Privacy Policy
Last updated: June 2026
1. What we collect
When you sign up for PaidGuard, we collect:
- Account data: your email address and password (hashed).
- Stripe data: when you connect your Stripe account, we receive subscription, invoice, and customer data through OAuth. We never see or store raw card numbers—Stripe handles all PCI compliance.
- Usage data: pages visited, clicks, errors—via self-hosted Plausible Analytics. No third-party tracking.
- Email data: dunning emails we send on your behalf (recipient, subject, body, send timestamp).
2. What we do NOT collect
- Card numbers, CVVs, or expiry dates (Stripe handles this; we never see it).
- Bank account or routing numbers.
- Government IDs, SSNs, or other PII.
- Anything from your end customers except what Stripe returns via webhooks.
3. How we use your data
We use your data only to operate PaidGuard—retry failed payments, send dunning emails, show analytics, and improve the product. We do not sell, rent, or share your data with third parties for advertising.
Subprocessors we use:
- Stripe — payment processing (PCI-compliant).
- Resend — transactional email delivery.
- Neon — managed Postgres database (encrypted at rest).
- Vercel — application hosting.
- Cloudflare — DNS and edge routing.
- Plausible — self-hosted website analytics.
4. Your rights (GDPR / CCPA)
You have the right to:
- Access your data — request a full export anytime.
- Delete your data — request account deletion via hello@paidguard.io.
- Correct inaccurate data — email us to fix it.
- Port your data — we can provide a JSON export.
Your customers (the people whose cards we help you retry) have the same rights. We provide tools to honor deletion requests within 30 days.
5. Data retention
We keep your account data while your account is active. After deletion, all data is permanently erased within 30 days. Anonymized aggregate metrics (recovery rates, time-to-recovery ranges) may be retained indefinitely.
6. Security
All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). We use Stripe OAuth with read-only scopes—we cannot charge, refund, or modify your Stripe account. SOC2 Type II certification is in progress.
7. Cookies
We use only essential cookies (auth_token, user_email) for session management. No tracking cookies, no third-party cookies.
8. Contact
Privacy questions: privacy@paidguard.io
Mailing address: PaidGuard, Inc., 2261 Market Street #5036, San Francisco, CA 94114