Privacy Policy

Effective Date: November 13, 2025 Obsydian Pay LLC

Pennsylvania

1. Introduction

Obsydian Pay LLC ("Obsydian Pay," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our payment processing services (the "Service"). Obsydian Pay is a payment facilitator that provides payment processing services through integration with third-party applications. The Service is currently accessible through SaddleWorks, a business management application for equine professionals. By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

We collect information you provide during merchant onboarding and while using the Service:

Merchant Account Information:

Business name, type, and address
Business owner/principal information (name, date of birth, SSN, address)
Tax identification number (EIN or SSN)
Banking information for payment settlement
Contact information (email, phone number)
Business website and description

Transaction Information:

Customer payment details (card numbers, expiration dates, CVV - processed securely and not stored in plain text)
Transaction amounts and dates
Invoice or order details
Customer names and contact information (as provided in transactions)
Refund and chargeback information

Supporting Documentation:

Business licenses or registrations
Bank statements or voided checks
Identity verification documents
Other documents required for underwriting and compliance

2.2 Information Collected Automatically

When you use the Service, we automatically collect certain information:

Transaction Data:

IP addresses associated with transactions
Device information (for fraud detection)
Geolocation data (for fraud detection)
Transaction timestamps and patterns

Technical Information:

API access logs
System performance data
Error logs and debugging information

2.3 Information from Third Parties

We receive information from:

Finix Payments, Inc. - Transaction processing data, settlement information, and risk assessment data
Card Networks - Authorization responses, dispute information, and network rules compliance data
SaddleWorks - Account information and integration data to facilitate payment processing
Banking Partners - Settlement status and account verification information
Identity Verification Services - Business and identity verification data for compliance purposes

3. How We Use Your Information

We use the information we collect to:

3.1 Provide Payment Processing Services

Process credit and debit card transactions
Facilitate fund settlement to your bank account
Authenticate and authorize transactions
Generate transaction receipts and records
Process refunds and handle disputes
Detect and prevent fraud

3.2 Merchant Onboarding and Underwriting

Verify your identity and business information
Assess risk and creditworthiness
Comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements
Ensure compliance with Payment Network Rules

3.3 Communications

Send transaction notifications and confirmations
Provide settlement reports and statements
Send important service announcements
Notify you of disputes, chargebacks, or account issues
Respond to your support inquiries
Send required legal and compliance notices

3.4 Legal, Compliance, and Security

Comply with Payment Network Rules and requirements
Meet regulatory obligations (AML, KYC, tax reporting)
Respond to legal requests and court orders
Detect and prevent fraud, money laundering, and illegal activity
Enforce our Terms of Service
Protect the rights, property, and safety of Obsydian Pay, our partners, and users
Maintain transaction records for required retention periods

3.5 Service Improvement and Analytics

Analyze transaction patterns to improve fraud detection
Monitor system performance and reliability
Develop new features and services
Generate anonymized and aggregated analytics
Conduct internal research and analysis

4. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

4.1 Service Providers and Subprocessors

We share information with third-party service providers who perform services on our behalf. These providers are contractually obligated to use your information only to provide services to us and to protect your information. Our service providers include:

Payment Processing:

Finix Payments, Inc. - Core payment processing, merchant services, settlement, and compliance services

Infrastructure and Data Storage:

Supabase, Inc. - Database hosting and secure data storage

Communications:

Email service providers for transaction notifications and merchant communications

Identity Verification and Compliance:

Identity verification services for KYC/AML compliance
Fraud detection and prevention services

Banking and Settlement:

Banking partners for fund settlement and transfers

Supporting Services:

Analytics and monitoring services for system performance
Security and infrastructure providers

4.2 SaddleWorks Integration

Because Obsydian Pay is integrated with SaddleWorks, we share necessary information with SaddleWorks to facilitate payment processing within their application. This includes transaction status, settlement information, and merchant account details. SaddleWorks has its own privacy policy governing how they handle information.

4.3 Affiliated Entities

We may share your information with entities wholly owned by the same ownership as Obsydian Pay LLC. This includes sharing data between Obsydian Pay and other businesses owned by the same individuals or entities (for example, Mid Atlantic Saddlery and other affiliated businesses). Such sharing is limited to legitimate business purposes and is subject to the same privacy protections described in this Policy.

4.4 Legal Requirements

We will disclose your information when required by law or in response to:

Valid legal process (subpoenas, warrants, court orders)
Government or regulatory requests
Legal obligations or compliance requirements
Protection of our rights, property, or safety
Investigation of fraud, security issues, or illegal activity

4.5 Business Transfers

If Obsydian Pay is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

4.6 With Your Consent

We may share your information for any other purpose with your explicit consent.

