PAYMENT SECURITY POLICY

Effective Date: April 6, 2026

Company: Minnie Downtown Media LLC

Address: 30 N Gould St Ste R, Sheridan, WY 82801, United States

Website: https://ugcexecutive.com/

Email: hello@ugcexecutive.com

1. Introduction and Purpose

Minnie Downtown Media LLC (“Company,” “we,” “us,” or “our”) is committed to ensuring that all payment transactions conducted through our website at https://ugcexecutive.com/ (the “Website”) are processed securely, reliably, and in compliance with applicable payment industry standards and data protection laws.

This Payment Security Policy (“Policy”) describes the payment methods we accept, the technical and organizational security measures we apply to protect payment transactions, the role of our third-party payment processors, and the rights and responsibilities of customers in connection with payment security.

This Policy is designed to provide transparency to customers, banks, card networks, and payment processors regarding our payment practices, and to demonstrate our commitment to operating as a secure, compliant, and trustworthy merchant. This Policy should be read in conjunction with our Privacy Policy, Terms of Service, and Refund and Cancellation Policy, all of which are available at https://ugcexecutive.com/.

2. Accepted Payment Methods

2.1 Credit and Debit Cards

We accept all major credit and debit cards processed through Stripe, Inc., including:

  • Visa
  • Mastercard
  • American Express
  • Discover (where supported by Stripe in the customer’s region)

Card payments are processed in real time through Stripe’s secure payment infrastructure. Cardholders are protected by their card network’s standard purchase protection policies.

2.2 Digital Wallets

Where supported by Stripe in the customer’s region, the following digital wallet payment methods may be available at checkout:

  • Apple Pay
  • Google Pay

Digital wallet availability depends on the customer’s device, browser, and region. The Company does not store digital wallet credentials.

2.3 Buy Now, Pay Later

Depending on regional availability through Stripe, buy now, pay later options (such as Klarna or Afterpay) may be presented at checkout. Where available, these services are provided by third-party providers subject to their own terms and credit assessment processes. The Company is not a party to any credit arrangement between the customer and a buy now, pay later provider.

2.4 Bank Transfers and Wire Transfers

For customers who are unable to use card-based payment methods, bank transfer or wire transfer arrangements may be accommodated on a case-by-case basis. Customers wishing to arrange an alternative payment method should contact us at hello@ugcexecutive.com prior to enrollment. Bank transfer payments are subject to verification before Program access is granted.

2.5 Currency

All transactions are processed and settled in United States Dollars (USD). Prices displayed on the Website may be shown in EUR for customer convenience. The final USD charge is determined at the time of transaction based on the exchange rate applied by the customer’s bank or card issuer. The Company is not responsible for exchange rate fluctuations or foreign transaction fees charged by the customer’s financial institution.

2.6 Payment Methods Not Accepted

The Company does not currently accept the following payment methods:

  • Cash or money orders.
  • Checks or personal cheques.
  • Cryptocurrency or digital assets of any kind.
  • Prepaid cards or gift cards not supported by Stripe.
  • Payments through unverified third-party intermediaries or informal money transfer services not integrated with our payment platform.

3. Primary Payment Processor: Stripe, Inc.

3.1 Role of Stripe

The Company uses Stripe, Inc. (“Stripe”) as its primary payment processor. Stripe is a globally recognized payment infrastructure company that provides secure card processing, fraud detection, and transaction management services to businesses worldwide.

When you make a payment on our Website, your payment data is submitted directly to Stripe’s secure servers. The Company does not receive, process, or store your full payment card number, card verification value (CVV/CVC), or other sensitive authentication data at any point during the transaction.

3.2 Stripe’s Security Certification

Stripe is certified as a PCI DSS Level 1 Service Provider, which is the highest level of certification available under the Payment Card Industry Data Security Standard (PCI DSS). This certification is assessed annually by an independent qualified security assessor. Stripe’s PCI compliance documentation is publicly available at https://stripe.com/guides/pci-compliance.

Stripe’s infrastructure includes the following security features:

  • End-to-end encryption of payment data using TLS 1.2 or higher for all data in transit.
  • AES-256 encryption for all card data stored within Stripe’s systems.
  • Tokenization of card data, replacing sensitive card information with a non-sensitive token for any subsequent transaction references.
  • Stripe Radar, an advanced machine learning fraud detection system that analyzes transaction patterns in real time.
  • 3D Secure 2 (3DS2) authentication support for additional cardholder verification where required by card issuers or applicable regulation, including PSD2 Strong Customer Authentication requirements for EU transactions.

3.3 Stripe’s Terms and Privacy Policy

Your use of Stripe’s payment services is subject to Stripe’s own Terms of Service and Privacy Policy, available at https://stripe.com/legal and https://stripe.com/privacy respectively. By completing a payment on our Website, you authorize Stripe to process your payment in accordance with Stripe’s terms.

