PrivacyBilling LogomarkPrivacyBilling
Back to Home

Privacy Policy

Last Updated: April 2026

PrivacyBilling is the billing layer that never sees your behaviour — and the application layer that never sees your identity.

PrivacyBilling is designed to operate as a logical separation layer (‘air-gap model’) between payment identity and application activity, minimising the risk of data linkage.

We implement a zero co-mingling architecture: payment identity and user activity are never intentionally joined, and are mediated only through pseudonymous entitlement tokens.

It's not about removing data — it's about making it impossible to connect.

1. Introduction

PrivacyBilling (“we”, “our”, “us”) provides a payment abstraction service that separates payment identity from application activity. We are committed to data minimisation and privacy by design. This Privacy Policy explains what personal data we process, why we process it, and your rights under applicable data protection laws, including the UK GDPR and Data Protection Act 2018.

2. Our Role

PrivacyBilling acts as a data controller in relation to limited personal data required to:

  • facilitate payments,
  • manage subscription status, and
  • comply with legal obligations.

We do not act as controller or processor for data collected by partner applications. Those applications are independently responsible for their own data practices.

3. Our Core Architecture (Separation Model)

PrivacyBilling is designed to minimise data linkage:

  • Payment identity is handled by our payment processor (e.g. Stripe).
  • Application activity is handled by the partner application.
  • PrivacyBilling issues a site-scoped pseudonymous identifier (“entitlement token”) used only to confirm subscription status.

We do not intentionally combine: payment identity, and behavioural or application usage data.

4. Personal Data We Process

We process only the minimum personal data necessary:

a. Payment Data (via processor)

Payment details (e.g. card information, billing address) are collected and processed by our payment processor, such as Stripe. We do not store raw card numbers on our systems. We may receive limited metadata from the processor (e.g. transaction IDs, subscription status).

b. Contact Data (optional)

  • Email address (if provided)
  • Used for: receipts, account or subscription communication, critical service notifications.

c. Technical & Security Data

  • IP address
  • Device/browser metadata
  • Used for: fraud prevention, abuse detection, service security.

This data is retained only as long as necessary for these purposes.

d. Pseudonymous Identifiers

We generate:

  • site-scoped tokens or identifiers
  • These do not directly identify you
  • they are used solely to confirm entitlement to partner applications

5. Personal Data We Do NOT Process

We do not collect or store:

  • application usage data,
  • user-generated content (messages, files, etc.),
  • behavioural analytics tied to identity within partner applications.

Any such data is handled independently by the partner application.

6. Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Contract: to provide billing and subscription services
  • Legal obligation: tax, accounting, and anti-fraud requirements
  • Legitimate interests: maintaining platform security and preventing abuse

7. How We Use Personal Data

We use personal data strictly to:

  • process payments and manage subscriptions
  • generate and validate entitlement tokens
  • detect and prevent fraud or misuse
  • comply with legal and regulatory requirements
  • communicate essential service information

We do not use personal data for:

  • advertising,
  • behavioural profiling,
  • or cross-service tracking.

8. Data Sharing

We do not sell personal data. We may share data only with:

a. Payment processors

(e.g. Stripe) to execute transactions.

b. Service providers

(e.g. cloud hosting, infrastructure providers) under strict confidentiality and security obligations.

c. Legal authorities

Where required by law or valid legal process.

Partner Applications

We share only:

  • entitlement status (e.g. active/inactive)
  • pseudonymous tokens

We do not share:

  • payment details
  • identity information

Note: Partner applications may collect personal data directly from you under their own policies.

9. International Transfers

Where data is processed outside the UK, we ensure appropriate safeguards are in place (e.g. standard contractual clauses or equivalent mechanisms).

10. Data Retention

We retain personal data only as long as necessary to:

  • provide services,
  • comply with legal obligations (e.g. financial records),
  • resolve disputes.

Retention periods may vary depending on regulatory requirements.

11. Security

We implement appropriate technical and organisational measures, including:

  • encryption in transit and at rest
  • tokenisation of sensitive data
  • separation of payment identity from application activity

Card data is handled exclusively by our payment processor in accordance with PCI DSS requirements.

12. Your Rights

Under UK GDPR, you may have rights to:

  • access your personal data
  • correct inaccurate data
  • request erasure
  • restrict processing
  • object to processing
  • data portability (where applicable)

Requests can be made via: hello@privacybilling.com

13. Limitations of the Separation Model

Our system is designed to reduce the risk of linking identity with application activity. However:

  • we cannot control data collected independently by partner applications
  • if a partner collects identifying data directly, linkage may still occur outside our system

14. Changes to This Policy

We may update this policy periodically. Material changes will be communicated via appropriate notice.