Privacy Policy
Table of Contents
- 1. Introduction and Scope
- 2. Definitions
- 3. Information We Collect
- 4. How We Use Your Information
- 5. Legal Basis for Processing
- 6. Data Sharing and Disclosure
- 7. Third-Party Service Providers
- 8. International Data Transfers
- 9. Data Retention
- 10. Data Security
- 11. Your Rights and Choices
- 12. Cookies and Tracking
- 13. Children's Privacy
- 14. Changes to This Policy
- 15. Contact Information
Introduction and Scope
PayForge ("Company," "we," "us," or "our") is committed to protecting the privacy and security of personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you engage with our subscription monetization management services, visit our website, or otherwise interact with our business.
This Privacy Policy applies to:
- Business clients ("Clients") who engage PayForge for subscription management services
- End-user subscribers ("Subscribers") of our Clients' platforms whose data we process on behalf of our Clients
- Visitors to the PayForge website and individuals who contact us for inquiries
By engaging our services or accessing our website, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our services or provide us with your information.
Definitions
For the purposes of this Privacy Policy, the following definitions apply:
- "Personal Data"
- Any information relating to an identified or identifiable natural person, including but not limited to names, email addresses, payment information, and transaction history.
- "Processing"
- Any operation performed on Personal Data, whether automated or manual, including collection, recording, storage, retrieval, use, disclosure, or deletion.
- "Data Controller"
- The entity that determines the purposes and means of processing Personal Data. PayForge acts as a Data Controller for Client data and as a Data Processor for Subscriber data.
- "Data Processor"
- An entity that processes Personal Data on behalf of a Data Controller. PayForge acts as a Data Processor when handling Subscriber data on behalf of our Clients.
- "Services"
- The full-service subscription monetization management services provided by PayForge, including payment processing integration, payout management, analytics, and optional communication services.
Information We Collect
3.1 Information from Clients
When businesses engage our services, we collect:
- Business Information: Company name, registration details, business address, tax identification numbers, and authorized representative contact information
- Account Credentials: Login information for our dashboard and management systems
- Financial Information: Bank account details for payout disbursement, billing information, and transaction records
- Platform Information: Technical details about your content platform, integration requirements, and subscription tier configurations
- Communications: Records of correspondence, support requests, and consultation notes
3.2 Subscriber Information
On behalf of our Clients, we may process the following Subscriber data, depending on the scope of services engaged:
- Identity Information: Names, usernames, and profile identifiers
- Contact Information: Email addresses and, where applicable, phone numbers
- Transaction Data: Subscription tier, payment amounts, transaction dates, payment method type, and transaction status
- Subscription History: Sign-up dates, renewal history, upgrade/downgrade records, and cancellation data
- Payment Tokens: Tokenized payment method identifiers (we do not store raw credit card numbers)
Note: The scope of Subscriber data we access varies based on the specific services engaged by each Client. Not all data categories are collected for every Client relationship.
3.3 Website Visitor Information
When you visit our website, we automatically collect:
- Device Information: Browser type, operating system, and device identifiers
- Usage Data: Pages visited, time spent on pages, referring URLs, and navigation patterns
- Network Information: IP address and approximate geographic location
3.4 Contact Form Submissions
When you submit inquiries through our contact form, we collect the name, email address, and message content you provide.
How We Use Your Information
4.1 Service Delivery
- Process subscription payments and manage payment provider integrations
- Calculate and disburse monthly payouts to Clients
- Generate analytics reports and performance dashboards
- Handle subscription lifecycle events (sign-ups, renewals, cancellations, upgrades)
- Process refunds and manage chargebacks
4.2 Communication Services
Where Clients have engaged our optional email services:
- Send transactional emails (receipts, payment confirmations, subscription updates)
- Deliver notifications regarding payment failures or subscription issues
4.3 Business Operations
- Respond to inquiries and provide customer support
- Maintain and improve our services and systems
- Ensure security and prevent fraud
- Comply with legal obligations and enforce our agreements
4.4 Analytics and Improvement
- Analyze website traffic and user behavior to improve our website
- Generate aggregated, anonymized insights to enhance our services
Legal Basis for Processing
We process Personal Data based on the following legal grounds:
Contractual Necessity
Processing necessary to fulfill our contractual obligations to Clients, including payment processing and payout disbursement.
Legitimate Interests
Processing necessary for our legitimate business interests, such as fraud prevention, security, and service improvement, where such interests are not overridden by your rights.
