← Back to homePrivacy Policy
Last updated: March 22, 2026. This policy describes how AI Payment Proxy collects, uses, and protects your information.
1. Information We Collect
We collect the following categories of information:
Account Information
- • Name and email address provided at registration
- • Authentication credentials (passwords are hashed and never stored in plain text)
- • OAuth tokens if you sign up via GitHub or Google
Financial Information
- • Prepaid balance and transaction history on our platform
- • Bank account details if you connect via Stripe Financial Connections (stored by Stripe, not us)
- • Virtual card usage records (card IDs, labels, limits, status — never full card numbers)
- • API key prefix for display purposes (full key is stored only as a SHA-256 hash)
Usage Information
- • API call logs including timestamps and response codes
- • Dashboard activity and feature usage
- • IP address and browser information for security purposes
2. How We Use Your Information
- • To provide and operate the virtual card issuance service
- • To process payments and manage your prepaid balance
- • To detect and prevent fraud and unauthorized access
- • To communicate with you about your account, transactions, and service updates
- • To comply with legal obligations including anti-money laundering (AML) requirements
- • To improve our Service based on aggregated, anonymized usage patterns
We do not sell your personal or financial data to third parties. We do not use your data for advertising purposes.
3. Third-Party Services
We share data with the following third parties solely to provide our Service:
- • Stripe, Inc. — payment processing, card issuance, and bank connectivity. Stripe stores your payment method details and bank account information. Stripe's Privacy Policy applies to data they process. Stripe is PCI-DSS Level 1 certified.
- • Supabase — database and authentication infrastructure hosted in the United States
- • Vercel — application hosting and content delivery
- • Resend — transactional email delivery
We may disclose your information to law enforcement or regulatory authorities when required by law, valid legal process, or to protect the rights and safety of our users and the public.
4. Financial Data Security
- • Full virtual card numbers (PAN) are never stored on our servers — they are retrieved directly from Stripe and passed to you
- • API keys are stored as SHA-256 hashes — we cannot recover your original key
- • All data is encrypted in transit using TLS 1.2 or higher
- • Database access is restricted to authenticated services only
- • We do not store CVV or card PIN numbers
- • Payment processing is handled by Stripe, a PCI-DSS Level 1 certified provider
5. Data Retention
- • Account information is retained for the duration of your account plus 7 years for financial compliance purposes
- • Transaction records are retained for 7 years as required by financial regulations
- • API call logs are retained for 90 days
- • Deleted accounts have personal information removed within 30 days, except where retention is required by law
6. Your Rights and Choices
- • Access: Request a copy of the personal data we hold about you
- • Correction: Request correction of inaccurate personal data
- • Deletion: Request deletion of your account and personal data, subject to legal retention requirements
- • Portability: Request an export of your transaction history in CSV format
- • Bank disconnection: Disconnect your bank account at any time through your dashboard settings
- • API key rotation: Rotate your API key at any time through your dashboard settings
California residents have additional rights under the CCPA including the right to know, delete, and opt-out of sale of personal information. We do not sell personal information. To exercise your rights contact privacy@aipaymentproxy.com.
7. Cookies and Tracking
We use only essential cookies required for authentication and session management. We do not use advertising cookies, third-party tracking pixels, or behavioral analytics tools. We do not use Google Analytics or similar services.
8. Children's Privacy
Our Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, contact us immediately at privacy@aipaymentproxy.com.
9. International Users
Our Service is operated in the United States. If you access our Service from outside the United States, your information will be transferred to and processed in the United States. By using our Service you consent to this transfer. We do not currently serve users in the European Union or United Kingdom and do not represent compliance with GDPR or UK GDPR.
10. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email or dashboard notification at least 14 days before they take effect. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.
11. Contact Us
For privacy questions, data requests, or to report a security concern contact us at privacy@aipaymentproxy.com. We will respond within 30 days.
AI Payment Proxy — Business Management Company LLC. This privacy policy applies to aipaymentproxy.com and all related services.