis to do so. The legal bases we rely on include:

Contractual Necessity: Processing necessary to perform our contract with you or to take steps at your request before entering into a contract

Legal Obligation: Processing necessary for compliance with a legal obligation to which we are subject

Legitimate Interests: Processing necessary for our legitimate business interests (e.g., fraud prevention, analytics)

Consent: Processing based on your explicit consent, which you may withdraw at any time

5. HOW WE USE YOUR INFORMATION

We use the information we collect to help us personalize and continually improve your experience on the Site.

Purpose of Use and Legal Basis

Evaluate your application for Services: Contractual Necessity

Support MangoErrands' legal compliance obligations: Legal Obligation

Provide you with access to the Sites and communicate with you about your account: Contractual Necessity

Optimize or improve our products, services, and operations: Legitimate Interests

Detect, investigate, and prevent activities that may violate our policies or be illegal (e.g., fraud prevention): Legal Obligation & Legitimate Interests

Send you newsletters, offers, and promotions for our services: Consent or Legitimate Interests (with opt-out)

Perform statistical, demographic, and marketing analyses: Legitimate Interests

6. AUTOMATED DECISION-MAKING AND PROFILING

We use automated decision-making for fraud detection and risk assessment. This involves analyzing transaction patterns, location data, and device information to identify potentially fraudulent activity.

How it works

  • Our system evaluates each transaction against risk parameters

  • If a transaction is flagged as potentially fraudulent, it may be declined

  • You have the opportunity to contact customer support for a manual review

Your Rights: You have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. To contest an automated decision or request human intervention, please contact us at legal@MangoErrands.com.

7. PAYMENT PROCESSING (STRIPE DISCLOSURE)

This section is critical to understanding your payment data.

All payments on the MangoErrands platform are processed by Stripe, our third-party payment processor. Stripe acts as the Merchant of Record.

What this means for you

  • When you make a payment, your payment details are collected directly by Stripe

  • We do not collect, store, or have access to your full payment card information

  • We do not collect bank account numbers, Social Security numbers, or tax identification numbers

Stripe's Role: Stripe is an independent Data Controller for certain aspects of the data they collect. For more information about Stripe's privacy practices, please review their privacy policy: https://stripe.com/privacy

8. WHO DO WE SHARE YOUR INFORMATION WITH

Except as disclosed in this Privacy Policy, we do not disclose Personal Information collected through the Site to any companies not part of MangoErrands or its parent, subsidiaries, or related entities.

Service Providers

We share Personal and Anonymous Information with third-party service providers (e.g., hosting, billing, fraud protection). These entities are restricted from using, selling, distributing, or altering this data in any way other than to provide the requested services. Our third-party service providers are bound by Data Processing Agreements that require them to process Personal Information only in accordance with our instructions and to implement appropriate security measures.

Business Partners

To the extent permitted under applicable laws, we may share your Personal Information with our affiliated banks or business partners to serve your processing needs.

Emergency Situations / Legal Compliance

We may disclose Personal Information if required by law or in the good-faith belief that such action is necessary to protect rights, property, or public safety.

International Transfers

The Site is operated from the United States. Your Personal Information is therefore collected and processed primarily in the United States, which may not offer the same level of data protection as your home jurisdiction.

For transfers of Personal Information from the EEA, UK, Jamaica, or other jurisdictions with adequacy or localization requirements, we implement appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission (or UK equivalent)

  • Transfer Impact Assessments (TIAs)

  • Encryption and access controls

  • Data Processing Agreements with all sub-processors

For more information about international data transfers and the safeguards we implement, please contact us at legal@MangoErrands.com.

By using our Site and Services, you acknowledge and consent to the transfer, storage, and processing of your information in the United States, subject to the safeguards described above.

9. DATA BREACH NOTIFICATION

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms:

  • We will notify the relevant supervisory authorities without undue delay (and, where feasible, within 72 hours)

  • Where the breach is likely to result in a high risk to you, we will also communicate the breach to you as soon as reasonably practicable

  • Our notification will include a description of the breach, likely consequences, and measures taken

We maintain a written Data Breach Response Plan that is reviewed and updated regularly.

10. DATA RETENTION PERIOD

We retain your Personal Information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, or as required by law.

