Privacy Policy
Last updated: December 01, 2025
Our Privacy Commitment
At PayPerBill, we believe your data belongs to you. We collect only what's necessary to provide our service, we never sell your information, and we give you full control over your data. This policy explains exactly what we collect, why, and how you can manage it.
No Data Selling
We never sell your data
Encrypted Data
Industry-standard security
Data Deletion
Delete anytime you want
1 Information We Collect
1.1 Information You Provide
When you use PayPerBill, you may provide us with:
Account Information
- Name (first and last)
- Email address
- Password (stored securely hashed, never in plain text)
- Phone number (optional)
- Business name and address (optional)
Business Data
- Client information (names, emails, addresses, phone numbers)
- Invoice details (items, descriptions, amounts, dates)
- Payment records and transaction history
- Notes and custom fields you add to invoices
Payment Information
- Billing address
- Payment method details (processed securely by Stripe - we never store full card numbers)
- Transaction history for our flat-fee charges
1.2 Information Collected Automatically
When you access our Service, we automatically collect:
Usage Data
- Pages visited and features used
- Time spent on the platform
- Actions taken (creating invoices, sending emails, etc.)
- Error logs and performance data
Device & Technical Data
- IP address
- Browser type and version
- Operating system
- Device type (desktop, mobile, tablet)
- Referring URLs
- Time zone and language preferences
1.3 Information from Third Parties
We may receive information from:
- Stripe: Payment confirmation, transaction status, fraud prevention signals
- Postmark: Email delivery status, bounce notifications, open/click tracking (if enabled)
2 How We Use Your Information
We use the information we collect to:
Create invoices, store client data, process payments, deliver emails
Authenticate access, process registrations, handle password resets
Charge the flat fee for sending invoices, provide receipts
Send transactional emails, service updates, security alerts
Analyze usage patterns, fix bugs, develop new features
Detect fraud, prevent abuse, protect against unauthorized access
Legal Bases for Processing (GDPR)
If you are in the European Economic Area (EEA), we process your data under these legal bases:
- Contract Performance: Processing necessary to provide the Service you requested
- Legitimate Interests: Improving our service, preventing fraud, ensuring security
- Legal Obligation: Complying with applicable laws and regulations
- Consent: When you explicitly opt-in (e.g., marketing communications)
3 How We Share Your Information
We do NOT sell your personal information. Ever.
We share your information only in these limited circumstances:
3.1 Service Providers
We work with trusted third-party providers who help us operate:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Billing info, transaction data |
| Postmark | Email delivery | Email addresses, invoice content |
| Cloud Hosting | Infrastructure | All data (encrypted) |
All service providers are contractually bound to protect your data and use it only for providing their services to us.
3.2 Your Clients
When you send an invoice, your client will receive:
- Your name/business name and contact information
- Invoice details and line items
- Any notes or terms you include
3.3 Legal Requirements
We may disclose your information if required to:
- Comply with a legal obligation, subpoena, or court order
- Protect and defend our rights or property
- Prevent or investigate possible wrongdoing
- Protect the personal safety of users or the public
3.4 Business Transfers
If PayPerBill is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.
4 Data Security
We implement industry-standard security measures to protect your data:
All data is transmitted using TLS 1.3 encryption (HTTPS)
All stored data is encrypted using AES-256 encryption
Passwords are hashed using bcrypt with salt
Account lockout after failed attempts, rate limiting
While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly notifying you of any breach affecting your data.
5 Data Retention
We retain your data for as long as necessary to provide the Service and fulfill the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion + 30 days |
| Invoices and client data | Until account deletion + 30 days |
| Payment records | 7 years (legal/tax requirements) |
| Server logs | 90 days |
| Email delivery logs | 1 year |
| Analytics data | 26 months (anonymized) |
After account deletion, we may retain anonymized, aggregated data that cannot be used to identify you.
6 Your Rights and Choices
Depending on your location, you may have the following rights regarding your personal data:
Right to Access
Request a copy of the personal data we hold about you
Right to Rectification
Request correction of inaccurate or incomplete data
Right to Erasure ("Right to be Forgotten")
Request deletion of your personal data
Right to Data Portability
Receive your data in a structured, machine-readable format
Right to Object
Object to processing based on legitimate interests
Right to Restrict Processing
Request limitation of how we use your data
Right to Withdraw Consent
Withdraw consent for processing based on consent
To exercise these rights, contact us at [email protected]. We will respond within 30 days.
Account Controls
You can also manage your data directly:
- Update your profile information in Settings
- Export your data (invoices, clients) from your account
- Delete individual invoices or clients
- Close your account entirely
7 Cookies and Tracking
We use cookies and similar technologies to operate our Service:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, security, basic functionality | Session / 2 weeks |
| Functional | Remember preferences, settings | 1 year |
| Analytics | Understand usage, improve service | 26 months |
You can control cookies through your browser settings. Note that disabling essential cookies may prevent you from using the Service.
Do Not Track
We currently do not respond to "Do Not Track" browser signals. However, we do not engage in cross-site tracking or sell your data to advertisers.
8 International Data Transfers
PayPerBill is based in the United States. If you access our Service from outside the US, your data may be transferred to, stored in, and processed in the United States or other countries where our service providers operate.
For users in the European Economic Area (EEA), UK, or Switzerland, we ensure appropriate safeguards are in place for international transfers, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Binding Corporate Rules where service providers have them
9 Children's Privacy
PayPerBill is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [email protected], and we will delete such information.
10 California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: What personal information we collect, use, and disclose
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt-out of the sale of personal information (we do not sell your data)
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights
To exercise these rights, contact us at [email protected] or call [toll-free number].
11 Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes:
- We will update the "Last updated" date at the top of this page
- For material changes, we will notify you via email or in-app notification at least 30 days in advance
- Your continued use of the Service after changes take effect constitutes acceptance of the new policy
We encourage you to review this policy periodically.
12 Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
For EEA residents, you also have the right to lodge a complaint with your local data protection authority.