Privacy Policy

When you pay a bill through this portal, we collect the information you enter on the lookup and payment forms (account number, address or name on bill, payer name, email for receipt, optional phone number). The processor — Host Merchant Services — collects your card or bank-account details directly through a secure hosted iframe; those details never reach this portal.

We also receive a tokenized reference, the last four digits of the payment instrument, and standard request metadata (IP address, user agent) used for fraud and abuse detection.

We use the information you provide to (a) match your payment to the correct bill on your agency's system, (b) email you a receipt, (c) honor any optional follow-up communications you opted into (SMS receipts, due-date reminders, autopay results), and (d) maintain a security and audit trail required by PCI DSS.

We share data with three categories of recipients:

• The agency you're paying. They receive transaction details so they can credit your account and respond to billing questions.
• The payment processor (Host Merchant Services). They receive payment-instrument data via the hosted iframe to authorize and settle the transaction.
• Card networks and your issuing bank. Required by the payment-network rules to clear the charge.

We do not sell your information. We do not share it with third-party advertising networks.

Payment-transaction records are retained for the longer of seven years or the period required by your agency's public-records policy. Tokenized payment-method references that you opt to save are retained until you revoke them from the "My account" page.

You may request access, correction, or deletion of personal information we hold about you. Because the underlying account (the bill itself) is held by your agency, requests touching the agency's record route to them; requests touching only this portal's data (saved payment methods, SMS preferences) can be handled directly. Use the contact details at the bottom of this page.

If you reside in California (CCPA), the European Economic Area or United Kingdom (GDPR), New York (SHIELD Act), or another jurisdiction with specific privacy rights, you may also have additional rights — including the right to object to certain processing or to lodge a complaint with a supervisory authority. [REVIEW: counsel to finalize jurisdiction-specific rights and venues.]

This portal is PCI DSS compliant. Card data is entered into a processor-hosted iframe and tokenized before transmission to our servers, so we never receive a primary account number. We use HTTPS in transit and database encryption at rest. We log authentication and payment events for security-incident review.

We use a small set of cookies for essential portal function (your language preference, your sign-in session). We do not use advertising or cross-site tracking cookies. A cookie-management UI is in development; in the meantime, you can clear cookies any time from your browser settings.

We'll revise this page when our practices change. The "Last updated" date above always reflects the most recent version.

For questions about this policy or to exercise your rights, contact the agency you're paying directly using the contact information on your bill. Portal-specific privacy inquiries can be sent to [email protected].

[REVIEW: counsel to finalize controller / processor designations, data-protection officer contact, and supervisory-authority listings before public launch.]