Private & Confidential

HL Hunt Inc.

Privacy Policy — AI Payment Processing Services


Effective Date
April 12, 2026
Last Updated
April 12, 2026
Document Classification
Confidential
Section 01

Introduction and Scope

HL Hunt Inc. (HL Hunt, we, us, or our) is committed to safeguarding the privacy and security of the personal information entrusted to us by our merchants, consumers, business partners, and website visitors. This Privacy Policy (Policy) describes how HL Hunt collects, uses, shares, retains, and protects personal information in connection with our AI-powered payment processing services, including HL Hunt Pay, Hunt Score underwriting services, and all related platforms, applications, APIs, and merchant-facing tools (collectively, the Services).

This Policy applies to all individuals whose personal information we process, including merchants and their authorized representatives, cardholders and consumers whose transactions we process, visitors to our websites (including hlhunt.org and all associated subdomains), and any other individuals who interact with our Services.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to the practices described in this Policy. If you do not agree with this Policy, you must discontinue use of our Services immediately.

HL Hunt Inc. is headquartered at 3499 Blazer Parkway, Lexington, KY 40509, with operations at 925 NW 31st Ave, Pompano Beach, FL 33069. HL Hunt Lending LLC (NMLS #2759282) is a wholly owned subsidiary of HL Hunt Inc. and operates under separate licensing. References to HL Hunt in this Policy include both entities unless otherwise specified.

Section 02

Definitions

For purposes of this Policy, the following terms shall have the meanings set forth below:

Personal Information means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household, including but not limited to identifiers, financial data, biometric data, geolocation data, internet activity, and inferences drawn from such information.

Payment Data means any data related to a financial transaction processed through our Services, including cardholder name, primary account number (PAN), expiration date, card verification value (CVV/CVC), bank routing and account numbers, and tokenized equivalents thereof.

Merchant means any business entity or individual that has entered into an agreement with HL Hunt to accept payment processing or related Services.

Consumer or Cardholder means any individual whose payment credentials or personal information are processed through our Services in connection with a transaction.

Service Provider means any third party that processes Personal Information on behalf of HL Hunt pursuant to a written agreement.

AI Systems means any artificial intelligence, machine learning, or automated decision-making technology deployed within our Services, including but not limited to fraud detection algorithms, risk scoring models, and transaction monitoring systems.

Section 03

Information We Collect

We collect and process the following categories of Personal Information in connection with the provision of our Services:

3.1  Merchant Information

  • Legal business name, DBA, employer identification number (EIN), and business registration documents
  • Names, titles, dates of birth, and Social Security numbers of beneficial owners, authorized signatories, and controlling persons
  • Business address, phone number, email address, and website URL
  • Bank account and routing numbers for settlement purposes
  • Tax identification information and IRS Form W-9 data
  • Business financial statements, processing history, and credit reports
  • Merchant category code (MCC), industry classification, and transaction volume estimates

3.2  Transaction and Payment Data

  • Cardholder name, primary account number (PAN), expiration date, and CVV/CVC
  • Transaction amount, currency, date, time, and merchant reference identifiers
  • Authorization codes, decline reason codes, and chargeback data
  • ACH routing numbers, bank account numbers, and electronic check data
  • Tokenized payment credentials and device-specific payment tokens

3.3  Consumer and Cardholder Information

  • Name, email address, phone number, billing address, and shipping address
  • Device identifiers, IP address, browser type, operating system, and mobile carrier
  • Geolocation data derived from IP address or device-level location services
  • Behavioral and transactional patterns used for fraud prevention

3.4  Technical and Usage Data

  • Log files, access times, pages viewed, referring URLs, and clickstream data
  • API call logs, webhook delivery records, and integration metadata
  • Cookie identifiers, pixel tags, web beacons, and similar tracking technologies
  • Device fingerprinting data used for fraud detection and authentication

3.5  Sensitive Personal Information

In limited circumstances and solely as required by applicable law or regulation, we may collect sensitive personal information including Social Security numbers, government-issued identification numbers, financial account credentials, and precise geolocation data. We process sensitive personal information only for purposes authorized by law, and we apply heightened safeguards to such data as described in Section 9 of this Policy.

Section 04

How We Collect Information

We collect Personal Information through the following means:

4.1  Directly from You

When you apply for a merchant account, complete onboarding forms, contact our support teams, submit documentation for underwriting review, or otherwise interact with us directly.

