Privacy Policy

Last updated: 2026-05-10

PayDam is a product of Paldam LLC, a California limited liability company ("Paldam LLC", "PayDam", "we", "us", or "our"). This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when people use PayDam or interact with us.

PayDam is a business-to-business service. If you are an end-customer of a merchant that uses PayDam, that merchant controls your customer relationship and billing records. We process your information on that merchant's instructions, and you should contact the merchant first for questions about a subscription, invoice, refund, cancellation, or payment obligation.

1. Contact

Paldam LLC · 2108 N St, Ste N, Sacramento, CA 95816
Privacy: privacy@paydam.app
Security: security@paydam.app
Support: support@paydam.app

2. Our role

• Account-holder data. For data about PayDam account holders, users, prospects, and support contacts, Paldam LLC is the controller or business responsible for deciding how the data is used.
• Merchant customer data. For personal data about a merchant's end-customers that PayDam receives from Stripe or processes in recovery workflows, the merchant is the controller or business and Paldam LLC is the processor or service provider.
• Stripe data. Stripe remains an independent provider for payment processing, payment-method storage, payment attempts, disputes, refunds, and payouts under Stripe's own terms and privacy notices.

3. Information we collect

Account-holder and workspace information

• name, email address, password hash, company name, website, support email, and optional phone or branding fields;
• account settings, plan, billing status, invoices, support messages, legal notices, and operational communications;
• Stripe account identifiers, OAuth tokens, restricted API keys, webhook identifiers, and related connection status that you authorize; and
• security, audit, diagnostic, and usage events generated by the service.

Merchant customer data processed on behalf of merchants

When a Stripe invoice, subscription, or payment status changes, PayDam may process:

• customer name and email address, where present in Stripe;
• Stripe customer, invoice, subscription, payment intent, charge, and account identifiers;
• invoice amount, currency, line-item descriptions, due date, status, failure reason, and retry timestamps;
• recovery email events such as sent, delivered, opened, clicked, bounced, suppressed, paused, or unsubscribed; and
• merchant-configured template content, branding, sender details, and support contact details shown to customers.

Technical information

• IP address, user agent, device/browser information, request path, timestamps, account-creation and authentication events, and security logs;
• essential cookies and anti-forgery tokens needed for authentication and security; and
• limited diagnostic data needed to detect errors, abuse, service health, and fraud.

We do not use third-party advertising trackers or sell personal information.

4. How we use information

We use personal information to:

• provide, secure, monitor, support, and improve PayDam;
• connect to Stripe, receive webhooks, send recovery emails, generate signed recovery URLs, and display recovery analytics;
• process PayDam billing, collect fees, prevent fraud, enforce plan limits, and resolve disputes;
• send account, security, billing, service, support, and legal notices;
• comply with law, enforce our terms, protect rights and safety, and maintain records; and
• create aggregated or de-identified information that does not identify an individual, customer, or merchant.

We do not use merchant customer data for advertising, resale, or unrelated marketing. We process it to provide PayDam to the merchant that instructed us to process it, subject to the Terms and DPA.

5. Legal bases where GDPR or UK GDPR applies

• Contract. Providing PayDam to account holders and workspaces.
• Legitimate interests. Security, fraud prevention, service reliability, product improvement, billing, business operations, and legal enforcement.
• Consent. Optional marketing or optional features where consent is required.
• Legal obligation. Tax, accounting, legal, compliance, and security obligations.
• Processor role. For merchant customer data, the merchant determines the legal basis and instructs our processing.

6. How we disclose information

We may disclose personal information:

• to service providers and sub-processors listed at /legal/sub-processors;
• to Stripe and connected Stripe accounts as needed to provide the integration and recovery workflows;
• to the PayDam account holder or workspace administrators for that workspace;
• to professional advisers, insurers, auditors, payment processors, collection providers, or legal authorities where reasonably necessary;
• to comply with law, court orders, subpoenas, legal process, or government requests;
• to protect PayDam, Paldam LLC, users, merchants, end-customers, Stripe, service providers, or the public; and
• in connection with a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar business transaction.

7. Sub-processors

We use sub-processors to host PayDam, deliver email, support payment-related integration, protect the service, and operate business mailboxes. The current list is maintained at /legal/sub-processors. We may update that list as the service changes, subject to the DPA where merchant customer data is involved.

8. Retention

• Active accounts. Account and workspace data is retained while the account is active.
• Closed accounts. We generally delete merchant customer data within thirty (30) days after account termination or deletion, subject to backups, legal holds, dispute records, security logs, tax records, and other records we are permitted or required to retain.
• Stripe credentials. Locally stored Stripe OAuth tokens and restricted API keys are cleared when the connection is disconnected in PayDam or the account is deleted, subject to backup deletion cycles and legal requirements.
• Billing, tax, and legal records. Retained as long as reasonably necessary for accounting, tax, collections, audit, dispute, and legal purposes.
• Logs. Application logs and security logs are generally retained for a limited rolling period unless needed longer for security, fraud, debugging, legal, or compliance reasons.
• Backups. Backup copies may persist for a limited period and are overwritten according to backup cycles.

9. Security

We use administrative, technical, and organizational safeguards designed to protect personal information, including controls for protected transmission and storage, credential handling, access governance, operational monitoring, and vendor management. We do not publish detailed security architecture or control configurations on public pages. No system is perfectly secure, and we cannot guarantee that unauthorized access, disclosure, loss, or misuse will never occur.

If we become aware of a personal-data breach that legally requires notice, we will provide notice as required by applicable law and, for processor data, as described in the DPA.

10. International transfers

PayDam is operated from the United States. Personal information may be processed in the United States and other countries where we or our sub-processors operate. Where required, we rely on appropriate transfer mechanisms, such as Standard Contractual Clauses, the UK International Data Transfer Addendum, adequacy decisions, or other lawful safeguards maintained by us or our sub-processors.

11. Cookies

PayDam uses essential cookies and similar technologies for authentication, session management, security, anti-forgery protection, and user preferences such as theme. If you choose to allow analytics, PayDam may use Google Analytics to understand aggregate site usage and product navigation. We do not use advertising cookies or third-party behavioral advertising trackers.

12. Privacy rights

Depending on where you live and which laws apply, you may have rights to access, correct, delete, restrict, object to, or receive a copy of personal information. California residents may also have rights to know, delete, correct, opt out of sale or sharing, limit certain sensitive-information uses, and be free from discrimination for exercising rights. We do not sell personal information or share it for cross-context behavioral advertising.

Signed-in account holders can use the Account Data page from the workspace footer or email privacy@paydam.app. We may verify your identity and authority before acting on a request. Where we process merchant customer data as a processor or service provider, we may refer the request to the relevant merchant or act on the merchant's instructions.

13. Children

PayDam is not directed to children and is not intended for anyone under 18. We do not knowingly collect personal information from children.

14. Changes to this policy

We may update this policy from time to time. The "Last updated" date reflects the current version. Continued use of PayDam after a policy update means the updated policy applies to information collected and processed after the effective date, subject to applicable law.

PayDam is a product of Paldam LLC · privacy@paydam.app