Global Privacy Policy

Updated June 10, 2024


Protecting your private information is our priority. This Privacy Statement (“Statement”) applies to the XTM website (www.xtminc.com), QRails website (www.qrails.com), the all product and co-brander websites, including www.anydayispayday.com and www.paidanyday.com,  the AnyDay mobile applications and co-branded applications (“App” or “Apps”), and related services such as Earned Wage Access (“EWA”), Payments, and Wellness  (together, the “Services”) provided by XTM, Inc. and its subsidiaries, including QRails, Inc. and QRails Ltd, (“XTM/QRails”, “our”, “us”,  or “we”) and governs data collection and usage. If you live in the United States, your relationship is with QRails, Inc. and the laws of the United States and as applicable, the State of California apply. If you are a resident of California, please see the Privacy Notice for Residents of California below. If you live in the United Kingdom (“UK”), your relationship is with QRails Ltd, company number 11329861, which is the controller in relation to personal data collected by QRails. If you live in the European Union (“EU”), the European Economic Area (“EEA”), or Switzerland, your relationship is with QRails Ireland Ltd, company number 714134, whose registered office is at 77 Camden Street Lower, Dublin, Ireland, which is the controller in relation to personal data collected by XTM and QRails.

If you live outside of the US, UK, EU, EEA, or Switzerland, your relationship is with XTM, Inc. and the laws of Canada apply.

Please be aware that by using the Services, you authorize XTM or its subsidiaries to transfer your personal information and data across national borders to other countries where XTM/QRails and its partners operate, including the United States, United Kingdom, and Canada. We take steps to ensure a similar degree of protection for your personal data is maintained when it is transferred and processed. To demonstrate our commitment to the safety and security of your personal information and data, we adhere to internationally recognized information security standards and frameworks, including Payment Card Industry Data Security Standard (PCI DSS) and System and Organization Controls (SOC).

How We Use Information Collected by Us

XTM/QRails and its subsidiaries collect personally identifiable information about you to provide the best consumer experience possible. Your information that is collected will be used solely for the purposes of complying with law and to provide the service contracted in this Agreement. That data collection allows us to:

  • Better provide and offer you products through the Services;
  • Identify you when you log-in and when you select a Service;
  • Customize your experience within the Services;
  • Support you as a user and a consumer, respond to your inquiries and communications;
  • Contact you for purposes such as customer service, updates to the Services and products offered through the Services, and general administrative purposes related to the provision of the Services; and/or
  • Improve the Services and the consumer experience by trend and preference analysis.

Information that We Collect from You

When you use the Services, XTM/QRails may collect the following information:

  • Full name
  • Physical address
  • Email address
  • Telephone number
  • Date of birth
  • Tax identification number / Social Security number / Social Insurance Number
  • IP address
  • Payment or billing information (when you purchase products or services from us)

XTM/QRails does not collect any personal information about you unless you voluntarily provide it to us. However, you may be required to provide certain personal information to us when you elect to use certain products available in the Services, including EWA. These may include: (a) registering for an account in the Services; (b) entering a sweepstakes or contest sponsored by us or one of our partners; (c) signing up for special offers from selected third parties; and (d) sending us an email message. To wit, we will use your information for, but not limited to, communicating with you in relation to services and/or products you have requested from us. We also may gather additional personal or non-personal information in the future in circumstances where you consent or if required to fulfill a contract or comply with legal obligations, as further detailed below.

What are the legal bases for XTM/QRails to collect information about me?

To fulfill a contract: we contract with companies that you interact with to provide them additional capabilities to enhance your consumer experience. The processing completed on this basis includes:

  • Verifying your identity
  • Processing payments
  • Sending necessary and sometimes required communications (for example, account statements)
  • Providing customer support and service

As required, when you give us your consent, including:

  • Sending you product and services information, special offers, and similar information
  • Accessing certain information stored on your device relating to your use of the Services

Please note that on other occasions when we ask you for consent, we will explain what purposes the information will be used for, at that time. Where we need your consent to process information, you can withdraw your consent to such processing at any time.

To comply with legal obligations to which we are subject. These include:

  • Responding to lawful requests from legal and law enforcement agencies when conducting an investigation
  • To detect, prevent, and otherwise deter fraud, potentially illegal activities, security issues, and other technical issues which help to protect you and us.

Sharing Information with Third Parties

XTM/QRails does not sell, rent, or lease its customer, consumer, or user lists to third parties.

