Privacy Policy

When you sign up: email, password (hashed), org/app name. When you use the dashboard: every mutation is logged in your tenant audit trail. When end users subscribe: their email, device ID, and subscription state arrive via your provider's webhook.

• Run the Service — authenticate you, route webhooks, render the SDK paywall.
• Bill paid tiers — Stripe processes payment; we hold only your customer ID.
• Notify on account activity — usage limits, webhook failures.
• Comply with legal obligations — tax records, fraud prevention.

Audit logs follow your tier — 7 days (Free), 90 days (Pro), 365 days (Enterprise). Subscriptions and registered devices live for the life of your tenant. We delete all data 30 days after you terminate.

• Supabase — database, auth, edge functions (US East).
• Vercel — dashboard + marketing site hosting.
• Stripe — payment processing for our own SaaS billing.
• Postmark — transactional email.
• Cloudflare — DNS + edge protection.

You can export, correct, or delete your data anytime. Email privacy@paycraft.mobilebytesensei.com with your request — we respond within 30 days.

Data Protection Officer: dpo@paycraft.mobilebytesensei.com.