PayDam
Product Pricing Security Resources
Sign in Start free trial
Home Product Pricing Security Resources
← Back to PayDam

Security and disclosure

How we keep your data safe, what's in scope for security reports, and how to contact us if you think you've found a vulnerability.

PayDam is operated by Paldam LLC, a California limited liability company. This public page explains our security posture at a high level and sets the rules for responsible vulnerability reports. We do not publish implementation details that could increase risk for PayDam, our customers, or customer end users.

PayDam account page showing sign-in email, password reset, two-step verification, and data links
Account-level controls include email changes, password reset emails, email two-step verification, and account data access.

How we protect your data

  • Protected transmission and storage. We use commercially reasonable safeguards intended to protect account data, customer data, and connected-account credentials.
  • Controlled access. Administrative access is limited to authorized personnel with a business need and is reviewed as part of normal operations.
  • Credential handling. Stripe connection credentials and service secrets are treated as sensitive data and protected with layered controls.
  • Payment-card boundary. PayDam is designed so raw card numbers, CVC codes, and bank account numbers are collected by Stripe rather than PayDam.
  • Operational monitoring. We maintain logging and review practices intended to support reliability, abuse prevention, fraud response, and security investigations.
  • Trusted providers. We use reputable infrastructure, payment, communications, and security providers listed on our Sub-processors page.
  • Vulnerability handling. We review reported vulnerabilities and prioritize remediation based on severity, exploitability, and customer impact.

For safety, this page intentionally avoids detailed architecture, framework, key-management, network-control, logging-retention, and detection-rule information. Additional security information may be shared under appropriate confidentiality terms when we determine it is reasonable and safe to do so.

Reporting a vulnerability

Email security@paydam.app. We target an initial response within 48 hours.

If you can, please include:

  • A description of the issue and its potential impact.
  • Steps to reproduce - ideally a minimal proof of concept.
  • The affected URL or endpoint.
  • Your contact details. (Anonymous reports are fine, coordination is just easier with a channel.)

If the report relates to an active, in-progress compromise, also CC support@paydam.app and put [SECURITY - URGENT] in the subject line.

We don't currently run a paid bug-bounty programme. We will publicly credit responsible disclosures on request, once the issue is resolved.

What's in scope

These targets are in scope for security reports:

  • PayDam-owned public web properties and application pages.
  • Authentication, account-management, billing-management, and customer recovery flows operated by PayDam.
  • Vulnerabilities that could affect PayDam account data, customer data, connected-account credentials, or service integrity.

What's out of scope

  • Third-party services we use. Stripe, Microsoft Azure, SendGrid, Cloudflare, Google Sign-In, and similar - please report vulnerabilities in those services directly to the respective vendor.
  • Social engineering of our staff or customers.
  • Physical attacks and denial-of-service attacks.
  • Issues that require already-compromised customer credentials or physical access to a customer device.

Coordinated disclosure

We ask that you:

  • Give us reasonable time to investigate and fix the issue before any public disclosure - typically 90 days, or sooner by mutual agreement.
  • Avoid accessing, modifying, or destroying data that doesn't belong to you. Use test accounts you create.
  • Avoid actions that would degrade service for other customers.

If something goes wrong on our side

If we confirm a security incident affecting your account, we will provide notice as required by applicable law, contract, and our legal policies. Any notice may be limited as needed to protect ongoing investigations, the service, other customers, or legal privileges.

Security contacts

  • security@paydam.app - security reports and incident response.
  • privacy@paydam.app - privacy rights, Data Processing Agreement queries, data-subject requests.
  • support@paydam.app - everything else.

Related

  • Privacy policy - what data we collect and how we use it.
  • Data Processing Agreement - the contract for B2B data handling.
  • Sub-processors - the third parties we share data with.

Paldam LLC · 2108 N St, Ste N, Sacramento, CA 95816

PayDam
PayDam is a product of Paldam LLC.
2108 N St, Ste N, Sacramento, CA 95816
support@paydam.app
Product
Product tour Pricing FAQ
Security
Security posture Disclosure policy Report a vulnerability
Resources
Blog Compare Stripe payment recovery guide What is Stripe dunning?
Legal
Terms of Service Privacy Policy Data Processing Agreement Sub-processors
© 2026 Paldam LLC. All rights reserved.

PayDam uses essential cookies for login and security. Optional analytics helps us understand aggregate product usage. Learn more