Privacy Policy

1.1 Account Information

When you create a PayEve account, we collect:

• Full name and email address
• Username and password (stored as a one-way hash — we never store your plaintext password)

1.2 Event and Business Data

When you use PayEve to create and manage events, we collect:

• Event name, description, pricing, deposit settings, and event type
• Event location or link (for online events)
• Payment link configuration and status

1.3 Attendee Data (Collected on Behalf of Organizers)

When an attendee registers for an event through a PayEve payment link, we collect on behalf of the event organizer:

• Attendee name, email address, and optional phone number
• Payment status (pending, deposit paid, fully paid, refunded)
• Registration timestamp

If you are an attendee, the organizer of the event you registered for is the data controller for your attendee information. Please contact them directly for questions about that data.

1.4 Payment Information

Payment processing is handled entirely by Stripe. PayEve does not collect, store, or have access to your credit card numbers, bank account details, or other sensitive payment credentials. We receive only transaction metadata from Stripe (e.g., whether a payment succeeded, the amount charged, and a Stripe transaction identifier).

To accept payments, event organizers connect a Stripe Express account. Stripe's use of your data is governed by the Stripe Privacy Policy.

1.5 Usage and Technical Data

We automatically collect certain technical data when you use PayEve:

• IP address and approximate geographic location (country/region)
• Browser type, operating system, and device type
• Pages visited, features used, and session duration
• Referring URLs and search terms

We use the data we collect for the following purposes:

• To provide the Service: Creating and managing your account, generating payment links, processing registrations, and displaying your event dashboard.
• To process payments: Initiating Stripe Checkout sessions and reconciling payment status via Stripe webhooks.
• To send transactional communications: Payment confirmation receipts, deposit reminders, and event reminder emails you configure within the platform.
• To improve the Service: Analyzing usage patterns (via analytics tools) to prioritize new features and fix issues.
• To ensure security: Detecting fraud, unauthorized access, and abuse of the platform.
• To comply with legal obligations: Responding to lawful requests from courts or government authorities, and maintaining financial records as required by applicable law.

We do not sell your personal data to third parties. We do not use your data for automated profiling or decision-making that produces legal effects.

PayEve integrates with the following third-party services. Each has its own privacy policy that governs how they process your data:

Stripe

Used for payment processing and organizer payouts. Stripe processes all card and bank transfer data. Their privacy policy is available at stripe.com/privacy.

Google Analytics

We use Google Analytics to understand how visitors interact with our website. Google Analytics collects anonymized usage data. You can opt out using the Google Analytics opt-out browser add-on.

Meta (Facebook) Pixel

We use the Meta Pixel to measure the effectiveness of our advertising campaigns and to understand user behavior. This may set cookies on your device. You can manage your ad preferences at facebook.com/settings.

Google Tag Manager & Google Ads

We use Google Tag Manager to manage analytics and advertising tags, and Google Ads to track conversions from our advertising. Google's privacy policy governs this data: policies.google.com/privacy.

Vercel

Our website and application are hosted on Vercel. Vercel may process your IP address and request data in the course of serving our application. See vercel.com/legal/privacy-policy.

• Account data: Retained while your account is active and for 90 days following account deletion, after which it is permanently deleted from our systems.
• Transaction and financial records: Retained for 7 years from the date of the transaction to comply with financial and tax record-keeping obligations.
• Attendee data: Retained for the duration of the associated event and for 2 years thereafter, unless the organizer requests earlier deletion.
• Usage and analytics data: Retained per the applicable third-party provider's retention policies (typically 14–26 months for Google Analytics).

You may request deletion of your personal data at any time by contacting us at the address below. We will honor deletion requests within 30 days, subject to legal retention obligations.

GDPR Rights (European Economic Area & UK Users)

If you are located in the EEA or UK, you have the following rights under the General Data Protection Regulation:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Correct any inaccurate or incomplete data we hold about you.
• Right to erasure ("right to be forgotten"): Request deletion of your personal data, subject to our legal obligations.
• Right to restriction: Ask us to restrict how we process your data in certain circumstances.
• Right to data portability: Receive your data in a structured, machine-readable format.
• Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email us at janmaciejewski470@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

CCPA Rights (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

• Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months.
• Right to delete: Request deletion of your personal information, subject to certain exceptions.
• Right to opt out of sale: PayEve does not sell your personal information to third parties. You do not need to opt out.
• Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.

California residents may submit requests by emailing janmaciejewski470@gmail.com with the subject line "CCPA Request".

PayEve uses cookies and similar tracking technologies for the following purposes:

Strictly Necessary Cookies

These cookies are required for the Service to function. They include authentication tokens that keep you logged in. You cannot opt out of these cookies while using the Service.

Analytics Cookies

We use Google Analytics and Meta Pixel cookies to understand how users interact with our website. These cookies are set only with your consent where required by applicable law (e.g., in the EEA via our Consent Management Platform).

Advertising Cookies

Google Ads and Meta Pixel may set cookies to measure ad conversions and, where applicable, to enable targeted advertising. These are managed through our Consent Management Platform (Usercentrics).

Managing Cookies

You can control and delete cookies through your browser settings. Please note that disabling cookies may affect the functionality of PayEve. You can also manage your preferences via our cookie consent banner.

PayEve is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13 without verifiable parental consent, we will take steps to delete that information promptly.

If you believe we may have inadvertently collected information from a child under 13, please contact us immediately at janmaciejewski470@gmail.com.

We take the security of your data seriously and implement appropriate technical and organizational measures to protect it, including:

• TLS/SSL encryption for all data transmitted between your browser and our servers
• Bcrypt hashing for all stored passwords
• JWT-based authentication with short-lived tokens and token revocation on logout
• Rate limiting on authentication endpoints to prevent brute-force attacks
• Strict CORS policies limiting API access to our frontend only

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

PayEve is operated from the United States. If you are accessing the Service from the European Economic Area, United Kingdom, or other regions with data protection laws, your information may be transferred to and processed in the United States or other countries.

Where such transfers occur from the EEA or UK, we rely on appropriate legal mechanisms, including Standard Contractual Clauses where applicable, to ensure your data receives adequate protection.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

• Update the "Effective date" at the top of this page
• Send a notification email to registered account holders
• Display a prominent notice on the PayEve website

Your continued use of PayEve after the effective date of any updated Privacy Policy constitutes your acceptance of the revised policy. We encourage you to review this page periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: