Privacy Policy

PaxPass uses customer data only to operate the platform, provide support, secure accounts and workspaces, process billing where applicable, maintain reliability, and meet legal obligations.

We do not sell, rent, trade, or share customer data for advertising, resale, competitive advantage, or unrelated third-party benefit. We do not use customer data to train external AI models, and we do not give developers, owners, vendors, or partners permission to use customer data for their own purposes.

Customer data remains the customer's data. Access to production customer data is limited to what is necessary to provide, secure, support, or legally operate PaxPass.

PaxPass may collect information you provide directly, such as account details, organization details, contact information, support requests, voucher data, booking references, and other business records you choose to store in the service.

We may also collect technical and usage information automatically, including log data, device and browser information, approximate location derived from IP address, authentication events, and interactions needed to secure, maintain, and improve the platform.

We use personal and business information to provide the service, authenticate users, operate workspaces, maintain records, respond to support requests, improve reliability and functionality, communicate service updates, and comply with legal obligations.

Where permitted by law, we may use aggregated or de-identified information for analytics, service improvement, planning, and reporting. Aggregated or de-identified information is not used to identify, target, sell to, or advantage third parties using a customer's private business records.

We may share information with service providers and infrastructure partners that help us host, secure, authenticate, analyze, support, and maintain PaxPass, subject to appropriate contractual and security safeguards.

We may also disclose information when required by law, to protect rights or safety, to investigate fraud or misuse, or in connection with a merger, acquisition, financing, or sale of all or part of our business.

PaxPass relies on a limited set of service providers, also called subprocessors, to deliver the platform. These providers may process customer data only as needed to provide their contracted services to PaxPass and must not use customer data for their own advertising, resale, profiling, or unrelated business purposes.

Current core subprocessors include Vercel for application hosting and delivery, Convex for backend data storage and realtime application infrastructure, Clerk for authentication and organization access management, and PostHog for product analytics where analytics are enabled.

We may also use operational providers for email, support, payments, security monitoring, error reporting, and business administration. When a new subprocessor materially changes how customer data is processed, we will update this policy or publish notice through the service.

We retain information for as long as necessary to provide the service, maintain business and legal records, resolve disputes, enforce agreements, and meet legal, accounting, tax, or compliance requirements.

Retention periods may vary based on the type of information, the nature of the customer relationship, applicable law, and legitimate operational needs.

PaxPass uses administrative, technical, and organizational measures designed to protect information against unauthorized access, loss, misuse, disclosure, or alteration. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

You are responsible for keeping your account credentials secure and for notifying us promptly if you believe your account or workspace has been compromised.

Depending on your location and the laws that apply, you may have rights to access, correct, delete, restrict, object to, or export certain personal information. You may also have the right to withdraw consent where processing is based on consent.

To exercise applicable rights, use the contact channels listed on paxpass.app. We may need to verify your identity and authority before completing certain requests.

PaxPass and its service providers may process or store information in countries other than your own. Where required, we will use appropriate safeguards for cross-border data transfers and handle personal information in accordance with applicable law.

By using the service, you acknowledge that your information may be transferred to and processed in locations where data protection rules may differ from those in your jurisdiction.

PaxPass is intended for business users and is not directed to children. We do not knowingly collect personal information directly from children in connection with the service.

If you believe a child has provided personal information to PaxPass without appropriate authorization, contact us so we can review and address the issue.

We may update this Privacy Policy from time to time to reflect changes in the service, legal requirements, or operational practices. When we do, we will revise the effective date on this page.

Your continued use of PaxPass after an updated policy becomes effective means you acknowledge the revised policy, to the extent permitted by law.