Back to Home

Privacy Policy

Last Updated: March 6, 2026

1. Scope and Roles

This Privacy Policy explains how PayTrack("PayTrack," "we," "our," or "us") collects, uses, and discloses personal data when you use our website and services at https://paytrack.work (the "Service").

For account-level personal data (for example your login, profile, subscription, and support interactions), PayTrack acts as the data controller. For client data and invoice data you upload to run your invoicing workflow, you are typically the controller (or business) and PayTrack acts as your processor/service provider.

2. Information We Collect

2.1 Account Data

  • Name, email address, and avatar from your authentication provider (for example Google).
  • Authentication/session data needed to keep you signed in and secure your account.

2.2 Subscription and Payment Data

  • Plan selection, Stripe customer/subscription identifiers, and related billing metadata.
  • Card/payment credentials are processed by Stripe directly. PayTrack does not store full card numbers.

2.3 Invoice and Client Data

  • Client name, client email, invoice number, amounts, currency, notes, due dates, status, and payment link information.
  • Optional reminder history, payment status updates, and related invoice metadata.

2.4 Integration and Portal Data

  • If you connect your own Stripe account, we store encrypted Stripe API keys and webhook secrets you provide.
  • For client portal access, we process email-based one-time codes and session tokens.

2.5 Device, Log, and Cookie Data

  • IP address, browser/device details, page/activity events, and server logs needed for operations, security, and analytics.
  • Essential cookies and similar technologies used for session management, sign-in, and client portal authentication.

3. How We Use Your Data

  • Provide, secure, maintain, and improve the Service.
  • Authenticate users and protect accounts from unauthorized access.
  • Create and manage invoices, payment links, reminders, and client portal access.
  • Process subscriptions and payments through Stripe.
  • Send transactional emails (sign-in links/codes, invoices, reminders, account notices) via email providers.
  • Provide customer support and respond to requests.
  • Comply with legal obligations and enforce our Terms.

4. Legal Bases (EEA/UK Users)

Where applicable (for example under GDPR), we process personal data under the following legal bases:

  • Contract: to provide the Service you request.
  • Legitimate Interests: to secure, analyze, and improve the Service.
  • Consent: where required by law.
  • Legal Obligation: to comply with applicable legal requirements.

5. Data Sharing and Processors

We do not sell your personal data. We share personal data only when needed to operate the Service, including with:

  • Stripe for payment processing, subscriptions, invoicing, and customer portal features.
  • MongoDB Atlas for application data storage.
  • Resend for transactional email delivery.
  • Google for Google sign-in, when selected by the user.
  • Vercel for hosting and analytics.
  • Crisp for support chat, if enabled.

We may also disclose information when required by law or to protect rights, safety, and security.

6. International Data Transfers

Your data may be processed in countries outside your own. Where required, we use appropriate safeguards for cross-border data transfers.

7. Data Retention

We keep personal data only as long as needed for the purposes described above or as required by law. In general:

  • Account and invoice data are retained while your account is active and deleted when your account is deleted (subject to legal, tax, security, and backup requirements).
  • Client portal one-time access codes expire quickly (typically around 15 minutes) and session cookies expire after a limited period (typically around 24 hours).
  • Operational logs are retained for a limited period for security and reliability.

8. Data Security

We use reasonable technical and organizational safeguards designed to protect personal data. For example, sensitive integration secrets stored by PayTrack (such as user-provided Stripe secrets) are encrypted at rest. No security method is perfect, and we cannot guarantee absolute security.

9. Your Rights and Choices

Depending on your location, you may have rights to access, correct, delete, export, or restrict processing of your personal data, and to object to certain processing. You may also have rights related to automated decision-making and to withdraw consent where consent is the basis for processing.

You can update some account information in your settings. You can request deletion by contacting us at neca.danii@gmail.com.

10. Your Responsibilities for Client Data

If you use PayTrack to process your clients' personal data, you are responsible for ensuring you have a valid legal basis to collect and share that data with us, and for providing any notices required by applicable privacy laws.

11. Children's Privacy

The Service is not directed to children under 13 (or older ages where required by local law). We do not knowingly collect personal data from children in violation of applicable law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the "Last Updated" date. Material changes may also be communicated through the Service or by email.

13. Contact Us

If you have privacy questions or requests, contact: neca.danii@gmail.com