Privacy Policy | PayGuard Approvals

This Privacy Policy explains what data we collect, why we collect it, and what choices you have.

1) What we collect

Account data

Name and email address
Role (admin / requester / approver / auditor)
Firm and client entity names (if using Firm Mode)

Approval and request data

Vendor name and request details (amount, due date, purpose)
Approval status and timestamps

Audit evidence

IP address at time of approval
Device/browser user-agent
Event logs for actions taken

Receipt data

PDF approval receipts
Receipt metadata and SHA-256 hash

2) Why we collect data

To operate the service (create requests, route approvals, send emails)
To provide audit logs and receipts
To detect suspicious changes (e.g., bank detail changes)
To prevent abuse and secure the service

3) Sharing of data

We do not sell your data. We may share data with service providers who help us run the service (hosting, database, email delivery). These providers only process data to provide their services to us.

4) Data retention

We keep data for as long as needed to provide the service, maintain audit trails, comply with legal obligations, and resolve disputes. You may request deletion of certain data where permitted by law.

5) Security

We use reasonable security measures, including role-based access controls, single-use approval links with expiry, HTTPS for data transmission, and hashed receipt fingerprints.

6) Your rights

Depending on your location, you may have rights to access, correct, delete, or export your data. Contact privacy@payguard.app to exercise these rights.

7) Contact

Privacy questions: privacy@payguard.app
General support: support@payguard.app

For the full, detailed Privacy Policy, see legal/privacy.md in the documentation.