Global Privacy Policy

Effective date: November, 21, 2024

English | Español | 日本語 | Bahasa Indonesia


The English language version of this Privacy Policy (available at: https://www.flywire.com/legal/privacy-policy) will prevail over versions in all other languages. Documents or communications in any other languages are for your convenience and only the English language version of them is official.

Flywire Corporation, doing business as Flywire, and our subsidiaries and affiliates (collectively “Flywire”, “we”, “us”, “our”) respect your privacy. Our Privacy Policy explains: (1) how we may collect, use, and disclose information we obtain through our websites, networks, and applications (collectively, our “Platform”) and other services we provide to institutional clients (together with the Platform, our "Services"); and (2) the choices you can make about the handling of the information. We also describe how you can contact us about our privacy practices. This Privacy Policy is incorporated by reference into the Flywire Terms of Use.

On our Platform, you may choose to use certain features which are provided by other entities. These features, which include social networking buttons (which will be prominently displayed on our webpage), are operated by third parties that are not affiliated with Flywire, and they may collect information directly from you. These third parties may use your information in accordance with their own privacy policies and practices.

A. Information We Collect

We may obtain information about you in a variety of ways, such as when you voluntarily provide it to us, in our role as a processor of payment transactions, or when it is automatically sent to us by the device you use to access the Platform.

Information We Collect From You

When you use the Service, you may provide us with the following types of information:

  • Your Account information. To create an account you will need to provide us with your name, email address, and password. We will also ask about your relationship with the person on whose behalf you are making a payment, if different from you.
  • Payment Information. When submitting a payment through our Platform, we ask the payer for information such as the payer’s name, address, phone number, and government identification number. You will also need to provide information about the person for whom you are submitting a payment. For example, when submitting a payment to an educational institution, we will also ask for the student’s name, student ID, invoice number, date of birth, year of graduation, educational institution, and student email address. When submitting a payment to a healthcare organization, we will ask the payer to provide information such as the patient’s name, medical record number or patient account number, bill identification number, invoice and health care organization. As part of the payment process, or to process a refund or charge-back, we and/or our partners may need the payer’s credit card information, financial account information, such as bank account numbers, names, and routing codes.
  • Referrals. To invite others to use the Platform, you may submit their names, emails, and, for students, their educational institution.
  • Job Application Information. If you apply for a job with us, you may provide us with employment-related information such as your C.V. or resume.
  • Messages and Support Requests. We collect the information you submit when you communicate with us by email, chat, or other methods. This includes payer support where you may choose to submit information regarding a problem or whether you speak to one of our representatives directly or otherwise engage with our support team. A summary of the problem you are experiencing, screen shots, documentation or information that would be helpful in resolving the issue.
  • Use of the Platform. We collect information about you when browsing our website and taking certain actions. This information includes links you click on; the type, size and filenames of attachments you upload to the Platform, content using analytics techniques that hash, filter or otherwise scrub the information and we collect clickstream data about how you interact with and use features of the Platform.
  • Device Information. We collect information about your computer, phone, tablet or other devices you use to access the Platform. Including browser type, IP address, device identifiers and crash data. We will also use your IP address and/or country preference to provide you with a better user experience.

Information We Collect From Others

We may receive information from others, including:

  • Financial Institutions and Service Providers. In the course of processing your payment transaction we may work with a number of institutions, who we have partnered with, to help us provide our Platform, including banks and non-bank financial institutions such as card processors, electronic money institutions and payment service providers. To process a payment, a financial institution or service provider may share with us information about the payer’s account such as account name, number, routing code and other identifying information.
  • Designated Entities. We may be provided with your name and email address, before you create an account, from the educational institutions, healthcare providers and other entities for which we serve as a payment agent, in order to contact you to encourage you to make a payment through our Platform. Furthermore, these Designated Entities may use the Platform to communicate with you and manage the receipt of payments.

