PayNugget
Legal

Privacy Policy

Plain language about what we collect, who we share it with, and the rights you have over your own data.

Last updated: June 1, 2026

This Privacy Policy explains how PayNugget (“PayNugget,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you visit our website or use our invoicing and payments service (the “Service”). PayNugget is a US-based service intended for users in the United States. By using the Service, you agree to this Policy. If you do not agree, please do not use the Service.

Information we collect

We collect only what we need to run the Service and help you get paid. The categories of information we collect include:

  • Account information. When you sign up, we collect your name, email address, password credentials, and business details such as your business name and address.
  • Customer and invoice data.Information you enter to do your billing — your clients' names and contact details, line items, amounts, and invoice and estimate records. This data belongs to you.
  • Payment information. When you or your customers make a payment, payment details (such as card or bank account numbers) are collected and processed directly by our payments processor, Stripe. We do not store full card numbers on our systems. We receive limited information such as the last four digits, payment status, and amounts.
  • Usage and device data. Like most websites, we automatically collect technical information such as your IP address, browser type, pages viewed, and timestamps, to operate, secure, and improve the Service.
  • Communications. If you contact us for support or join our waitlist, we keep the messages and the email address you provide.

How we use your information

We use the information we collect to:

  • Provide, operate, and maintain the Service, including creating and sending invoices and processing payments;
  • Authenticate you and secure your account;
  • Respond to your support requests and communicate with you about your account;
  • Detect, prevent, and address fraud, abuse, and security issues;
  • Comply with legal obligations, including tax and financial recordkeeping; and
  • Improve and develop new features.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

How we share information

We share information only as needed to provide the Service and as described below. We do not rent or sell your data.

  • Service providers (sub-processors). We share information with trusted vendors that help us run the Service, listed below.
  • To send your invoices. When you send an invoice, the recipient receives the information you put on it.
  • Legal and safety. We may disclose information if required by law, subpoena, or to protect the rights, property, or safety of PayNugget, our users, or the public.
  • Business transfers. If PayNugget is involved in a merger, acquisition, or sale of assets, your information may be transferred, subject to this Policy.

Our sub-processors

We use the following third-party sub-processors to deliver the Service. Each processes data on our behalf under its own security and privacy commitments:

  • Stripe — payments processing (card and ACH bank payments). Stripe handles sensitive payment details and is PCI DSS Level 1 certified.
  • Neon — managed PostgreSQL database hosting where your account, customer, and invoice data is stored.
  • Vercel — application hosting, content delivery, and serverless compute for the website and app.

We may update this list as our service evolves and will reflect changes on this page.

Cookies and tracking

We use cookies and similar technologies that are necessary to operate the Service — for example, to keep you signed in and to keep your session secure. We do not use third-party advertising cookies. Where we use analytics to understand and improve the Service, we configure it to respect your privacy.

Data retention

We keep your information for as long as your account is active and as needed to provide the Service. We may retain certain records longer where required to comply with legal, tax, or accounting obligations, resolve disputes, or enforce our agreements. When data is no longer needed, we delete or anonymize it.

Your privacy rights

You own your data. Regardless of where you live, you can access and export your customer and invoice data in one click at any time, and you can ask us to correct or delete your information.

California residents (CCPA/CPRA). If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose;
  • Request access to and a copy of your personal information;
  • Request deletion of your personal information, subject to legal exceptions;
  • Request correction of inaccurate personal information; and
  • Not be discriminated against for exercising your privacy rights.

We do not sell personal information or share it for cross-context behavioral advertising, so there is no need to opt out of those activities. To exercise any of these rights, email privacy@paynugget.com. We will verify your request and respond within the timeframes required by law. You may use an authorized agent to submit a request on your behalf.

Security

We protect your information with encryption in transit and at rest, least-privilege access controls, and by keeping sensitive card data with Stripe rather than on our own systems. No method of transmission or storage is perfectly secure, but we work hard to safeguard your data. Learn more on our security page.

Children's privacy

The Service is intended for businesses and is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

International users

PayNugget is operated from, and intended for users in, the United States. If you access the Service from outside the US, understand that your information will be processed in the United States, where data protection laws may differ from those in your jurisdiction.

Changes to this Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you. Your continued use of the Service after changes take effect means you accept the updated Policy.

Contact us

If you have questions about this Policy or want to exercise your privacy rights, email us at privacy@paynugget.com or visit our contact page. See also our Terms of Service.