Privacy Policy

Effective: 24 May 2026

This policy describes what data PayHook collects, why, and how we handle it. "PayHook", "we", "us" refers to the operator of payhook.app and its subdomains.

1. Data we collect

Account data. When you sign up we collect your email address and a hashed password. We use this to authenticate you and to send transactional emails (e.g. password resets, billing alerts).

Wallet addresses. You provide public wallet addresses for BSC, TRON, and/or Ethereum so we can monitor on-chain transactions. We never collect or store private keys.

Payment data. For each payment you create, we store the amount, currency, network, deposit address, status, webhook URL, and any external order ID you provide. This data is necessary to operate the service.

Billing data. We record your subscription plan, prepaid USDT balance, top-up transactions, and usage (confirmed payment count). No credit card or bank account information is collected.

Usage and analytics. We use Microsoft Clarity to collect anonymised interaction data (clicks, scrolls, page views) on our marketing site. Clarity does not collect personally identifiable information. We also log standard server access data (IP address, user agent, timestamps) for security and debugging.

2. How we use your data

• Operate the payment monitoring and webhook delivery service
• Authenticate your account and secure your sessions
• Process billing: plan renewals, overage settlements, balance top-ups
• Send transactional emails (password reset, billing alerts, account notifications)
• Detect and prevent abuse, fraud, and unauthorised access
• Improve the service based on aggregated, anonymised usage patterns

3. Data we do not collect

• Private keys or seed phrases
• Government-issued identity documents (no KYC)
• Credit card or bank account numbers
• Your customers' personal information

4. Data sharing

We do not sell, rent, or trade your data. We share data only in these cases:

• Service providers. Infrastructure providers (hosting, email delivery) that process data on our behalf under contractual obligations
• Legal requirements. When required by law, subpoena, or court order
• Safety. To prevent fraud, abuse, or threats to security

5. Data retention

Account and payment data is retained for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except where retention is required by law or for legitimate fraud-prevention purposes. Server access logs are retained for up to 90 days.

6. Security

We use HTTPS everywhere, hash passwords with strong one-way algorithms, and enforce rate limiting and session management. Webhook payloads are signed with HMAC-SHA256 so you can verify their authenticity. While no system is perfectly secure, we take reasonable measures to protect your data.

7. Cookies

The dashboard (app.payhook.app) uses session cookies for authentication. The marketing site (payhook.app) uses Microsoft Clarity for anonymised analytics. We do not use advertising cookies or cross-site trackers.

8. Your rights

You can:

• Access and export your account and payment data from the dashboard
• Update your email address or password at any time
• Delete your account, which removes your personal data within 30 days
• Contact us at [email protected] with any privacy-related requests

9. Changes

We may update this policy from time to time. Material changes will be communicated via email or a notice in the dashboard. The "Effective" date at the top reflects the latest revision.

10. Contact

Questions about this policy? Email [email protected].