← Back to home

Privacy Policy

Last updated: June 21, 2026

1. Data Controller

StayPaid is operated by a sole proprietor based in Romania. For privacy-related inquiries, please contact: support@staypaid.io

2. Information We Collect

We collect and process the following categories of personal data:

  • Account Information: Email address, authentication credentials
  • Stripe Integration Data: API keys, customer email addresses, payment failure records, subscription details
  • Communication Preferences: Sender name, company name, email tone preferences
  • Usage Data: Recovery analytics, email delivery status, account activity logs

3. Legal Basis for Processing

We process personal data on the following legal bases: (a) performance of a contract (providing the dunning service), (b) legitimate interest in maintaining service security and preventing fraud, and (c) consent where required by applicable law.

4. Purpose of Processing

Personal data is processed exclusively for the purpose of enabling automated and manual payment recovery communications. We do not process personal data for marketing, advertising, profiling, or any purpose unrelated to the provision of the Service.

5. Data Sharing and Third Parties

We do not sell, rent, or otherwise disclose personal data to third parties for commercial purposes. Data is shared only with our infrastructure providers (Supabase for database hosting, Vercel for application hosting) under strict data processing agreements.

6. Data Retention

Personal data is retained for the duration of your active account plus 30 days. Upon account deletion, all personal data is permanently removed from our systems within 30 days, except where retention is required by applicable law.

7. Your Rights

Under applicable data protection laws, you have the right to:

  • Access your personal data and obtain a copy
  • Rectify inaccurate or incomplete data
  • Request erasure of your personal data ("right to be forgotten")
  • Restrict or object to processing
  • Data portability — receive your data in a structured format
  • Withdraw consent at any time

8. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including: encryption in transit (TLS 1.3), encryption at rest (AES-256), access controls, and regular security assessments. Stripe API keys are stored encrypted and never exposed in client-side code.

9. Cookies and Tracking

We use only essential cookies necessary for authentication and session management. We do not employ tracking cookies, analytics cookies, or third-party advertising technologies.

10. International Data Transfers

Your data is stored in the European Union (Supabase EU region). If you are located outside the EU, your data will be transferred to and processed in the EU in accordance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or through the Service at least 30 days before taking effect.

12. Contact

For questions or concerns regarding this Privacy Policy, please contact: support@staypaid.io