Privacy Policy
Last updated: April 11, 2026
Introduction
Paitify (“we,” “our,” or “us”) operates the Paitify spend policy engine platform (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using Paitify, you agree to the practices described herein.
If you do not agree with the terms of this Privacy Policy, please do not access the Service.
Information We Collect
We collect several types of information in connection with the Service:
- Account data: Name, email address, and company name you provide during registration.
- Agent transaction data: Authorization requests submitted by your AI agents, including amounts, currencies, merchant identifiers, MCC codes, and timestamps.
- Audit logs: A complete record of every authorization decision including rule evaluations, approval/denial reasons, and agent identifiers.
- Policy configuration: Spend limits, allowed/blocked MCC codes, merchant lists, velocity windows, and business hours settings you configure.
- Usage data: Log data such as IP addresses, browser type, pages visited, and API request metadata collected automatically.
- API key metadata: We store API key prefixes and usage timestamps, but never the full plaintext key after initial issuance.
How We Use Your Information
We use the collected information to:
- Provide, operate, and maintain the Paitify Service
- Evaluate authorization requests against your configured policies in real time
- Generate audit logs and analytics dashboards for your account
- Send transactional notifications (e.g., approval requests, spend alerts)
- Detect and prevent fraudulent or unauthorized use of the Service
- Improve our Service through aggregate, anonymized usage analysis
- Respond to customer support requests
- Comply with legal obligations
We do not sell, rent, or trade your personal data or your agents' transaction data to third parties for marketing purposes.
Data Retention
We retain your data for as long as your account is active or as needed to provide the Service:
- Free plan: Audit logs retained for 7 days.
- Starter plan: Audit logs retained for 90 days.
- Growth plan: Audit logs retained for 1 year.
- Account data: Retained for the duration of your account plus 30 days after termination.
You may request early deletion of your data by contacting info@paitify.io.
Third-Party Services
We use the following third-party services to operate Paitify:
- Clerk: Authentication and user management. Clerk processes your email and identity data under their own privacy policy. See clerk.com/privacy.
- Resend:Transactional email delivery for notifications and alerts. Email content is transmitted through Resend's infrastructure. See resend.com/privacy.
- PostgreSQL / Redis: For self-hosted deployments, data resides on infrastructure you control. For cloud-hosted plans, we use managed database services within your selected region.
Data Security
We implement industry-standard security measures including TLS encryption in transit, encryption at rest for sensitive fields, RSA-2048 signed JWT tokens, and role-based access controls. API keys are hashed before storage — only the prefix is retained after initial issuance.
No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate data.
- Erasure: Request deletion of your personal data (“right to be forgotten”).
- Portability: Request your data in a machine-readable format.
- Objection: Object to processing of your data for certain purposes.
- CCPA: California residents have the right to know what personal information is collected, the right to delete, and the right to opt out of sale (we do not sell personal data).
To exercise your rights, contact info@paitify.io. We will respond within 30 days.
Cookies
We use essential session cookies required for authentication (provided by Clerk) and theme preferences stored in localStorage. We do not use third-party advertising cookies or cross-site tracking.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page with an updated “last updated” date. Continued use of the Service after changes constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us at:
Paitify
Privacy inquiries: info@paitify.io