Privacy Policy
Plain English. No legalese. Here’s exactly what data we collect, how we use it, and how it’s protected.
Payment Bridge (Paymentbridgeapp.com) is a Chrome extension and backend service for auto repair shops. This policy explains what information we collect, why we collect it, and how we protect it.
1. Data We Collect
Payment Bridge collects the following information to operate the service:
- Account credentials — merchant and staff email addresses; passwords and 6-digit PINs stored as scrypt hashes (one-way; we cannot recover your plain-text password or PIN).
- Device authentication tokens — created when you sign in from a browser; used to recognize your device on return visits.
- Transaction metadata — the charge amount, timestamp, terminal ID, work-order or invoice reference number, and authorization code for each payment processed through the extension. This is not card data.
- POS page data — the invoice total and reference number read from the active POS tab when you use the scan feature. This data is used only to pre-fill the charge form and is not stored beyond what appears in the transaction record.
- IP addresses — logged for rate-limiting and fraud prevention purposes.
- Audit log entries — administrative actions (e.g., device revocations, PIN resets, impersonation sessions) recorded for accountability.
2. Data We Do Not Collect
- No card numbers, PANs, magnetic-stripe data, or CVV codes. Payment cards are processed entirely on the payment terminal. Card data never reaches Payment Bridge’s extension, backend, or databases.
- No cardholder names or addresses.
- No browsing history. The extension reads only the active POS page when you explicitly use the scan feature or when auto-scan is enabled for a recognized POS URL.
- No cross-site activity. The extension does not track you across websites.
- No advertising data of any kind.
3. How We Use Your Data
We use the data listed above only to:
- Authenticate sign-ins and identify the active user on a device
- Route charges to the correct merchant’s payment terminal
- Display transaction history to the merchant
- Send transactional emails (new-device alerts, password reset links)
- Prevent fraud and enforce rate limits
- Maintain audit logs for security and compliance
We do not use your data for advertising, profiling, analytics, or any purpose unrelated to processing payments.
4. Chrome Web Store — Limited Use Disclosure
The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.
Data accessed via Chrome extension APIs — specifically the invoice total and reference number read from the active POS page — is used solely to pre-fill the payment form. It is not shared with third parties, used for advertising, or retained beyond what is recorded in the transaction.
Payment Bridge personnel do not access or read individual user data except: (a) when you have explicitly granted consent for support purposes, (b) when required by applicable law, or (c) when necessary to investigate a security incident or abuse. In any permitted case, access is limited to what is strictly necessary.
5. Data Storage and Security
- All data is stored on servers hosted in the United States.
- Sensitive authentication keys are encrypted at rest.
- Passwords and PINs are hashed and are never recoverable in plain text.
- All data in transit is protected by HTTPS/TLS 1.2 or higher.
6. Third-Party Data Sharing
We only transfer user data to third parties when the transfer is: (a) necessary to provide the core payment workflow function of the extension, (b) required to comply with applicable law, (c) necessary for security purposes such as investigating abuse, or (d) part of a merger, acquisition, or sale of assets. All other transfers of personal or sensitive user data are prohibited. We do not sell data to any third party.
| Third Party | Purpose | Data Shared |
|---|---|---|
| Payment Terminal Provider | Receives charge, refund, and void commands to process payments | Charge amount, terminal ID, transaction reference |
| Resend | Sends transactional emails (password resets, new-device alerts) | Recipient email address, email content |
| Railway | Hosts our backend server and database (US region) | All backend data (as our infrastructure provider) |
We do not share data with advertising platforms, data brokers, analytics providers, or any other third parties.
7. Data Retention
| Data Type | Retention |
|---|---|
| Transaction records | Retained indefinitely for billing and audit purposes |
| Device authentication tokens | Automatically revoked after 7 days of inactivity |
| Password reset tokens | Single-use; expire after use or after a short time window |
| Audit log entries | Retained indefinitely for security and accountability |
| Account data | Retained for as long as your account is active |
You may request deletion of your account and associated data at any time (see Section 8).
8. Your Rights
You may contact us at support@paymentbridgeapp.com to:
- Request a copy of your personal data
- Request deletion of your account and associated data
- Ask questions about how your data is handled
- Request revocation of a specific device token
We will respond within 30 days.
9. Children’s Privacy
Payment Bridge is a business-to-business tool intended for use by employees of businesses. It is not directed at individuals under 18, and we do not knowingly collect data from minors.
10. Policy Changes
We may update this policy from time to time. When we do, we will update the “Last updated” date at the top of this page. Continued use of the service after an update constitutes acceptance of the revised policy. For material changes, we will make reasonable efforts to notify active users.
11. Contact
Email: support@paymentbridgeapp.com
Website: paymentbridgeapp.com