XTM/QRails may share data with trusted partners to help verify your identity, execute transactions requested by you, perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services to XTM or its subsidiaries, and they are required to maintain the confidentiality of your information.

XTM/QRails may disclose your personal information, without notice, if required to do so by law or in the good faith belief that such action is necessary to: (a) comply with legal or regulatory requirements or  legal process served on QRails or relevant to the Services (b) protect and defend the rights or property of XTM/QRails; and/or (c) act under exigent circumstances to protect the personal safety of users of XTM/QRails, or the public.

Tracking User Behavior

XTM QRails may keep track of your actions and submissions through the Services in order to determine which XTM or subsidiary services are the most popular. This data is used to deliver customized content and advertising within the Services to consumers whose behavior indicates that they are interested in a particular product or service.

Automatically Collected Information

Information about your device hardware and software may be automatically collected by XTM/QRails. This information can include: your IP address, browser type, domain names, and access. This information is used for the operation of the Services, to maintain quality of the Services, and to provide general statistics regarding use of the Services.

Security of your Personal Information

XTM/QRails is committed to protecting the security of all of the personal information we collect and use. 

We use a variety of physical, administrative, and technical safeguards designed to help protect it from unauthorized access, use, and disclosure. We have implemented and continually progress these safeguards based on best-practice standards and controls in compliance with internationally recognized security frameworks, as well as the use of encryption technologies to protect data at-rest and in-transit.

Use of Cookies

XTM/QRails and its subsidiaries have  social media channels that utilize first and third-party vendor re-marketing tracking cookies, including the Google Ads tracking cookie, Facebook, LinkedIn and Twitter re-marketing cookies. This means we will show ads to you across the Internet, specifically on the Google Content Network (GCN), Facebook, Instagram, LinkedIn and Twitter. This data may also be shared with trusted third party vendors that utilize this data to create promotion campaigns for other related companies. As always, we respect your privacy and are not collecting any identifiable information through the use of Google’s or any other third party re-marketing system.

The first and third-party vendors, including Google, whose services we use — will place cookies on web browsers in order to serve ads based on past visits to our website. This allows us to make major announcements and continue to market our services to those who have shown interest in our service.

You may opt out of the automated collection of information by third-party ad networks for the purpose of delivering advertisements tailored to your interests, by visiting the consumer opt-out page for the Self-Regulatory Principles for Online Behavioural Advertising at http://www.aboutads.info/choices/ and edit or opt-out your Google Display Network ads’ preferences at http://www.google.com/ads/preferences/.”

Children Under Thirteen Years Old

XTM and its subsidiaries do not intentionally collect personally identifiable information from children under the age of thirteen. If you have reason to believe that someone under the age of 13 has provided information to us through the Services, please contact us using the details below so that we can remove this information from our systems, if possible.

E-mail Communications

From time to time, XTM or its subsidiaries may contact you via email for the purpose of providing announcements, promotional offers, alerts, confirmations, surveys, and/or other general communication. In order to improve our Services, we may receive a notification when you open an email from us or click on a link therein.

If you would like to stop receiving marketing or promotional communications via email from XTM/QRails, you may opt-out of such communications by replying to the email, with ‘Unsubscribe’ in the subject line or utilize the ‘Unsubscribe’ hyperlink in the email footer.

External Data Storage Sites

We may store your data on servers provided by third party hosting vendors with whom we have contracted. While we strive to store all data in the geographic region that the consumer lives in, sometimes this is not possible, and data may be stored on XTM/QRails systems in the United States subject to appropriate safeguards.

Data Retention

We comply with local laws regarding data retention of consumer and cardholder data.

Data Processing

The personal data which individuals allow to be processed is only used for the purposes stated in this Statement and is only shared with the categories of recipients that are referred to in this Statement. Where the personal data is lawfully passed on to a third-party sub-processor, XTM/QRails ensures that this third party is under a contractual obligation to process the personal data in accordance with this Statement and only to share the personal data with categories of recipients that have been authorized by the individual.

Additionally, individuals may request the restriction of the processing of personal data in certain circumstances, namely where:    

  • they contest the accuracy of the personal data which we have processed and we are verifying the query;
  • the data has been unlawfully processed;
  • we no longer need that personal data but an individual requires us to keep it; or
  • the individual has objected to our processing their personal data and we are considering whether our legitimate grounds override those of the individual.

If an individual requests that we suspend processing of their personal data, we would  make that data temporarily unavailable, not process it apart from to store it, and would inform any sub-processors about the suspension.

