Best practices

Data handling

Lenders can only view aggregated, anonymized data until the merchant accepts the offer. Do not attempt to re-identify merchants by correlating aggregates with external data sets — this is a breach of the Capital Lender Agreement.

Restrict the live API key and Lender Portal access to named individuals who have a clear business need. Use the portal's role-based access controls (Admin, Origination, Ops, Read-only) rather than sharing a single admin seat.

Operational best practices

• Monitor webhook deliverability. Track your 2xx rate on inbound webhooks. A falling rate usually means ingestion regressions before it means problems with Capital. The Lender Portal surfaces failed deliveries and allows manual replay.
• Cap concurrent active invitations per merchant. Inviting the same account to multiple active offers simultaneously creates confusion. Present one active offer per account at a time unless you have a segmented rationale.
• Respect the no-activity window. Automated chasing of merchants inside the delinquency window is ineffective. Use the Lender Portal's workout flow instead — a guided collections path in the portal that lets you propose revised repayment terms (extensions, partial settlements, payment pauses) and routes all communication to the merchant through PayMongo's in-app messaging with their consent. This keeps outreach compliant and gives the merchant a single, authenticated channel to respond on.