In plain English: the Veyra Privacy Policy describes how Veyra processes personal information. This document is different — it is the affirmative CONSENT you (the signing principal) give Veyra to perform specific lookups, run specific blacklist checks, share specific data with specific partners, and report specific information to specific regulators. Onboarding cannot proceed without it; we require it from every signing principal of every merchant. Read it carefully; if you do not want Veyra to do any of the things listed below, do not sign and do not apply for an account.
This Personal Information & Data Sharing Acknowledgment (the “ACKNOWLEDGMENT”) is an affirmative consent given by the signing principal (each, “YOU,” “your,” “Principal,” or “the signer”) on behalf of the applying merchant (“MERCHANT”) to Josh Petro LLC(“Veyra,” “we,” or “us”). It supplements the Merchant Services Agreement, the Privacy Policy, the Payment Processing Terms, and the Risk, Holds & Reserve Policy. By accepting this Acknowledgment during onboarding, by clicking “I consent,” by signing an order form that incorporates it by reference, or by causing the Merchant to submit any transaction through Veyra, you affirmatively consent to every act of collection, processing, and sharing described below.
1. WHO YOU ARE CONSENTING FOR
1.1. You consent on behalf of yourself as the signing Principal AND on behalf of the Merchant. You represent that you have obtained, and warrant on a continuing basis that you will obtain, the equivalent consent of every beneficial owner (defined as any natural person who owns or controls 25% or more of the equity of the Merchant) and every principal control person of the Merchant.
1.2. You represent that you have authority to bind the Merchant to this Acknowledgment.
2. WHAT INFORMATION YOU ARE CONSENTING TO HAVE COLLECTED
You consent to Veyra's collection and processing of the following categories of information about you, every beneficial owner, every principal control person, and the Merchant:
2.1. Full legal name, date of birth, government-issued identifier (SSN, ITIN, EIN, foreign equivalent), home address, citizenship status, and contact information;
2.2. Photograph or live-capture image and government-issued identity document (driver license, passport, or equivalent) for identity verification;
2.3. Beneficial-ownership structure, percentage of ownership, control person designation, board composition, and capital structure;
2.4. Business name, DBA, formation jurisdiction, formation date, registered address, operating address, registered agent, EIN, and trade references;
2.5. Banking information, including routing number, account number, account holder name, and authorized signatories;
2.6. Processing history, including prior processors, prior gateway terminations, prior MATCH-listings, prior VMSS-listings, and prior chargeback history;
2.7. Financial information, including financial statements, tax returns, bank statements, processor statements, and accounts-receivable / accounts-payable summaries where requested;
2.8. Web presence, including domains, social-media accounts, advertising channels, and customer-facing content;
2.9. Device and network metadata observed during platform use, including IP address, user-agent string, browser fingerprint, referring URL, and session-level signals;
2.10. Behavioral signals observed across the Merchant's transaction history, including cardholder fingerprints, BIN signals, velocity patterns, refund patterns, dispute patterns, and customer-complaint patterns;
2.11. Any other information Veyra reasonably determines is relevant to underwriting, risk monitoring, or compliance.
3. WHAT LOOKUPS YOU ARE CONSENTING TO HAVE PERFORMED
You consent to Veyra and its agents performing the following lookups, on a one-time and continuing basis, against you, every beneficial owner, every principal control person, and the Merchant:
3.1. Know-Your-Business (KYB) verification against business-registry sources;
3.2. Know-Your-Customer (KYC) and identity-verification lookups, including biometric or document-based identity verification;
3.3. Consumer-credit and business-credit reports under permissible-purpose rules of the Fair Credit Reporting Act and analogous foreign law;
3.4. Sanctions screening against OFAC SDN, UN, EU, HMT, and any other consolidated sanctions list maintained by the U.S. government, foreign governments, or supra-national bodies;
3.5. Adverse-media and politically-exposed-person (PEP) screening;
3.6. Match List / MATCH (Member Alert to Control High-Risk Merchants) and VMSS lookup;
3.7. Court-record, lien, judgment, bankruptcy, and litigation-history lookup;
3.8. Beneficial-ownership and corporate-structure verification, including FinCEN beneficial-ownership reporting where applicable;
3.9. Prior-processor and prior-gateway history lookup with any processor, gateway, partner bank, sponsor bank, or acquirer that maintains shared-history records;
3.10. Device-reputation, IP-reputation, and fraud-network lookups;
3.11. Any other lookup Veyra reasonably determines is relevant.
3.12. The continuing nature of this consent means Veyramay re-run any of the above at any frequency, including without further notice to you, during the term of the Merchant's account and for at least twelve (12) years thereafter consistent with the audit obligations in the Merchant Services Agreement §14.
