Privacy Notice

Effective date: February 9, 2026

PayPOS Privacy Notice

This Notice explains how PayPOS LLC (“PayPOS”, “we”, “us”) collects, uses, discloses, and protects personal information in connection with the PayPOS mobile application, its APIs, and the paypos.us website (collectively, the “Services”).

This Notice is intended to provide transparency and support applicable U.S. privacy requirements, including state consumer privacy frameworks where relevant.

Privacy contact
privacy@paypos.org
Mail
PayPOS LLC
1111B S Governors Ave, STE 26217
Dover, DE 19904, USA

1. Who this Notice applies to

This Notice applies to personal information processed through the Services, including information relating to: (i) business customers/merchants and their authorized users (admins, managers, staff), (ii) website visitors, and (iii) where applicable, individuals who make or attempt payments through merchant workflows powered by the Services (e.g., links, QR codes, or remote payment experiences).

2. Personal information we collect

We collect information directly from you, automatically when you use the Services, and from business customers/partners as needed to operate merchant workflows.

A. Merchant / account information

  • Business identifiers and profile details (e.g., legal name, tax/VAT identifiers where applicable, industry).
  • Business contact details (address, email, phone).
  • User account credentials and access controls (login identifiers, roles, permissions).

B. Payment and transaction information

  • Transaction references, timestamps, amounts, currency, and status.
  • Device identifiers (terminals, Android devices) and configuration metadata.
  • Payment method data in limited form (e.g., tokenized or truncated identifiers).
Card data: PayPOS is designed so that full payment card data is handled by PCI-DSS certified payment service providers/acquirers, and not stored by PayPOS in readable form.

C. Technical, security, and usage data

  • Log data (IP address, session identifiers, user-agent, event logs).
  • App diagnostics (crashes, errors, performance telemetry).
  • Device technical info (OS version, model, internal device identifiers).

D. Cookies and similar technologies

We may use cookies and similar technologies to operate and secure the website, remember preferences, and understand usage. Where required, we provide choice mechanisms for non-essential technologies.

3. How we use personal information

  • Provide, operate, maintain, and secure the Services.
  • Authenticate users, manage access, and administer merchant accounts.
  • Process transactions and support merchant payment workflows.
  • Detect, prevent, and investigate fraud, abuse, security incidents, and illegal activity.
  • Provide customer support, communicate about service updates, incidents, and security notices.
  • Improve and develop the Services, including aggregated analytics.
  • Send business-to-business communications (e.g., product updates, events). Marketing opt-out options apply.

4. How we disclose personal information

We may disclose personal information to the following categories of recipients:

  • Service providers performing services on our behalf (hosting, monitoring, support tooling, email delivery).
  • Payment ecosystem partners (PSPs, acquirers, banks) involved in transaction processing and settlement.
  • Professional advisors (legal, audit) subject to confidentiality obligations.
  • Authorities if required by law or to protect rights, safety, and security.

5. Data retention

We retain personal information for as long as reasonably necessary to operate the Services, comply with law, resolve disputes, enforce agreements, and protect the platform. Retention periods may vary based on the type of data, contractual requirements, and legal obligations.

Operational note: If you provide data export after account closure (e.g., 30 days), state it precisely here once confirmed.

6. Security

We implement technical and organizational measures designed to protect personal information against unauthorized access, disclosure, alteration, and destruction (e.g., transport encryption, access controls, logging/monitoring, backups and recovery practices).

7. Children’s privacy (COPPA)

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete it as required.

8. Marketing communications (CAN-SPAM)

Where we send commercial email communications, you can opt out by using the unsubscribe mechanism in the message or by contacting us. We process opt-out requests as required and maintain suppression lists to honor preferences.

Tip: Ensure every marketing email includes accurate sender identification and a valid physical postal address, and provides a clear opt-out mechanism.

9. U.S. state privacy rights (as applicable)

Depending on where you live and how the Services are used, you may have certain rights regarding personal information, such as the right to access, delete, correct, or opt out of certain processing (e.g., targeted advertising or certain disclosures). We will respond to verified requests as required by applicable law.

California (CCPA/CPRA) notice elements

California law includes specific transparency and request-handling obligations (e.g., designated methods for submitting requests, and disclosures about categories of personal information and purposes). We provide request options below.

How to submit a request

We may need to verify your identity and/or authority to act on behalf of a business customer before completing your request.

Do Not Sell / Share

If PayPOS engages in “selling” or “sharing” personal information as those terms are defined under certain state laws (including California), we will provide the required opt-out mechanisms and required disclosures.

10. GLBA / financial privacy (conditional)

Some data processing may be subject to sector-specific financial privacy rules (such as the Gramm-Leach-Bliley Act), depending on the role of the parties and the nature of the services provided. If GLBA applies, additional notices and rights may apply.

11. Changes to this Notice

We may update this Notice from time to time. We will post the updated version on this page and update the “Effective date” above. Material changes may be communicated through the Services or via email where appropriate.

Legal notice: This page is provided for informational transparency. It does not constitute legal advice.