4.2  Automatically Through Our Services

When transactions are processed through our payment gateway, our systems automatically collect transaction data, device information, and technical metadata necessary to authorize, settle, and monitor payments.

4.3  From Third-Party Sources

  • Card networks (Visa, Mastercard, American Express, Discover) and issuing banks
  • Credit bureaus and business information providers (e.g., Experian, Equifax, TransUnion, Dun & Bradstreet)
  • Identity verification and KYC/AML screening services
  • Fraud prevention consortiums and law enforcement databases
  • Processor partners, acquiring banks, and payment facilitator platforms
  • Publicly available sources, including state business registries, OFAC lists, and court records

4.4  Through Cookies and Tracking Technologies

Our websites and applications use cookies, pixel tags, web beacons, and similar technologies to collect usage data, remember preferences, analyze trends, and administer our sites. You may control cookie preferences through your browser settings. For detailed information about our use of cookies, please refer to our Cookie Policy at hlhunt.org/legal.

Section 05

Use of Personal Information

We use Personal Information for the following business and commercial purposes:

5.1  Payment Processing and Settlement

To authorize, process, settle, and reconcile payment transactions; to manage merchant accounts; to facilitate chargebacks, refunds, and disputes; and to perform treasury and settlement operations.

5.2  Underwriting and Risk Assessment

To evaluate merchant applications through our Hunt Score underwriting platform; to conduct credit checks, background screenings, and financial due diligence; and to determine risk profiles and processing limits.

5.3  Fraud Prevention and Security

To detect, prevent, investigate, and report fraudulent, unauthorized, or illegal activity; to monitor transactions in real time using AI-driven risk models; to comply with card network rules and PCI DSS requirements; and to protect the rights, property, and safety of HL Hunt, our merchants, and consumers.

5.4  Legal and Regulatory Compliance

To comply with applicable federal, state, and local laws, rules, and regulations, including the Bank Secrecy Act (BSA), USA PATRIOT Act, Anti-Money Laundering (AML) requirements, Know Your Customer (KYC) obligations, IRS reporting requirements, and state money transmitter licensing obligations.

5.5  Service Improvement and Analytics

To analyze usage patterns and transaction data; to improve the functionality, reliability, and security of our Services; to develop new products and features; and to train and refine our AI models using aggregated, de-identified, or anonymized datasets.

5.6  Communications

To send transactional communications related to your account, service updates, and security alerts; to respond to inquiries and support requests; and, where permitted by law, to send promotional communications about HL Hunt products and services.

Section 06

Artificial Intelligence and Automated Decision-Making

HL Hunt deploys proprietary and third-party AI Systems as an integral component of our payment processing Services. We are committed to responsible, transparent, and fair use of AI technology. This section describes how we use AI, the safeguards we employ, and your rights with respect to automated decisions.

6.1  AI Applications

Our AI Systems are used for the following purposes:

  • Real-time transaction fraud scoring and anomaly detection
  • Merchant underwriting risk assessment via the Hunt Score platform
  • Chargeback likelihood prediction and dispute management optimization
  • Anti-money laundering (AML) transaction monitoring and suspicious activity detection
  • Dynamic transaction routing and authorization optimization
  • Customer authentication and identity verification

6.2  Data Inputs

Our AI Systems may process transaction history, device fingerprints, behavioral biometrics, geolocation data, merchant profile data, and third-party risk indicators. We do not use race, ethnicity, religion, sexual orientation, or other protected characteristics as inputs to our AI models.

6.3  Human Oversight

Important: While our AI Systems may generate automated recommendations or decisions, material adverse decisionsincluding merchant account declines, holds on settlement funds, and account terminationsare subject to human review before becoming final. Our compliance and risk management teams maintain override authority over all AI-generated outputs.

6.4  Right to Explanation and Contest

If an automated decision has a material adverse effect on you, you have the right to: (a) receive a meaningful explanation of the logic, significance, and anticipated consequences of the automated decision; (b) request human review of the decision; and (c) contest the decision and provide additional information for reconsideration. To exercise these rights, contact us at the address provided in Section 16.

6.5  AI Model Governance

HL Hunt maintains an internal AI governance framework that includes periodic model validation, bias auditing, performance monitoring, and documentation of model development and deployment decisions. We conduct fairness assessments to identify and mitigate potential disparate impact across protected groups.

