Privacy Policy

Effective Date: April 13, 2022

This Privacy Policy (“Privacy Policy”) is an integral part of our Terms of Use (“Terms”) and governs the processing of information by Pen to Paper Co. (“Pen to Paper,” “we,” “us,” or “our”) when you use the payment services (“Services”) we offer on behalf of the merchants (“Merchant”) from whom you have purchased goods or services. Any terms used herein and not defined shall have the ascribed to them in the Terms. Pen to Paper may update or revise this Privacy Policy from time to time. Modifications to this Policy will be posted on our Website or addressed directly to you if technically possible.


The Privacy Policy applies to data collected through various means of technology (collectively the “Pen to Paper Technology”), which includes: (i) The Pen to Paper apps or plugins installed on the Merchant Site; and (ii) the Pen to Paper website: as well as, in which the individual may learn about our Services (“Website”). The data collected depends on your relationship with us.  


In the event you are a resident of California please also review our CCPA Notice.


The “Pen to Paper” shall mean:

Pen to Paper Co. at 115 Central Park West, Apt 12K New York, NY 10023 (“Controller”).


If you have any questions or comments about this Privacy Policy, or any concerns with respect to how your privacy any information are handled, please contact our privacy team at: or through the designated forms available on the Pen to Paper Website.


“Non-Personal Data”: means non-identifiable, aggregated data, that is mainly data which is transmitted to us when you access and interact with Pen to Paper Technology, such as the type of browser, type of operating system, type of device used, the time and date you access the Pen to Paper Technology, navigation, language preference, etc.

“Personal Data”: means individually identifiable information which identifies or may identify, with reasonable effort, an individual, such as your name, address, phone number, billing information and including online identifiers (such as IP address). Please see below the table which specifies the Personal Data we collect and how we use it:

Personal Data Collected from our customers the “MERCHANT(S)”
Merchant and its Authorized Representative: If you register directly with us we will request you provide us with certain Personal Data such as your name, email address, ACH and other banking information, etc. Further, if you are an employee or other authorized representative of one of our Merchant, we will collect information from you when you interact with us on behalf of the Merchant.  We will collect your contact information and username and password or other credentials that you use to access the online dashboard we provide, and we will collect information about your use of the dashboard. We will collect and use your information in accordance with our agreement with Merchant.Contract necessity
Direct Marketing: As a Merchant, we will send you invoices, materials and content through the email information you provided.We will use this information to keep you updated with offers and content such as software updates, new capabilities and features, surveys and send you invoices and supporting documentation.Legitimate interest
Personal Data collected from Individuals making a purchase on the Merchant Site “END-USER(S)”
Registration & Redemption Form: When an End-User registers with or Services and fills out a Redemption Form provided on the Merchant’s Site or through email sent by us, the End-User will be required to provide contact details and financial information.We will process the Information to be able to provide our Services and send the End User the coupon, cash, refund, etc.Contract necessity
Information Provided from the Merchant: We collect information provided from Merchant from whom the End User purchased the product or service. This information includes the End Users' transactions, name, address, email address, telephone number, the items purchased and the price, transaction history, account balance, and other transaction-related information.We will process the Information to be able to provide our Services and send the End User the coupon, cash, refund, etc.Contract necessity
Online Identifiers and Browsing Information: We automatically collect information about End Users purchasing goods and services from the Merchant Site through cookies, web beacons, and other technologies. The information that we collect automatically includes the following: domain name; IP address; device ID; web pages End users view on the site; links End Users click on the site; location information; and the referring URL, or the webpage that led End Users to the site.We will use this information for analytic and marketing purposes, to better understand the End Users’ use of the Services and navigation on the Merchant Website.Legitimate Interest.
Personal Data collected from Individuals that browse our Website “VISITOR(S)”
Newsletter: In the event our Website visitors sign up to receive our newsletter or other marketing materials, visitors will be requested to provide contact details, such as email address.  We will use our Website visitors’ email in order to send our newsletter and other Marketing Materials.Consent.
Contact Information: If you are a Website visitor interested in implementing our Service within your site, you may leave contact information such as an email address.We will use the information to contact you upon your interest in our Service.Consent.
Online Identifiers: We use our own cookies on the Website. These cookies provide us with analytic services as well as marketing services. The Personal Data processed is an online identifier, either a cookie agent, the IP address, etc.We will use our Website visitors’ online identifiers for functionality purposes, marketing and analytics.Consent provided through the cookie notice.

