1. Introduction
PayVia ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share information about you when you use our services, including our website, dashboard, API, SDK, and related tools. This policy applies to both developers who use PayVia to manage payments, and to the end-users whose data is processed through our platform.
2. Data Controller
PayVia acts as a data controller for developer account data (registration, dashboard usage, project configuration). For end-user/subscriber data processed on behalf of developers, PayVia acts as a data processor. Developers are the data controllers for their end-users' data and are responsible for obtaining appropriate consent and providing privacy notices to their users.
3. Information We Collect
3.1 Developer Account Data
- Registration Information: Email address, password (bcrypt-hashed, never stored in plain text)
- Google Sign-In Data: If you sign in with Google, we receive your Google user ID, email address, and display name from Google. We do not access your Google contacts, calendar, or other Google services
- Payment Provider Credentials: Your PayPal Client ID/Secret and/or Tranzila terminal credentials, stored encrypted for processing payments on your behalf
- Project Data: Project names, plans, tiers, pricing configurations, and trial settings
- API Keys: Generated API keys for programmatic access (stored hashed)
3.2 End-User / Subscriber Data
When developers use PayVia, we process the following data about their end-users:
- Customer Information: Email address, external user ID (as provided by the developer)
- Subscription Data: Plan selections, subscription status, trial status, payment history
- License Validation Logs: Timestamp, action type, result, and customer identifier for every license check, recorded in audit logs
3.3 Automatically Collected Data
- Usage Data: Dashboard interactions, API call patterns, and feature usage
- Device Information: Browser type and version, operating system, screen resolution
- Network Data: IP address, approximate location (country/region level only)
- Webhook Events: Raw webhook payloads from payment providers, stored for idempotent processing and audit purposes
4. How We Use Your Information
- Service Delivery: To provide and maintain the PayVia platform, process payments, manage subscriptions, and validate licenses
- Authentication: To verify your identity and secure access to your account
- Communications: To send essential service notifications, security alerts, and account-related updates (not marketing — see section 8)
- Audit & Compliance: To maintain audit logs for license validation, payment processing, and webhook events
- Security: To detect and prevent fraud, abuse, and unauthorized access
- Improvement: To analyze usage patterns and improve our services (only with analytics consent — see Cookies section)
- Legal Compliance: To comply with applicable laws, regulations, and legal processes
5. Information Sharing
We may share your information with:
- Payment Providers (PayPal, Tranzila): To process payments and manage subscriptions on your behalf. Each provider has its own privacy policy
- Google: Only during the Google Sign-In authentication flow; we send no additional data to Google
- Hosting & Infrastructure Providers: Our servers and services are hosted on infrastructure providers that may process data on our behalf under strict data processing agreements
- Legal Requirements: When required by law, court order, or government request, or to protect our rights, safety, or property
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
6. Data Storage & Security
We implement appropriate technical and organizational measures to protect your data:
- Passwords are hashed using bcrypt (never stored in plain text)
- API keys are hashed after generation
- All data in transit is encrypted via TLS/HTTPS
- Payment provider credentials are stored encrypted
- License cache responses include HMAC-SHA256 anti-tamper signatures
- Access to production systems is restricted and logged
Our servers are located in Israel. By using PayVia, you consent to the processing and storage of your data in Israel. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
7. Data Retention
We retain data according to the following guidelines:
- Account Data: Retained as long as your account is active. Upon account deletion, personal data is removed within 30 days
- Transaction & Payment Records: Retained for 7 years as required by applicable tax and financial regulations
- Audit Logs: License validation and webhook logs are retained for 12 months for debugging and compliance purposes
- Webhook Events: Raw webhook payloads are retained for 90 days
- Backups: Database backups may contain your data and are retained for up to 90 days before being permanently deleted
8. Cookies & Local Storage
We use cookies and browser local storage. You can manage your preferences through our cookie consent banner. We categorize cookies as follows:
- Essential (always active): Required for the site to function — authentication tokens (JWT), session management, cookie consent preferences. Cannot be disabled
- Analytics (opt-in): Help us understand how visitors interact with our site to improve the user experience. Only activated with your consent
- Marketing (opt-in): Used to deliver relevant content. Only activated with your consent
Cookie consent expires after 12 months, after which you will be prompted again. You can change your preferences at any time through your browser settings or by clearing your local storage.
SDK Local Storage (End-Users)
The PayVia SDK stores license validation cache data on end-user devices using Chrome extension storage or browser localStorage. This cached data includes subscription status, tier information, and a cryptographic signature, and is used solely for offline license validation. Cache data has a 7-day TTL with a 30-day grace period.
9. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Rectification: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your account and associated personal data
- Data Portability: Export your data in a machine-readable format (CSV export is available for subscriber data)
- Restriction: Request restriction of processing in certain circumstances
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw cookie consent at any time without affecting the lawfulness of prior processing
To exercise these rights, contact us at payvia@asia-digital.online. We will respond within 30 days. For end-user data rights, please contact the developer whose application you use — they are the data controller for your information.
10. Children's Privacy
PayVia is a B2B service intended for developers aged 18 and older. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.
11. International Data Transfers
Our servers are located in Israel. If you are accessing PayVia from outside Israel, your data will be transferred to and processed in Israel. Israel has been recognized by the European Commission as providing an adequate level of data protection. By using our services, you consent to this transfer and processing.
12. Third-Party Links
Our service may contain links to third-party websites or services (e.g., PayPal, Tranzila, Google). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing them with your information.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated at least 14 days in advance via email and/or a prominent notice on the dashboard. The "Last updated" date at the top of this page indicates when the policy was last revised. Your continued use of PayVia after changes take effect constitutes acceptance of the updated policy.