Information We Collect Using Cookies and Similar Technologies

When you visit our Platform or open our emails, we and our third-party service providers may collect certain information by automated means, such as cookies, web beacons and web server logs. The information collected in this manner includes IP address, browser characteristics, device IDs and characteristics, operating system version, language preferences, referring URLs, and information about the usage of our Platform. We may link this data to your profile. To learn more about the use of cookies by us and third parties, including your opt out options, please visit our Cookie Policy.

We work with third party partners such as analytics and advertising partners, who may collect information about your use of other websites and online services over time. To learn more about Google Analytics and the choices Google provides regarding your information, please visit https://policies.google.com/technologies/partner-sites.

Our advertising partners may collect your information in order to show you ads that may interest you. Where required under applicable law, we will request your consent to such collection and use of your information. You may opt out of receiving personalized advertisements from us and our advertising partners who are members of the Network Advertising Initiative or who subscribe to the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising by visiting the opt-out sections on the websites of each of those organizations. Links to those sites are here:

Network Advertising Initiative: http://www.networkadvertising.org/choices/.

Digital Advertising Alliance: http://www.aboutads.info/choices/.

B. How We Use the Information We Collect

We may use the information we obtain about you, as permitted by applicable law, to:

  • Provide and improve the Service;
  • Authentication detail when logging in;
  • We use information about you to verify accounts and activities, to monitor suspicious or fraudulent activities and to identify violations of policy.
  • Process your payment transaction and keep you informed about the status of your payment;
  • Comply with and enforce applicable legal requirements, industry standards and our policies;
  • Prevent potentially illegal or prohibited activities and enforce our Terms of Use;
  • Respond to your inquiries, resolve disputes and provide support;
  • We use collective learnings about how people use our Platform to troubleshoot and to identify trends, usage, patterns and areas of integration to better analyze, operate and improve our business and the Service (including enhancing the user experience, managing communications and functionality, and developing new products and services);
  • Communicate with you for Platform-related purposes, such as sending payment reminders;
  • Compare information for accuracy and verify it with third parties;
  • Further our business relationship with you, if we have collected your personal information in the context of an actual or potential business relationship;
  • Evaluate your application for employment and contact you regarding possible employment at Flywire, if you have applied for a job;
  • De-identify or aggregate data collected through the Platform and use and disclose it for any purpose; and
  • Fulfill other purposes to which you have consented, which would be reasonably expected by you, or which are otherwise authorised or required by law. Where required by law or where we believe it is necessary to protect or legal rights; we will use information about you in connection to legal claims, regulatory issues, audit function, merger or funding.

C. Disclosure of Information

We may share your information, as permitted by applicable law, in connection with the purposes described in Section B of this privacy policy. This includes sharing your information in the following ways:

  • To process your payment, we may share some of your information with the Designated Entity, for whom we serve as the payment agent.
  • In order to perform our services or meet our legal and regulatory obligations, we may have to transfer your personal information to organizations outside of your local country.
  • We may share your information with service providers and vendors who assist us with the delivery of our Service. In some cases, to successfully process your payment or refund, we may share bank/payment receipt documents that you have sent to us with financial institutions under contract with whom we work, to assist with the processing and/or refund of that payment. Our contracts oblige these financial institutions to only use your personal information in connection with the services they provide to us and not for their own benefit.
  • Additionally, your information may be shared with other financial institutions, trade bodies, anti-fraud organizations and law enforcement agencies for the purposes of identifying and preventing fraud, money laundering, terrorist financing and other financial crimes.
  • Flywire is a business incorporated in the United States, which also operates several international affiliates and subsidiaries (for a list of local Flywire entities, please visit us at www.flywire.com. We may share personal information with these, or future, affiliates.
  • If we are required to do so by law or legal process or to comply with the law, or when we believe, in our sole discretion, that the disclosure of personal information is appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity or to investigate violations of our Terms of Use and other agreements.
  • If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction.

We do not rent, sell, or share personal information (as defined by California Civil Code § 1798.83) about you with other people or non affiliated companies for their direct marketing purposes, unless we have your permission.

