(646) 893-0080 Mon-Fri, 8:00AM to 4:30PM EST
Merchant Rehab
Privacy

Privacy policy

Last updated: April 28, 2026

This Privacy Policy ("Policy") explains how Merchant Rehab ("Merchant Rehab," "we," "our," or "us") collects, uses, retains, discloses, and safeguards information in connection with our website at merchantrehab.com (the "Site"), our services, and the commercial accounts placed with us (collectively, the "Services"). By using the Site or interacting with us, you acknowledge the practices described here. If you do not agree with this Policy, you should not use the Site or submit information through it.

1. Scope and roles

The Services are directed to commercial obligors, business owners and guarantors, lenders, funders, ISO groups, brokers, portfolio buyers, attorneys, vendors, and other parties operating in a business capacity. The Site and the Services are not intended for personal, household, or consumer use. We process information about identified or identifiable individuals primarily where necessary to verify, communicate about, work, or close commercial accounts, and to operate our business. The federal Fair Debt Collection Practices Act ("FDCPA") regulates consumer debt collection and does not, by its terms, apply to commercial collection activity; we comply with applicable state, federal, and contractual obligations that do apply to our work.

2. Information we collect

The categories of information we collect may include, without limitation, the following:

  • Information you provide directly, including name, business name, title or role, mailing and billing addresses, telephone numbers, email addresses, account or reference numbers, free-text messages, attached documents, and any other information you submit through the Site, by email, by phone, by mail, or otherwise.
  • Information from placements and originators, including loan, advance, lease, and merchant services documentation; payment and contact history; balance information; signer and guarantor details; chain-of-title documentation; and related materials transferred or made available to us by originators, prior holders, servicers, brokers, or representatives.
  • Information from public and third-party sources, including business registry data, professional licensing data, court records, address verification services, fraud-prevention services, identity-verification services, payment processors, skip-tracing services, and similar sources.
  • Communications data, including the date, time, duration, parties, content, and outcome of phone calls, voicemails, letters, emails, text messages, and other communications, which may be recorded or logged where permitted by applicable law.
  • Technical and usage data, including IP address, user agent, device and browser characteristics, language settings, referring page, pages viewed, the date and time of access, performance data, error logs, and similar information collected automatically when you visit the Site.
  • Cookies and similar technologies. The Site may set cookies, local storage entries, pixels, beacons, and similar identifiers to operate the Site, remember preferences, measure usage, prevent abuse, and (where applicable) deliver and measure marketing. Some cookies are first-party; some may be set by service providers acting on our behalf. You can adjust cookie behavior through your browser settings; doing so may impair Site functionality.

3. How we use information

We use information for purposes that include, without limitation:

  • Verifying identities and the chain of placement on accounts;
  • Responding to inquiries and operating the contact form;
  • Working, documenting, escalating, settling, reinstating, and otherwise resolving commercial accounts placed with us;
  • Communicating with merchants, guarantors, originators, portfolio holders, attorneys, and authorized representatives;
  • Maintaining records, monitoring quality, training personnel, and supporting compliance, audit, and risk-management functions;
  • Preventing, detecting, investigating, and responding to fraud, security incidents, abuse, and unlawful activity;
  • Developing, improving, and securing the Site and the Services;
  • Complying with applicable laws, regulations, contracts, court orders, subpoenas, and other lawful processes; and
  • Any other purpose disclosed at the time of collection or to which you consent.

4. Legal bases and authority

Where applicable law requires a legal basis for processing, we rely on one or more of the following: performance of a contract to which you or your business is a party, our legitimate business interests in operating the Services and resolving commercial obligations, compliance with our legal obligations, prevention of fraud or harm, and your consent where required. The combination of bases that applies depends on the specific processing activity and on the law that applies to you.

5. How we share information

We may disclose information in the categories described above as follows:

  • Originators, portfolio holders, and successors in interest, in connection with the placement, status, and resolution of accounts, and pursuant to applicable placement, servicing, or purchase agreements.
  • Service providers and processors acting on our behalf to provide hosting, email delivery, captcha, communications, telephony, document management, identity verification, payment processing, analytics, error reporting, security tooling, professional services, and similar functions, in each case subject to written confidentiality and data-handling obligations.
  • Professional advisors, including attorneys, accountants, auditors, and insurers.
  • Government authorities and other parties, where we believe in good faith that disclosure is required by law or appropriate to comply with a legal obligation, enforce our agreements, protect the rights, property, or safety of Merchant Rehab, our personnel, our clients, or others, or respond to lawful process.
  • Successors, in connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction or proceeding.
  • With consent, in any other circumstance where you direct or authorize disclosure.

