Privacy Policy

1. Introduction

Payaca Ltd ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

Payaca Ltd is ISO 27001 certified, demonstrating our commitment to information security best practices.

2. Data Controller

Payaca Ltd is the data controller responsible for your personal data. Our contact details are:

3. Information We Collect

3.1 Subscribers (Website Visitors)

When you visit our website, request a demo, or subscribe to our newsletter, we may collect:

• Name and contact details (email address, phone number)
• Company name and job title
• Communication preferences
• Information you provide in contact forms or demo requests

3.2 Clients (Service Users)

When you use our platform, we may also collect:

• Account credentials and profile information
• Business information (company details, trade certifications)
• Billing and payment information
• Customer and project data you input into the system
• Usage data and activity logs
• Support communications and feedback

3.3 Automatically Collected Information

We use Plausible Analytics, a privacy-focused analytics service that does not use cookies or collect personal data. We may collect aggregated, anonymous information about:

• Page views and referral sources
• General geographic location (country level)
• Device type and browser (aggregated)

This information cannot be used to identify you personally.

4. Legal Basis for Processing

We process your personal data on the following legal bases:

4.1 Contract Performance

Processing necessary to perform our contract with you, including providing our services, processing payments, and managing your account.

4.2 Legitimate Interests

Processing necessary for our legitimate interests, including improving our services, preventing fraud, and ensuring network security. We balance these interests against your rights and freedoms.

4.3 Consent

Where you have given consent, such as for marketing communications. You may withdraw consent at any time by contacting us or using unsubscribe links.

4.4 Legal Obligation

Processing necessary to comply with legal obligations, such as tax and accounting requirements.

5. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process transactions and send related information
• Create and manage your account
• Respond to your comments, questions, and requests
• Send promotional communications (with your consent)
• Monitor and analyze usage patterns to improve user experience
• Detect, investigate, and prevent fraudulent or unauthorized activity
• Comply with legal obligations

6. Information Sharing

We may share your information with:

6.1 Service Providers

Third-party vendors who provide services on our behalf, including cloud hosting (AWS), payment processing (Stripe), email services, and customer support tools. These providers are contractually bound to protect your data.

6.2 Professional Advisers

Lawyers, accountants, and auditors where necessary for professional advice or compliance.

6.3 Regulatory Authorities

Government agencies, law enforcement, or regulatory bodies when required by law or to protect our legal rights.

6.4 Business Transfers

In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business.

We do not sell your personal data to third parties for marketing purposes.

7. International Transfers

As we are based in the United Kingdom, your personal data may be transferred to and processed in countries outside the United States. Where we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses and adequacy decisions where applicable.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• Account data: For the duration of your account plus 6 years for legal compliance
• Marketing data: Until you unsubscribe or withdraw consent
• Transaction records: 7 years for tax and accounting purposes
• Support communications: 3 years from last contact

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These include:

• ISO 27001 certified information security management system
• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication measures
• Staff training on data protection

10. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your data
• Restriction: Request restriction of processing in certain circumstances
• Portability: Receive your data in a structured, machine-readable format
• Object: Object to processing for direct marketing
• Withdraw consent: Where processing is based on consent

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including:

• The right to know what personal information we collect, use, and disclose
• The right to request deletion of your personal information
• The right to opt-out of the sale of personal information (we do not sell personal information)
• The right to non-discrimination for exercising your privacy rights

To exercise these rights, please contact us at [email protected]. We will respond within the timeframes required by applicable law.

11. Cookies

We use privacy-focused analytics that do not require cookies. For information about cookies used by third-party services on our website, please see our Cookie Policy.

12. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

14. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how we handle your data, please contact us: