Privacy Policy

Last updated: March 3, 2026

1. Introduction

PayProof ("we", "us", "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SaaS platform.

PayProof is operated from Belgium and complies with the General Data Protection Regulation (GDPR), Regulation (EU) 2016/679.

2. Data Controller

PayProof BV, Brussels, Belgium is the data controller for the processing of personal data collected through our website and platform. For company-specific employee data, your employer acts as the data controller and PayProof acts as the data processor.

3. Data We Collect

3.1 Account Data

When you register, we collect: name, email address, password (hashed), company name, VAT number, country, and language preference.

3.2 Employee Data (as Data Processor)

When your company uses PayProof, you may upload employee data including: names, employee numbers, gender, birth year, job grades, and compensation data. This data is processed on behalf of your company.

3.3 Usage Data

We automatically collect: IP address, browser type, pages visited, features used, and timestamps. This data is used for analytics and service improvement.

3.4 Payment Data

Payment information is processed by our payment provider Mollie. We do not store credit card numbers or bank account details on our servers.

4. How We Use Your Data

  • To provide and maintain our service
  • To process payments and manage subscriptions
  • To send transactional emails (account confirmation, password resets, etc.)
  • To send marketing communications (with your consent)
  • To comply with legal obligations
  • To detect and prevent fraud

5. Legal Basis for Processing

  • Contract performance — Processing your account and subscription data
  • Legitimate interest — Analytics, security, and service improvement
  • Consent — Marketing communications and cookies
  • Legal obligation — Tax and accounting records

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • AES-256-CBC encryption for sensitive data at rest
  • TLS 1.3 encryption for data in transit
  • Two-factor authentication support
  • Role-based access controls
  • Regular security audits
  • Company-level data isolation

7. Data Retention

We retain your data for as long as your account is active. After account deletion, personal data is anonymized within 30 days. Audit logs are retained for 7 years as required by Belgian accounting law. Backups are purged within 90 days.

8. Your Rights Under GDPR

You have the right to:

  • Access — Request a copy of your personal data
  • Rectification — Correct inaccurate personal data
  • Erasure — Request deletion of your personal data
  • Restriction — Restrict processing of your data
  • Portability — Receive your data in a structured format
  • Objection — Object to processing based on legitimate interest

To exercise these rights, use the GDPR tools in your account settings or contact us at privacy@payproof.eu.

9. Third-Party Services

We use the following third-party services that may process your data:

  • Mollie — Payment processing (Netherlands)
  • Meilisearch — Search functionality (self-hosted)

10. International Transfers

All data is stored and processed within the European Economic Area (EEA). We do not transfer personal data outside the EEA.

11. Children's Privacy

PayProof is a B2B service and is not intended for use by individuals under 16 years of age.

12. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or in-app notification.

13. Contact

For privacy-related inquiries:
PayProof BV
Brussels, Belgium
privacy@payproof.eu

You have the right to lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit) at www.gegevensbeschermingsautoriteit.be.