Privacy Policy

1. Introduction

Welcome to ExtensionPay ("we", "our", or "us"). We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our payment processing platform for browser extensions.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address when you create a developer account
• Payment Information: Email address and payment details (processed by Stripe/PayPal; we do not store card numbers)
• Extension Data: Extension name, public key, and configuration settings

2.2 Automatically Collected Information

• Usage Data: API requests, timestamps, extension interactions
• Technical Data: IP address, browser type, device fingerprint (for trial limits)
• Cookies: Session cookies for authentication (HTTP-only, secure)

2.3 Information from Third Parties

• Payment Providers: Transaction status, customer IDs from Stripe and PayPal

3. How We Use Your Information

We use your information to:

• Process payments and manage subscriptions
• Provide customer support and respond to inquiries
• Send transactional emails (receipts, magic links, trial notifications)
• Prevent fraud and enforce terms of service
• Improve our services through analytics
• Comply with legal obligations

4. Data Sharing and Disclosure

We share your data only in the following circumstances:

• Payment Processors: Stripe and PayPal to process transactions
• Email Service: SendGrid to deliver transactional emails
• Error Tracking: Sentry for error monitoring (anonymized where possible)
• Legal Compliance: When required by law or to protect our rights

We never sell your personal data to third parties.

5. Data Retention

• Account Data: Retained while your account is active
• Payment Records: Retained for 7 years for tax and legal compliance
• Logs and Events: Retained for 180 days, then archived or deleted
• Trial Fingerprints: Retained for 90 days after trial expiration

6. Your Rights (GDPR & CCPA)

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update inaccurate or incomplete data
• Deletion: Request deletion of your data (subject to legal retention requirements)
• Portability: Export your data in machine-readable format
• Opt-Out: Unsubscribe from marketing emails (transactional emails cannot be disabled)
• Objection: Object to processing based on legitimate interests

To exercise these rights, contact us at privacy@rockymountainapps.com

7. Security Measures

We implement industry-standard security practices:

• TLS/SSL encryption for data in transit
• Database encryption at rest
• HMAC signature verification for API requests
• Rate limiting and fraud detection
• Regular security audits and penetration testing
• No storage of credit card data (handled by PCI-compliant processors)

8. Cookies and Tracking

We use strictly necessary cookies for authentication (pay_session). These are HTTP-only, secure, and cannot be accessed by JavaScript. We do not use advertising or third-party tracking cookies.

9. International Data Transfers

Our servers are located in the United States. By using our service, you consent to the transfer of your data to the U.S. We implement appropriate safeguards for international transfers in compliance with GDPR Article 44-50.

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or prominent notice on our website. Your continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: privacy@rockymountainapps.com
• Support: support@rockymountainapps.com
• Website: https://pay.rockymountainapps.com

13. Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection Officer at dpo@rockymountainapps.com