PayLinker

Data protection & GDPR

PayLinker privacy policy

This privacy policy explains how PayLinker processes personal data when providing its payment‑link sending service and transaction tracking. It applies to professional users and, where relevant, to individuals whose data is processed through the Service (end recipients of payment links).

PayLinker primarily acts as a data controller for user accounts and the marketing website, and as a processor for certain data handled on behalf of its professional customers. Payment flows are operated by Stripe as a payment service provider under its own responsibility.

1. Data controller identity

The data controller for the operation of the Service and the marketing website is:

Nicolas MARTIN, Publisher of the PayLinker service, 93 Avenue Georges Clémenceau, 34500 Béziers, France.
For any question regarding data protection, you can contact us at:
contact@paylinker.fr

2. Categories of personal data collected

Depending on the situation, PayLinker may process the following categories of data:

  • Business customer identification data : first name, last name, company name, business registration number, postal address, email address, phone number.
  • Account data : login identifiers, account settings, login history, preferences, and permissions for authorized users.
  • End recipient data : (your customers): provided name/label, phone number, and possibly email address or other information entered by the business customer when sending a payment link.
  • Transaction data : amounts, currencies, dates, payment status, technical references, payment link history, generated receipts.
  • Browsing data and technical logs : IP address, technical identifiers (device, browser), connection traces, application logs required for security and proper operation of the Service.

Card data is not stored by PayLinker: it is collected and processed directly by Stripe through secure payment pages.

3. Purposes and legal bases

PayLinker processes data for the following purposes:

  • Providing the Service : account creation and management, payment link generation, SMS/email sending, payment tracking, receipt generation. Legal basis: performance of a contract.
  • Billing and accounting : invoice issuance, subscription and usage payment tracking. Legal basis: legal obligation and performance of a contract.
  • Security and fraud prevention : log management, detection of abnormal or abusive use, improvement of technical protections. Legal basis: legitimate interest.
  • Customer support and communications : responding to support requests, sending Service‑related information (updates, incidents, contractual updates). Legal basis: performance of a contract and legitimate interest.
  • Service improvement and statistics : aggregated and anonymized usage analysis to improve usability, performance, and features. Legal basis: legitimate interest.

4. PayLinker’s role (controller / processor)

For customer account management, billing, platform security and website browsing, PayLinker acts as a data controller.

For certain data related to end recipients (your customers) processed on the business customer’s instructions (e.g., sending links to a provided phone number, tracking payment status), PayLinker acts as a processor within the meaning of the GDPR. The business customer remains responsible for informing its own customers and for the legal basis of the processing it carries out via PayLinker.

5. Data recipients

Data is accessible only to authorized persons, within the scope of their duties:

  • PayLinker internal teams (support, technical, billing);
  • technical subcontractors (hosting, SMS providers, monitoring tools);
  • Stripe, as payment service provider, for transaction processing;
  • where applicable, competent administrative or judicial authorities as required by law.

PayLinker does not sell personal data to third parties.

6. Transfers outside the European Union

Data is mainly hosted in the European Economic Area (EEA), in particular via OVHcloud. Some subprocessors (for example Stripe or monitoring tools) may involve transfers outside the EEA.

In such cases, PayLinker ensures that transfers are governed by appropriate safeguards (Standard Contractual Clauses, supplementary measures, etc.) in accordance with GDPR requirements.

7. Retention periods

Data is retained for periods limited to the purposes pursued and PayLinker’s legal obligations. Indicatively:

  • Account and billing data: for the duration of the contractual relationship, then archived for the statutory accounting and tax retention period (generally 5 to 10 years).
  • Technical and security logs: from a few months up to 2 years maximum, depending on the purpose (security, fraud prevention, incident diagnosis).
  • End recipient data: for the time needed to manage the payment link, then limited archiving if evidence is needed in case of dispute or legal obligation.

8. Cookies and trackers

The website may use essential technical cookies as well as audience measurement tools and, where applicable, performance trackers. Details about cookies, their purposes and settings are available on the dedicated “Cookies” page.

9. Data security

PayLinker implements reasonable technical and organizational measures to protect data against loss, unauthorized access, disclosure or destruction (access controls, logging, encryption of certain communications, backups, etc.).

Despite these measures, no system is entirely risk‑free. By using the Service, business customers agree to:

  • keep their credentials and passwords confidential;
  • restrict account access to authorized and trained persons only;
  • inform PayLinker as soon as possible in case of suspected unauthorized access.

10. Data subject rights

In accordance with the GDPR and applicable laws, data subjects have the following rights, under the conditions provided by law:

  • right of access;
  • right to rectification of inaccurate or incomplete data;
  • right to erasure in cases provided by law;
  • right to restriction of processing;
  • right to object, based on reasons relating to their particular situation;
  • right to data portability, when processing is based on consent or a contract.

These rights can be exercised by writing to contact@paylinker.fr. Proof of identity may be requested if there is a reasonable doubt about the requester’s identity.

Data subjects also have the right to lodge a complaint with the competent supervisory authority (in France: the CNIL).

11. Respective responsibilities

The business customer is responsible for:

  • informing its own customers about the data processing it carries out;
  • choosing the appropriate legal bases for its processing;
  • the content of messages and amounts entered in PayLinker;
  • compliance with its legal obligations relating to marketing and customer relationship management.

PayLinker cannot be held liable for how customers use the platform, nor for the processing they perform independently as separate data controllers.

12. Changes to this privacy policy

PayLinker may update this privacy policy at any time to reflect changes to the Service or legal requirements. The applicable version is the one published on this page at the time of consultation. In the event of a material change, specific notice may be sent via the application or email.

Last updated: Décembre 2025. You are invited to check this page regularly to stay informed of any updates.