Privacy Policy

Executive Systems, Inc. | Privacy Policy

Effective Date: 4-28-2026

Last Updated: 4-28-2026

At Executive Systems, Inc., we prioritize the privacy and security of Virginia consumers. This policy is designed to comply with the Virginia Consumer Data Protection Act (VCDPA), the Gramm-Leach-Bliley Act (GLBA), and PCI-DSS standards.

1. Information Executive Systems, Inc. Collects

We limit data collection to what is strictly necessary to provide secure credit card processing services:

  • Personal Data: Name, billing address, and email address.
  • Transaction Data: Encrypted Primary Account Numbers (PANs), expiration dates, and transaction amounts.
  • Sensitive Data: Executive Systems, Inc. does not process "sensitive data" (as defined by Virginia law, such as precise geolocation or biometric data) without your explicit opt-in consent.

2. How We Use and Share Your Data

Executive Systems, Inc. processes your data only for disclosed business purposes:

  • Transaction Fulfillment: Authorizing and settling payments with card networks and banks.
  • Fraud Prevention: Monitoring for suspicious activity to protect merchants and consumers.
  • De-identified Data: We publicly commit to maintaining and using de-identified data without attempting to re-identify it.

3. Your Virginia Consumer Rights

Under the VCDPA, Virginia residents have specific rights regarding their data held by Executive Systems, Inc.:

  • Right to Access: Confirm if we are processing your data and receive a copy.
  • Right to Correct: Rectify inaccuracies in your personal data.
  • Right to Delete: Request the deletion of data provided to us.
  • Right to Opt-Out: Opt-out of the "sale" of data (Executive Systems, Inc. does not sell data for money) or targeted advertising.

4. How to Exercise Your Rights

To submit a request to Executive Systems, Inc., please use:

We will respond within 45 days. If a request is denied, you have the Right to Appeal by contacting our Compliance Officer. If the appeal is also denied, you may contact the Virginia Attorney General.

5. Data Processing & Vendor Management (PCI-DSS 4.0 & VCDPA)

Executive Systems, Inc. maintains written Data Processing Agreements (DPAs) with all third-party service providers. In accordance with PCI-DSS 4.0 Requirement 12.8, the company:

  • Maintains a list of all service providers.
  • Verifies their PCI-DSS compliance status annually.
  • Maintains a Responsibility Matrix clearly defining which security controls are managed by Executive Systems, Inc. and which are managed by the provider.

6. Data Security

Executive Systems, Inc. implements industry-leading security practices, including AES-256 encryption and TLS 1.2+ for data in transit. Executive Systems, Inc. maintains PCI-DSS [Level] certification to ensure financial data is handled according to the highest global standards.

7. Contact Us

For questions regarding this policy or the security practices of Executive Systems, Inc., please contact: