Legal

Privacy Policy

PayPapi ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights under the General Data Protection Regulation (GDPR) and applicable EU data protection law.

1. Who We Are (Data Controller)

PayPapi is the data controller for personal data processed through the paypapi.io platform and related services.

2. Data We Collect

2.1 Data you provide directly

2.2 Data we collect automatically

2.3 Data from third parties

3. Anonymous Usage Data (Opt-in)

With your explicit consent, PayPapi may collect anonymous, aggregated usage data. This includes your total monthly and annual subscription spend (a single number) and the number of subscriptions per category (Streaming, Software, Cloud, Music, Other). We never collect the name of any specific service, individual subscription amounts, or any information that could identify you.

This is entirely optional, enabled only if you choose to participate in onboarding or Settings, and can be disabled at any time. This data is used solely for product improvement and is never sold to third parties.

4. Why We Process Your Data (Legal Bases)

We rely on the following GDPR legal bases for processing your personal data:

5. How Long We Keep Your Data

We retain personal data only as long as necessary for the purposes described in this policy:

6. Who We Share Your Data With

We do not sell your personal data. We share data only with the following categories of recipients:

5.1 Service providers (data processors)

All processors are bound by Data Processing Agreements and may only process your data on our documented instructions.

5.2 Legal and regulatory disclosure

We may disclose personal data to law enforcement, courts, or regulators where required by applicable EU or member state law, or to protect the rights, safety, or property of PayPapi or its users.

5.3 Business transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity, subject to equivalent data protection obligations.

7. International Data Transfers

We primarily process data within the European Economic Area (EEA). Where data is transferred outside the EEA (e.g. to US-based service providers), we ensure appropriate safeguards are in place, including:

You may request a copy of the relevant transfer mechanisms by contacting support@paypapi.io.

8. Your Rights Under GDPR

A list of EU supervisory authorities is available at edpb.europa.eu. We will not discriminate against you for exercising any of these rights.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, inform affected users without undue delay.

10. Children's Privacy

The PayPapi Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at support@paypapi.io and we will delete it promptly.

11. Cookies

We use cookies and similar tracking technologies as described in our Cookie Policy. You can manage your cookie preferences at any time via the cookie settings panel on our website.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email at least 30 days before they take effect. The "Last updated" date at the top of this document indicates the most recent revision.

13. Contact and Complaints

For any privacy-related queries or to exercise your rights, contact our Data Protection Officer:

If you are not satisfied with our response, you have the right to lodge a complaint with your national data protection authority. In Romania, this is the ANSPDCP (dataprotection.ro).