Privacy Policy

Last Updated: December 11, 2025

Payvly ("Company", "we", "our", "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information.

1. Information We Collect

1.1 Information You Provide

Account Information: Name, email address, password, business name, address, phone number
Billing Information: Payment card details (processed by Stripe), billing address
Profile Information: Business logo, preferences, settings
Business Data: Client information, invoices, products, services
Communications: Support requests, feedback, correspondence

1.2 Automatically Collected Information

Usage Data: Pages visited, features used, time spent, actions taken
Device Information: IP address, browser type, operating system, device identifiers
Cookies: Session data, preferences, analytics (see Cookie Policy)
Location Data: General location based on IP address

1.3 Information from Third Parties

Stripe: Payment processing data, payout information, verification data
OAuth Providers: If you sign in with Google/social login (name, email)

2. How We Use Your Information

2.1 Provide Services

Create and manage your account
Process transactions and send invoices
Enable payment processing via Stripe Connect
Generate reports and analytics
Provide customer support

2.2 Improve Services

Analyze usage patterns and trends
Develop new features and functionality
Conduct research and testing
Optimize performance and user experience

2.3 Communication

Send transactional emails (invoices, receipts, notifications)
Send service updates and important notices
Respond to inquiries and support requests
Send marketing communications (with consent; opt-out anytime)

2.4 Security and Compliance

Detect and prevent fraud
Enforce our Terms of Service
Comply with legal obligations
Protect rights and safety

2.5 Legal Basis (GDPR)

We process data based on:

Contract: Performance of our agreement with you
Consent: Where you have given consent
Legitimate Interests: For business operations and improvements
Legal Obligation: Compliance with laws and regulations

3. How We Share Your Information

3.1 Service Providers

We share data with third parties who perform services for us:

Stripe: Payment processing and payouts
Email Service: Transactional and marketing emails
Analytics: Google Analytics for usage insights
Hosting: AWS or cloud infrastructure providers
Support Tools: Customer service platforms

All service providers are bound by confidentiality agreements and GDPR compliance.

3.2 Business Transfers

If we are involved in a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your data is transferred.

3.3 Legal Requirements

We may disclose information if required by law or to:

Comply with legal process
Enforce our Terms of Service
Protect rights, property, or safety
Prevent fraud or security issues

3.4 With Your Consent

We may share information for other purposes with your explicit consent.

3.5 What We Don't Do

We never sell your personal data to third parties
We don't share your data for third-party marketing
We don't rent or lease customer lists

4. Your Invoice Recipients

When you send invoices:

Your clients receive invoices via email
Clients can access invoices through a secure portal
Client portal access is token-based (no login required)
Clients see only their own invoices and data

5. Data Retention

5.1 Active Accounts

We retain data as long as your account is active and as needed to provide services.

5.2 Inactive Accounts

Free accounts: Deleted after 12 months of inactivity
Paid accounts: Retained until subscription cancellation

5.3 After Deletion

Data is retained for 30 days for recovery
After 30 days, data is permanently deleted
Some data may be retained longer for legal compliance

5.4 Backups

Deleted data may persist in backups for up to 90 days before being purged.

6. Data Security

6.1 Technical Measures

TLS/SSL encryption for data in transit
Encryption at rest for sensitive data
Secure password hashing (bcrypt)
Regular security audits and testing
Firewall and intrusion detection

6.2 Organizational Measures

Access controls and authentication
Employee training on data protection
Confidentiality agreements with staff
Incident response procedures

6.3 Your Responsibility

Use strong, unique passwords
Enable two-factor authentication
Keep credentials confidential
Report suspicious activity immediately

6.4 No Guarantee

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Your Rights and Choices

7.1 Access and Portability

View your personal data in account settings
Export your data at any time
Request a copy of your data

7.2 Correction

Update your information in account settings
Contact us to correct inaccurate data

7.3 Deletion

Delete your account at any time
Request deletion of specific data
Right to be forgotten (GDPR)

7.4 Restriction and Objection

Object to certain data processing
Restrict processing in certain circumstances
Opt out of marketing communications

7.5 Withdraw Consent

Withdraw consent for data processing
Note: May limit service functionality

7.6 Complaints

File a complaint with us at privacy@Payvly.com
File a complaint with your local data protection authority

8. Cookies and Tracking

8.1 What We Use

Essential Cookies: Required for service functionality
Analytics Cookies: Google Analytics to understand usage
Preference Cookies: Remember your settings

8.2 Your Choices

Disable cookies in your browser settings
Note: May affect site functionality
Opt out of Google Analytics: https://tools.google.com/dlpage/gaoptout

8.3 Do Not Track

We do not currently respond to Do Not Track signals.

9. Third-Party Links

Our service may contain links to third-party websites. We are not responsible for their privacy practices. Review their privacy policies before providing information.

10. International Data Transfers

10.1 Location

Your data is primarily stored and processed in the United States.

10.2 Safeguards

If you're outside the US:

We use standard contractual clauses
We implement appropriate safeguards
We comply with applicable data protection laws

10.3 EU-US Privacy Shield

While Privacy Shield is invalidated, we maintain GDPR compliance through other mechanisms.

11. Children's Privacy

Our service is not intended for children under 18. We do not knowingly collect data from children. If we learn we have collected data from a child, we will delete it promptly.

12. California Privacy Rights (CCPA)

California residents have the right to:

Know what personal information is collected
Know if personal information is sold or disclosed
Say no to the sale of personal information (we don't sell data)
Access your personal information
Request deletion of personal information
Not be discriminated against for exercising rights

To exercise these rights, contact us at privacy@Payvly.com.

12.1 Shine the Light

California residents can request information about disclosures to third parties for marketing purposes (we don't do this).

13. European Privacy Rights (GDPR)

EU residents have additional rights:

Right of access
Right to rectification
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing
Rights related to automated decision-making

13.1 Data Protection Officer

For GDPR inquiries, contact our DPO at: dpo@Payvly.com

13.2 Supervisory Authority

You have the right to lodge a complaint with your local supervisory authority.

14. Changes to This Policy

We may update this Privacy Policy periodically
Changes are effective when posted
Material changes will be notified via email or platform notification
Continued use after changes constitutes acceptance

15. Contact Us

For privacy questions or to exercise your rights:

Payvly Privacy Team
Email: privacy@Payvly.com
Support: support@Payvly.com
Website: https://Payvly.com

Mail:
[Your Company Address]
[City, State ZIP]
[Country]

16. Data Processing Agreement

If you're a business customer subject to GDPR, we can provide a Data Processing Agreement (DPA). Contact legal@Payvly.com.

17. Specific Data Disclosures

17.1 Payment Data

Credit card data is processed and stored by Stripe
We never see or store full card numbers
We only store last 4 digits and card brand for reference

17.2 Client Data

You control your client data
You are the data controller; we are the data processor
You must have legal basis to share client data with us

17.3 Email Data

Invoice emails contain transaction data
Client portal emails contain secure access links
Marketing emails sent only with consent

18. Summary

We collect information you provide and usage data. We use it to provide services, improve our platform, and communicate with you. We share data only with service providers, for legal reasons, or with your consent. We never sell your data. You have rights to access, correct, delete, and control your data.

By using Payvly, you acknowledge that you have read and understood this Privacy Policy.