Section 07

Sharing and Disclosure of Information

We may share Personal Information with the following categories of recipients for the purposes described in this Policy:

Recipient CategoryTypes of Data SharedPurpose
Card Networks & Issuing BanksPayment Data, transaction details, merchant identifiersTransaction authorization, settlement, and dispute resolution
Acquiring Banks & Processor PartnersMerchant information, Payment Data, settlement instructionsPayment processing, settlement, and regulatory compliance
Sponsor / Partner BanksMerchant and consumer data as required by banking regulationsBanking-as-a-Service operations, regulatory oversight, and FDIC compliance
Credit BureausCredit reporting data, payment history, account statusUnderwriting, credit reporting, and data furnishing obligations
Fraud Prevention ServicesTransaction data, device data, behavioral patternsFraud detection, prevention, and investigation
KYC / AML VendorsIdentity data, government IDs, beneficial ownership informationIdentity verification, sanctions screening, regulatory compliance
Government & Regulatory BodiesAs required by law, subpoena, or regulatory examinationLegal compliance, law enforcement cooperation, regulatory examination
Professional AdvisorsAs necessary for legal, accounting, or audit purposesLegal advice, audit, tax compliance, and litigation support

7.1  No Sale of Personal Information

HL Hunt does not sell Personal Information as defined under the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), or any other applicable state privacy law. We do not share Personal Information for cross-context behavioral advertising purposes.

7.2  Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or other corporate transaction, Personal Information may be transferred as part of the transaction, subject to the requirements of applicable law and the commitments in this Policy.

Section 08

Data Retention

We retain Personal Information for as long as reasonably necessary to fulfill the purposes for which it was collected, comply with our legal and regulatory obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

  • Transaction records: Minimum seven (7) years from the date of the transaction, or longer as required by card network rules, tax law, or applicable regulation
  • Merchant onboarding and KYC records: Minimum five (5) years following termination of the merchant relationship
  • Suspicious activity reports and AML records: Minimum five (5) years from the date of filing
  • Technical logs and access records: Minimum one (1) year, or longer as needed for security investigations
  • Marketing preferences and consent records: Duration of the business relationship plus three (3) years

Upon expiration of the applicable retention period, Personal Information is securely deleted or irreversibly de-identified in accordance with our data disposal procedures and NIST SP 800-88 guidelines.

Section 09

Data Security

HL Hunt implements and maintains a comprehensive information security program designed to protect Personal Information against unauthorized access, disclosure, alteration, and destruction. Our security measures include, but are not limited to:

9.1  PCI DSS Compliance

Our payment processing infrastructure is designed and operated in compliance with the Payment Card Industry Data Security Standard (PCI DSS). Cardholder data is encrypted in transit using TLS 1.2 or higher and at rest using AES-256 encryption. We utilize PCI-compliant portable tokenization vaults to store and manage sensitive payment credentials, enabling processor-agnostic operations without exposing raw cardholder data.

9.2  Technical Safeguards

  • End-to-end encryption of all data in transit and at rest
  • Multi-factor authentication (MFA) for all internal systems and merchant portals
  • Role-based access controls (RBAC) with least-privilege enforcement
  • Continuous intrusion detection and prevention systems (IDS/IPS)
  • Real-time security event monitoring and SIEM integration
  • Regular penetration testing and vulnerability assessments by qualified third parties
  • Secure software development lifecycle (SSDLC) practices for all applications

9.3  Administrative Safeguards

  • Mandatory security awareness training for all employees and contractors
  • Background checks for personnel with access to sensitive systems
  • Incident response plan tested and updated at least annually
  • Business continuity and disaster recovery plans with defined RTOs and RPOs
  • Vendor and third-party risk management program with contractual data protection obligations

9.4  Breach Notification

In the event of a data breach involving Personal Information, HL Hunt will notify affected individuals and applicable regulatory authorities in accordance with federal and state breach notification laws, including but not limited to the laws of Kentucky, Florida, and California. Notifications will be made without unreasonable delay and in no event later than the timeframes mandated by applicable law.

