Payment Services & Collections Privacy Notice

ABC Fitness Solutions, LLC

Payment Services & Collections Privacy Notice

Effective Date: 2026-04-15

1. About This Notice

This Privacy Notice describes how ABC Fitness Solutions, LLC and 3287646 Nova Scotia Company (“ABC,” “we,” “us,” or “our”) collects, uses, and shares personal information when providing payment facilitation services through our ABC Ignite commerce platform.

In addition to payment facilitation services, ABC may perform accounts receivable management and collection activities on behalf of gyms and fitness clubs, including both early-stage (soft) and late-stage (hard) collections. In connection with these activities, ABC may act as a data controller where required to comply with applicable debt collection, consumer protection, and financial services laws.

Who This Notice Applies To: This notice applies to gym and fitness club members or payors who make payments through the Ignite payment system when their gym uses our payment facilitation services. This notice also applies to certain personal information we process about gym owners, operators, and staff in connection with payment services and account management.

ABC’s Role: ABC acts as a data controller for certain payment-related activities described below. This means we make independent decisions about how to process your payment information to comply with legal obligations, card network rules (Visa, Mastercard, American Express, Discover), PCI DSS standards, and financial services regulations. For other payment processing activities, your gym remains the controller and ABC processes data on their behalf – those activities are covered by your gym’s privacy policy.

2. When ABC Acts as a Controller for Payment Information

ABC acts as a controller (makes independent processing decisions) for the following payment-related activities:

Account and Relationship Management: We process payment information to manage your gym’s business relationship with ABC, including account access, billing information for payment services, and maintaining or improving performance of our platform and payment services.

Transaction Monitoring and Fraud Prevention: We monitor transactions for suspicious patterns, potential fraud, money laundering, and other financial crimes. This includes analyzing transaction amounts, frequency, locations, patterns, and behaviors.

Transaction Monitoring and Fraud Prevention: We monitor transactions for suspicious patterns, potential fraud, money laundering, and other financial crimes. This includes analyzing transaction amounts, frequency, locations, patterns, and behaviors.

  • Card network rules (Visa, Mastercard, American Express, Discover)
  • Payment Card Industry Data Security Standards (PCI DSS) – we are a Tier 1 PCI Service Provider maintaining annual PCI Attestation of Compliance (AOC)
  • Anti-money laundering (AML) regulations
  • Office of Foreign Assets Control (OFAC) sanctions screening
  • MATCH list screening (card network databases of terminated merchants)
  • State and federal financial services regulations
  • Canadian Code of Conduct for the Credit and Debit Card Industry

Chargeback and Dispute Management: We manage chargebacks, disputes, and payment exceptions, including investigating disputed transactions and communicating with card networks, issuing banks, and acquiring banks.

Record Retention: We retain transaction records as required by card network rules, banking regulations, and legal requirements, including for tax, audit, and dispute resolution purposes.

Payment Operations: We make operational decisions about payment processing, settlement timing, funding, and payment routing to comply with banking regulations and card network requirements.

Platform Operations and Improvement: We use payment and usage data to maintain platform security, optimize payment services, investigate abuse or misuse of the platform, and improve payment functionality.

Collections and Accounts Receivable Management: When providing collections and accounts receivable management services on behalf of your gym, ABC may act as a controller for certain processing activities necessary to:

  • Administer and service delinquent or past-due accounts
  • Communicate with you regarding outstanding balances
  • Determine appropriate collection strategies, including escalation from soft to hard collections
  • Comply with applicable consumer protection, debt collection, and licensing requirements in jurisdictions where we operate
  • Maintain records of collection efforts, communications, and outcomes

These activities may be subject to specific legal requirements depending on your location, including obligations related to communications, disclosures, recordkeeping, and consumer rights.

3. What Personal Information We Collect

When you make a payment through Ignite, we collect:

Payment Information:

  • Name as it appears on payment method
  • Billing address
  • Payment card information (card number, expiration date, CVV)
  • Bank account information (for ACH/EFT payments)
  • Payment amount, date, and time
  • Transaction history and authorization codes

Transaction Information:

  • Purchase details (membership type, services purchased)
  • IP address and device information used for the transaction
  • Geolocation data
  • Transaction identifiers and reference numbers
  • Merchant category codes

Identity Verification Information (for compliance purposes):

  • Government-issued ID information when required for verification
  • Information to screen against OFAC sanctions lists and MATCH lists
  • Information necessary for Know Your Customer (KYC) procedures

Communication Records:

