Privacy Policy

Routable helps companies that purchase our Services (“Clients”) speed up their business payments by using Routable’s invoicing and payments platform. As part of the Services, Clients may engage Routable as a sub-processor to facilitate the payment of invoices sent by another business or individual (“Vendor”). As such, Routable may receive and process Personal Information regarding a Vendor on behalf of the Client. This Privacy Policy applies to individual persons who are Vendors, employees of the Client (“Employees”), and individuals who visit our Websites or interact with our marketing activities (“Visitors”).

If you are Vendor and you have questions about how or why your Personal Information was shared with us by one of our Clients, or you would like to exercise any of your data subject rights, we recommend directing your inquiry to that Client. Routable is not responsible for the privacy or security practices of our Clients, which may differ from those set out in this Privacy Policy. Please review the relevant Client’s privacy policy to learn more about their data processing activities.

In the table below, we provide the list of categories of Personal Information that Routable has collected within the last twelve months and some examples to provide you with a better understanding of how or why we collect Personal Information. We also have identified the main sources and purposes for collection:

In the last 12-months, we have not collected the following categories of information:

• Biometric information.
• Characteristics of protected classifications under California or Federal law (this does not apply to our employees or job applicants).
• Audio, visual, thermal, olfactory, or similar information.
• Education information that is not publicly available personally identifiable information, as defined in the Family Educational Rights and Privacy Act
  (20 U.S.C. Sec. 1232g; C.F.R., Part 99).
• Inferences drawn from any of the information identified in this section to create a profile about a consumer reflecting the consumer’s preferences,
  characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

We collect personal information in three ways:

• Directly from Clients, Vendors, Employees, and Visitors when you provide it to us, for example when you fill out a form, register to use the Services, enter a contest, sign up to attend an event or webinar, reply to our emails, or contact customer support;
• Automatically when you interact with our Services (see Cookies and Tracking Technology below), when you open an email from us, browse our website, or interact with our advertising; and
• From third parties, including from financial institutions that process payments, third-party service providers and third party financial service providers (like third-party payment applications, infrastructure providers, or support ticketing providers), and third-party marketing service providers (like analytics tools, email marketing providers, or marketing automation services).

We, and our third-party partners, automatically collect certain types of usage information when you visit our Website, use our Services, read our emails, interact with our social media pages, or otherwise engage with us. We typically collect this information through tracking technologies, including cookies, Flash objects, web beacons, file information, and similar technology (collectively, “Tracking Technologies”‘). Tracking Technologies collect information about your device and its software, such as your IP address, browser type, Internet service provider, platform type, device type, operating system, date and time stamp, a unique ID that allows us to uniquely identify your browser, mobile device, your account, and similar information.

We use Tracking Technologies to collect information about the way you use our Website or Services. For example, the site from which you came and the site to which you are going when you leave our Website, the pages you visit, the links you click, how frequently you access our Website or Services, whether you open emails or click the links contained in emails, whether you access our Website or Services from multiple devices, and other actions you take on our Website or within our Services. When you access our Website or Services from a mobile device, we may collect unique identification numbers associated with your device (including, for example, a UDID, Unique ID for Advertisers, Google AdID, or Windows Advertising ID), device type, model and manufacturer, geographical location data, including GPS coordinates (e.g., latitude and/or longitude) or similar information regarding the location of your mobile device, or we may be able to approximate a device’s location by analyzing other information, like an IP address. However, we do not collect precise geolocation.

We may collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends for our Website and Services and to understand more about the demographics of our users. We may also work with third-party partners to employ technologies, including the application of statistical modeling tools, which attempt to recognize you across multiple devices for fraud prevention purposes. We use or may use the data collected through Tracking Technologies to: (a) remember information so that you will not have to re-enter it during your visit or the next time you use our Services; (b) provide custom, personalized content and information, including targeted content and advertising; (c) identify you across multiple devices for fraud prevention purposes; (d) provide and monitor the effectiveness of our Website and Services; (e) monitor aggregate metrics such as total number of visitors, traffic, usage, and demographic patterns on our Website and in our Service; (f) diagnose or fix technology problems; and (g) otherwise study, improve, enhance, and develop our Website and Services and to develop new features and services.

