Privacy Policy

Effective date: April 11, 2026  ·  Last updated: April 11, 2026

PayNudge ("we", "us", or "our") operates the PayNudge service available at paynudge.xyz. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our service. By using PayNudge, you agree to the collection and use of information in accordance with this policy.

This policy is written to comply with the General Data Protection Regulation (GDPR), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and the California Consumer Privacy Act (CCPA) where applicable.

1. Roles: Controller and Processor

When you use PayNudge to send reminders to your clients, you (the business user) are the data controller — you determine the purpose and means of processing your clients' personal data. PayNudge acts as a data processor on your behalf, processing that data only as necessary to provide the service you have requested.

As the controller, you are responsible for ensuring you have a lawful basis to collect and use your clients' contact information, and for complying with applicable privacy laws when sending automated communications to them.

2. Information We Collect

2a. Information you provide directly

• Account information: name, business name, email address, password (stored hashed)
• Business settings: reply-to email, custom reminder message templates

2b. Information synced from your integrations

When you connect QuickBooks Online, Square, Jobber, or Stripe, we access:

• Invoice data: invoice numbers, amounts, due dates, statuses
• Customer data: names, email addresses, phone numbers (where available)
• Account identifiers: provider account/realm IDs for API calls

We do not access bank account numbers, payment card details, payroll data, tax filings, or any data beyond what is necessary to identify overdue invoices and contact the relevant customer.

2c. Usage data

• Log data: IP address, browser type, pages visited, timestamps
• Analytics events: feature usage, clicks, session duration (via PostHog)
• Error reports: stack traces, error context (via Sentry)

3. How We Use Your Information

• To provide the service: sync invoices, identify overdue amounts, and send automated payment reminder emails and SMS messages to your clients on your behalf
• To manage your account and respond to support requests
• To send service notifications (e.g. billing confirmations, feature updates)
• To improve the service through aggregated, anonymised usage analytics
• To monitor for errors and maintain service reliability
• To comply with legal obligations

We do not sell your data or your clients' data to third parties. We do not use your clients' contact information for any purpose other than sending reminders on your behalf.

4. Integration Access Scope

When you connect an accounting or business platform, PayNudge requests the minimum permissions necessary:

• QuickBooks Online: Read access to invoices and customers
• Square: Read access to invoices and customers
• Jobber: Read access to invoices and clients
• Stripe: Read access to invoices and customers via Stripe Connect

Access tokens are stored encrypted and used only to sync data and operate the reminder service. You can disconnect any integration at any time from your Settings page, which immediately revokes our access.

5. Sub-Processors and Third Parties

We use the following sub-processors to deliver the service. Each is contractually bound to process data only as directed and to maintain appropriate security standards:

This list may be updated as the service evolves. Material changes to our sub-processors will be reflected in an updated version of this policy with a new effective date.

6. Data Retention and Deletion

• Active accounts: Data is retained for as long as your account is active
• After cancellation: Your account data is retained for 30 days after cancellation to allow for reactivation, then permanently deleted
• On request: You may request immediate deletion of your account and all associated data by emailing hello@paynudge.xyz
• Synced data: Invoice and customer data synced from integrations is deleted within 30 days of account deletion or integration disconnection
• Nudge logs: Records of reminder emails/SMS sent are retained for your account history while active, and deleted with your account

7. Opt-Out and Unsubscribe (Your Clients' Rights)

Your clients — the individuals who receive automated payment reminders — have the following opt-out rights:

• Email opt-out: Every automated reminder email includes an unsubscribe link. Clicking it immediately stops all future email reminders from that business. The opt-out is permanent until the business user reverses it.
• SMS opt-out: Clients who receive SMS reminders can reply “STOP” at any time. The opt-out is processed automatically and immediately.
• Direct request: Clients may contact the business directly to request that reminders be stopped. Business users can opt out a client from within their PayNudge settings.

Opt-out records are retained for audit purposes to demonstrate compliance with anti-spam laws. We honour all opt-outs within 10 business days of receipt at the latest, though automated opt-outs take effect immediately.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data (“right to be forgotten”)
• Portability: Request your data in a machine-readable format
• Restriction: Request that we restrict processing of your data
• Objection: Object to processing based on legitimate interests
• Opt-out of sale: We do not sell personal data. No opt-out is required.

To exercise any of these rights, contact us at hello@paynudge.xyz. We will respond within 30 days.

9. Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS) and encryption at rest for all stored data. Access to production systems is restricted to authorised personnel. Integration tokens are stored encrypted and never exposed in client-side code.

No method of transmission over the internet or electronic storage is 100% secure. While we use commercially reasonable measures to protect your data, we cannot guarantee absolute security.

10. Cookies and Tracking

PayNudge uses essential cookies for authentication (session management). We also use PostHog for analytics, which may set cookies to track usage patterns. These do not contain personally identifiable information and are used solely to improve the product.

11. Children's Privacy

PayNudge is a business tool not intended for use by persons under 18. We do not knowingly collect personal data from minors.

12. International Transfers

Your data may be processed in countries outside your own, including the United States and Canada. Where we transfer personal data from the European Economic Area, we ensure appropriate safeguards are in place in accordance with GDPR requirements.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the effective date at the top of this page. Continued use of the service after changes are posted constitutes your acceptance of the updated policy.

14. Governing Law

This Privacy Policy is governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein, without regard to conflict of law principles.

15. Contact Us

For privacy inquiries, data requests, or questions about this policy:

PayNudge (operated by Pavneet Singh, Ontario, Canada)
Email: hello@paynudge.xyz

For data processing agreements (GDPR Article 28), see our Data Processing Addendum.