Legal Compliance
Processing necessary to comply with applicable laws, regulations, and legal processes, including tax reporting and anti-money laundering requirements.
Consent
Where required, we obtain explicit consent for specific processing activities, such as optional marketing communications.
Data Sharing and Disclosure
We do not sell, rent, or trade Personal Data to third parties for marketing purposes. We may share information in the following circumstances:
6.1 With Service Providers
We share data with trusted third-party service providers who assist in operating our services, subject to confidentiality obligations and data processing agreements.
6.2 With Payment Processors
Transaction data is shared with our integrated payment processors (Stripe and PayPal) to facilitate payment processing and payout disbursement.
6.3 Legal Requirements
We may disclose information when required by law, court order, or governmental regulation, or when necessary to protect our rights, safety, or property.
6.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, Personal Data may be transferred to the acquiring entity, subject to the same privacy protections.
Third-Party Service Providers
We utilize the following categories of third-party service providers:
| Provider Category | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Transaction data, payment tokens |
| PayPal | Payment processing | Transaction data, payer information |
| Cloud Infrastructure | Data storage and processing | All data categories (encrypted) |
| Analytics Provider | Website analytics | Anonymized usage data |
All third-party providers are contractually obligated to protect Personal Data and process it only for specified purposes.
International Data Transfers
PayForge stores and processes data on servers located within the European Union. This ensures compliance with EU data protection standards, including the General Data Protection Regulation (GDPR).
Where data transfers outside the EU are necessary (for example, to payment processors with global infrastructure), we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions for countries with equivalent data protection standards
- Binding Corporate Rules where applicable
Data Retention
9.1 Active Relationships
We retain Personal Data for as long as necessary to provide our services and maintain the business relationship.
9.2 Post-Termination
Following termination of a Client relationship:
- Subscriber Data: Deleted within thirty (30) days of contract termination, following provision of data export
- Client Account Data: Deleted within thirty (30) days of contract termination
- Financial Records: Retained for the minimum period required by applicable tax and financial regulations (typically 7 years)
9.3 Website Data
Contact form submissions are retained for twelve (12) months. Analytics data is retained in anonymized form.
Data Security
We implement comprehensive technical and organizational measures to protect Personal Data, including:
Technical Measures
- TLS/SSL encryption for data in transit
- AES-256 encryption for data at rest
- Regular security assessments and penetration testing
- Multi-factor authentication for system access
- Automated intrusion detection systems
Organizational Measures
- Role-based access controls
- Employee confidentiality agreements
- Regular security training
- Incident response procedures
- Vendor security assessments
While we implement robust security measures, no method of transmission or storage is completely secure. We cannot guarantee absolute security of your information.
Your Rights and Choices
Depending on your location and applicable law, you may have the following rights regarding your Personal Data:
Right of Access
Request a copy of the Personal Data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete Personal Data.
Right to Erasure
Request deletion of your Personal Data, subject to legal retention requirements.
Right to Data Portability
Receive your data in a structured, machine-readable format. Full data export is provided upon contract termination.
Right to Object
Object to processing based on legitimate interests.
Right to Restrict Processing
Request limitation of processing in certain circumstances.
To exercise any of these rights, please contact us using the information provided in Section 15. We will respond to requests within thirty (30) days.
Note for Subscribers: If you are a Subscriber of one of our Clients' platforms, please direct privacy requests to the Client directly. We process Subscriber data on behalf of our Clients and will assist them in responding to your requests.
Cookies and Tracking
Our website uses limited tracking technologies for basic analytics purposes:
| Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Required for website functionality | Session |
| Analytics Cookies | Understand website usage patterns | Up to 12 months |
We do not use advertising cookies, retargeting pixels, or social media tracking on our website. You can control cookies through your browser settings.
Children's Privacy
PayForge services are intended for use by registered business entities and individuals who are at least eighteen (18) years of age. We do not knowingly collect Personal Data from children under the age of 18.
If we become aware that we have collected Personal Data from a child under 18, we will take steps to delete such information promptly. If you believe we have inadvertently collected data from a child, please contact us immediately.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:
- We will update the "Last Updated" date at the top of this policy
- For material changes, we will notify Clients via email at least thirty (30) days before the changes take effect
- We will post a prominent notice on our website
Your continued use of our services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.
Contact Information
For questions, concerns, or requests regarding this Privacy Policy or our data practices, please use the form below:
If you are located in the European Union and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local Data Protection Authority.