4. PCI DSS Compliance

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards developed by the major card networks to protect cardholder data and reduce payment fraud. The Company’s approach to PCI DSS compliance is as follows:

  • Card data handling: The Company does not directly handle, process, store, or transmit full cardholder data. All card data is submitted directly to Stripe via Stripe’s hosted payment form (Stripe Elements or Stripe Checkout), which is loaded from Stripe’s servers. This architecture removes the Company from the direct scope of most PCI DSS cardholder data requirements.
  • SAQ compliance: As a merchant that uses Stripe’s hosted payment pages and does not directly handle card data, the Company operates under the applicable PCI DSS Self-Assessment Questionnaire (SAQ) type appropriate for its integration method.
  • Annual review: The Company reviews its payment integration and security controls on an annual basis to ensure continued alignment with PCI DSS requirements and Stripe’s integration best practices.
  • No card data storage: The Company’s systems, databases, servers, and email infrastructure do not store any payment card numbers, expiry dates, CVV/CVC codes, or cardholder authentication data at any time.

5. Technical and Organizational Security Measures

In addition to relying on Stripe’s security infrastructure for payment processing, the Company implements the following measures to protect the checkout and payment environment:

5.1 Website and Transmission Security

  • The Website operates exclusively over HTTPS using TLS encryption for all pages, including the checkout flow. Unencrypted HTTP connections are not permitted.
  • SSL/TLS certificates are maintained and renewed as required to ensure continuous encryption of all data in transit between the customer’s browser and our Website.
  • Security headers, including Strict-Transport-Security (HSTS), are implemented where technically feasible to enforce secure connections.

5.2 Access Controls

  • Access to the Company’s backend systems, order management tools, and customer data is restricted to authorized personnel only.
  • Multi-factor authentication (MFA) is required for access to administrative and payment-related systems where supported.
  • Access rights are reviewed periodically and revoked promptly upon personnel changes.

5.3 Fraud Prevention

  • All transactions are screened by Stripe Radar’s machine learning fraud detection engine, which evaluates risk signals in real time before a transaction is authorized.
  • 3D Secure (3DS2) authentication is enabled where required, providing an additional layer of cardholder verification for higher-risk transactions.
  • The Company monitors transaction patterns for signs of suspicious activity and reserves the right to decline or reverse transactions identified as potentially fraudulent.
  • IP-based velocity controls and device fingerprinting through Stripe help identify and block unusual purchase patterns.

5.4 Data Minimization

  • The Company collects only the minimum personal and payment-related data necessary to complete the enrollment transaction and deliver the Program.
  • Payment card data is never transmitted to, stored in, or processed by the Company’s own servers or databases at any stage of the transaction.
  • Transaction records retained by the Company for compliance and accounting purposes contain only transaction identifiers, payment amounts, dates, and customer reference information provided by Stripe.

6. Strong Customer Authentication (EU/EEA)

For customers located in the European Union and European Economic Area, the Company’s payment processing through Stripe is designed to support compliance with the Strong Customer Authentication (SCA) requirements of the EU Payment Services Directive (PSD2) (Directive (EU) 2015/2366).

SCA requires that electronic payments be authenticated using at least two of the following three independent factors:

  • Something the customer knows (e.g., a password or PIN).
  • Something the customer has (e.g., a mobile phone or hardware token).
  • Something the customer is (e.g., a fingerprint or facial recognition).

Stripe’s 3D Secure 2 (3DS2) implementation facilitates SCA compliance for applicable transactions. When your card issuer requires SCA, you may be prompted to authenticate your payment through your bank’s authentication flow (such as a one-time passcode sent to your registered mobile device) before the transaction is completed. Transactions that do not complete the required SCA process may be declined by the customer’s card issuer. The Company is not responsible for transaction declines resulting from SCA requirements imposed by card issuers.

7. Fraud Prevention and Customer Responsibilities

7.1 Company Fraud Prevention Measures

The Company takes the following proactive steps to prevent fraudulent transactions on our Website:

  • Real-time fraud screening of all transactions through Stripe Radar.
  • Monitoring for unusual transaction volumes, velocity patterns, and geographic anomalies.
  • Blocking of transactions from IP addresses or devices associated with known fraudulent activity.
  • Reservation of the right to request additional identity verification for high-value or unusual transactions before granting Program access.

