Privacy Policy
01 // Scope of This Policy
This Privacy Policy applies to all information collected by MEnterprise Firm Inc., operating as MeF’d Up (mefdup.com) and SovereignStack (sovereignstack.pro), including through our merchant application platform at apply.mefdup.com, our hosted checkout infrastructure at pay.sovereignrails.pro, and all related services, websites, and tools we operate.
This policy does not apply to acquiring banks, ISO processors, or payment companies to which we refer merchants. Those entities maintain their own privacy practices and you should review their policies before providing information directly to them.
02 // Information We Collect
Business and Identity Information
- Legal business name, DBA/trade name, entity type
- Business address, phone number, email address, website URL
- Owner/principal name, title, email, and phone number
- Government-issued identification (driver’s license, state ID, passport)
- Social Security Number or Employer Identification Number (EIN)
- Date of birth, business start date
Financial Information
- Bank name, account type, routing number, and account number
- Annual revenue, monthly processing volume, average and high ticket amounts
- Processing history, chargeback ratio, prior processor information
- Three months of bank statements and processing statements (uploaded documents)
- Refund policy details, fulfillment timeline
Business Operational Information
- Product/service description, merchant category code (MCC)
- Billing model, estimated volumes
- Business website content (scanned automatically on submission)
Technical Information
- IP address at the time of application submission (captured for e-signature purposes)
- Browser type, session token, submission timestamp
- Website compliance scan results from your domain
03 // How We Collect Information
Directly From You
The majority of information we collect is provided directly by you through the merchant application wizard at apply.mefdup.com. This includes all business, identity, financial, and document information you enter or upload during the application process.
Automatically
When you submit a merchant application, we automatically scan your business website using our compliance engine to assess your site against payment processor underwriting requirements. This scan reads publicly accessible content on your domain. We also capture your IP address at the moment of electronic signature for legal authentication purposes.
From Third Parties
We do not currently purchase data about you from third-party data brokers. We may receive confirmation of application status from ISO partners and acquiring banks to whom we refer your application.
04 // How We Use Your Information
| Purpose | Information Used |
|---|---|
| Processing and submitting your merchant account application to ISO partners and acquiring banks | All business, identity, and financial information |
| Generating your signed application PDF and verification record | All application data, signature, IP, timestamp |
| Compliance pre-screening of your website before submission | Business website URL and publicly accessible content |
| Communicating with you about your application status | Email address, application reference numbers |
| Configuring payment checkout services (AltPay Rails) if purchased | Business name, website, payment rail preferences |
| Maintaining records required by our ISO partner agreements | Application data, submission timestamps, approval/denial status |
| Improving our compliance scanning accuracy | Aggregated, anonymized scan data only |
We do not use your information for advertising, behavioral profiling, or sale to data brokers. We do not use your information for any purpose unrelated to the services you have requested.
06 // Data Retention
We retain merchant application data according to the following schedule:
| Data Type | Retention Period | Basis |
|---|---|---|
| Submitted application records (business info, processing profile) | 7 years from submission | ISO partner agreement requirements, business records |
| Uploaded documents (ID, bank statements, processing statements) | 7 years from submission | ISO partner requirements |
| Locked application PDFs | 7 years from submission | Legal record keeping |
| Draft/incomplete applications with no submission | 90 days from last activity, then purged | Operational necessity |
| Application event logs (audit trail) | 7 years | Legal compliance |
| Merchant configuration records (post-approval) | Duration of service relationship + 2 years | Service delivery |
Upon written request and termination of the service relationship, we will purge your records within 90 days, except where retention is required by law, regulation, or our ISO partner agreements.
07 // How We Protect Your Information
Given the sensitivity of information we handle, we maintain the following security practices:
Encryption
- All data transmitted through our platforms uses TLS 1.2 or higher
- Uploaded documents stored in encrypted cloud storage (Supabase, AWS infrastructure)
- Bank account routing and account numbers are masked in all internal records — only the last four digits are stored in operational databases
- ISO package deliveries encrypted with AES-256 before transmission
Access Controls
- Row-level security (RLS) enforced on all database tables — default deny policy
- Staff access authenticated via secure API key
- Document access generates time-limited signed URLs (no permanent public links)
- All document access is logged with timestamp, staff identifier, and IP address
E-Signature Security
- Submitter IP address captured and embedded in the signed application PDF
- Application locked immediately upon submission — no modifications possible after signing
- Verification code issued that allows public verification without exposing PII
No security system is impenetrable. In the event of a data breach affecting your personal information, we will notify you and relevant authorities as required by applicable law.
08 // Your Rights
You have the following rights regarding your personal information:
Access
You may request a copy of the personal information we hold about you. For merchant applications, you received a copy of your signed PDF upon submission. Additional records can be requested in writing.
Correction
If your application has not yet been submitted to an ISO partner, corrections can be made through the staff dashboard process. After submission, corrections require a new application as submitted records are legally locked.
Deletion
You may request deletion of your records. We will fulfill deletion requests within 90 days where permitted by law and our ISO partner agreements. Records required by our ISO agreements or applicable law cannot be deleted before the applicable retention period ends.
Opt-Out of Communications
You may opt out of non-transactional communications at any time by emailing cash@mef.money. Transactional emails related to your application status cannot be opted out of while your application is active.
To exercise any of these rights, contact us at cash@mef.money with the subject line “Privacy Request” and your merchant reference number (MER-XXXXXX) if available.
09 // Children’s Privacy
Our services are intended exclusively for business operators who are 18 years of age or older. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have collected information from a minor, we will delete it promptly.
10 // California Residents (CCPA)
California residents have additional rights under the California Consumer Privacy Act (CCPA). As referenced in our ISO partner agreements, CCPA may apply to how we handle certain personal information.
California residents may request: (1) disclosure of categories and specific pieces of personal information collected; (2) disclosure of categories of third parties with whom information is shared; (3) deletion of personal information, subject to applicable exceptions; and (4) non-discrimination for exercising these rights.
We do not sell personal information as defined under CCPA. Transmission of merchant application data to ISO partners and acquiring banks for the purpose of merchant underwriting does not constitute a “sale” under CCPA.
California privacy requests may be submitted to cash@mef.money.
11 // Changes to This Policy
We may update this Privacy Policy as our services evolve or legal requirements change. Material changes will be communicated to active clients by email at least 14 days before taking effect. The current version will always be available at mefdup.com/privacy-policy. Continued use of our services after the effective date of changes constitutes acceptance.
12 // Contact Us
For privacy-related questions, requests, or concerns:
MEnterprise Firm Inc.
Warren, Ohio
Email: cash@mef.money
Subject line: “Privacy Request — [Your MER Number]”
We respond to all privacy requests within 30 days.