  • Records of communications regarding payment issues, disputes, chargebacks, or fraud investigations
  • Records of communications related to collection of outstanding balances, including call recordings (where permitted by law), correspondence, payment arrangements, and dispute communications

Collections Information:

  • Account status (current, delinquent, in collections)
  • Outstanding balances and payment history
  • Payment arrangements or settlement agreements
  • Credit-related interactions where applicable
  • Information obtained in connection with collection efforts, including skip tracing or contact verification (where permitted by law)

Usage Data:

  • Information about how you and your gym use the Ignite platform
  • Log data, access patterns, and system interactions related to payment processing

4. How We Use Payment Information

We use your payment information for the following purposes:

PurposeLegal Basis
Processing your payment transactions
Performance of contract or legitimate interest in providing payment services
Performance of contract or legitimate interest in providing payment servicesPerformance of contract or legitimate interest
Monitoring for fraud, suspicious activity, and financial crimesLegal obligation and legitimate interest in preventing fraud and financial crime
Complying with card network rules and PCI DSS requirementsLegal obligation and contractual obligation to card networks
OFAC sanctions screening, MATCH list screening, and AML complianceLegal obligation
Managing chargebacks, disputes, and payment exceptionsLegal obligation and legitimate interest in dispute resolution
Maintaining transaction records for legal and regulatory requirementsLegal obligation
Operating, maintaining, and improving payment system security and functionalityLegitimate interest in secure and reliable payment systems
Investigating and preventing abuse, misuse, or unauthorized access to payment systemsLegitimate interest in platform security
Responding to legal requests and law enforcementLegal obligation
Managing settlement, funding, and payment routing operationsLegal obligation and performance of contract
Conducting our accounting, tax, billing, audit, and compliance functionsConducting our accounting, tax, billing, audit, and compliance functions
Administering, servicing, and collecting outstanding balancesPerformance of contract and legal obligation
Communicating with you regarding past-due accounts through various channels (such as SMS, email, phone, or written communications)Legal obligation
Complying with applicable debt collection, consumer protection, and licensing requirementsLegal obligation
Managing payment plans, settlements, and collection outcomesManaging payment plans, settlements, and collection outcomes

5. How We Share Payment Information

We share payment information with:

Payment Networks and Card Associations: Visa, Mastercard, American Express, Discover, and other card networks to process transactions and comply with network rules and operating regulations.

Banks and Financial Institutions: Issuing banks (cardholder banks), acquiring banks (merchant banks – including Peoples Trust Company in Canada), and other financial institutions involved in processing, authorizing, and settling transactions.

Payment Processors and Service Providers:

  • Worldpay from FIS (our ISO partner)
  • Other third-party payment processors, payment gateways, and service providers that facilitate transaction processing, fraud detection, and payment operations on our behalf

Fraud Prevention and Compliance Services: Companies that provide fraud detection, prevention, identity verification, OFAC screening, MATCH list screening, AML compliance, and other regulatory compliance services.

Your Gym or Fitness Club: We share transaction information with your gym for purposes of membership management, billing reconciliation, customer service, and dispute resolution.

Legal Authorities and Regulators: Law enforcement, financial regulators (including Financial Consumer Agency of Canada), card network authorities, and government agencies when required by law or in response to valid legal process.

Professional Advisers: Lawyers, auditors, and other professional advisers in connection with legal, audit, regulatory, or compliance matters.

Business Transfer Recipients: In connection with a merger, acquisition, reorganization, or sale of assets.

Collection Agencies and Service Providers: Third-party collection agencies, communication vendors, and service providers engaged to support debt collection activities, where permitted by law.

Credit Reporting Agencies (where applicable): In limited circumstances and where permitted by law, we or our clients may report account status to credit reporting agencies.

We do not sell your payment information.

5A. Electronic Payments and Preauthorized Transfers

Certain payments, including ACH or other electronic fund transfers (EFT), may be subject to applicable electronic payment laws and regulations.

Where required, we:

  • Obtain authorization for recurring or preauthorized electronic payments
  • Provide records of authorizations and transaction details
  • Allow you to revoke authorization in accordance with applicable law
  • Process electronic payments in compliance with applicable network rules and regulatory requirements

Your gym may provide additional terms governing electronic payments, including authorization and cancellation procedures.

6. International Data Transfers

Payment information may be transferred to and processed in the United States and other countries where ABC, our affiliates (including Nova Scotia Company for Canadian customers), and service providers operate.