5. Data Sharing Limitations

We do not share your data with third parties for their marketing purposes. We do not sell, rent, or trade your personal information. Information is shared only as necessary for the functioning of the Service and as described in this Privacy Policy.

6. Data Security

We implement appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit (TLS/SSL)
Encryption of sensitive data at rest
Access controls and authentication
Regular security assessments
Employee training on data protection

However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

7.1 Active Accounts

We retain your information for as long as your Obsydian Pay merchant account is active.

7.2 Transaction Records

Payment transaction records are retained for a minimum of seven (7) years to comply with:

IRS and tax regulations requiring retention of financial records
Payment Card Industry (PCI) requirements
Payment Network Rules
Anti-Money Laundering (AML) regulations
State and federal recordkeeping laws

Transaction records include: transaction details, amounts, dates, card types, authorization codes, settlement information, and related documentation.

7.3 After Account Termination

When your Obsydian Pay account is terminated (whether by you terminating your SaddleWorks account, or by us), we retain data according to different schedules based on the type of information:

Merchant Account Information: Retained for six (6) months after termination for:

Business continuity (in case you wish to reactivate)
Dispute and chargeback resolution
Regulatory compliance
Legal obligations

Transaction Records: Retained for seven (7) years as described in Section 7.2 KYC/AML Documentation: Retained for five (5) years as required by federal regulations

7.4 Permanent Deletion

After the applicable retention period:

Non-transactional merchant account data is permanently deleted
Transaction records are archived in compliance with recordkeeping requirements
We may retain aggregated, anonymized data indefinitely for analytics and business purposes

7.5 Backup Systems

Data deleted from production systems may persist in backup systems for up to thirty (30) additional days before permanent removal.

7.6 Legal Holds

If your account or transactions are subject to legal proceedings, investigations, or disputes, we will retain all relevant data until the matter is resolved, regardless of the standard retention periods.

8. Your Rights and Choices

8.1 Access and Portability

You have the right to access your personal information. You can view most of your data within your account dashboard. For a complete copy of your data, contact us at info@obsydianpay.com.

8.2 Correction

You can update most of your information directly through your account settings. For assistance, contact us at info@obsydianpay.com.

8.3 Deletion

You may request deletion of your merchant account data by terminating your Obsydian Pay account (which occurs when you terminate your SaddleWorks account). Please note:

Account termination is permanent and cannot be undone
Transaction records cannot be deleted as they must be retained for seven (7) years for legal and regulatory compliance
KYC/AML documentation must be retained for five (5) years
Some information may be retained as described in Section 7
We may retain information required for legal compliance, ongoing disputes, or fraud prevention

Early deletion requests (before standard retention periods) will be honored for non-regulated data where legally permissible. Contact info@obsydianpay.com for deletion requests.

8.4 Communication Preferences

You can opt out of non-essential communications by:

Using the unsubscribe link in emails
Adjusting notification settings in your account
Contacting info@obsydianpay.com

You cannot opt out of essential service communications (e.g., transaction confirmations, account security alerts).

8.5 Cookies

You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of the Service.

9. Cookies and Tracking Technologies

We use minimal cookies and tracking technologies primarily for:

Maintaining secure sessions during merchant onboarding
Authentication and security
Fraud detection and prevention
System performance monitoring

Since Obsydian Pay is accessed through the SaddleWorks application, most cookie management is handled by SaddleWorks. Refer to the SaddleWorks privacy policy for information about cookies used in that application. You can control cookies through your browser settings, though disabling cookies may affect your ability to use certain features of the Service.

10. Third-Party Services

The Service is integrated with SaddleWorks and relies on third-party payment networks and banking systems. We are not responsible for the privacy practices of these third parties. We encourage you to review:

The SaddleWorks privacy policy for information about how they handle data
Your bank's privacy policy regarding settlement and transfers
Payment network policies (Visa, Mastercard, etc.) regarding transaction data

11. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

12. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: You can request information about the categories and specific pieces of personal information we have collected
Right to Delete: You can request deletion of your personal information (subject to legal exceptions)
Right to Opt-Out: You can opt out of the sale of personal information (note: we do not sell personal information)
Right to Non-Discrimination: You will not be discriminated against for exercising your privacy rights

To exercise these rights, contact us at info@obsydianpay.com.

13. International Users

The Service is operated from the United States. If you are located outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer and processing.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Posting the updated Privacy Policy with a new Effective Date
Sending email notification to your registered email address
Displaying a notification within the Service

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Obsydian Pay LLC

Email: info@obsydianpay.com Website: www.obsydianpay.com For privacy-specific inquiries, you may also email: privacy@obsydianpay.com

16. Data Protection Officer

For questions about how we handle your data or to exercise your privacy rights, you may contact our data protection representative at: privacy@obsydianpay.com ---

Last Updated: November 13, 2025 By using the Service, you acknowledge that you have read and understood this Privacy Policy.