We will not collect, hold, use or disclose your personal information (as defined by Australia Privacy Act 1988) other than for the primary purpose the personal information was collected, or for a reasonably related secondary purpose. A secondary purpose may include, for example, instances where our service providers and third party contractors (e.g. technology and support service providers) require access to your personal information in order to provide services to us.

We remain liable for the processing of personal data we transfer to third parties in the event the third party does not comply with Flywire’s privacy policy.

D. Legal basis for processing

We collect and process information about you only when we have a legal basis for doing so under applicable laws. This means we collect and use your information:

  • To allow you to access and use the Platform, to provide support to payers and clients, and to fulfill other obligations related to your agreement with us and/or to take steps at your request prior to entering such agreement (please see our Terms of Use at https://www.flywire.com/legal/terms-of-use);
  • To comply with a legal and/or regulatory requirement to which Flywire is subject;
  • To pursue our legitimate interests, provided that these legitimate interests are not overridden by your interests or fundamental rights and freedoms
  • Our legitimate interests include:
    • Protecting the security and integrity of the Service, our payers, our clients, and employees
    • Monitoring, identifying, preventing, and reporting fraud, money laundering, terrorist financing, other illegal activity, and prohibited use of our Platform
    • Establishing, exercising, or defending legal rights and claims
    • Improving the Platform and the delivery and effectiveness of our Services
    • Measuring and understanding the effectiveness of advertising and/or providing you with information about other similar goods and services we offer

E. Your Rights and Choices

You may have certain rights regarding the personal information we collect and maintain about you and how we communicate with you.

  • When we request information from you on the Platform, you may always choose not to provide us with that information. However, if you decline to provide us with certain information, this may affect the functionality of the Platform.
  • If you are located in a particular country (Europe, UK etc.) where your privacy rights are more restrictive you may direct us not to share your personal information with third parties, except (i) with the service providers and financial institutions under contract we have retained to perform services on our behalf, (ii) in the event we are acquired or we transfer all or a portion of our business or assets, (iii) if a legal process or law requires processing, (iv) with other financial institutions, trade bodies, anti-fraud organisations and law enforcement agencies for the purposes of identifying and preventing fraud, money laundering, terrorist financing and other financial crimes, or (v) when we believe, in our sole discretion, that the disclosure of personal information is appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity.
  • You can access, modify or update certain personal information submitted on our Platform by logging into your account and changing your preferences. Subject to applicable law, you may have the right to request access to and receive other personal information we hold about you, update and correct inaccuracies in your personal information, and have the information deleted, as appropriate or to request a copy of your information. To exercise these rights, contact us as described below (see section K of this privacy policy). Your right to access, update, correct or delete personal information may be limited in some circumstances by local law requirements.
  • Where your data is needed to be shared with third parties for payment, for example, payment partners, you will need to contact those third-party service providers directly to enforce your rights.
  • You may ask us to stop using or processing your data where you have given us consent.
  • You may contact us to withdraw your consent, but this will not affect any processing that has already taken place at the time.

F. Data Transfer

To facilitate our global operations, we transfer and store information in the U.S, Canada and Australia, and allow access to that information by employees from other countries in which Flywire operates. These countries may not have the equivalent privacy laws as those of the EU or UK. When we share information about you within and among our corporate affiliates we make use of standard contractual data protection clauses, which have been approved by the European Commission.

We commit to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.

Flywire complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Flywire has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Flywire has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

G. How We Protect Your Personal Information

Flywire maintains reasonable safeguards combining administrative, technical, and physical measures to provide protection to the personal information you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, interference, modification, disclosure or misuse.

We use data hosting service providers in the US, Canada and Australia to host the information we collect and we use technical controls to secure that data.

We use Transport Layer Security (TLS) encryption on our website when transmitting information and use other commercially reasonable efforts to protect your information. We continue to assess new technology for protection of information and upgrade our information security systems where appropriate. Unfortunately, the Internet cannot be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you provide to us.

