Privacy Policy
Last updated: July 3, 2026
1. Introduction
PayDash.ca (“PayDash”, “we”, “us”) is committed to protecting the privacy of our users and their clients. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. This policy is compliant with the Personal Information Protection and Electronic Documents Act (PIPEDA) and Canada’s Anti-Spam Legislation (CASL).
2. Information We Collect
Account Information
When you create a PayDash account, we collect your name, email address, password (hashed), business name, phone number, province, and industry type.
Client Data
When you add clients to your account, you provide their names, email addresses, phone numbers, and any custom fields relevant to your industry. This data is stored securely and scoped to your organization.
Payment Information
Payment processing is handled by Stripe. PayDash does not store credit card numbers or bank account details directly. Stripe is PCI DSS Level 1 certified.
Usage Data
We automatically collect information about how you interact with the platform, including pages visited, features used, and session duration.
3. How We Use Your Information
We use the collected information for the following purposes:
- To provide and maintain the PayDash platform
- To process payments via Stripe
- To send booking confirmations, invoice notifications, and appointment reminders via email and SMS
- To calculate and apply Canadian taxes (GST/HST/PST/QST)
- To improve our platform and develop new features
- To comply with legal obligations
4. SMS Communications (CASL Compliance)
SMS messages are only sent to clients who have provided express consent. Clients may opt out at any time by replying STOP. We maintain records of all consent grants and revocations in compliance with CASL requirements. SMS consent expires after 2 years if not renewed.
5. Data Sharing
We do not sell your personal information. We share data only with trusted subprocessors:
- Stripe — for payment processing
- Telnyx — for SMS delivery
- Resend — for email delivery
- Google — for Calendar sync (only if you connect your Google account)
6. Google API Data Disclosure
PayDash’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
What we access
When you connect your Google Calendar, PayDash requests the calendar.events.owned scope, which only allows us to manage calendar events created by PayDash. We cannot read, modify, or delete your personal calendar events.
How we use Google data
We use Google Calendar access solely to create, update, and delete appointment events when bookings are made, rescheduled, or cancelled in PayDash. We do not use Google data for advertising, analytics, or any purpose unrelated to providing the calendar sync feature.
Data storage & transfer
We store Google OAuth tokens (encrypted) to maintain the calendar connection. We do not store, cache, or retain any data from your Google Calendar. Google tokens are deleted immediately when you disconnect your Google Calendar from PayDash.
Revoking access
You may disconnect Google Calendar at any time from Settings → Integrations. You can also revoke access directly from your Google Account Permissions.
7. Data Security
We implement industry-standard security measures including encryption at rest and in transit, hashed passwords (bcrypt), JWT session tokens, and strict multi-tenant data isolation ensuring organizations cannot access each other’s data.
8. Data Retention
Your data is retained for as long as your account is active. Upon cancellation, your data enters a read-only grace period before permanent deletion. You may request data export or deletion at any time by contacting us.
9. Your Rights
Under PIPEDA, you have the right to access your personal information, request correction of inaccurate data, withdraw consent for data processing, or request deletion of your data.
10. Contact
For privacy inquiries, contact us at: [email protected]