Privacy Policy

Paystub Pilot ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and otherwise handle your information when you use our web application (the "Service"), which helps you generate accurate pay stubs with tax calculations for all 50 US states and all 13 Canadian provinces and territories.

Please read this Privacy Policy carefully. By accessing or using Paystub Pilot, you acknowledge that you have read, understood, and agree to be bound by all the provisions of this Privacy Policy.

1. Information We Collect

When you use Paystub Pilot, we collect information that you voluntarily provide to us and information that is automatically collected through your use of our Service.

Information You Provide Directly

When you use Paystub Pilot to generate a pay stub, we collect the information you enter into our forms, including:

• Company Information: Company name, address, EIN, and other business details
• Employee Information: Employee name, address, Social Security Number (last 4 digits), position, and hire date
• Salary and Deduction Details: Gross salary, withholding amounts, federal and state tax information, and other deductions
• Email Address: Your email address for account access and order communication

Information Automatically Collected

When you visit Paystub Pilot, we may automatically collect certain information about your device and browsing activity:

• Device Information: IP address, browser type, operating system, and device identifiers
• Usage Data: Pages visited, time spent on pages, links clicked, and actions taken
• Cookies and Similar Technologies: We use essential cookies to maintain your session and enable core functionality

2. How We Use Your Information

We use the information we collect for the following purposes:

• Generating Pay Stubs: To create accurate pay stub PDFs with proper tax calculations for your selected state
• Processing Payments: To process your payment of $2.49 per stub and maintain transaction records
• Order Fulfillment: To complete and support your request for pay stub generation
• Improving Our Service:To analyze usage patterns and improve Paystub Pilot's functionality and accuracy
• Compliance: To comply with legal obligations and regulations
• Customer Support: To respond to your inquiries and provide technical assistance

3. Payment Processing

Paystub Pilot uses Stripe to process all payments for pay stub generation. When you pay for our service, your payment information (credit card, debit card, or other payment method details) is handled directly by Stripe and is not processed, stored, or maintained by Paystub Pilot.

We only receive confirmation of your payment status and a Stripe session ID. We do not have access to your complete credit card numbers, banking information, or other sensitive payment data. All payment information is encrypted and processed in compliance with PCI DSS (Payment Card Industry Data Security Standard) requirements.

For more information about how Stripe handles your payment information, please review Stripe's Privacy Policy at https://stripe.com/privacy.

4. Data Retention

We retain the form data you provide (company information, employee information, and salary details) only for as long as necessary to fulfill your order and provide you with your generated pay stub. This typically means we keep your data for a limited period following the generation of your pay stub.

We store the following information in our SQLite database for transaction purposes: your Stripe session ID, the form data JSON you submitted, and your email address. Once your pay stub has been successfully generated, you may request deletion of your data at any time by contacting us (see Section 8: Your Rights).

We do not retain your data indefinitely. Information is automatically deleted after a reasonable retention period unless you request otherwise or we are required to retain it for legal or compliance reasons.

5. Third-Party Services

Paystub Pilot uses the following third-party services to deliver our Service:

Stripe

We use Stripe as our payment processor. Stripe handles all payment processing and maintains PCI DSS compliance. Your payment information is subject to Stripe's privacy practices. For details, visit https://stripe.com/privacy.

Resend

We use Resend for transactional email delivery, such as login links and account notifications. Your email address is shared with Resend solely for the purpose of delivering these messages. For information about Resend's privacy practices, visit https://resend.com/privacy.

Puppeteer

We use Puppeteer, an open-source Node.js library, to generate your pay stub PDFs. Puppeteer is used locally on our servers and does not send your data to external services. All PDF generation occurs within our secure infrastructure.

These third parties are contractually obligated to use your information only as necessary to provide services to Paystub Pilot and to maintain the confidentiality and security of your information.

6. Cookies and Tracking

Paystub Pilot uses a minimal cookie footprint. We do not run behavioural analytics, advertising pixels, or third-party tracking of any kind. The only cookies we set are essential to providing the Service:

• Session cookie— a signed, HttpOnly token (__Host-psp_session in production) that keeps you logged in after you click your magic link. Expires 7 days after sign-in or when you log out.
• CSRF protection— standard origin and referrer checks on state-changing requests. No additional cookie is set; the protection relies on browser-supplied headers.

