Policy overview

Privacy Policy

We process only the data required to run ProfitPay, prioritising transparency, legal compliance, and easy opt-outs.

Last reviewed October 2025

Our responsibility

ProfitPay acts as a data processor for merchants and applies industry safeguards, yet the service is provided “as is”. You remain responsible for how you use collected data and for securing access on your side.

1. What data we collect

Account information you provide

Account basics: legal name or alias, contact email, phone number (if voluntarily supplied), company descriptors, and role titles captured during onboarding.

Optional KYC documentation is requested only when legislation obliges us to verify identity.

Payment and settlement data

Payment data: invoice references, payer details you capture, transaction timestamps, asset types, and settlement status, used strictly to fulfil contracts and meet accounting duties.

We never store full card numbers or wallet seed phrases; sensitive credentials remain with your payment provider.

Technical and telemetry signals

Technical information: IP address, device identifiers, browser metadata, cookie IDs, API request logs, and security events generated automatically when our services are used.

Telemetry is pseudonymised where possible and retained primarily for security investigations.

2. Purposes and legal bases

We use personal data to deliver and refine our services in line with contractual, legal, and legitimate interest grounds. ProfitPay never repurposes information for unrelated marketing without first asking for consent.

Provide, operate, and troubleshoot the ProfitPay platform and supporting APIs.
Fulfil contractual obligations, including billing, settlement, and audit requests.
Comply with anti-fraud, anti-money-laundering, and tax-reporting requirements.
Respond to inquiries, share service updates, and manage incidents.

3. Data retention

Retention periods depend on data category, legal obligations, and your ongoing use of the service. We minimise data by default and delete or anonymise records once they are no longer required.

Operational records

Kept while your workspace remains active and for up to 12 months afterwards to handle reconciliation or reactivation requests.

Regulatory archives

Stored for the period mandated by applicable financial, tax, or AML regulations (typically 5–10 years) and then securely purged.

Support conversations

Retained for 18 months to track resolutions and avoid repetitive troubleshooting, unless you request earlier deletion.

4. Sharing with third parties

We share limited data with carefully selected partners who help us run ProfitPay. Each partner signs binding agreements that cover confidentiality, security, and data-subject rights.

  • Infrastructure and hosting providers delivering compute, storage, and monitoring.
  • Payment, compliance, and analytics vendors engaged to process transactions or perform risk scoring.
  • Professional advisors (legal, accounting, audit) when disclosure is necessary to protect our legitimate interests.

You control any third-party tools you connect to ProfitPay; we are not liable for independent disclosures you make.

5. Security

Security of personal data is a shared responsibility. We deploy layered controls while reminding customers to secure their own environments.

Encryption in transit and at rest for core storage and managed secrets.
Strict access controls, least-privilege policies, and monitored administrative actions.
Dedicated incident response with logging, anomaly detection, and independent penetration testing.

No internet service can guarantee absolute protection; by using ProfitPay you accept residual risks of outages or malicious interference.

6. User rights

You can exercise your data-subject rights at any time. We comply within statutory timelines and may request proof of identity before actioning a request.

  • Access: obtain a copy of the personal data we hold about you.
  • Rectification: correct inaccurate or incomplete information.
  • Erasure: ask us to delete data when legal grounds allow.
  • Restriction or objection: limit or contest specific processing activities.

Send requests to privacy@profitpay.store so we can verify and process them securely.

We acknowledge within two business days and complete the process as swiftly as regulation permits.

Minimal metadata may be retained afterwards to demonstrate compliance.

7. Cookies and analytics

Cookies keep sessions secure and power baseline analytics. We avoid invasive profiling or cross-site advertising cookies.

Essential cookies maintain authentication sessions and fraud-prevention safeguards.

Analytics cookies capture aggregated metrics such as feature usage, latency, and error rates.

Optional integrations may set their own cookies; their privacy notices govern that activity.

You can adjust cookie preferences in your browser or disable analytics in workspace settings; some functions may degrade.

8. Policy updates

We update this policy whenever our practices evolve. The latest version is published here, and significant changes are signalled via dashboard notices or email.

  1. Cross-border transfers occur only with safeguards such as Standard Contractual Clauses or adequacy decisions.
  2. We do not apply automated decision-making with legal or similarly significant effects without human oversight.
  3. If you believe your rights were infringed, you can contact your local data protection authority.

Continuing to use ProfitPay after an update constitutes acceptance of the revised terms.

This policy covers ProfitPay-operated services only. Linked third-party resources follow their own privacy practices that you must review independently.

ProfitPay acts as the controller for workspace account data and the processor for end-customer payment data handled on behalf of merchants.