Privacy Policy

Last updated: February 26, 2025

PayGuard (“we”, “us”, “our”) operates the website payguard.dev and the PayGuard payment recovery service. This policy describes what data we collect, why we collect it, and how we handle it.

1. Data We Collect

Account information. When you sign up, we collect your email address to create your workspace and authenticate you.

Stripe webhook data. When your Stripe account sends webhook events to PayGuard, we receive and store:

• Invoice identifiers and amounts
• Customer email addresses
• Payment status and decline codes
• Subscription metadata

We do not receive or store full card numbers, bank account details, or Stripe API keys. Your Stripe webhook signing secret is stored encrypted and used only to verify incoming events.

Usage data. We track email open and click events for recovery emails we send on your behalf.

2. How We Use Your Data

• Recovery emails. We use customer email addresses and invoice data to send payment recovery emails on your behalf.
• Dashboard. We display payment and recovery status in your dashboard.
• Billing. We share your email with our billing provider to process your subscription.
• Service operation. We use data to maintain, improve, and secure the service.

3. Third-Party Services

We use the following third-party services to operate PayGuard:

• Creem (creem.io) — Merchant of Record for subscription billing.
• Resend (resend.com) — Transactional email delivery for recovery emails.
• Stripe (stripe.com) — We receive webhook events from your Stripe account. We do not act as a Stripe platform or Connect partner.

Each of these services has their own privacy policy. We encourage you to review them.

4. Cookies

We use a single session cookie to authenticate you on the dashboard. We do not use tracking cookies, analytics scripts, or advertising pixels.

5. Data Retention

We retain your account data and payment recovery records for as long as your account is active. If you cancel your subscription and request deletion, we will remove your data within 30 days.

6. Data Security

We host PayGuard on infrastructure we operate directly. Data is stored in a PostgreSQL database with encrypted connections. Webhook secrets are stored securely. All traffic is served over HTTPS.

7. Your Rights

You can request access to, correction of, or deletion of your personal data at any time by emailing us. If you are in the EU, you have additional rights under the GDPR including the right to data portability and the right to lodge a complaint with a supervisory authority.

8. Contact

For privacy questions or data requests, email [email protected].

9. Changes

We may update this policy. Material changes will be communicated via email to active account holders. Continued use of the service after changes constitutes acceptance.