Please note that the actual processing operation per each purpose of use detailed in the table above may differ. Such processing operation usually includes a set of operations made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction.

In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of the Services and to enforce the Terms, as well as to protect the security or integrity of our databases and the Services, and to take precautions against legal liability.

According to the nature of your interaction with Pen to Paper Technology, we may collect information as follows:

  • Automatically – we may use cookies, or pixels and similar tracking technologies (as elaborated in the Cookies Section below) to gather some information automatically when you access our Website.
  • Provided by you voluntarily – we will collect information if and when you choose to provide us with information, such as through a checkout process or when you contact us.
  • Provided to us by Merchant – we will collect information from the Merchant when you choose to provide the Merchant with information to use our Services.


We share your data with third parties, including with trusted partners or service providers that help us provide our Services:

service providers which include those who assist us in processing your refunds or issuing gift, cash or other cards to satisfy your request; banking and financial services providers; technology services providers, such as hosting services providers; and vendors who assist us in our compliance and marketing efforts.Purchase transaction, contact information, address, payment information, etc.  Providing our services.
Cloud Service Provider (AWS USA)  All dataHosting Services.
Analytics Service Provider  Online IdentifiersAnalytic information for improving the Services.
Marketing Service ProvidersOnline IdentifiersMarketing and profiling.
Legal and law enforcement  Subject to law enforcement authority request.we may disclose certain data to law enforcement, governmental agencies, or authorized third parties, in response to a verified request relating to terror acts, criminal investigations or alleged illegal activity or any other activity that may expose us, you, or any other user to legal liability, and solely to the extent necessary to comply with such purpose.

Where we share information with services providers and partners, we ensure they only have access to such information that is strictly necessary in order for us to provide the Services. These parties are required to secure the data they receive and to use the data for pre-agreed purposes only, while ensuring compliance with all applicable data protection regulations (such service providers may use other non-personal data for their own benefit).We use the following SDK (a Software development kit) which is a set of tools that provide us with the ability to build a plugin which can be connected to Shopify or other platforms. SDKs are used only in the Pen to Paper plugin on the Merchant’s store. SDK create the opportunity to enable the functionality of our Services, as well as include advertisement and push notifications, if applicable.

The specific SDK we currently use, purpose of use, their privacy policy and opt-out controls are set forth in the table below:

SDKPurposePrivacy Policy
Shopify DevelopersPlugin Functionality


We use “cookies” (or similar tracking technologies) when you access the Website. The use of cookies is a standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores on your computer while you are viewing a website. Cookies can be used for various purposes, including allowing you to navigate between pages efficiently, as well as for statistical purposes. You can find more information about cookies at: and .

There are several types of cookies, the three main and common ones are:

The specific cookies we currently use, the purpose of the cookies, their privacy policy and opt-out controls are set forth in the table below:



We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect, so that you can make meaningful choices about how it is used. We provide you with the ability to exercise certain choices, rights and controls in connection with your information. Depending on your relationship with Pen to Paper (e.g., if you are a Visitor of our Website, Merchant, or an End-User), data protection and privacy laws provide you with various rights regarding your Personal Data.

You may exercise any or all of your above rights in relation to your Personal Data by filling out the Data Subject Request (“DSR”) form available here and send it to our email address at:

Where we are not able to provide you with the information for which you have asked, we will endeavor to explain the reasoning for this and inform you of your rights, including the right to complain to the supervisory authority. We reserve the right to ask for reasonable evidence to verify your identity before we provide you with any such information in accordance with applicable law.


We retain Personal Data we collect as long as it remains necessary for the purposes set forth above, all in accordance with applicable laws or until an individual requests to opt-out of such collection. We may at our sole discretion, delete or amend information from our systems, without providing any notice to you, once we deem it is no longer necessary for our purposes.


We implement extensive security measures to reduce the risks of damage, loss of information and unauthorized access or misuse of Personal Data. We implement appropriate data collection, storage and processing practices and security tools to protect personal data against unauthorized access, alteration, disclosure or destruction. You should be aware that no security measures are completely fail-proof, and it is impossible to prevent any and all threats to the security of data and systems. Therefore, you should be aware that any processing of digital Personal Data holds certain inherent risks, and we cannot guarantee that our Services and databases will be immune to any wrongdoings, malfunctions, unauthorized interceptions or access, malware attacks or other kinds of abuse and misuse.