Skip to content

Privacy Policy

Last updated May 28, 2026

Placeholder policy for review by counsel — not legal advice. Replace before launch.

1. Overview

This policy explains how Kurepay, Inc. (“Kurepay”) handles information when you use our website and platform. We act as a processor of your clients’ data on your behalf and as a controller of your own account data.

2. Information we collect

  • Account data — names, work emails, and business details you provide.
  • Client & billing data — information you enter or import to bill and collect (handled on your behalf).
  • Payment data — card and bank details are tokenized by our processors; we do not store full card numbers.
  • Usage data — logs, device, and analytics needed to operate and secure the Services.

3. How we use information

To provide and improve the Services, process payments, send transactional communications, prevent fraud and abuse, and comply with legal obligations. We do not sell personal information.

4. Payment & card data

Cardholder data is captured client-side and tokenized by the payment processor under your credentials (PCI SAQ-A scope). Sensitive card data does not transit or rest on our servers.

5. Sharing

We share information with subprocessors that help us run the Services (hosting, payments, email, SMS, error monitoring), each bound by appropriate obligations. We may disclose information where required by law.

6. Security

We use encryption in transit and at rest, per-business credential isolation, envelope encryption for processor secrets, and append-only audit logging. No system is perfectly secure, but security is a first-order concern.

7. Retention

We retain data for as long as your account is active and as needed for legal, accounting, and dispute-resolution purposes, then delete or anonymize it.

8. Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or export personal information. Contact us to exercise them.

9. Contact

Privacy questions? Email support@kurepay.com.