4. WHO Veyra MAY SHARE YOUR INFORMATION WITH
You consent to Veyra's sharing of the categories of information in §2 with the following recipients, for the purposes described:
4.1. Acquiring partners, processors, sponsor banks, and tokenization providers— for underwriting, risk monitoring, settlement, dispute management, and ongoing operation of the Merchant's account.
4.2. Card networks (Visa, Mastercard, American Express, Discover, and equivalents) — including for MATCH submission, VMSS submission, risk-program enrollment, dispute case construction, and fraud reporting.
4.3. Compliance vendors — identity-verification, KYB, sanctions-screening, adverse-media, and PEP vendors operating under contract with Veyra.
4.4. Risk and analytics providers — for transaction monitoring, fraud detection, device-reputation analysis, and network-effect risk modeling.
4.5. Service providers — including cloud-infrastructure, analytics, customer-support, and email-delivery vendors operating under contract.
4.6. Authorities and law-enforcement — when legally required, including in response to subpoenas, court orders, suspicious-activity-report (SAR) obligations under the Bank Secrecy Act, currency-transaction-report (CTR) obligations, OFAC reporting obligations, FinCEN beneficial-ownership reporting, and to protect the rights and safety of others.
4.7. Tax authorities — including IRS Form 1099-K filings and any analogous state or foreign reporting.
4.8. Regulators and self-regulatory organizations — including the Federal Trade Commission, the Consumer Financial Protection Bureau, state attorneys general, state financial regulators, payment-card networks acting in a regulatory capacity, and any foreign-government regulator with jurisdiction over Veyra, our partners, or the Merchant.
4.9. Successors and assignees — in connection with a merger, acquisition, financing, asset sale, or other corporate transaction involving Veyra or any of our affiliates, subject to confidentiality.
4.10. Veyra's cross-merchant risk infrastructure— including the cross-merchant card-fingerprint blacklist, the cross-merchant disputed-cardholder blacklist, the cross-merchant device-fingerprint reputation graph, and the cross-merchant IP-reputation graph. You expressly consent to the sharing of the Merchant's transaction signals (in anonymized or pseudonymized form) with other Veyra merchants for the limited purpose of fraud prevention. You acknowledge that the Merchant will benefit from receiving the same cross-merchant signal from other merchants on the platform, and that the consent is reciprocal.
5. CROSS-MERCHANT BLACKLIST PARTICIPATION
5.1. You expressly consent to the Merchant's participation as both a contributor to and a beneficiary of Veyra's cross-merchant blacklist. Cardholder fingerprints, device fingerprints, IP addresses, and email signatures associated with chargebacks, fraud, or Acceptable Use Policy violations on the Merchant's account may be added to the cross-merchant blacklist with the “is_global” flag, meaning every other merchant on the Veyraplatform receives the protection.
5.2. You acknowledge that the cross-merchant blacklist is a structural feature of Veyra's risk infrastructure and that the Merchant's participation is not optional. If you do not consent, the Merchant cannot be onboarded.
5.3. You waive any objection to the cross-merchant blacklist on competition, antitrust, or unfair-trade-practices grounds; the blacklist is a fraud-prevention utility, not a market-allocation mechanism.
6. BENEFICIAL-OWNER REPORTING
6.1. You consent to Veyra's reporting of beneficial-ownership information to the U.S. Department of the Treasury's Financial Crimes Enforcement Network (“FinCEN”) under the Corporate Transparency Act, to foreign analogues where applicable, and to acquiring partners, sponsor banks, and payment-card networks consistent with their underwriting and risk programs.
6.2. You will update beneficial-ownership information promptly upon any change, consistent with the forty-eight (48)-hour disclosure rule in the Merchant Services Agreement §1.3.
