← Back to PaymentPing

Privacy Policy

Effective Date: January 30, 2026Last Updated: January 30, 2026

TL;DR - The Short Version

  • ✓ We only collect what we need to run the service
  • ✓ We don't sell your personal information (names, emails, business details)
  • ✓ We may share anonymized aggregate data to provide industry insights
  • ✓ You can delete your account and data anytime
  • ✓ We use industry-standard security (encryption, secure hosting)
  • ✓ Third-party services: Stripe (payments), Resend (email), Supabase (database)

PaymentPing ("we", "us", or "our") operates the payment-ping.com website and PaymentPing service (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and handling your data in an open and transparent manner. This policy complies with GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act), PIPEDA (Canada), and other applicable privacy laws.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, password (encrypted)
  • Business Information: Business name, logo, branding settings
  • Client Data: Client names, email addresses, phone numbers you add
  • Financial Data: Invoice and quote details, line items, amounts
  • Payment Information: Processed and stored by Stripe (we never store full credit card numbers)
  • Communication Data: Support emails, feedback, correspondence

1.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent
  • Device Information: Browser type, operating system, IP address
  • Log Data: Access times, error logs, performance metrics
  • Cookies: Session cookies for authentication, preference cookies for settings

1.3 Information from Third Parties

  • Google OAuth: If you sign in with Google, we receive your name and email address
  • Payment Processors: Stripe provides payment confirmation and subscription status

2. How We Use Your Information

We use your information for the following purposes:

  • Provide the Service: Create and send invoices/quotes, process payments, send reminders
  • Account Management: Authenticate users, manage subscriptions, provide support
  • Communications: Send transactional emails (invoices, receipts, reminders), service updates
  • Improve the Service: Analyze usage patterns, fix bugs, develop new features
  • Security: Detect fraud, prevent abuse, protect against unauthorized access
  • Legal Compliance: Comply with legal obligations, respond to legal requests

Legal Basis (GDPR): We process your data based on: (1) Contract performance - to provide the service you signed up for, (2) Legitimate interests - to improve and secure our service, (3) Legal obligations - to comply with laws, (4) Consent - for optional features like marketing (where applicable).

3. Data Sharing and Third-Party Services

Our Data Sharing Policy:

  • ✓ We do not sell your personally identifiable information (name, email, business details)
  • ✓ We may share anonymized, aggregate statistics with partners to provide industry insights and improve our services
  • ✓ We only share identifiable data with trusted service providers necessary to operate PaymentPing

Service Providers

We share data with the following trusted service providers to operate PaymentPing:

Stripe (Payment Processing)

Processes subscription payments and invoice payments. Stripe is PCI-DSS compliant.

View Stripe Privacy Policy →

Resend (Email Delivery)

Sends invoice emails, quote emails, and payment reminders on your behalf.

View Resend Privacy Policy →

Supabase (Database Hosting)

Hosts your data securely with encryption at rest and in transit. SOC 2 Type II certified.

View Supabase Privacy Policy →

OpenAI (AI Features - Pro+AI tier only)

Powers expense categorization and business insights. We send minimal data (expense descriptions only).

View OpenAI Privacy Policy →

Vercel (Hosting)

Hosts the PaymentPing application with global CDN and DDoS protection.

View Vercel Privacy Policy →

Sentry (Error Monitoring)

Tracks application errors to improve reliability. Does not collect personal data.

View Sentry Privacy Policy →

Legal Disclosures: We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

4. Data Security

We implement industry-standard security measures to protect your data:

🔒 Encryption

HTTPS/TLS for data in transit, AES-256 encryption for data at rest

🔐 Authentication

Secure password hashing (bcrypt), optional Google OAuth

🛡️ Access Control

Role-based permissions, session management

📊 Monitoring

Real-time error tracking, security audit logs

Note: No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account password.

5. Data Retention and Deletion

Active Accounts

We retain your data for as long as your account is active and as needed to provide services.

Closed Accounts

When you delete your account:

  • Your account and personal data are permanently deleted within 30 days
  • Invoices and quotes are anonymized (client data removed, amounts retained for financial records)
  • Some data may be retained longer for legal/tax compliance (e.g., payment records for 7 years)
  • Backup copies are deleted within 90 days

Legal Retention

Financial transaction records are retained for 7 years to comply with tax and accounting regulations.

6. Your Privacy Rights

Depending on your location, you have the following rights:

Access:

Request a copy of your personal data

Correction:

Update inaccurate or incomplete data (available in settings)

Deletion:

Request deletion of your data (delete account in settings)

Portability:

Export your data in a machine-readable format

Object:

Object to processing based on legitimate interests

Withdraw Consent:

Withdraw consent for optional processing (e.g., marketing emails)

Restrict Processing:

Request limitation on how we use your data

California Residents (CCPA)

You have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information we collect and how it's used
  • Right to delete personal information (with certain exceptions)
  • Right to opt-out of the "sale" of personal information
  • Right to non-discrimination for exercising your privacy rights

Note: We do not sell personally identifiable information. We may share anonymized aggregate data for research and insights.

EU Residents (GDPR)

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

To exercise any of these rights, email us at privacy@payment-ping.com or use the data export/deletion features in your account settings.

7. Cookies and Tracking

We use cookies and similar technologies for:

Essential Cookies (Required)

Session authentication, security tokens. These cannot be disabled.

Functional Cookies (Optional)

Remember your preferences (language, timezone). You can disable these in your browser.

Analytics Cookies (Optional)

Help us understand how users interact with the service. You can opt-out via your browser settings.

Most web browsers accept cookies by default. You can usually modify your browser settings to decline cookies, but this may prevent you from using certain features of the Service.

8. International Data Transfers

PaymentPing is operated from Canada. If you are located outside Canada, your information may be transferred to, stored, and processed in Canada and other countries where our service providers operate.

We ensure adequate protection of your data during international transfers by:

  • Using service providers that comply with GDPR, Privacy Shield, or similar frameworks
  • Implementing Standard Contractual Clauses (SCCs) with our processors
  • Ensuring all data is encrypted in transit and at rest

9. Children's Privacy

PaymentPing is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we discover that we have collected information from a child under 18, we will delete it immediately. If you believe a child has provided us with personal information, please contact us at privacy@payment-ping.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Updating the "Last Updated" date at the top of this policy
  • Sending an email notification to your registered email address
  • Displaying a prominent notice in the application

Your continued use of the Service after changes to this policy constitutes acceptance of the updated terms.

11. Contact Us

If you have questions about this Privacy Policy or want to exercise your privacy rights:

Email: privacy@payment-ping.com

Data Protection Officer: dpo@payment-ping.com

Address: PaymentPing, [Your Business Address]

We will respond to all requests within 30 days (or as required by applicable law).

This Privacy Policy was last updated on January 30, 2026.

Terms of ServiceFAQBack to Home