Privacy Policy

Last updated: January 1, 2026

Introduction

CroissantPay ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the service.

Information We Collect

Information You Provide

  • Account information (name, email address, password)
  • Organization information (name, team members)
  • Payment information (processed securely by Stripe)
  • Communication preferences
  • Support requests and feedback

Information Collected Automatically

  • Device and browser information
  • IP address and location data
  • Usage data (pages visited, features used, time spent)
  • API usage statistics

Information from App Users

When you use CroissantPay to manage in-app purchases, we may process:

  • App user identifiers (as defined by you)
  • Purchase and subscription data
  • Entitlement information
  • Device identifiers for receipt validation

How We Use Your Information

  • To provide and maintain our service
  • To process transactions and send related information
  • To send administrative information (updates, security alerts)
  • To respond to your comments and questions
  • To analyze usage and improve our service
  • To detect, prevent, and address technical issues
  • To comply with legal obligations

Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

When self-hosting is available, data retention will be entirely under your control.

Data Sharing

We do not sell your personal information. We may share your information with:

  • Service providers: Third parties that help us operate our service (e.g., payment processing, hosting, analytics)
  • Legal requirements: When required by law or to protect our rights
  • Business transfers: In connection with a merger, acquisition, or sale of assets

Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

  • All data is encrypted in transit (TLS 1.3)
  • Sensitive data is encrypted at rest
  • Regular security audits and penetration testing
  • SOC 2 Type II compliance (Cloud service)

Your Rights

Depending on your location, you may have the following rights:

  • Access your personal information
  • Correct inaccurate or incomplete data
  • Request deletion of your data
  • Export your data in a portable format
  • Opt out of marketing communications
  • Restrict processing of your data

To exercise these rights, contact us through our form.

Self-Hosted Deployments (coming soon)

When self-hosting is available, if you use CroissantPay in a self-hosted configuration:

  • All data is stored on your own infrastructure
  • We do not have access to your data
  • You are responsible for your own privacy compliance
  • We only collect anonymous usage analytics (if enabled)

Cookies

We use cookies and similar tracking technologies to:

  • Keep you signed in
  • Remember your preferences
  • Understand how you use our service
  • Improve our service

You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of our service.

Children's Privacy

Our service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses where required.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

Contact Us

If you have questions about this Privacy Policy, please contact us through our form.

Address: 123 Rue de la Paix, 75002 Paris, France