Data Type and Retention Period

Transaction records are retained a minimum of seven (7) years (for AML and financial reporting compliance)

Marketing and preference data are retained for two (2) years after your last interaction, unless you request earlier deletion

Account data is retained until account closure, plus statutory retention periods

Cookies and analytics are retained up to two (2) years

11. YOUR GLOBAL PRIVACY RIGHTS

Depending on your location, you may have the following rights (subject to legal limitations):

Right to Know/Access: You may request access to the Personal Information we hold about you

Right to Rectification: You may request correction of inaccurate or incomplete data

Right to Deletion/Erasure: You may request deletion of your data in certain circumstances

Right to Object/Opt-Out: You may object to processing based on legitimate interests or direct marketing

Right to Restriction: You may request restriction of processing in certain circumstances

Right to Data Portability: You may request a copy of your data in a structured, machine-readable format

Right Not to be Subject to Automated Decision-Making: You may contest automated decisions

How to Exercise Your Rights

To exercise your data protection rights, please submit a written request to:

Email: legal@MangoErrands.com

We will respond within one (1) month of receipt. If your request is complex, we may extend this period by a further two (2) months, and we will notify you of the extension within the initial one-month period.

12. CHILDREN'S PRIVACY

Our Site and Services are not directed to children under the age of 16 (or such lower age as may apply in your jurisdiction, but not below 13).

  • We do not knowingly collect personal information from children under 16

  • If you believe we have collected information about your child, please contact us immediately and we will delete it

  • In the United States, we comply with COPPA (Children's Online Privacy Protection Act)

13. CALIFORNIA PRIVACY RIGHTS ACT (CPRA) NOTICE

Categories of Personal Information Collected

Under the California Privacy Rights Act (CPRA), we collect the following categories:

  • Identifiers: Name, email address, phone number, IP address

  • Commercial Information: Transaction records

  • Financial Information: We do not collect financial information directly (Stripe collects payment data)

  • Internet Activity: Browsing history, cookie data

  • Geolocation Data: Non-precise location (e.g., city-level from IP address)

  • Sensitive Personal Information: We do not collect sensitive Personal Information

Sharing and Selling

  • We do not sell your personal information for monetary consideration

  • We do not share your personal information for cross-context behavioral advertising

  • We do not use sensitive personal information for purposes other than those permitted by law

Your California Rights

You have the right to

  • Request access to your personal information (twice per 12-month period, free)

  • Request deletion of your personal information

  • Request correction of inaccurate information

  • Opt out of any sale or sharing of personal information (not applicable)

  • Limit use of sensitive personal information (not applicable)

How to Exercise Your California Rights

Contact us at legal@MangoErrands.com. We respond within 45 days of receipt of a verifiable request.

14. COMPLIANCE WITH THE JAMAICA DATA PROTECTION ACT (DPA) 2020

We process personal data in accordance with the eight data protection standards under the Jamaica Data Protection Act, 2020:

The Standard and How We Comply

Fairness and Lawfulness: We process data only on valid legal bases

Purpose Limitation: We collect data only for specified, explicit purposes

Data Minimization: We collect only what is necessary

Accuracy: We maintain procedures to keep data accurate

Storage Limitation: We retain data only as long as necessary

Security: We implement appropriate technical and organizational measures

Rights of Data Subjects: We facilitate exercise of rights as described in Section 11

Accountability: We maintain records of processing activities

Right to Complain to the Office of the Information Commissioner (Jamaica)

If you are located in Jamaica and believe we have not handled your Personal Data in accordance with the Jamaica Data Protection Act, 2020, you have the right to lodge a complaint with the:

Office of the Information Commissioner

6th Floor, PanJam Building

60 Knutsford Boulevard

Kingston 5

Jamaica

Website: oic.gov.jm

15. DATA PROTECTION OFFICER (DPO) CONTACT

We have designated a Data Protection point person responsible for overseeing our privacy compliance.

Data Protection Contact

Email: legal@MangoErrands.com

Mail: MangoErrands Global Payments

Attn: Data Protection / Compliance

135-12 245th St

Rosedale, NY 11422

United States

16. CONTACT US

Data Controller

MangoErrands Global Payments (dba MangoErrands Payments)

A Delaware C-Corporation

Attn: Compliance / Privacy Officer

135-12 245th St

Rosedale, NY 11422

United States

Email: legal@MangoErrands.com

Regional Representatives

Jamaica Representative (for Jamaican Data Subjects)

MangoErrands Global Payments

c/o 18 Cheltenham Drive

Kingston 10

Jamaica

Email: legal@MangoErrands.com

EU/UK Representative

MangoErrands EU Compliance Rep

c/o Legal Department

Email: legal@MangoErrands.com

17. CHANGES TO THIS PRIVACY POLICY

We reserve the right to update this Privacy Policy from time to time. If we make material changes:

  • We will post the updated policy on this page

  • We will provide a more prominent notice (e.g., email notification or website banner)

  • If required by law, we will obtain your consent

We encourage you to review this Privacy Policy periodically for any changes.