Paidloop

Privacy Policy

Last updated 31 May 2026

This policy explains how Paidloop ("we") handles personal data. We act as a data processorfor the customer and invoice data you connect, and as a data controller for your own account information. We are GDPR- and Privacy-Act-aware and apply these principles to all users.

Data we collect

  • Account data: your name, email, hashed password, and business profile.
  • Connected data: invoices, customers, and payment status synced from Xero, QuickBooks or Stripe.
  • Communications data: reminders sent, delivery/open events, call outcomes, transcripts and recordings.
  • Usage data: logs and metrics needed to operate and secure the service.

How we use it

Solely to provide the service: importing invoices, sending reminders on your behalf, processing payments status, and producing your analytics. We do not sell personal data, and we do not use your customers' data to train third-party models.

Security

  • Integration OAuth tokens are encrypted at rest using AES-256-GCM; we request least-privilege scopes.
  • Passwords are hashed (bcrypt). Sessions use secure, http-only cookies.
  • Multi-tenant isolation: each account can only ever access its own data.
  • Transport is encrypted (TLS). Access to production systems is restricted and audited.

Sub-processors

We use trusted providers to deliver the service: Neon (database), Vercel (hosting), Stripe (billing & payments), Resend (email), Telnyx (SMS & numbers), Retell AI (voice), and Inngest (background jobs). Each processes data only as needed to perform its function.

Voice recordings

AI voice calls may be recorded for quality and record-keeping, and the recipient is told so at the start of the call. Recordings and transcripts are retained only as long as needed for reconciliation and compliance, then deleted.

Your rights

You (and your customers, via you) may request access, correction, export, or deletion of personal data. Recipients can opt out of contact at any time, and we honour it across every channel. To exercise any right, contact support@paidloop.app.

Retention & deletion

We retain data for as long as your account is active. On account closure we delete or anonymise personal data within a reasonable period, except where we must retain records to meet legal or compliance obligations.

Questions? Contact us at support@paidloop.app.