H. Security Practices

Flywire makes sure that our employees know and adhere to our security policies. We require periodic training on our security policies for all personnel, no matter their department. Personnel who work directly with customers receive extra training on emerging risks, such as identity theft.

All Flywire resources agree when joining the Company to a form of confidentiality/non-disclosure agreement or specific confidentiality undertaking in their agreements of employment. Flywire resources must understand and comply fully with these terms upon commencing work at Flywire, and keep information confidential that comes into their possession or control in connection with employment with Flywire. This includes internal Flywire information, as well as information relating to clients and third parties, and applies at any time during and after employment.

I. Notice

Every user of the Platform is provided with our Global Privacy Policy, which provides details regarding our collection and handling of Personal Information.

J. Retention

We retain your account information for as long as your account is active and as necessary to comply with our legal obligations. As a regulated business, we comply with statutory retention periods contained in regulations applicable to financial transactions, including those in anti-money laundering, anti-terrorist financing and other laws to which we are subject. After such time we will either delete or anonymize your information or if it is not possible then we will securely store your information and isolate it from any further use until deletion is possible.

K. Children’s Privacy

Flywire is not directed to children, and we do not knowingly collect personal information from children under 13. If we find out that a child under 13 has given us personal information, we will take steps to delete that information. If you believe that a child under the age of 13 has given us personal information, please let us know.

L. Links to Other Websites

Our site may include links to other websites. When you access another website, we strongly suggest you review the privacy policy or notices on those external websites. Flywire is not responsible for the content or privacy practices of external websites.

Third-Party Websites or Services: You may elect to use an external third-party application, such as Google, to register your Flywire account. If you choose to register with Flywire using a third-party application, the providers of those services or products may receive information about you that Flywire, you, or others share with them, such as email address and full name. Please note that those third-party applications’ own terms and privacy policies will govern your use of those sites or services.

M. Changes to Our Privacy Policy

Flywire may periodically make changes to this privacy policy to reflect any changes in our information practices. We will notify you by revising the “Last Updated” date at the top of this Privacy Policy. If we make any material changes, we will let you know through the Platform, by email, or other communication. We encourage users to read this Privacy Policy periodically to stay up-to-date about our privacy practices. As long as you use the Platform, you are agreeing to this Privacy Policy and any updates we make to it.

N. Questions, Comments and Complaints about Our Handling of Personal Information

If you have any questions, comments or complaints about our collection, use, storage or disclosure of personal information, please contact us as set forth below. Flywire will take any privacy complaint seriously and we will aim to resolve any issue in a timely and efficient manner. We request that you cooperate with us during this process and provide us with any relevant information that we may need.

Flywire is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) and commits to resolve complaints about our collection or use of your personal information. Individuals with inquiries or complaints regarding our policy should first contact Flywire using the contact information details below.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Flywire commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner's Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, and handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

In accordance with the Data Privacy Framework (DPF) Principles, individuals have the possibility, under certain conditions, to invoke binding arbitration for the resolution of disputes. This means that if you have an unresolved privacy or data use concern that Flywire has not addressed satisfactorily, you may have the option to resolve your issue through binding arbitration. Flywire is committed to arbitrating claims and following the terms set forth in Annex I of the DPF Principles. To invoke binding arbitration, you must deliver a notice to Flywire and adhere to the procedures and conditions outlined in Annex I of the DPF Principles.

O. Contact Information

If you have any questions or concerns related to this privacy policy, or if you wish to request access to, or correction of, your personal information or make a privacy complaint you may contact us.

You could also contact our Privacy Office at:

Flywire
Attn: Privacy Officer
141 Tremont Street, 10th Floor
Boston, MA 02111, USA

Once you lodge a complaint with us, we will send you a written receipt acknowledging your concern unless the complaint has already been resolved within that time frame. We will try to resolve your complaint within 30 days from the date you lodge your complaint and keep you informed about the progress of the complaint throughout the process. We will endeavor to resolve any issue to your satisfaction and notify you of the outcome of our investigation as soon as possible.


English | Español | 日本語 | Bahasa Indonesia