Most browsers will allow you to reject cookies by: (i) changing your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) disabling existing cookies; or (iii) setting your browser to automatically reject cookies. Please note that doing so may negatively impact your experience using the Website or the Services, as some features and services on our Website and Services may not work properly. Depending on your mobile device and operating system, you may not be able to delete or block all cookies. You may also set your e-mail options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether you have accessed our e-mail and performed certain functions within it. Deleting cookies does not delete Local Storage Objects (LSOs) such as Flash objects and HTML5. You can learn more about Flash objects – including how to manage privacy and storage settings for Flash cookies – on Adobe’s website. If you choose to delete Flash objects, then you may not be able to access and use all or part of our Website or view our emails.

We and our third-party service providers or third-party marketing tools may also use cookies and tracking technologies for advertising purposes. For more information about tracking technologies, please see “Third Party Tracking and Online Advertising” below. For individuals located in the EU, UK, and Switzerland, we will ask for your consent prior to placing Tracking Technologies on your device, unless the Tracking Technology is strictly necessary (as determined by applicable law). You can withdraw your consent at any time by contacting privacy@routable.com.

Routable also uses Google Analytics. The following link explains how Google Analytics collects, uses, and shares data: www.google.com/policies/privacy/partners/.

We use the personal information that we collect or receive:

• To provide our Website and Services to you, including to notify you about a payment or a payment request, facilitate payments to Vendors, remember your preferences, fulfill your orders or transactions, recommend products to you, provide you with the information you request, allow you to participate in the interactive features of the Website and Services, and to notify you about your account;
• For product research and product development purposes, to analyze audience size or usage, or for similar purposes;
• To support our Services, including to communicate with you about your account, communicate with you about products that you purchase, validate information about you, respond to your inquiries, maintain and support our Website and the Services, or for similar purposes;
• To market our Services, including to provide you with information, products, or services that you request or that we think may be of interest to you, provide you with discounts, administer contests and sweepstakes, communicate with entrants, notify winners, award prizes, and comply with applicable law, advertise our Services over the Internet, social media, or email, or for similar marketing purposes;
• For legal reasons, including to carry out our legal obligations and enforce our rights, investigate misuse or misconduct, protect you or other third parties, and to monitor, detect and prevent fraud, malicious activity, or other privacy or security-related concerns; and
• With your consent, to fulfill the purposes for which you provided the information, or in ways that we disclose to you when you provide the information.

Routable will not share Personal Information, or otherwise make your Personal Information available to any other parties, except as provided in this Privacy Policy. We share the categories of information identified in Section 2 with the following categories of third parties for business purposes:

