Privacy Policy

1. Who We Are

PaymentPulse is operated by Interlink Digital Group Limited ("we", "us", "our"), registered in England & Wales. We are the data controller for personal information processed through this service.

2. What Data We Collect

We collect the following personal data:

• Account data: name, email address, and hashed password when you register for a PaymentPulse account
• Billing data: Stripe customer IDs, subscription status, plan details, and invoice history (card numbers are handled entirely by Stripe and never touch our servers)
• API usage data: API key identifiers, request logs, IP addresses, and timestamps
• Session data: essential cookies for authentication and session management
• Customer data you process: when you use PaymentPulse to manage billing for your own customers, we store the data you send us (e.g. email addresses, external user IDs, Stripe customer IDs) on your behalf as a data processor

3. How We Use Your Data

• To provide and maintain the PaymentPulse billing service
• To manage your account, authentication, and API access
• To process subscription payments via Stripe
• To handle webhook events and synchronise billing state
• To monitor service health, prevent abuse, and enforce rate limits
• To communicate service updates and security notices

4. Legal Basis (UK GDPR)

We process your data under the following legal bases:

• Contract: necessary to provide you with the PaymentPulse service
• Legitimate interest: to maintain security, prevent fraud, and improve our platform
• Consent: for optional marketing communications

5. Third-Party Processors

We share data with the following third parties only as necessary to operate the service:

• Stripe: payment processing, customer management, and subscription billing (Stripe Privacy Policy)

We do not sell your data or share it with advertisers.

6. Data Retention

We retain your account data for as long as your account is active. API request logs are retained for 90 days. Webhook event logs are retained for 12 months. You may request deletion of your account and associated data at any time.

7. Your Rights

Under UK GDPR, you have the right to: access your data, rectify inaccuracies, request erasure, restrict processing, data portability, and object to processing. To exercise any of these rights, contact us at the address below.

8. Data You Process Through PaymentPulse

When you use PaymentPulse to manage billing for your own customers, you are the data controller for that customer data. We act as your data processor and will only process it according to your instructions and these terms. You are responsible for ensuring you have appropriate lawful bases and privacy notices for your own customers.

9. Cookies

We use only essential cookies required for authentication and session management. We do not use advertising or tracking cookies.

10. Security

We protect your data with: restricted Stripe API keys with minimum permissions, webhook signature verification, bcrypt password hashing, rate limiting, database-backed sessions, and HTTPS encryption in transit.

11. Contact

For privacy enquiries: privacy@paymentpulse.co.uk