7. ONGOING RISK-DATA EXCHANGE
You consent to Veyra's ongoing exchange of risk-relevant information about you, the beneficial owners, the principal officers, and the Merchant with our acquiring partners, sponsor banks, card networks, processors, and tokenization providers, on a continuing basis throughout the term of the Merchant's account and for at least twelve (12) years thereafter. Examples include but are not limited to: chargeback ratios, fraud rates, refund rates, dispute reasons, program enrollments (Visa VDMP / VFMP / Mastercard ECM / VAMP), regulatory inquiries, sanctions hits, adverse-media events, and any other signal relevant to a partner's underwriting or risk monitoring.
8. PURPOSES FOR WHICH YOU CONSENT
The lookups, collection, and sharing in §2 through §7 are conducted for the following purposes:
8.1. Evaluating the Merchant's application and making underwriting decisions;
8.2. Detecting fraud, monitoring risk, and meeting Veyra's and our partners' anti-money-laundering, Bank Secrecy Act, OFAC, and sanctions obligations;
8.3. Providing, operating, and improving Veyra's payments platform, including risk-model training, product analytics, and capacity planning;
8.4. Responding to support requests, dispute representment, and audit cooperation;
8.5. Complying with legal, regulatory, card-network, and acquirer obligations, including record retention, sanctions screening, and reporting;
8.6. Enforcing Veyra's agreements and protecting the rights, safety, and property of users, partners, consumers, and the payments system.
9. WITHDRAWAL OF CONSENT
9.1. WITHDRAWAL TERMINATES THE MERCHANT ACCOUNT.The consents granted in this Acknowledgment are not severable from the operation of the Merchant's account. If you withdraw any consent, the Merchant's account will be promptly terminated under the Merchant Services Agreement §4 and the full post-termination provisions of §10 (Claw-Back), §11 (Indemnification), §14 (Audit, Records), and §19 (Survival) will apply.
9.2. OPERATIONAL RECORDS SURVIVE WITHDRAWAL. Withdrawal of consent does not require Veyra to delete operational records of past transactions, past lookups, past sharing events, past suspicious-activity determinations, or past audit findings. Those records survive consistent with the twelve (12)-year retention obligation in the Merchant Services Agreement §14.
9.3. SAR / CTR / OFAC REPORTS ARE NOT WITHDRAWABLE. Reports submitted to law-enforcement, tax, or regulatory authorities under §4.6, §4.7, §4.8, §6, or analogous obligation are not withdrawable; you waive any right to seek deletion of such reports.
10. STATUTORY DISCLOSURES
10.1. FAIR CREDIT REPORTING ACT. You consent to Veyra's request for and use of consumer-credit reports under the “business purpose” or other applicable permissible purpose of the FCRA. You have the right to a free copy of any consumer report used to take adverse action on the Merchant's application; request a copy at risk@veyragate.com.
10.2. STATE PRIVACY LAWS. Where state privacy law (CCPA, CPRA, VCDPA, CPA, CTDPA, etc.) provides additional rights, those rights apply per the terms of the applicable statute and our Privacy Policy. The consent in this Acknowledgment supplements those statutory rights; it does not replace them.
10.3. GLBA SAFEGUARDS. Financial-information processing is conducted consistent with the Gramm-Leach-Bliley Act Safeguards Rule and the FTC Standards for Safeguarding Customer Information.
11. RELATIONSHIP TO PRIVACY POLICY
The Veyra Privacy Policydescribes Veyra's processing of personal information as a controller and as a processor. This Acknowledgment is the affirmative CONSENT layer overlaid on the Privacy Policy. To the extent of any conflict between this Acknowledgment and the Privacy Policy with respect to a specific consent listed above, this Acknowledgment controls. The Privacy Policy otherwise controls.
12. SURVIVAL
Every consent in this Acknowledgment survives termination of the Merchant's account, subject only to §9.2 and §9.3, and survives any change in beneficial ownership of the Merchant. New beneficial owners are bound by the existing Acknowledgment until Veyra obtains an updated version.
13. ELECTRONIC SIGNATURE
Acceptance of this Acknowledgment by clicking “I consent,” type-to-sign, or any electronic format we accept has the same legal effect as a handwritten signature.
14. CONTACT
Questions about this Acknowledgment:
Josh Petro LLC
risk@veyragate.com
Version 2026.05.23. Effective 2026-05-23.