Privacy Policy

Last updated: March 5, 2026

PayoutDash (operated by DanonLabs) ("we", "us", or "our") operates payoutdash.com. This Privacy Policy explains what information we collect when you use our service, how we use it, and the choices you have. We keep it plain and honest — no legalese designed to confuse.

1. Information We Collect

We only collect what we need to run the service.

  • Account data. Name and email address provided when you sign up via Google OAuth.
  • Payment platform API keys. Keys you enter to connect Stripe, PayPal, Paddle, or Payoneer. These are encrypted with industry-standard encryption before being stored in our secure database. We never store them in plaintext.
  • Payment analytics data. Transaction records, revenue figures, and payout statuses pulled via read-only API scopes from your connected platforms. We access this data solely to display it back to you.
  • Usage data. Pages visited, features used, and general interaction patterns. Collected anonymously through our analytics service.
  • Log data. Standard server logs including IP address, browser type, and timestamps. Used for security and abuse prevention. Retained for 30 days.

2. Payment Platform Data Handling

When you connect a payment platform, here is exactly what happens:

  • Stripe. We use your API key to fetch balance, transactions, and payout data via the platform's official API. We request read-only access. Your Stripe secret key is encrypted using industry-standard encryption and stored in our secure database. We never initiate charges or transfers on your behalf.
  • PayPal. We connect using your Client ID and Secret via the platform's official API. We fetch transaction history and balance information only. Credentials are encrypted before storage.
  • Paddle. We use your Paddle API key to retrieve subscription, transaction, and revenue data. Paddle also sends webhook events (payment failures, cancellations) to our secure endpoint.
  • Payoneer. We connect via your Payoneer API credentials to read balance and payment history. All credentials are encrypted at rest.

We use read-only API scopes wherever the platform supports it. We never write data to or initiate actions on your payment accounts.

3. API Key Encryption

All payment platform API keys are encrypted using industry-standard encryption — the same approach used in banking and government systems. Each key gets a unique random initialization vector (IV) before encryption. The encrypted data and IV are stored together in our secure database. The encryption key itself is stored as an environment variable on our server infrastructure, never in the database. This means even if someone gained read access to our database, they would not be able to decrypt your API keys without the separate encryption key.

4. How We Use Your Information

  • To authenticate you and manage your account
  • To display your unified payment analytics dashboard
  • To generate exports (CSV, PDF, Excel) that you request
  • To send transactional emails (plan expiry reminders, account deletion confirmations)
  • To enforce plan limits and subscription status
  • To prevent abuse (rate limiting, disposable email blocking)
  • To improve the product using anonymized usage data

We do not use your data for advertising. We do not sell your data. We do not share your data with third parties except as described in this policy.

5. Data Sharing

We share your data only with trusted service partners necessary to operate PayoutDash, including authentication, hosting, email delivery, and payment processing. These partners are contractually required to protect your data and may not use it for any other purpose. We do not sell or rent your personal information to any third party.

6. Cookies

We use essential cookies for authentication and optional analytics cookies with your consent. For full details, see our Cookie Policy. We implement Google Consent Mode v2 — analytics tracking activates only after you explicitly accept.

7. Data Retention

We retain your account data for as long as your account is active. Transaction data synced from payment platforms is retained according to your plan (30 days for Free, full history for Pro and Enterprise). Server logs are deleted after 30 days. When you delete your account, all personal data is permanently and irreversibly removed from our systems within 24 hours.

8. Your Rights Under GDPR

If you are in the European Economic Area (EEA) or United Kingdom, you have the following rights under the General Data Protection Regulation:

  • Right of Access. You can request a copy of all personal data we hold about you.
  • Right to Rectification. You can correct inaccurate data by updating your profile in Settings.
  • Right to Erasure (Right to Be Forgotten). You can request deletion of all your personal data. Go to Settings → Data & Privacy → Delete Account, or email us at support@payoutdash.com. We process all deletion requests within 24 hours.
  • Right to Data Portability (Article 20). You can download all your personal data in machine-readable format. Go to Settings → Data & Privacy → Download My Data. The export includes your profile, connected platforms, transaction history, and preferences.
  • Right to Restriction. You can request that we limit how we process your data while a dispute is resolved.
  • Right to Object. You can object to processing of your data for analytics or marketing purposes.

To exercise any of these rights, email support@payoutdash.com. We respond to all requests within 30 days.

9. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) gives you specific rights over your personal information.

What information we collect

In the past 12 months, we have collected the following categories of personal information: identifiers (name, email, IP address), commercial information (subscription status, payment platform data), and internet activity information (usage analytics).

Your rights under CCPA

  • Right to Know. Request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete. Request deletion of personal information we have collected from you.
  • Right to Opt Out. Opt out of the sale of your personal information. We want to be clear: we do not sell your personal information, and we never have.
  • Right to Non-Discrimination. We will not discriminate against you for exercising these rights.

To exercise your CCPA rights, email support@payoutdash.com or use the "Do Not Sell My Personal Information" link in our footer.

10. Children's Privacy

PayoutDash is not intended for children under 13. We do not knowingly collect personal information from anyone under 13. If we discover that we have inadvertently collected such information, we will delete it immediately.

11. Security

We take data security seriously. Our measures include industry-standard encryption for all API keys, TLS encryption for all data in transit, row-level security in our database, rate limiting and brute-force protection, and regular security monitoring. No system is 100% secure, but we work hard to stay ahead of threats.

12. Changes to This Policy

We will notify you of significant changes to this policy by email and by updating the "Last updated" date above. Continued use of PayoutDash after changes take effect constitutes acceptance of the revised policy.

13. Contact

For any privacy-related questions, requests, or concerns, contact us at support@payoutdash.com. We aim to respond within 2 business days.