7.2 Customer Responsibilities

Customers are responsible for the following in connection with payment security:

  • Ensuring that all payment information submitted during checkout is accurate and belongs to a payment method you are authorized to use.
  • Keeping your device, browser, and payment credentials secure and not sharing them with unauthorized parties.
  • Using a secure and private internet connection when making payments. The Company strongly advises against completing payment transactions over public or unsecured Wi-Fi networks.
  • Notifying your bank or card issuer and contacting us at hello@ugcexecutive.com immediately if you believe your payment information has been compromised or if you notice an unauthorized transaction associated with our Website.
  • Not attempting to circumvent, test, or probe the Company’s payment systems or Stripe’s infrastructure using automated tools, scripts, or any unauthorized methods.

8. Disputed Transactions and Chargebacks

If you have a concern about a transaction processed by the Company, we strongly encourage you to contact us directly before initiating a dispute or chargeback with your bank or card issuer. In most cases, billing concerns can be resolved quickly and efficiently through direct communication.

To report a billing concern, please contact us at hello@ugcexecutive.com with the subject line “Billing Inquiry,” including your full name, enrollment email address, and the transaction date.

In the event of a transaction you believe is unauthorized and was not made by you, please contact both your card issuer and us immediately. The Company will cooperate fully with your card issuer’s fraud investigation process and provide all relevant transaction records as requested.

For the Company’s full policy on chargebacks initiated in connection with Program enrollment, please refer to the Refund and Cancellation Policy, available at https://ugcexecutive.com/.

9. Security Incident and Data Breach Response

In the event of a security incident that may affect the security of payment-related data processed in connection with our Website, the Company will take the following steps:

  • Immediate containment: Upon identifying or being notified of a potential security incident, we will take prompt steps to contain the incident and prevent further unauthorized access.
  • Assessment: We will assess the nature and scope of the incident, including whether any payment-related or personal data has been compromised.
  • Notification to Stripe: We will notify Stripe immediately if there is any indication that our Website integration or systems may have been compromised in a way that could affect payment data security.
  • Regulatory notification: Where required by applicable law, including GDPR Article 33 for EU-affecting breaches, we will notify the relevant supervisory authority within 72 hours of becoming aware of a personal data breach.
  • Customer notification: Where a breach is likely to result in a high risk to affected customers, we will notify affected individuals without undue delay, in accordance with applicable law.
  • Remediation: We will implement remediation measures to address the root cause of the incident and prevent recurrence.

Because the Company does not store full payment card data, the risk of a breach exposing cardholder data from the Company’s own systems is materially reduced. Card data security at the processing level is the responsibility of Stripe as a PCI DSS Level 1 certified provider.

10. Phishing Awareness and Payment Link Verification

The Company will never send you a payment link through unsolicited email, social media message, or any channel other than a confirmed enrollment flow on the official Website at https://ugcexecutive.com/. If you receive a payment request purportedly from the Company through an unexpected or unofficial channel, do not complete the payment and contact us immediately at hello@ugcexecutive.com to verify its authenticity.

Signs of a potentially fraudulent communication include:

  • Email addresses that do not end in @ugcexecutive.com or a verified domain associated with our payment processor.
  • Requests to pay through unofficial channels such as personal PayPal accounts, informal bank transfer requests, or cryptocurrency wallets.
  • Pressure to complete payment urgently without accessing the official Website checkout.
  • Links to websites with URLs that differ from https://ugcexecutive.com/.

The Company is not liable for payments made in response to fraudulent communications that impersonate the Company. If you are uncertain whether a payment request is legitimate, always verify directly with us at hello@ugcexecutive.com before proceeding.

11. Payment Receipts and Transaction Records

Upon successful completion of a payment, you will receive an automated payment confirmation email from Stripe and a separate enrollment confirmation email from the Company. These emails serve as your payment receipt.

You are encouraged to retain your payment confirmation emails for your records. If you require a formal invoice in connection with your purchase, please contact us at hello@ugcexecutive.com with your enrollment details. The Company will make reasonable efforts to provide the requested documentation within five (5) business days.

Transaction records are retained by the Company in accordance with the data retention schedule described in our Privacy Policy, and for a minimum of seven (7) years for financial recordkeeping and tax compliance purposes.

12. Updates to This Policy

The Company reserves the right to update or modify this Payment Security Policy at any time to reflect changes in our payment methods, security practices, regulatory requirements, or third-party processor relationships. The updated Policy will be posted on the Website with a revised Effective Date. We encourage customers and compliance reviewers to check this Policy periodically.

13. Contact Information

For questions regarding payment security, billing inquiries, fraud concerns, or requests for payment documentation, please contact:

Minnie Downtown Media LLC

30 N Gould St Ste R, Sheridan, WY 82801, United States

Website: https://ugcexecutive.com/

Email: hello@ugcexecutive.com

For urgent fraud or security concerns, please include “URGENT – Payment Security” in the subject line of your email. The Company will make reasonable efforts to respond to all payment-related inquiries within three (3) business days.