PrivacyBilling LogomarkPrivacyBilling
Back to Home

Privacy Policy

Last Updated: March 2026

1. Introduction

Welcome to PrivacyBilling ("we", "our", or "us"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy outlines how we collect, use, and safeguard your data when you use the PrivacyBilling service. Our core mission is to provide secure, autonomous billing bridges separating financial identity from application activity.

2. The Zero-Knowledge Bridge

PrivacyBilling operates fundamentally differently from traditional payment proxies. When you make a purchase through PrivacyBilling for a Partner Application:

  • We hold your billing identity: Your payment details securely remain with our authorized payment processor (e.g., Stripe). PrivacyBilling manages your subscription state.
  • The Partner Application holds your activity: The Partner Application does not receive your payment credentials or your real identity from us.
  • The Bridge: We issue a site-scoped, pseudonymous ID (or token) used strictly to verify your subscription entitlement to the Partner Application.

3. Information We Collect

To facilitate secure payments, we collect the minimal data necessary through our payment processor (Stripe):

  • Financial Information: Credit card details, billing address, and transaction histories used solely for payment processing.
  • Contact Information: Email addresses optionally provided for receipt generation and secure subscription management.
  • Technical Metadata: IP addresses and browser fingerprints utilized temporarily for fraud prevention and adherence to payment processor compliance obligations.

4. Information We Do Not Collect

We do not track, collect, or store:

  • Your activity on the Partner Application.
  • Messages, files, or telemetry generated within the Partner Application.
  • Analytics linking your identity to specific behavioral patterns on partner sites.

5. How We Use Your Information

Collected information is used exclusively to:

  • Process payments, recurring subscriptions, and issue refunds.
  • Generate and manage cryptographic entitlement tokens for Partner Applications.
  • Comply with local tax laws, Anti-Money Laundering (AML), and fraud prevention regulations.
  • Send critical service notices regarding billing anomalies or payment failures.

6. Sharing of Information

We never sell your personal data. We only share information with:

  • Payment Processors: Such as Stripe, simply to execute financial transactions securely.
  • Legal Authorities: Only when legally compelled by a valid subpoena or court order within our jurisdiction.
  • Partner Applications: We share entitlement signals (such as tokens or access state) needed to verify subscription status. We do not intend to send full payment credentials to partners; what partners collect directly from you is governed by their own notices.

7. Third-Party Dependencies and Services

Below is the complete list of third-party dependencies that our app uses and shares data with to operate securely and efficiently:

  • Stripe: Our exclusive payment processing dependence. Stripe securely tokenizes and stores your payment information. PrivacyBilling never natively stores full credit card strings.
  • Render: Our secure cloud infrastructure provider where our enterprise API instances are hosted.
  • PostgreSQL: Our encrypted database instance where the pseudonymized subscription states are hosted.

8. Your Rights (GDPR & CCPA)

Depending on your jurisdiction, you may have rights regarding your personal data, including access, rectification, or erasure. Our architecture is designed for data minimization; erasure requests are handled case-by-case and may involve severing links between payment identity and pseudonymous entitlement tokens where technically and legally appropriate.

To exercise these rights, contact our Data Protection Officer at hello@privacybilling.com.

9. Security

We use industry-standard encryption in transit and at rest. Raw card numbers are not stored on PrivacyBilling servers; card handling is delegated to our payment processor (Stripe), which maintains PCI DSS–aligned controls for card data.

10. Security posture & third parties

PrivacyBilling is a technical separation layer between partner applications and payment processing. We do not claim certification under the EU AI Act, GDPR, HIPAA, or other regimes on your behalf; partners must assess fit with their own legal and regulatory obligations.

  • Design goal: We aim to reduce co-mingling of application telemetry and payment records by routing settlement through the payment processor and returning entitlement signals to partners. This does not guarantee that no personal data can ever be inferred or linked if a partner collects it separately.
  • Card data: Raw card numbers are not processed or stored on PrivacyBilling application servers; Stripe handles card data in line with its PCI programme. See Stripe's security documentation.
  • Hosting: Our services run on cloud providers that publish their own compliance reports (for example SOC reports for the underlying platform). Those attestations apply to the provider's services, not a blanket certification of PrivacyBilling or your deployment.

11. Changes to this Policy

We may update this policy periodically to reflect operational changes. If material changes are made concerning how data is processed, active users will be notified via email or a prominent notice on our platform.