Privacy Policy
Last updated: April 25, 2026
DPDP Act 2023 Compliance: This policy is designed to comply with India's Digital Personal Data Protection Act, 2023. PayXip acts as a Data Processor on behalf of merchants (Data Fiduciaries). You have the right to access, correct, and delete your personal data at any time.
1. Introduction
PayXip ("we", "our", "us") is committed to protecting the privacy of our merchants and their customers. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our checkout platform and related services.
2. Information We Collect
From Merchants:
- Account information: name, email address, phone number, Shopify store URL
- Store configuration: payment gateway credentials, branding settings, shipping and tax configuration
- Analytics and conversion tracking identifiers (GA4, Meta Pixel, Google Ads, Snapchat Pixel IDs)
From End Customers (during checkout):
- Name, email address, phone number, and shipping address
- Order details: products purchased, quantities, pricing
- Payment status (we do not store credit card numbers or sensitive payment data)
- Device information: IP address, browser user agent (for conversion tracking and fraud prevention)
3. How We Use Information
- Order Processing: To create and fulfill orders on your Shopify store
- Conversion Tracking: To send purchase events to configured analytics platforms (GA4, Meta, Google Ads, Snapchat) via browser pixels and server-side APIs
- Fraud Prevention: To detect and prevent fraudulent orders
- Service Improvement: To analyze usage patterns and improve our platform
- Communication: To send service-related notifications and updates
4. Data Sharing
We share data only in the following circumstances:
- Shopify: Order data is transmitted to your Shopify store via their Admin API
- Payment Gateways: Payment details are sent to your configured gateway (e.g., Razorpay, Cashfree) for processing
- Analytics Platforms: Conversion data is sent to platforms you have configured (Meta CAPI, Google Ads, Snapchat CAPI, GA4)
- Legal Requirements: When required by law, subpoena, or government request
We do not sell, rent, or trade personal information to third parties for marketing purposes.
5. Data Security
We implement industry-standard security measures including:
- All data transmitted via HTTPS/TLS encryption
- AES-256-GCM encryption at rest for all sensitive credentials (API tokens, gateway secrets, access tokens)
- Infrastructure hosted on Cloudflare's global edge network with enterprise-grade security
- Access controls and authentication for the merchant dashboard
- Customer PII (email, phone) is hashed (SHA-256) before being sent to analytics platforms
- PBKDF2-SHA256 password hashing for merchant dashboard accounts
6. Data Retention
We apply the following retention policies:
- Order data: Automatically deleted after 180 days (6 months) via daily automated cleanup
- Merchant account data: Retained for the duration of your active subscription and for 90 days after cancellation
- Already-anonymized records: Anonymized data (where PII has been removed via data deletion requests) is retained indefinitely for accounting and analytics purposes
You may request earlier deletion at any time (see Section 8).
7. Cookies & Tracking
PayXip's checkout does not set its own cookies. However, third-party analytics pixels (Meta, Google, Snapchat) loaded on your store may set cookies according to their own policies. Merchants are responsible for displaying appropriate cookie consent notices on their stores.
8. Your Rights (DPDP Act 2023)
Under India's Digital Personal Data Protection Act, 2023, you have the following rights:
- Right to Access: Request a copy of all personal data we hold about you. Merchants can use the
/api/data-export endpoint or contact us.
- Right to Correction: Request correction of inaccurate data
- Right to Erasure: Request deletion/anonymization of your data. Merchants can use the
/api/data-delete endpoint. Customer PII is replaced with [REDACTED] while order totals are retained for accounting.
- Right to Data Portability: Export your data in a portable JSON format via
/api/data-export-store
- Right to Withdraw Consent: Withdraw consent for data processing at any time
To exercise these rights, contact us at hello@payxip.com or use the self-service API endpoints available in the merchant dashboard.
9. Data Processing Role
Under the DPDP Act 2023:
- Merchants are the Data Fiduciaries — they determine the purpose and means of processing customer data
- PayXip acts as a Data Processor — we process customer data solely on behalf of and under the instructions of merchants
Merchants are responsible for obtaining appropriate consent from their customers for data collection during checkout.
10. Children's Privacy
PayXip is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service. The "Last updated" date at the top indicates the most recent revision.
12. Contact & Grievance Officer
For privacy-related inquiries or to exercise your data rights, contact us at hello@payxip.com.
If you have a grievance regarding the processing of your personal data, you may contact our Grievance Officer at the same email address. We will acknowledge your request within 48 hours and resolve it within 30 days.