Privacy Policy

AES-256 Encryption

TLS in Transit

Zero Data Sale

GDPR Compliant

Introduction

This Privacy Policy describes how PriceParity Inc. ("we", "us", or "our") collects, uses, and shares your personal information when you use our website, API, merchant dashboard, and related services (collectively, the "Services").

By accessing or using our Services, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy and our Terms of Service.

Data Collection

Information You Provide

We collect information you voluntarily provide when you:

Create a merchant account (name, email, company name)
Connect your Paddle account (API credentials, stored AES-256 encrypted)
Contact our support team (message content, attachments)
Subscribe to our newsletter or product updates

Visitor Data We Process (on behalf of merchants)

When our SDK is embedded on a merchant's website, we process visitor IP addresses solely for geo-location purposes. We do not store raw IP addresses beyond 24 hours. We do not build visitor profiles or use this data for advertising.

Automatically Collected Data

When you use our dashboard, we automatically capture technical information including browser type, operating system, and usage patterns to improve service performance and security. This data is aggregated and anonymized.

How We Use Data

We use collected information exclusively to:

🚀Provide and improve our Services

🔒Detect and prevent fraud and abuse

📊Generate anonymized analytics reports

📧Send transactional emails (receipts, alerts)

🛡️Comply with legal obligations

💬Respond to your support requests

We do not sell, rent, or trade your personal information to third parties for marketing purposes. Ever.

Security

We implement multiple security layers to protect your personal information:

AES-256-CBC encryption for all Paddle API credentials stored at rest
TLS 1.3 for all data in transit between your browser and our servers
SHA-256 hashing for API keys — the raw key is never stored
PostgreSQL Row-Level Security preventing cross-tenant data access
Regular third-party security audits and penetration testing
ISO 27001 certified hosting infrastructure

🔐 Security disclosure: Found a vulnerability? Email us at [email protected] and we'll respond within 24 hours.

Cookies & Tracking

We use a minimal set of cookies:

Essential CookiesRequired

Required for authentication and session management. Cannot be disabled.

Performance CookiesOptional

Help us understand how visitors interact with our dashboard. Fully anonymized.

SDK Session TokenRequired

A short-lived token stored in sessionStorage (not cookies) to correlate SDK evaluations with checkout sessions for fraud prevention. Expires after 30 minutes.

Your Rights

Depending on your location (EU under GDPR, California under CCPA, or other jurisdictions), you have the following rights regarding your data:

Access

Request a copy of all data we hold about you.

Correction

Update inaccurate or incomplete information.

Deletion

Request deletion of your data ("right to be forgotten").

Portability

Receive your data in a machine-readable format.

Objection

Opt out of certain processing activities.

Restriction

Limit how we process your data in specific circumstances.

To exercise any of these rights, email us at [email protected]. We respond to all verifiable requests within 30 days.

Contact Us

For privacy questions, data requests, or concerns about how we handle your information, contact our Data Protection Officer:

PriceParity Inc. — Data Protection

📧 [email protected]

🌐 Contact form