For data originating from the European Economic Area (EEA), United Kingdom, or Switzerland, we use:

  • Standard Contractual Clauses approved by the European Commission
  • Data Processing Agreements with appropriate safeguards
  • Other appropriate transfer mechanisms as required by applicable law

7. Data Retention

We retain payment information for as long as necessary to:

  • Fulfill the purposes described in this Notice
  • Comply with card network rules (typically requiring 3-7 years of transaction records)
  • Comply with banking and financial services regulations
  • Meet tax, audit, and accounting requirements
  • Resolve disputes and chargebacks (including applicable dispute timeframes)
  • Defend legal claims within applicable statutes of limitation
  • Comply with our legal obligations as a controller

Specific retention periods vary based on transaction type, payment method, and applicable legal requirements. Even after your gym terminates its relationship with ABC, we may retain transaction records as required by applicable law and card network rules.

For collection-related activities, we retain records of communications, account status, and collection efforts for as long as required to comply with applicable legal, regulatory, and licensing requirements, including statutes of limitation and recordkeeping obligations.

Where appropriate, we may anonymize or de-identify personal information rather than delete it, in order to comply with legal obligations while minimizing the use of identifiable data.

8. Security

We implement industry-standard security measures to protect payment information, including:

PCI DSS Compliance: We are a Tier 1 PCI Service Provider maintaining annual PCI Attestation of Compliance (AOC), demonstrating the highest level of payment card data security.

Additional Security Measures:

  • Encryption of payment data in transit (TLS 1.2+) and at rest using strong encryption algorithms
  • Tokenization of payment card information
  • Network security controls and monitoring (SIEM)
  • Access controls, authentication requirements, and least privilege access
  • Regular security assessments, audits, and penetration testing
  • SOC 1 Type 2 attestation
  • ISO 27001 standards alignment (certification in progress)
  • Documented disaster recovery and incident response plans
  • Annual third-party security assessments

However, no payment system can guarantee 100% security.

9. Your Rights and Choices

Depending on your location, you may have rights to:

  • Access your payment information held by ABC
  • Correct inaccurate payment information
  • Delete payment information (subject to legal retention requirements)
  • Object to or restrict certain processing
  • Data portability (receive your payment data in portable format where applicable)
  • Lodge a complaint with a data protection authority or financial regulator

Important Limitations: Your rights may be limited by legal and regulatory requirements that require us to retain payment records. For example, we cannot delete transaction records that must be retained under card network rules, PCI DSS requirements, or financial regulations. We also cannot delete records necessary for ongoing fraud investigations, dispute resolution, or legal compliance.

In the context of collections, certain rights may be limited where processing is necessary to comply with legal obligations, enforce contractual rights, or maintain required records of collection activities.

How to Exercise Your Rights: Contact us using the information in Section 12. Please note that for questions about your membership, billing, or payments, you should first contact your gym or fitness club.

Canadian Merchants: If your gym operates in Canada and has a complaint about our payment services conduct under the Canadian Code of Conduct for the Credit and Debit Card Industry, please see our merchant complaint handling process at https://abcfitness.com/canadian-merchant-code-of-conduct-complaints/

10. Children’s Privacy

The Ignite payment system is not intended for use by individuals under 18 years of age. We do not knowingly collect payment information from minors without parental or guardian authorization.

11. Additional Information for Specific Jurisdictions

California Residents

Under the California Consumer Privacy Act (CCPA), we do not sell your payment information. We may share identifiers and internet activity information with service providers for business purposes as described in this Notice.

Canadian Residents

We comply with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws. For Canadian customers, our Nova Scotia affiliate (3287646 Nova Scotia Company dba ABC Global Services) provides payment services.

Debt Collection Activities

Where we engage in debt collection activities, we comply with applicable state, federal, and local laws and regulations governing such activities, which may include licensing requirements, communication restrictions, and consumer rights protections. These requirements may vary depending on your jurisdiction.

12. Changes to This Privacy Policy

Data Protection Officer: Kathleen Kruger

For questions about this Privacy Notice or to exercise your rights regarding payment information:

ABC Fitness Solutions, LLC
Attn: Payment Services Privacy
2600 N. Dallas Parkway, Suite 590
Frisco, TX 75034
Email: [email protected]

For questions about your membership, billing, or payments, please contact your gym or fitness club directly.

13. Changes to This Notice

We may update this Privacy Notice from time to time to reflect changes in our practices, legal requirements, or card network rules. We will update the “Effective Date” at the top and provide notice of material changes as required by law.