Privacy Policy

Last updated: 1 March 2026

Payhook ("we", "us", "our") provides an API-first digital storefront for selling digital products. This policy explains what data we collect, how we use it, and your rights.

1. Data we collect

We collect the following categories of data:

• Account data: email address and password hash when you register.
• Product data: names, descriptions, prices, and files you upload to sell.
• Transaction data: buyer email addresses, Stripe payment references, and purchase timestamps. We never store card details — Stripe handles all payment processing.
• Usage data: API requests, page views, and error logs for platform stability.

2. How we use your data

• To operate the Payhook platform and process purchases.
• To deliver download links to buyers after a successful payment.
• To send transactional emails (purchase confirmations, download links). We do not send marketing emails without consent.
• To generate revenue reports accessible via our API.
• To investigate fraud or abuse.

3. Payments and Stripe

All payments are processed by Stripe. We do not store card numbers, CVVs, or full payment details. Stripe's privacy policy applies to data submitted through their checkout flow. You can read it at stripe.com/privacy.

4. Data sharing

We do not sell your data. We share data only with:

• Stripe — payment processing.
• Cloudflare — file storage and CDN delivery.
• Supabase — database hosting (data stored in EU region).

All providers are contractually required to protect your data under applicable law.

5. Cookies and tracking

We use only essential cookies required for authentication (session tokens). We do not use third-party advertising cookies or cross-site tracking. No data is shared with ad networks.

6. Data retention

• Account data: retained until you close your account.
• Transaction records: retained for 7 years for tax and legal compliance.
• Usage logs: retained for 90 days then deleted.

7. Your rights

Under UK GDPR and applicable data protection law, you have the right to access, correct, or delete your personal data. To exercise these rights, email privacy@getpayhook.com. We will respond within 30 days.

8. Security

We use industry-standard encryption (TLS) for data in transit and encrypt stored files and credentials. Despite these measures, no system is fully immune to breaches. If a breach affects your data, we will notify you within 72 hours.

9. Changes to this policy

We may update this policy as the platform evolves. Material changes will be communicated by email. The "last updated" date at the top reflects the current version.

10. Contact

Questions about this policy? Email privacy@getpayhook.com.