The right of individuals to access their personal data

XTM/QRails ensures that individuals have the following rights in relation to their personal data:

  • the right to request a copy of some or all of their personal data;
  • the right to request rectification of any inaccurate personal data which we hold;
  • the right to request erasure of personal data;
  • the right to request restriction of processing of the personal data;
  • the right to object to the processing of the personal data; and
  • the right to transfer certain data to the individual or a third party.

In relation to access to personal data, individuals may make a request for access verbally or in writing. They will not be charged for receipt of a copy of their personal data (unless that the request is unfounded, repetitive or excessive) and they will be provided with such copy as soon as reasonably practicable and in any event within the statutory timeline of a month from receipt of the request, unless the request is particularly complex or you have made a number of requests.

Changes to this Statement

XTM/Qrails reserves the right to change this Statement, from time to time, to integrate new technologies, regulatory requirements, aligning with evolving industry best practices, or other purposes. The “Last Updated” date at the beginning of this policy is updated when we update the policy; therefore, we encourage you to check this page periodically to understand how your data is treated by us. We will notify you about material changes in the way we treat personal information by email, through the App, or other means consistent with applicable law. Your continued use of the available Services after such modifications will constitute your: (a) acknowledgement of the modified Statement; and (b) agreement to abide and be bound by the modified Statement.

Contact Information

XTM/QRails commits to resolve complaints about our collection or use of your personal information. XTM/QRails welcomes your questions or comments regarding this Statement. If you believe that XTM/QRails or any of its subsidiaries has not adhered to this Statement, please contact us.

Regardless of where you reside, you can also reach us by emailing us at support@paidanyday.com if you have any questions or concerns.

Privacy Notice for
Residents of California

Effective Date: July 14, 2022

The following Privacy Notice (“CCPA Notice”) is provided by QRails, Inc. (“QRails”, “our”, “us”, or “we”) and applies to users of the QRails website (www.qrails.com), the AnyDay website (www.anydayispayday.com), the AnyDay mobile application (“App”), and related services such as Earned Wage Access (“EWA”) (together, the “Services”) who reside in California. The CCPA Notice is a supplement to the Privacy Statement found above. This notice has been issued by QRails to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws.

Information that QRails Collects

QRails collects information about you that may identify, describe, relate to, references, or is capable of being linked or associated with a particular consumer or device. We call this information “Personal Information.” Personal Information that we may collect when you are using our Services includes the following categories:

Category of Information
Description of Information
Collected by QRails
Information such as your name, postal address, unique personal identifier or social security number, driver license or passport number, or similar identifiers
Personal Information as defined by California Civil Code, Section 1798.80(e)
Any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Classification characteristics protected under California or federal law
Information about you such as your race, religion, ancestry, national origin, marital status, medical condition(s), sexual orientation, veteran or military status, or genetic information.
Commercial Information
Information about you such as your past personal property purchases and consumer histories or tendencies.
Biometric Information
Physiological, genetic, or biological characteristics about you such as fingerprints, faceprints, or voice prints; iris or retina scans, or other physical patterns.
Internet or activity occurring on or over networks
Information collected by cookies or other behavior tracking devices that collect your internet activity such as browsing and search histories, or information regarding your interaction with websites, applications, or advertisements.
Geolocation Information
Physical location, according to your Internet Protocol (IP) address.
Sensory Information
Information such as audio, electronic, visual, thermal, or olfactory.
Professional and Employment-related Information
Information about your current or past jobs, employment, or contracts, including the performance evaluations that may have occurred while employed or contracted.
Non-public Education Information
Information about your education such as records related to you as a student, grades, transcripts, student schedules, student identification codes, student financial information, or disciplinary records.
Inferences Drawn From Other Personal Information
Information about you that can be used to create a profile, such as preferences, characteristics, predispositions, behavior, attitudes, abilities, and aptitudes.

“Personal information” does not include:

Publicly available information that is lawfully made available to the general public from federal, state, or local government records.

De-identified, anonymized, or aggregated consumer information

Information that is expressly excluded from the scope of the CCPA but is covered by the Health Insurance Portability and Accountability Act (HIPAA) or other applicable legislation.