Section 10

Your Rights and Choices

Depending on your jurisdiction, you may have the following rights with respect to your Personal Information:

  • Right to Know / Access: Request disclosure of the categories and specific pieces of Personal Information we have collected about you
  • Right to Delete: Request deletion of your Personal Information, subject to certain exceptions required by law
  • Right to Correct: Request correction of inaccurate Personal Information
  • Right to Portability: Receive your Personal Information in a structured, commonly used, machine-readable format
  • Right to Opt-Out of Sale/Sharing: Direct us not to sell or share your Personal Information for cross-context behavioral advertising (note: HL Hunt does not currently engage in such practices)
  • Right to Limit Use of Sensitive Personal Information: Direct us to limit our use of your sensitive Personal Information to purposes authorized by law
  • Right to Non-Discrimination: Exercise any of the above rights without receiving discriminatory treatment
  • Right to Appeal: If we deny your request, you have the right to appeal our decision

10.1  How to Exercise Your Rights

To submit a verifiable consumer request, you may contact us by email at privacy@hlhunt.org, by mail at the address provided in Section 16, or through the privacy request portal at hlhunt.org/privacy. We will verify your identity before processing your request using commercially reasonable methods, which may include matching information you provide against information we maintain. We will respond to verified requests within forty-five (45) days, or such shorter period as required by applicable law.

10.2  Authorized Agents

You may designate an authorized agent to submit requests on your behalf. We may require the authorized agent to provide proof of written authorization and may separately verify your identity.

Section 11

International Data Transfers

HL Hunt is a United States-based company. Personal Information collected through our Services may be stored and processed in the United States or any other country in which HL Hunt or its service providers maintain facilities. By using our Services, you consent to the transfer of information to the United States and other countries that may have different data protection laws than your country of residence.

Where required by applicable law, we implement appropriate safeguards for international data transfers, including standard contractual clauses approved by relevant authorities, binding corporate rules, or reliance on the recipients participation in an approved transfer mechanism.

Section 12

Children’s Privacy

Our Services are not directed to individuals under the age of eighteen (18). We do not knowingly collect, solicit, or maintain Personal Information from anyone under the age of 18. If we learn that we have collected Personal Information from a child under 18, we will promptly delete that information. If you believe we have inadvertently collected information from a child under 18, please contact us immediately at the address provided in Section 16.

Section 13

Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not owned or controlled by HL Hunt. This Policy does not apply to the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services before providing your Personal Information. HL Hunt is not responsible for the content, privacy policies, or practices of any third-party websites or services.

Section 14

State-Specific Privacy Disclosures

14.1  California Residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, CCPA). In the preceding twelve (12) months, we have collected the categories of Personal Information described in Section 3 for the business purposes described in Section 5. We do not sell your Personal Information. We do not use or disclose sensitive Personal Information for purposes beyond those authorized under CCPA Section 1798.121. You may exercise your rights as described in Section 10.

14.2  Virginia Residents (VCDPA)

Virginia residents have rights to access, correct, delete, and obtain a copy of their Personal Information, as well as the right to opt out of targeted advertising, profiling, and the sale of Personal Information under the Virginia Consumer Data Protection Act. To exercise these rights, contact us as described in Section 16.

14.3  Colorado, Connecticut, Utah, and Other State Laws

Residents of Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy legislation have rights substantially similar to those described in Section 10. We will honor all verifiable requests submitted by residents of states with applicable privacy laws in accordance with those laws.

14.4  Florida Residents

Florida residents may have additional rights under the Florida Digital Bill of Rights, including the right to opt out of the collection and use of sensitive data and the right to request deletion of Personal Information. We comply with all applicable provisions of Florida privacy law.

14.5  Kentucky Residents

To the extent the Kentucky Consumer Data Protection Act applies, Kentucky residents may exercise the rights described therein by contacting us as set forth in Section 16.

Section 15

Updates to This Policy

We may update this Policy from time to time to reflect changes in our practices, Services, legal requirements, or industry standards. When we make material changes, we will provide notice through our Services, by email, or by other means as required by applicable law. The Last Updated date at the top of this Policy indicates when the most recent revisions were made. Your continued use of our Services following the posting of changes constitutes your acceptance of such changes.

Section 16

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

HL Hunt Inc. — Privacy Office

3499 Blazer Parkway

Lexington, KY 40509


Email: privacy@hlhunt.org

Web: payments.hlhunt.org/privacy

For consumers whose transactions are processed by HL Hunt on behalf of a merchant, please note that the merchant is the controller of your Personal Information. Privacy inquiries related to a specific merchant transaction should be directed to the applicable merchant. HL Hunt processes such information on the merchants behalf as a service provider.