We do not sell personal information for monetary consideration in the ordinary course of our business. Some uses of analytics or advertising cookies may, depending on jurisdiction, be characterized as "sharing" or "sale" under specific privacy statutes; we treat any such activity in accordance with applicable law.

6. Communications and recording

You consent to receiving communications from us at the contact details you provide, including by phone (including calls and voicemails), email, text message, mail, and through the Site. You may revoke that consent for non-essential communications by writing to us at the contact information below; certain account-related communications may continue where required by contract or law. Where permitted by applicable law, we may record or monitor calls for quality, training, security, and recordkeeping. Where two-party consent applies in your jurisdiction, calls will not be recorded without notice and consent as required.

7. Cookies, analytics, and tracking

The Site may use first-party and third-party cookies, log files, and similar technologies. We may use analytics services to understand aggregate usage of the Site and to improve performance. You can disable cookies through your browser settings; you can also use browser controls and platform privacy tools to limit tracking. We currently do not respond to "Do Not Track" browser signals because there is no consensus on how websites should respond, but we honor opt-out signals where required by applicable law (for example, the Global Privacy Control, where required).

8. Security

We maintain administrative, technical, and physical safeguards designed to protect information against unauthorized access, alteration, disclosure, or destruction. No system is perfectly secure, and we do not guarantee that information will not be accessed, disclosed, altered, or destroyed by unauthorized means. You are responsible for protecting the confidentiality of your own account credentials, devices, and communications.

9. Retention

We retain information for as long as is reasonably necessary for the purposes described in this Policy, to fulfill our obligations under contracts and applicable law, to enforce our agreements, to defend or pursue legal claims, to maintain accurate business records, and to comply with our recordkeeping policies. Specific retention periods vary by category, contract, and legal requirement. After the applicable retention period, we will delete, anonymize, or archive information consistent with our practices and applicable law.

10. International transfers

Our operations are based in the United States, and information collected through the Services is processed in the United States and may be transferred to, stored, or processed in jurisdictions whose data-protection laws may differ from those in your jurisdiction. By using the Services, you acknowledge that your information may be processed in the United States.

11. Your choices and rights

Depending on your jurisdiction, you may have rights with respect to information about you, including the right to request access, correction, deletion, restriction, portability, or to object to certain processing. You can exercise applicable rights by contacting us using the details below; we may verify your identity and the basis for your request before responding. Exemptions and limitations apply, including for information we are required to retain for legal, contractual, or recordkeeping purposes. You may, at any time, request that we communicate with you in writing only by sending us a written notice to the address below.

California residents. If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), may give you additional rights with respect to certain personal information, subject to the statute's exemptions, including a broad exemption for information collected from individuals acting in a business or commercial capacity. To the extent the CCPA/CPRA applies to information we hold about you, you may have rights to know, delete, correct, and limit the use of sensitive personal information, and to opt out of certain "sales" or "sharing" of personal information. To exercise applicable rights, contact us using the details below.

EEA, UK, and similar jurisdictions. If applicable law gives you the right to lodge a complaint with a supervisory authority, you may do so. We will respond to verified requests as required by law.

12. Children

The Site and Services are not directed to children, and we do not knowingly collect personal information from children. If you believe that a child has provided information to us, contact us using the details below and we will take reasonable steps to delete that information.

13. Third-party sites and content

The Site may contain links to or content from third-party websites, services, or applications. We are not responsible for the content, privacy practices, or security of third parties. Visiting third-party sites is at your own risk, and you should review their privacy notices.

14. Changes to this Policy

We may update this Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be notified through the Site or by other reasonable means. Continued use of the Services after the effective date of any update constitutes acknowledgment of the revised Policy.

15. Contact

Questions, requests, or complaints related to this Policy may be sent to:

Merchant Rehab
Attn: Privacy
244 Madison Avenue #1259
New York, NY 10016
Email: info@merchantrehab.com
Phone: (646) 893-0080