• With Your Consent or At Your Direction: We will share your Personal Information with third parties if you consent to sharing your Personal Information or otherwise direct us to do so.
• Clients: If you are a Vendor, we will share the Personal Information that you provide us with our Clients in order to provide the Services to our Clients.
• Financial Services Providers: We will share Personal Information with the financial institutions of our Vendors, and with other third-party financial services providers, such as payment processing providers, money transmitters, and other providers. These third party financial service providers that are not our “subprocessor” or “service provider” as those terms are generally defined under applicable data protection law. These service providers may collect Personal Information, including via Tracking Technologies, when you use our Services. The Personal Information they collect or receive may also include name, email address, physical address, payment information, banking information, account information, payor/payee, transactional data, and identifying information about devices that connect to their services. These payment service providers use this information to operate and improve the services they provide to us, including for fraud detection, loss prevention, authentication, and analytics related to the performance of its services. These financial service providers currently include Stripe, Dwolla, the Currency Cloud, Plaid, and Convera.  You can learn more about Stripe and read its privacy policy at Stripe Privacy Policy. You can learn more about Dwolla and read its privacy policy at Dwolla Privacy Policy. You can learn more about the Currency Cloud (a Visa subsidiary) and read its privacy policy at The Currency Cloud Privacy Policy. You can learn more about Plaid and read its privacy policy at Plaid Privacy Policy. You can learn more about Convera and read its privacy policy at Convera Privacy Policy,
• Co-Sponsors and Co-Hosts: If you sign up and attend one of our events or webinars, download content, or attend an event that we co-host or co-sponsor with a third party, we will receive your Personal Information. Your Personal Information may also be shared with the partner or co-sponsor. Please see our partner or co-sponsors’ privacy policies for further information about how they use Personal Information.
• Service Providers: In order to provide our Website and the Services, and undertake our marketing and business activities, it may be necessary for us to disclose Personal Information to contracted third-party service providers who perform certain functions on our behalf. Examples include payment providers (to authorize, record, settle, and clear payment card transactions); cloud hosting providers (to provide data storage and processing services); communications providers (to process new queries and to manage our emails); infrastructure service providers (to host our application); or analytics companies to perform analysis. These third-party service providers may use the Personal Information that we provide to them only as instructed by Routable. We may also disclose Personal Information to perform necessary “Know-Your-Customer” (“KYC”) procedures for regulatory, legal, and compliance purposes.
• Business Transfers: If Routable is involved in a merger, acquisition, or sale of all or a portion of its assets, Personal Information may be transferred to the acquiring person or entity.
• Marketing and Advertising Providers: We may partner with third-party advertising networks, exchanges, or social media platforms to display advertising on third-party websites, platforms or networks. We may use Google, Facebook, LinkedIn, or similar providers. These providers track activity on our Website using Tracking Technologies and combine it with other information they collect, including Personal Information. They do this so that they can, or we can, serve you with advertisements on their platforms or elsewhere on the Internet. We also use third-party marketing providers to manage email campaigns and to serve advertising on third-party websites.
• Affiliates: We may share Personal Information with other companies and brands owned or controlled by Routable, and other companies owned by or under common ownership as Routable, which also includes our subsidiaries (i.e., any organization we own or control) or our ultimate holding company (i.e., any organization that owns or controls us) and any subsidiaries it owns.
• Legal or Regulatory Bodies and Agencies: Routable may share your information in order to respond to investigations, court orders, and legal processes, or to investigate, prevent, or take action regarding illegal activities, fraud, suspected fraud, security incidents, situations involving threats to any person, violations of our Terms, or as otherwise required by law.

For further information on your choices regarding your information, see Section 9 Control Over Your Information.

If you are a resident of Switzerland, the United Kingdom (UK), or a country within the European Economic Area (EEA), you may have rights under European data protection laws regarding the processing of your Personal Information. You have the right to access the Personal Information that we hold about you and, in some cases, you may have the right to ask that your Personal Information be corrected, erased, or transferred (subject to limitations under applicable law). You may also have the right to object to or request that we restrict the processing of your Personal Information. If we collect Personal Information based on your consent, you have the right to revoke your consent.

Our lawful basis for collecting Personal Information is to fulfill contracts with you or with our Clients, our legitimate interest in providing the Services and Website content to you, to comply with our legal obligations, and in some cases with your consent.

If your Personal Information has been shared with us by a Client, this set of Personal Information is owned and controlled by the Client. We process this information for the purpose of performing the contract to provide our Services to the Client solely on behalf of the Client in accordance with the Client’s written instructions.

You may direct questions or complaints arising from this Privacy Policy to us by contacting us through the channels indicated in Section 13 “European Representative and Data Protection Officer Details” below. If your Personal Information has been submitted to us by a Client and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable Client directly.

Residents of the UK, EEA, and Switzerland may file a complaint with a data protection authority. The data protection authority will require you to first attempt to resolve any complaint with us. Please see Section 13 “European Representative and Data Protection Officer Details” below for details on how to file a complaint with us.

Any other disputes arising out of or related to this Privacy Policy will be handled in accordance with the dispute resolution process indicated in our Terms.

Rights for Individuals in Europe

Depending on your location, your jurisdiction, and subject to applicable law, you may have the rights below with regard to the Personal Information we control about you. We will respond to your requests within the appropriate timeline under applicable law:

• The right of access means that you have the right to request that we disclose what Personal Information we have collected, used, and disclosed about you.
• The right of deletion means that you have the right to request that we delete Personal Information collected or maintained by us, subject to certain exceptions.
• The right to non-discrimination means that you will not receive any discriminatory treatment when you exercise one of your privacy rights.
• You can also ask us to correct or update your Personal Information; object to the processing of your Personal Information; ask us to restrict processing of your Personal Information; or request the portability of your Personal Information.
• While you cannot opt out of service-related emails if you are an account holder, as this is an essential part of the Services, you have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you or you can contact us using the contact information below.
• Similarly, if we have collected and process your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.
• You have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority. To find contact details, click here.