We do not use Google Analytics, Meta / Facebook Pixel, TikTok Pixel, LinkedIn Insight Tag, Google Ads conversion tracking, session-replay tools (FullStory, Hotjar, etc.), or any other third-party analytics service. Your visits are not profiled, your behaviour is not modelled, and no data about your usage of the Service is shared with advertising or analytics networks.

Essential cookies do not require your consent under GDPR, CCPA, or the e-Privacy Directive because they are strictly necessary for the Service to function. You can disable them in your browser settings, but doing so will prevent sign-in and may break other core features.

Server logs — including IP addresses, timestamps, and the URLs you request — are collected for security, fraud prevention, and debugging. They are retained for the periods described in Section 5 and are not used to build a profile of your usage.

If we ever introduce analytics or any other tracking technology in the future, we will update this policy with meaningful notice and provide a clear opt-in mechanism before any tracking begins.

7. Data Security

We take data security seriously and apply the following measures to protect your information:

• Encryption in Transit: All communication between your browser and our servers is encrypted with HTTPS (TLS).
• Encryption at Rest (Infrastructure Level): Our database files are stored on encrypted volumes provided by our hosting provider (Railway, on AWS-backed storage). We do not apply additional application-layer field encryption; instead, we minimize the data we collect (see below) so there is little sensitive information at rest in the first place.
• Data Minimization: We do not collect or store full Social Security numbers, government identification numbers, payment card numbers, or bank account numbers. Payment information is handled directly by Stripe; we receive only a non-sensitive payment reference.
• Access Controls: Access to production data is restricted to the operator(s) of Paystub Pilot. Customer data is not shared with third parties except as described in this policy.
• Dependency & Code Hygiene: Our automated build pipeline runs linting, type-checking, automated tests, and a production dependency vulnerability audit on every change to the main branch.

However, no security system is completely impenetrable. While we strive to protect your information, we cannot guarantee absolute security. You use Paystub Pilot at your own risk.

8. Your Rights

You have the following rights regarding your personal information:

Right to Access / Data Export

You have the right to request a copy of the personal information we hold about you, including your account record, saved employee profiles, and the history of pay stubs generated under your account. We will provide this information in a portable, machine-readable format (JSON) within 30 days of receiving a valid, verified request.

Account Deletion

You have the right to delete your Paystub Pilot account and the personal information associated with it. To request deletion, email support@paystubpilot.com from the email address on your account with the subject line "Account Deletion Request". Sending the request from the account email is how we verify your identity; if you no longer have access to that inbox, please reply from an email you can prove ownership of and we will follow up with additional verification steps.

Service-level commitment: we will acknowledge your request within 3 business days and complete deletion within 30 days of verification. Deletion removes your user record, session tokens, saved employee profiles, pay stub history, uploaded company logos, and magic-link tokens associated with your account.

What we retain, and why: we preserve a minimal, anonymized record of completed transactions (Stripe session ID, amount, date) for as long as required by US tax and accounting law (generally 7 years). Your name, email, and form-data details are removed from these records; only the financial ledger entry remains. Stripe retains payment records under its own policy — see Section 3.

A self-service "Delete my account" button in the dashboard is on our near-term roadmap. Until it ships, the email process above is the supported path and carries the same SLA.

Right to Opt Out

You have the right to opt out of non-essential communications and data processing. This will not affect your ability to use Paystub Pilot's core functionality.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in Section 11: Contact Us. We will verify your identity (usually by confirming the request is sent from the email address on your account) before processing your request, and will respond within the timeframes stated above or within the period specified by applicable law, whichever is shorter.

9. Children's Privacy

Paystub Pilot is not intended for use by individuals under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will take steps to delete such information and terminate the child's use of our Service.

If you believe we have collected information from a child under 13, please contact us immediately at support@paystubpilot.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes to this Privacy Policy, we will notify you by:

• Posting the updated Privacy Policy on our website
• Updating the "Last Updated" date at the top of this Policy
• Sending you an email notification if the changes materially affect how we handle your information

Your continued use of Paystub Pilot following the posting of changes means you accept and agree to the updated Privacy Policy. We recommend reviewing this Policy regularly to stay informed about how we protect your information.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

We will respond to your request within 30 days. If you are unsatisfied with our response, you may have the right to lodge a complaint with your local data protection authority.