Privacy Policy
Last updated: April 1, 2026
PayCores ("we", "our", "us") is committed to protecting the privacy of Merchants and Customers who use our payment processing service. This Privacy Policy explains how we collect, use, and protect your information.
1. Information We Collect
We collect different types of information depending on your role:
| Data Type | Merchants | Customers |
|---|---|---|
| Business name & contact | Yes | No |
| API credentials | Yes | No |
| Email address | Yes | When provided at checkout |
| Payment method details | No | Processed by payment provider, not stored by us |
| Transaction records | Yes | Yes |
| IP address | Yes | Yes |
| Device / browser info | No | Collected for fraud prevention |
2. How We Use Your Information
We use collected information for the following purposes:
- Payment processing: To create, process, and settle payment transactions
- Fraud prevention: To detect and prevent fraudulent or unauthorized transactions
- Service operation: To maintain, monitor, and improve the reliability of our Service
- Communication: To send transaction confirmations, webhook notifications, and service updates
- Legal compliance: To comply with applicable laws, regulations, and legal processes
- Dispute resolution: To provide transaction evidence for chargebacks and refund disputes
3. Information Sharing
We share information only in the following circumstances:
- Payment processors: Transaction details are shared with the underlying licensed payment provider selected by the Customer at checkout (e.g., the card acquirer, wallet provider, or local-rail processor handling that specific transaction)
- Merchants: Transaction confirmations including order ID, amount, and payment status are sent to the Merchant via signed webhooks
- Legal requirements: We may disclose information when required by law, subpoena, or government request
- Fraud prevention: We may share information with payment networks to investigate suspected fraud
We do not sell, rent, or trade personal information to third parties for marketing purposes.
4. Data Security
We implement multiple layers of security to protect your data:
- All data in transit is encrypted using TLS 1.3
- API communications are authenticated with HMAC-SHA256 signatures
- We do not store credit card numbers or sensitive payment credentials
- Our infrastructure is protected by Cloudflare WAF and DDoS mitigation
- Access to production systems is restricted and logged
- Database connections are encrypted and access-controlled
5. Data Retention
We retain transaction records for the period required by applicable financial regulations, typically a minimum of 5 years. Checkout session data (tokens, temporary order states) is retained for up to 90 days after the transaction completes or expires.
Merchant account data is retained for the duration of the service relationship and for a reasonable period thereafter for legal and accounting purposes.
6. Cookies
The PayCores checkout page uses only essential cookies required for the payment session to function. We do not use tracking cookies, advertising cookies, or third-party analytics on our checkout pages.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate personal data
- Deletion: Request deletion of your personal data, subject to legal retention requirements
- Portability: Request your data in a structured, machine-readable format
- Objection: Object to processing of your personal data in certain circumstances
To exercise any of these rights, contact us at [email protected].
8. International Data Transfers
PayCores operates infrastructure in the United States. If you are located outside the United States, your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.
9. Children's Privacy
The PayCores Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will take steps to delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through our website or direct notification to Merchants. The "Last updated" date at the top of this page indicates when the policy was last revised.
11. Contact Us
For privacy-related inquiries:
- Email: [email protected]
- General inquiries: [email protected]