California Resident Privacy Rights

If you are a California resident, the California Consumer Protection Act (CCPA), as amended by the California Privacy Rights Act (CPRA), may provide you with additional rights regarding your Personal Information. The rights outlined in this section do not apply to information exempted under the CCPA, including aggregated data, or to individuals who are not residents of California.

Section 2 of this Privacy Policy sets forth the categories of Personal Information that Routable collects and processes about you, a description of each category, the sources from which we obtain Personal Information in each category, and a description of how we use your Personal Information. Section 6 of this Privacy Policy describes the categories of third-parties with whom we share Personal Information.

To the extent provided under the CCPA, and subject to applicable exceptions, California residents have a right to request information about our collection, use, and disclosure of their Personal Information. Specifically, California residents have the following rights:

• The right to know the categories and specific Personal Information we have collected, the categories and sources from which we collected the Personal Information, the categories of third parties with whom we share Personal Information, and the business or commercial purpose for collecting or selling (if applicable) Personal Information;
• The right to request a copy of the Personal Information that we collected during the past 12 months;
• The right to opt out of sales of Personal Information or sharing Personal Information for cross-contextual behavioral advertising (in each case, where applicable and in accordance with CCPA);
• The right to request that we delete the Personal Information that we have collected from you, subject to certain exceptions;
• The right to correct inaccurate Personal Information that we maintain about you;
• The right to limit the disclosure of your sensitive Personal Information, if we use or disclose sensitive Personal Information;
• The right to request information about, and opt out of, automated decision making (if applicable); and
• The right to exercise the rights described above free from discrimination or retaliation, as prohibited by the CCPA.

We do not “sell” Personal Information as the term “sell” is traditionally understood. However, we use third party analytics tools, and our advertising agencies may use targeted advertising platforms on our behalf. To the extent that sharing Personal Information with these services is considered a “sale” under CCPA, you may opt-out of the sale of your information by managing your preferences in accordance with Section 9 or opting out of marketing and social media cookies via our cookie consent mechanism.

If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of Personal Information to third parties for their direct marketing purposes during the immediately preceding calendar year. You may make your request by emailing us at privacy@routable.com or writing to us at 548 Market St PMB 33807 San Francisco, CA 94104.

Other U.S. State Privacy Rights

To the extent you are provided with additional privacy rights in the state you reside, you have the following rights with respect to the information that we collect (in each case, subject to applicable law). The rights outlined in this section do not apply to information exempted under applicable law, including aggregated data, or to individuals who are not residents of a state that grants these rights.

• The right to know the Personal Information that we process about you;

• The right to access Personal Information that we process about you;

• The right to correct inaccurate Personal Information that we maintain about you;

• The right to obtain a copy of the Personal Information that we have collected about you;

• The right to opt out of the processing of Personal Information for (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling for decisions with legal or other significant effects on the consumer;

• The right to request that we delete the Personal Information that we have collected from you, subject to certain exceptions; and

• The right to exercise the rights described above free from discrimination or retaliation as prohibited by applicable law.

Nevada Resident Privacy Rights

If you are a resident of Nevada, you have the right to opt out of the sale of certain information to third parties who intend to license or sell that information. If we sell your information, you can exercise this right by contacting us by submitting a communication as directed in Section 14 “Contact Us” below. If the request is via email, please include the subject line “Nevada Do Not Sell Request” and provide us with your name and the email address.

Financial Incentives

Financial incentives are programs, benefits, or other offerings, including payments to consumers as compensation, paid in exchange for the disclosure, deletion, or sale of personal information about them. We do not offer financial incentives to a consumer for the disclosure, deletion, or sale of their personal information.

Exercising Your U.S. Privacy Rights

You may exercise your rights by contacting us by phone or email as indicated in Section 14 “Contact Us” below. Your rights may only be exercised by you or by your designated agent. In some cases, you may only submit a request to know twice within a 12-month period.

