PaywallOS

Privacy Policy

Last updated: August 25, 2025

This page is provided for convenience and does not constitute legal advice. Please review with counsel.

1. Introduction

PaywallOS, Inc. (“we”, “us”, “our”) operates PaywallOS and related services, including the PaywallOS Bootstrap SDK, dashboard, APIs, and widgets (collectively, the “Service”). This Privacy Policy explains what data we collect, how we use it, and the choices you have.

2. Information We Collect

  • Account & Organization Data: name, email, password hashes, organization name/slug, roles.
  • Billing & Payments: handled by processors (e.g., Stripe). We store references such as customer IDs, subscription IDs, and invoice metadata, but not full card numbers.
  • End-User Entitlements & Usage: feature keys, plan tiers, quotas, and usage metrics sent by your app to our APIs/SDK.
  • Operational Logs: request meta (IP, user-agent), event timestamps, error logs, and webhook delivery status for reliability and security.
  • Cookies & Similar Tech: to maintain sessions, remember preferences, and measure product usage.

3. How We Use Information

  • Provide and secure the Service (auth, entitlements, usage limits, checkout flows).
  • Operate analytics and paywall performance reporting you enable.
  • Detect abuse and prevent fraud.
  • Improve the product, including AI-assisted features (e.g., pricing guidance), using aggregated or de-identified data where possible.
  • Communicate about updates, security, onboarding, and support.

4. Legal Bases (EEA/UK)

We rely on contractual necessity (to provide the Service), legitimate interests (to secure and improve), legal obligations, and consent where applicable (e.g., certain cookies/marketing).

5. Sharing & Processors

We may share data with trusted sub-processors to operate the Service, including:

  • Stripe (payments, billing, webhooks)
  • Postgres/Supabase/Neon (databases)
  • Vercel (hosting, edge/network)
  • Email/SMS providers (transactional messages)
  • Analytics & error tracking (e.g., Sentry, Vercel Analytics)

We do not sell personal information. We only disclose where necessary to provide the Service, comply with law, protect rights, or with your direction/consent.

6. Cookies

We use strictly necessary cookies for authentication and session continuity, and (optionally) analytics cookies. You can control cookies through your browser settings. If you disable essential cookies, certain features may not work.

7. Data Retention

We retain data while your account is active and as needed to provide the Service. We may retain certain records for legal, security, and billing reasons after account closure.

8. Security

We apply administrative, technical, and organizational measures, including encryption in transit, principle of least privilege, RLS policies, webhook signature validation, and periodic access reviews. No system is 100% secure; please secure your API keys and secrets.

9. International Transfers

Your data may be processed in countries different from your own. Where applicable, we rely on appropriate safeguards (e.g., SCCs) for cross-border transfers.

10. Your Rights

Depending on your jurisdiction (e.g., EEA/UK/California), you may have rights to access, correct, delete, port, or restrict processing of your personal data, and to object to certain processing. To exercise rights, contact us at support@paywallos.com. We may verify your request.

11. Children’s Privacy

The Service is not directed to children under 13 (or applicable age of digital consent). We do not knowingly collect data from children. If you believe a child provided data, contact us to remove it.

12. Third-Party Links

Apps showcased in the Storefront and third-party docs/resources are operated by others. Their privacy practices govern their properties. Review their policies before using those services.

13. Changes

We may update this Policy from time to time. Material changes will be communicated via the dashboard or email. Continued use after the effective date indicates acceptance of the updated Policy.

14. Contact

PaywallOS, Inc.
123 Example St, Anywhere, XY 00000, USA
support@paywallos.com

If there is any conflict between this Privacy Policy and a specific data processing agreement (DPA) executed with you, the DPA controls.