Privacy Policy

PayStream, Inc. ("PayStream," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our payment processing services, website, and related applications.

1. Information We Collect

1.1 Information You Provide

We collect information you provide directly to us, including:

• Account Information: Name, email address, phone number, company name, and password when you create an account
• Business Information: Business type, tax ID, bank account details, and ownership information for verification purposes
• Payment Information: Transaction data, payment method details, and billing information
• Communications: Messages you send to us, including support requests and feedback
• Identity Verification: Government-issued ID and other documents required for compliance

1.2 Information We Collect Automatically

When you use our services, we automatically collect:

• Device Information: IP address, browser type, operating system, and device identifiers
• Usage Data: Pages visited, features used, API calls made, and interaction patterns
• Transaction Data: Payment amounts, timestamps, currency, and processing details
• Log Data: Server logs, error reports, and performance metrics

1.3 Information from Third Parties

We may receive information about you from:

• Identity verification services
• Credit bureaus and fraud prevention services
• Banking partners and payment networks
• Public databases and social media platforms (if you connect them)

2. How We Use Your Information

We use the information we collect to:

• Provide Services: Process payments, manage your account, and deliver our platform features
• Verify Identity: Comply with KYC (Know Your Customer) and anti-money laundering requirements
• Prevent Fraud: Detect, investigate, and prevent fraudulent transactions and abuse
• Improve Services: Analyze usage patterns to enhance our platform and develop new features
• Communicate: Send transactional notifications, security alerts, and (with consent) marketing messages
• Comply with Law: Meet legal obligations, respond to legal process, and protect our rights

3. Information Sharing

We do not sell your personal information. We may share information with:

3.1 Service Providers

Third parties who perform services on our behalf, including:

• Cloud hosting providers (AWS, Google Cloud)
• Payment processors and banking partners
• Identity verification services
• Analytics providers
• Customer support platforms

3.2 Legal Requirements

We may disclose information when required by law, subpoena, or other legal process, or when we believe disclosure is necessary to:

• Protect the safety of any person
• Investigate fraud or security issues
• Protect our rights or property
• Comply with financial regulations

3.3 Business Transfers

If PayStream is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• PCI DSS Compliance: We maintain Level 1 PCI DSS certification for payment card security
• Access Controls: Role-based access, multi-factor authentication, and audit logging
• Regular Audits: Annual SOC 2 Type II audits and penetration testing
• Incident Response: 24/7 security monitoring and documented incident response procedures

5. Data Retention

We retain your information for as long as necessary to:

• Provide our services to you
• Comply with legal obligations (e.g., 7 years for financial records)
• Resolve disputes and enforce agreements
• Maintain business records

When you close your account, we will delete or anonymize your personal information within 90 days, except where retention is required by law.

6. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal information
• Portability: Receive your data in a portable format
• Opt-out: Unsubscribe from marketing communications
• Restriction: Limit how we use your information

To exercise these rights, contact us at privacy@paystream.io. We will respond within 30 days.

7. Cookies & Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Enable core functionality (authentication, security)
• Analytics Cookies: Understand how you use our services
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Note that disabling certain cookies may impact functionality.

8. International Data Transfers

PayStream is based in the United States. If you access our services from outside the US, your information may be transferred to, stored, and processed in the US or other countries where our service providers operate.

For transfers from the European Economic Area (EEA), we rely on:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions where applicable
• Your explicit consent for certain transfers

9. Children's Privacy

PayStream services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected information from a child, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting a notice on our website
• Sending an email to your registered address
• Updating the "Last updated" date at the top of this policy

Your continued use of our services after changes take effect constitutes acceptance of the updated policy.