Your request must include enough information to allow us to reasonably verify that you are the person about whom we collected Personal Information or an authorized representative, which may include: (1) verifying your account information if you have an account with us; or (2) requesting two forms of identification that are reliable for verification purposes, unless the request includes sensitive information and, in which case, we may require three forms of verification and a signed declaration. The information included in your request must allow us to properly understand, evaluate, and respond to it.

We cannot respond to your request if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you. If we cannot verify your identity or authority, we will not fulfill your request. We will only use personal data provided in the request to verify the requestor’s identity or authority to make it.

 You may submit a request through a designated agent. You must instruct that agent that they will need to state that they are acting on your behalf when making the request, have reasonably necessary documentation, and be prepared to provide the necessary personal information to identify you in our database.

Email Communications

From time to time, we may send you emails regarding updates to our Website, products or services, notices about our organization, or information about products/services we offer (or promotional offers from third parties) that we think may be of interest to you. If you wish to unsubscribe from such emails, simply click the “unsubscribe link” provided at the bottom of the email communication. Note that you cannot unsubscribe from certain services-related email communications (e.g., account verification, confirmations of transactions, technical or legal notices).

Modifying Account Information

If you have an online account with us, you have the ability to modify certain information in your account (e.g., your contact information) through “profile,” “account,” “settings,” or “preferences” options provided on the Website or within the Services. If you have any questions about modifying or updating any information in your account, please contact us at the email or postal address provided below.

Browser Opt-Outs

You may be able to set your browser to delete or notify you of cookies and other Tracking Technologies by actively managing the settings on your browser or mobile device. You may also be able to limit interest-based advertising through the settings on your mobile device by selecting “limit ad tracking” (iOS) or “opt-out of interest-based ads” (Android).

Interest-based Advertising Opt-Outs

To learn more about interest-based advertising and how you may be able to opt-out of some of this advertising, you may wish to visit the Network Advertising Initiative’s online resources, at networkadvertising.org/choices, and/or the DAA’s resources at aboutads.info/choices, and you may also adjust your ad preferences through your Facebook settings. You may also be able to opt-out of some – but not all – interest-based ads served by mobile ad networks by visiting youradchoices.com/appchoices and downloading the mobile AppChoices app. You may also manage certain advertising cookies by visiting the EU-based Your Online Choices at www.youronlinechoices.eu. If you have any questions about opting out of the collection of cookies and other tracking/recording tools, you can contact us directly at privacy@routable.com.

Data Retention

We will retain your Personal Information for as long as is necessary to fulfill the purposes for which it was collected, comply with any laws or regulations, resolve disputes, and enforce or perform our agreements. We may retain your data for a legitimate business interest where business benefit is not outweighed by your personal rights and freedoms.

Keeping Information Safe

Routable maintains a written information security program. Our program includes administrative, technical, and physical safeguards, procedures and practices which are designed to protect Personal Information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, however, is 100% secure. Therefore, we cannot guarantee the security of your Personal Information.

Routable and its representatives will never request your account credentials. You should never share your Routable account information, including your username and password, with anyone else. We recommend that you use a unique password for your Routable account that is not associated with other websites. Any suspicious activity regarding your account, including automated messages or calls from parties you cannot identify, should be reported to your Service administrator and Routable using the contact information below.

The Website and Services are intended for use by adults. We do not knowingly solicit or collect Personal Information from children under the age of 16. If we learn that any Personal Information has been collected inadvertently from a child under 16, we will delete the information as soon as possible. If you believe that we might have collected information from a child under the age of 16, please contact us at privacy@routable.com.

We reserve the right to change this Privacy Policy from time to time in our sole discretion. We will post changes on this page and indicate the “last modified” date at the top of this page. Please check back often for any updates. Your continued use of our Website or Services after any change in this Privacy Policy will constitute your acceptance of such change.

For the convenient administration of regulatory compliance concerns related to individuals located in the European Union, United Kingdom, and Switzerland, Routable has appointed a Data Protection Officer. Routable’s Data Protection Officer (DPO) is:

Damian Coln, Director of Information Technology

privacy@routable.com