Privacy Policy
Last updated: February 12, 2026
We built Pay4SaaS as a payment and billing infrastructure for SaaS — from Stripe webhooks to credit deduction, the monetization layer is done for you. We take your privacy seriously: we only collect what's needed to run the service, we never sell your data, and you stay in full control of what we hold.
Table of Contents
1. Introduction
Pay4SaaS ("we", "us", "our") operates the website at pay4saas.com. This Privacy Policy explains how we collect, use, and protect your personal information when you use our service.
This policy applies to all users globally, and is designed to comply with:
- GDPR (General Data Protection Regulation) — the EU's data privacy law that gives people in Europe rights over their personal data
- CCPA (California Consumer Privacy Act) — California's privacy law that gives California residents additional rights over their personal information
If you have questions, you can always reach us at .
2. What Data We Collect
We collect only the data listed below. We do not collect phone numbers, home addresses, government IDs, or biometric data.
Data you give us directly
- Email address — required to create an account and communicate with you
- Username or display name — to identify you within the service
- Password — stored using one-way encryption (hashing); we cannot read your password
Data collected automatically when you use the service
- Usage data — which pages you visit and which features you use, so we can understand how the product is being used and improve it
- Device information — your IP address, browser type (e.g. Chrome, Safari), and operating system (e.g. macOS, Windows). This is collected automatically by our servers and analytics tools
Payment data
We do not store your payment card numbers or bank details directly. When you make a payment, you are interacting with our third-party payment processors (Creem or PayPal). They handle and store payment details under their own privacy policies. We only receive a transaction confirmation and your payment status.
3. How We Use Your Data
We use your data for the following specific purposes:
- To provide the core service — authenticate your account, manage your subscriptions, and deliver the features you signed up for
- To invite you to our GitHub repository — if your subscription includes repository access, we use your email to send a GitHub invitation
- To send service-related communications — account confirmations, billing receipts, and important notices about your account
- To send product updates and marketing emails — occasional emails about new features or announcements. You can unsubscribe from these at any time using the link at the bottom of any marketing email
- To improve the product — we analyze aggregated, anonymized usage patterns to understand which features are most useful and where users run into problems
We do not use your data for automated profiling, advertising targeting, or any purpose not listed above.
4. Third-Party Services
We work with the following third-party services. Each has access to only the data necessary to perform their function.
Payment Processing
| Service | What they receive | Their Privacy Policy |
|---|---|---|
| Creem | Transaction data, billing information | creem.io/privacy |
| PayPal | Transaction data, billing information | paypal.com/privacy |
Analytics
| Service | What they receive | Their Privacy Policy |
|---|---|---|
| Google Analytics | Anonymized page views, device info, usage behavior | policies.google.com/privacy |
Google Analytics sets cookies on your device to track usage. We use this to understand how users navigate the site. You can opt out using the Google Analytics Opt-out Browser Add-on.
Email Delivery
| Service | What they receive | Their Privacy Policy |
|---|---|---|
| Resend | Your email address and the content of emails we send you | resend.com/privacy |
Hosting & Infrastructure
| Service | Role | Their Privacy Policy |
|---|---|---|
| Vercel | Hosts the frontend application | vercel.com/legal/privacy-policy |
| Supabase | Hosts our database (stores your account data) | supabase.com/privacy |
We do not use AWS, Firebase, Railway, or any other hosting providers beyond those listed above.
5. Data Storage and Security
Where your data is stored
Your data is stored in the United States (Ohio region), on servers managed by Supabase and Vercel.
If you are in the European Union
Our servers are located outside the EU. To protect the personal data of EU users transferred to the United States, we rely on Standard Contractual Clauses (SCCs) — a legal mechanism approved by the European Commission that obligates us and our processors to handle your data with EU-equivalent protections. Our hosting providers (Vercel and Supabase) both support SCCs and data processing agreements.
Security measures
- Passwords are hashed using a strong one-way algorithm before storage
- Data in transit is encrypted using HTTPS/TLS
- Database access is restricted by role-based permissions
- We do not store full payment card details — payments are handled by PCI-compliant processors
We take reasonable technical and organizational measures to protect your data, but no system is 100% secure. If you suspect your account has been compromised, please contact us immediately at .
7. Your Rights
Regardless of where you live, you have the following rights over your personal data:
For all users
- Access your data — log in and visit your dashboard to see the data associated with your account
- Delete your account and all data — see the instructions below
- Unsubscribe from marketing emails — click the "Unsubscribe" link in any marketing email we send you
Additional rights for EU residents (GDPR)
Under GDPR, you also have the right to:
- Rectification — ask us to correct inaccurate data about you
- Restriction of processing — ask us to pause processing your data in certain circumstances
- Data portability — receive a copy of your data in a machine-readable format
- Object to processing — object to our processing of your data where we rely on legitimate interests
- Lodge a complaint — file a complaint with your local data protection authority (e.g., the ICO in the UK, CNIL in France)
Additional rights for California residents (CCPA)
Under CCPA, you have the right to:
- Know what personal information we collect, use, and share
- Delete your personal information (subject to certain exceptions)
- Opt out of the sale of your personal information — we do not sell your data, so this right is already guaranteed
- Non-discrimination — we will not treat you differently for exercising your privacy rights
How to delete your account
Send an email to with the subject line "Delete My Account". Once we receive and review your request, we will permanently erase all data associated with your account — including your email, username, usage history, and any stored preferences. This will be done promptly after your request is confirmed.
To exercise any of your other rights, or if you have any privacy-related questions, contact us at . We will respond within 30 days.
8. Data Retention
| Data type | How long we keep it |
|---|---|
| Account data (email, username) | For as long as your account is active |
| Usage data and analytics | Retained in aggregated/anonymized form indefinitely; identifiable usage logs are retained for up to 12 months |
| Payment records | Retained as required by applicable financial regulations (typically 7 years), held by our payment processors |
| Emails we send you | Resend retains email logs; check their policy for details |
When you delete your account: All personal data we hold — your email, username, password hash, and usage history — is permanently erased from our systems as soon as your deletion request is processed. We do not retain any identifiable information after account deletion.
9. We Never
We want to be clear about what we do not do:
- We never sell your personal data to third parties, data brokers, or advertisers
- We never share your data with third parties for their own marketing purposes
- We never collect phone numbers, home addresses, government IDs, or biometric data
- We never use your data for automated decision-making that has a legal or significant effect on you
- We never send marketing emails without your ability to opt out
- We never use third-party services beyond those explicitly listed in Section 4
10. Children's Privacy
Pay4SaaS is not directed at children under the age of 13, and we do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with their data, please contact us at and we will delete it promptly.
11. Changes to This Policy
If we make significant changes to this Privacy Policy (for example, if we start collecting new types of data or add new third-party services), we will:
- Update the "Last updated" date at the top of this page
- Send a notification email to all registered users at least 14 days before the changes take effect
Continued use of the service after the effective date of a change constitutes acceptance of the updated policy. If you disagree with a change, you may delete your account before the change takes effect.
12. Contact Us
For any privacy-related questions, requests, or concerns:
To request account deletion, email us with the subject line "Delete My Account".
We aim to respond to all privacy inquiries within 30 days.
This policy was written to be read by real people, not just lawyers. If something is unclear, please reach out — we're happy to explain.