How QRails Uses Personal Information

Except as described herein, QRails does not disclose information that we collect about you through the Services and services without your consent. We may, however, use and disclose Personal Information detailed above for business purposes such as:

• To fulfill the service you requested by giving us the information
• To provide you with products, services, or information that you have requested from QRails
• To provide email alerts, information on events or contests, or other notices about QRails, the Services or services, or news when you have indicated that it may be of interest to you
• To fulfill our obligations and enforce QRails’ rights arising from contracts entered into between you and us
• To improve your consumer experience and our Services or service
• To protect our rights, property, or safety
• To respond to requests from law enforcement agencies, as required by applicable law, court orders, subpoenas, or government regulations
• To perform the actions described to you when collecting the Personal Information from you by your consent

Disclosure of Personal Information

If you consent to it, QRails may disclose Personal Information to third parties for a business reason. In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for business reasons:

• Identifiers
• Personal Information as defined by California Civil Code, Section 1798.80(e)

QRails discloses your Personal Information to the following categories of third parties for business reasons:

• Service providers

In the last twelve (12) months, we have not sold any Personal Information.

Sources of Personal Information

QRails collects Personal Information about you from these categories of sources:

• From you, directly
• From you, indirectly when you use QRails services and the Services. This information includes things like your IP address, the region or geographic area where your device is connected to the internet, the browser type, operating system, and other usage information about your use of the Services.
• Third parties, for example your employer

Your Rights Under the CCPA

California residents have specific rights regarding their Personal Information as granted by the CCPA, including the right to request information about how your Personal Information is used, collected, or disclosed.

Upon receipt of a verified request from you about the collection and use of your Personal Information, we will disclose to you:

• Categories of Personal Information collected over the past twelve (12) months
• Categories of sources where we have collected Personal Information about you over the past twelve (12) moths
• Business reason for collecting or selling Personal Information over the past twelve (12) months
• Categories of third parties that we have shared Personal Information with over the past twelve (12) months
• Specific pieces of your Personal Information collected over the past twelve (12) months
• Whether we have sold or disclosed your Personal Information for a business reason

Deletion Right

Subject to the limitations below, you have the right to request that we delete Personal Information about you that QRails has collected and retained. When you submit a request for Personal Information deletion, we will verify that it is a legitimate request and delete your Personal Information from our systems and direct any service providers to the same, unless:

• We need the Personal Information to complete a transaction you directed us to conduct, provide a product or service requested by you, or otherwise to perform our obligations as defined by a contract or agreement with you
• We need the Personal Information to detect security incidents; protect against malicious, fraudulent, or illegal activity; or prosecute those responsible for such activities
• We need the Personal Information to identify and repair errors that impair existing functionality or to debug
• We need the Personal Information to comply with a legal obligation

Opt-out of the Sale of Your Personal Information

While residents of California do have the right to opt-out of their Personal Information being sold, QRails does not sell your Personal Information. Therefore, there is no need for you to submit a request to opt-out.

Shine the Light

California Civil Code Section 1798.83 permits our consumers who are residents of California to request and obtain from us information about the Personal Information we disclosed to third parties for direct marketing purposes in the preceding calendar year, at no charge. If you are a resident of California and would like to make such a request, please submit your request to Compliance@QRails.com.

Verifiable Consumer Requests

Only you or someone legally authorized by you can submit a verifiable consumer request. You must provide QRails with sufficient information so that we can verify your identity and provide enough detail in the request to permit us to properly evaluate and respond. If we cannot verify your identity, we will not be able to respond to your request. You do not need an account with QRails in order to submit a request.

To exercise your rights described in the CCPA Notice, submit a verifiable consumer request by calling us at (877) 573-3777 or emailing us on Compliance@QRails.com.

It is QRails intention to respond to verifiable consumer requests within 45 days of receipt. In some cases, it may take longer but we will notify you within 45 days if it will take longer. If you have an account with QRails, we will deliver the response to that account. If you do not have an account with QRails, we will deliver it through mail or e-mail, upon your selection. If we are not able to respond to a request, we will notify you in writing and explain why we are unable to respond.

If you choose to exercise your rights under the CCPA, we promise not to discriminate against you for that exercise.

Changes and Updates to the CCPA Notice

QRails reserves the right to change this CCPA Notice from time to time. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address specified in your account or by placing a prominent notice in the Services. Your continued use of the Services and/or Services available through the Services after such modifications will constitute your: (a) acknowledgement of the modified CCPA Notice; and (b) agreement to abide and be bound by that CCPA Notice.

QRails welcomes your questions or comments regarding this CCPA Notice. If you believe that QRails has not adhered to this CCPA Notice, please contact us.

Regardless of where you reside, you can also reach us by emailing us at Info@QRails.com if you have any questions or concerns.

You can always write to us at:

QRails, Inc
P.O. Box 3237
Denver, CO 80202