GDPR Compliant: This Privacy Policy complies with EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

Privacy Policy

Last Updated: January 16, 2026

1. Introduction

Payzora ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our crypto invoicing platform.

By using Payzora, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

When you create an account and use Payzora, you provide us with:

  • Account Information: Name, email address, password (encrypted)
  • Profile Information: Business name, wallet addresses, country
  • Invoice Data: Client names, email addresses, invoice amounts, descriptions
  • Payment Information: Cryptocurrency wallet addresses, transaction details
  • Communications: Support messages, feedback, survey responses

2.2 Information We Collect Automatically

When you use our Service, we automatically collect:

  • Usage Data: Pages visited, features used, time spent, actions taken
  • Device Information: IP address, browser type, operating system, device type
  • Cookies and Tracking: Session cookies, analytics cookies (see Cookie Policy)
  • Log Data: Server logs, error reports, performance data

2.3 Information from Third Parties

  • Payment Processors: Transaction confirmations from our crypto payment processor
  • Analytics Services: Aggregated usage statistics from analytics providers

3. How We Use Your Information

We use your information to:

  • Provide the Service: Create accounts, process invoices, facilitate payments
  • Communicate: Send transactional emails (invoice notifications, payment confirmations)
  • Improve: Analyze usage patterns, fix bugs, develop new features
  • Security: Detect fraud, prevent abuse, protect against security threats
  • Compliance: Meet legal obligations, enforce our Terms of Service
  • Marketing: Send promotional emails (you can opt out anytime)
  • Support: Respond to your questions and provide assistance

4. Legal Basis for Processing (GDPR)

We process your data based on:

  • Contract Performance: To provide the Service you signed up for
  • Legitimate Interest: To improve our Service, prevent fraud, and ensure security
  • Legal Obligation: To comply with laws (e.g., tax, AML/KYC)
  • Consent: For marketing communications (you can withdraw consent anytime)

5. How We Share Your Information

We may share your information with:

Service Providers

  • Payment Processor: To process cryptocurrency payments
  • Email Service: Resend (to send transactional and marketing emails)
  • Hosting: Vercel and Supabase (to host our platform and database)
  • Analytics: To understand how our Service is used

Legal Requirements

We may disclose your information if required by law, court order, or government request, or to:

  • Comply with legal obligations (AML, KYC, tax reporting)
  • Protect our rights, property, or safety
  • Prevent fraud or abuse
  • Respond to law enforcement requests

Business Transfers

If Payzora is acquired by or merged with another company, your information may be transferred to the new entity. We will notify you of such changes.

We do NOT:

  • Sell your personal information to third parties
  • Share your data with advertisers
  • Use your data for purposes unrelated to providing our Service

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: 256-bit SSL/TLS encryption for data in transit
  • Password Security: Bcrypt hashing with 12 rounds for password storage
  • Database Security: Row-level security (RLS) policies in Supabase
  • Access Control: Limited employee access to user data
  • Two-Factor Authentication: Optional 2FA for account protection
  • Regular Security Audits: Periodic reviews and updates

However, no system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.

7. Data Retention

We retain your data for as long as:

  • Your account is active
  • Needed to provide the Service
  • Required by law (e.g., 7 years for financial records)

After Account Deletion: We delete most personal data within 30 days. Some data (transaction logs, financial records) may be retained longer for compliance purposes.

8. Your Rights (GDPR)

Under GDPR, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing for direct marketing or legitimate interests
  • Right to Withdraw Consent: Withdraw consent for marketing emails anytime

To exercise any of these rights, contact us at privacy@payzora.io or use the settings in your account dashboard. We will respond within 30 days.

9. Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience. For detailed information, see our Cookie Policy.

Types of cookies we use:

  • Essential Cookies: Required for the Service to function (e.g., session management)
  • Analytics Cookies: Help us understand how you use the platform
  • Preference Cookies: Remember your settings (e.g., dark mode)

You can control cookies through your browser settings. Note that disabling essential cookies may affect functionality.

10. International Data Transfers

Payzora is operated from the United States. If you are located outside the US, your data will be transferred to and processed in the US. We ensure appropriate safeguards are in place to protect your data in compliance with GDPR and other applicable laws.

11. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately, and we will delete it.

12. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our Service. The "Last Updated" date at the top indicates when this policy was last revised.

Your continued use of Payzora after changes are posted constitutes acceptance of the updated policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

  • Privacy Inquiries: privacy@payzora.io
  • Data Protection Officer: dpo@payzora.io
  • General Support: support@payzora.io
  • Website: payzora.io

EU Representatives: If you are in the European Union and have concerns about our data practices, you have the right to lodge a complaint with your local data protection authority.

Your Privacy Matters:

  • ✓ We never sell your data
  • ✓ You can export your data anytime
  • ✓ You can delete your account anytime
  • ✓ We use bank-level encryption
  • ✓ We're GDPR compliant
Terms of Service →Cookie Policy →