1. Who We Are
PayPact is a peer-to-peer lending platform. When you use PayPact, you're sharing certain information with us so we can operate the service. This policy explains exactly what we collect, why, and what you can do about it.
Questions? Email hello@paypact.io.
2. What We Collect
| Data | Why we collect it |
|---|---|
| Name | Your identity on the platform and in pact agreements |
| Email address | Account login, notifications, and support communications |
| Phone number | Identity verification and two-factor authentication. Stored encrypted. |
| Username | Your public identity on PayPact — how others find and tag you in pacts |
| Profile photo | Optional. Helps counterparties confirm they're agreeing with the right person |
| Payment history | Records of pacts you've created and your payment activity — core to the trust score |
| Trust score | Calculated from your payment history and shared with other users you pact with |
| Device/session data | For security: device fingerprint used for trusted device recognition (30-day 2FA skip) |
We do not collect your Social Security Number, driver's license, government ID, or bank account numbers. Payment card details are handled entirely by Stripe — we never see or store them.
3. How We Use Your Data
- Account management — creating your account, verifying your identity, logging you in.
- Trust scoring — calculating and displaying your trust score based on your payment history.
- Payment processing — routing payments through Stripe when you make or receive pact payments.
- Communications — sending you SMS codes for verification, email notifications for pact activity, and important service updates.
- Fraud prevention — detecting and blocking fake accounts, duplicate registrations, and abuse.
- Platform improvement — understanding how people use PayPact to make it better.
We do not use your data to build advertising profiles, sell ads, or train AI models for external purposes.
4. Who We Share Data With
We share the minimum necessary with trusted third parties to operate the platform:
- Stripe — processes all payments. When you make or receive a payment, Stripe receives the transaction details. See Stripe's Privacy Policy.
- Twilio — sends SMS verification codes to your phone number for account verification and 2FA. See Twilio's Privacy Policy.
We do not sell your personal data. We do not share your information with advertisers, data brokers, or any third party not listed above.
We may disclose information if required by law, court order, or to protect the safety of our users.
5. Data Retention
We keep your data as long as your account is active. If you delete your account:
- Your profile information is deleted within 30 days.
- Pact records are retained for 7 years for legal and compliance purposes, but are disassociated from your identifying information where possible.
- Payment records may be retained longer if required by financial regulations.
6. Your Rights
You have the right to:
- Access — request a copy of all data we hold about you.
- Correction — ask us to fix inaccurate information.
- Deletion — request that we delete your account and associated data.
- Portability — ask for your pact history in a standard format.
- Opt out of communications — unsubscribe from non-essential emails at any time.
To exercise any of these rights, email hello@paypact.io. We'll respond within 30 days.
7. Cookies and Local Storage
PayPact uses browser localStorage (not traditional cookies) to store your session token and preferences. This data stays on your device and is not transmitted to third parties. We also use a small anonymous analytics pixel to measure page traffic — no personally identifiable information is attached.
We do not use third-party tracking cookies or advertising pixels.
8. Security
We take security seriously:
- Phone numbers are encrypted at rest using AES-256-GCM.
- Passwords are hashed using PBKDF2 with 100,000 iterations — never stored in plain text.
- All data is transmitted over HTTPS.
- Sessions expire after 7 days of inactivity.
No system is perfectly secure. If you believe your account has been compromised, contact us immediately at hello@paypact.io.
9. Children's Privacy
PayPact is not intended for anyone under 18. We do not knowingly collect data from minors. If we learn we've received data from a minor, we'll delete it promptly.
10. Changes to This Policy
If we make material changes to how we handle your data, we'll notify you by email or in-app notice before the changes take effect. The "last updated" date at the top of this page reflects the most recent version.
11. Contact
Privacy questions, data requests, or concerns — email us at hello@paypact.io. We respond within 30 days.