PayPolka

Last updated: April 8, 2026

Privacy Policy

Your privacy matters. This policy explains what data we collect, why we collect it, and how we handle it. The short version: we collect as little as possible and we never sell your data.

1. What We Collect and Why

Identity & Access

When you sign up for PayPolka, we collect your name and email address. Authentication is handled by Clerk, a third-party identity provider. We use this information solely to operate your account, send you invoices-related notifications, and communicate with you about the Service.

Billing Information

Your payment details are submitted directly to our payment processor. We do not store your full credit card number. We retain only the last four digits and billing address for invoice and fraud-prevention purposes.

Your Content

We store the data you enter into the Service — clients, invoices, projects, time entries, expenses, and business information. This data is stored in your own isolated database. We do not access, view, share, or analyze your content except as described in this policy.

Log Data

When you use the Service, our servers automatically record information including your IP address, browser type, and pages visited. This data is used for security, debugging, and maintaining the Service. We do not use this data for advertising or tracking purposes.

Cookies

We use essential cookies to keep you signed in and remember your preferences. We do not use third-party advertising cookies. We do not track you across other websites.

2. When We Access Your Information

No PayPolka employee looks at your content unless:

  • You ask us to. If you contact support and ask us to help debug an issue with your account, we may access your data with your explicit permission.
  • To fix a bug. If we discover an error affecting your data, we may access it to diagnose and resolve the issue.
  • As required by law. We will comply with valid legal requests (warrants, subpoenas, court orders). We will notify you of such requests unless legally prohibited from doing so.

3. When We Share Your Information

We never sell your personal data. We share information only in the following circumstances:

  • Service providers. We use third-party services to operate PayPolka, including Clerk (authentication), Turso (database hosting), Vercel (application hosting), Stripe (payment processing), and Resend (email delivery). These providers process data only as necessary to provide their services to us.
  • Your Stripe account. When you connect your Stripe account and send invoices, your client's payment is processed through your own Stripe account. We facilitate this connection but are not a party to those transactions.
  • Your clients. When you send an invoice, the recipient sees the invoice details you created (your business info, line items, amounts). This is by your design and direction.
  • Legal compliance. If compelled by valid legal process, as described above.
  • Business transfer. If PayPolka is acquired or merged, we will notify you before your data is transferred and becomes subject to a different privacy policy.

4. Data Security

We take security seriously. Measures we employ include:

  • All data is transmitted over HTTPS (TLS encryption in transit).
  • Each tenant's data is stored in its own isolated database — your data is never co-mingled with other users' data.
  • Sensitive credentials (such as your Stripe API keys) are encrypted at rest using AES-256-GCM encryption.
  • Authentication is handled by Clerk with industry-standard security practices.
  • We review and update our security practices regularly.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

5. Data Retention and Deletion

We retain your data for as long as your account is active. When you cancel your account:

  • Your data becomes inaccessible immediately upon cancellation.
  • All data is permanently deleted from active systems within 30 days.
  • All data is permanently deleted from backups within 60 days.

If you wish to export your data before canceling, you may do so from within the application.

6. Your Rights

Regardless of where you are located, we extend the following rights to all PayPolka users:

  • Right to know. You have the right to know what personal data we collect and how we use it.
  • Right to access. You can access all your data within the application at any time.
  • Right to correction. You can update your personal information at any time through your account settings.
  • Right to deletion. You can delete your account and all associated data at any time. You may also contact us to request deletion.
  • Right to portability. You can export your data from the application in standard formats.
  • Right to complain. If you believe your data rights have been violated, you may file a complaint with your local data protection authority.

To exercise any of these rights, contact us at support@paypolka.com.

7. Children's Privacy

PayPolka is not intended for use by children under the age of 16. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

8. International Data

PayPolka is operated from the United States. If you are located outside the United States, please be aware that your data will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will update the date at the top of this page and notify you by email where practical. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

10. Contact

Questions about this policy or your data? Contact us at support@paypolka.com.