PayStubHQ

Privacy Policy

Last updated: June 9, 2026

1. Data We Collect

We collect the minimum data necessary to operate the Service:

  • Email address: for OTP verification (free stubs), order confirmation, and PDF delivery
  • Pay stub form data: employer name, employee name, salary, state, filing status, and other fields you enter in the wizard
  • Payment information: processed directly by Stripe; we never see or store full card numbers
  • IP address: for rate limiting and anti-abuse detection
  • Browser fingerprint hash: a one-way hash used solely for free stub abuse prevention; not used for tracking

2. How We Use Your Data

  • Generate and deliver your pay stub PDFs
  • Process payments via Stripe
  • Send transactional emails (order confirmation, PDF links)
  • Prevent abuse of the free stub offering
  • Improve the Service through anonymous analytics

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Data Hosting and Storage

  • Database: PostgreSQL hosted on a VPS located in France (Hostinger), containing order records and form data
  • PDF Storage: Cloudflare R2 (global edge storage). PDFs are retained for 90 days, then automatically deleted
  • Browser Storage: Form data is temporarily stored in your browser's localStorage to allow session resumption. This data remains on your device until you clear it

4. Third-Party Services

We use the following third-party services to operate PayStubHQ:

  • Stripe (payments): processes credit card payments securely. See Stripe's Privacy Policy
  • Resend (email): delivers transactional emails
  • Cloudflare (CDN, DNS, R2 storage): provides content delivery, security, and PDF storage
  • PostHog (analytics, EU region): anonymous usage analytics. No personal data is shared
  • OpenPanel (analytics): anonymous usage analytics as a secondary measurement tool

5. Cookies and Analytics

We use PostHog (EU-hosted) and OpenPanel for anonymous analytics. These tools collect page views, click patterns, and session data. No personal identification data is sent. You can opt out by setting op_exclude=true in your browser's localStorage.

6. Your Rights (GDPR/RGPD)

Under the General Data Protection Regulation (GDPR), you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to processing of your data

To exercise your right to data deletion, contact us at [email protected]. We will process deletion requests within 30 days.

7. Data Retention

  • Order records: retained for tax and legal compliance (7 years)
  • PDF pay stubs on R2: 90 days, then auto-deleted
  • Free stub claim records: retained to prevent abuse
  • Analytics data: anonymized, retained per provider policies

8. Security

We protect your data with: HTTPS/TLS encryption on all connections, Cloudflare WAF and DDoS protection, timing-safe secret comparison for all authentication, rate limiting on all public endpoints, and input validation on all API boundaries.

9. Changes to This Policy

We may update this policy at any time. Changes will be reflected by the "Last updated" date above. Continued use of the Service constitutes acceptance of any changes.

10. Contact

For privacy-related questions or data requests, contact us at [email protected].