Privacy Policy

How we collect, use, and protect your data.

Last updated: February 26, 2026

1. Introduction

PayLock Pro OU ("we", "us", "our"), a company registered in Estonia (European Union), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our loan management platform, mobile applications, and website (collectively, the "Service").

We comply with the General Data Protection Regulation (GDPR - Regulation (EU) 2016/679) and the Estonian Personal Data Protection Act (Isikuandmete kaitse seadus).

2. Data Controller

The data controller for the purposes of GDPR is:

PayLock Pro OU
Tallinn, Harju County, Estonia
Email: support@paylock.pro

3. Information We Collect

3.1 Information You Provide

  • Account Information: Name, email address, username, password, business details.
  • Client Data: Client names, phone numbers, addresses, loan details, payment records (entered by you as the platform administrator).
  • Payment Information: Billing details processed securely through Stripe. We do not store full credit card numbers.
  • Communications: Messages sent through our contact form, support tickets, or email.

3.2 Information Collected Automatically

  • Device Information: Device model, operating system, unique device identifiers (for client app devices under administration).
  • Location Data: GPS coordinates collected from client devices at regular intervals (when background location tracking is enabled by the administrator).
  • Usage Data: Login times, features used, API call patterns.
  • Push Notification Tokens: Required for delivering notifications to mobile devices.

4. How We Use Your Information

  • To provide and maintain the Service, including device management, payment tracking, and analytics.
  • To process transactions and send billing notifications.
  • To send push notifications, SMS, email, or Telegram reminders as configured by the administrator.
  • To track device location for compliance monitoring (as authorized by the administrator and disclosed to the end user).
  • To generate reports and analytics for your business operations.
  • To improve and develop new features for the Service.
  • To comply with legal obligations under Estonian and EU law.

5. Legal Basis for Processing (GDPR Article 6)

  • Contract Performance: Processing necessary to fulfill our service agreement with you.
  • Legitimate Interest: Analytics, fraud prevention, and service improvement.
  • Consent: Marketing communications and optional data collection features.
  • Legal Obligation: Compliance with Estonian tax and business regulations.

6. Data Sharing & Third Parties

We may share data with the following categories of third parties:

  • Cloud Infrastructure: MongoDB Atlas (database hosting) - EU region.
  • Payment Processing: Stripe Inc. - PCI DSS compliant.
  • Email Delivery: Resend - for transactional emails.
  • Push Notifications: Expo (expo.dev) - for mobile push delivery.
  • File Storage: Google Drive - for backup functionality (user-initiated).
  • Messaging: Telegram Bot API, WhatsApp Business API - for sending reminders.

We do not sell personal data to third parties.

7. Data Retention

We retain your data for the duration of your account plus 5 years for legal and audit purposes, in accordance with Estonian business record-keeping requirements. Location history data is retained for a maximum of 30 days unless otherwise configured.

8. Your Rights (GDPR Articles 15-22)

As an EU data subject, you have the right to:

  • Access: Request a copy of your personal data.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of your data ("right to be forgotten").
  • Restriction: Limit processing of your data.
  • Portability: Receive your data in a machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Automated Decisions: Not be subject to solely automated decision-making.

To exercise these rights, contact us at support@paylock.pro. We will respond within 30 days.

9. Data Security

We implement industry-standard security measures including AES-256 encryption, TLS 1.3 for data in transit, role-based access control, and regular security audits. Our infrastructure is hosted in EU data centers with SOC 2 Type II certification.

10. International Data Transfers

Data is primarily processed within the EU. Where transfers outside the EU are necessary (e.g., certain third-party services), we ensure appropriate safeguards are in place through Standard Contractual Clauses (SCCs) or adequacy decisions.

11. Cookies

Our website uses essential cookies for authentication and session management. We do not use tracking or advertising cookies.

12. Children's Privacy

Our Service is not intended for individuals under 18. We do not knowingly collect data from minors.

13. Changes to This Policy

We may update this Privacy Policy periodically. Significant changes will be communicated via email or in-app notification. Continued use of the Service after changes constitutes acceptance.

14. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to file a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon): www.aki.ee.

15. Contact

For privacy-related inquiries:
PayLock Pro OU
Email: support@paylock.pro
Tallinn, Estonia, EU