Privacy Policy

This Privacy Policy explains how Pageey.com Jakub Rozanski (“YourSender”, “we”, “us”) collects, uses, stores, and shares personal data when you use the YourSender service at yoursender.org, the seller dashboard at dashboard.yoursender.org, and our public API (collectively, the “Service”).

YourSender is a multi-tenant SaaS that automates digital product delivery (PDFs, license keys, downloadable files) for merchants who sell on WooCommerce, eBay, and Etsy. To do this, we receive order and buyer data from those platforms on behalf of the merchant who has authorised us.

1. Who is the data controller?

For data we collect about merchants (people who sign up for an account at YourSender), we are the data controller.

For data we receive from connected stores about buyers (people who purchase products from a merchant's WooCommerce, eBay, or Etsy shop), the merchant is the data controller and YourSender acts as a data processor on their behalf.

Contact: [email protected]. Registered address: Piłsudskiego 19/9, 62-028 Koziegłowy, Poland. Data Protection contact: [email protected].

2. What we collect

2.1 Merchant account data

• Name, email address, password (stored as a bcrypt hash — never in plain text).
• Two-factor authentication secrets (encrypted at rest with AES-GCM) for admin accounts that have enrolled.
• Tenant identifier, plan tier, token balance, billing history.
• API keys you generate (stored as hashes; the plaintext key is shown to you once).
• Audit logs of administrative actions you take, retained for security and abuse investigation.

2.2 Billing data

We use Stripe as our payment processor. Stripe collects and stores your payment card details directly — we never see or store them. We store a Stripe customer identifier and the metadata Stripe returns about your subscriptions (plan, status, invoice history).

2.3 Connected store data

When you connect a store, we receive and store the following on your behalf:

• OAuth tokens (access tokens, refresh tokens) for eBay and Etsy, and webhook secrets for WooCommerce. All tokens and secrets are encrypted at rest using AES-256-GCM with a key held by us.
• Shop metadata: shop URL, shop ID, shop name, seller user ID.
• Order/receipt data: external order ID, line items (SKU, listing ID, quantity), order timestamp, status flags (paid, shipped).
• Buyer data: buyer email address, buyer name, and a platform-internal buyer identifier — only as supplied by the connected platform on the receipt or order.

We do not request or receive buyer payment details, shipping addresses, phone numbers, dates of birth, or government identifiers.

2.4 Files you upload

You may upload digital products (e.g. PDFs, ZIPs, license-key lists) for delivery. These files are stored in object storage (Cloudflare R2) and served via signed, time-limited download URLs.

2.5 Operational data

• Server logs (IP address, user agent, request path, response code, timestamps), retained for security and debugging.
• Error and performance traces via Sentry, with sample rates configured to minimise collection.
• Email send/delivery events from our email provider (Resend), for deliverability monitoring.
• Cookies necessary for authentication (a refresh-token cookie set asHttpOnly, SameSite=None, Secure in production).
• Analytics: only when you have consented via the cookie banner. We use Google Analytics with IP anonymisation when enabled.

3. Etsy integration — specific disclosures

When you connect an Etsy shop to YourSender, we use Etsy's OAuth 2.0 flow with PKCE. We request only the following scopes:

• transactions_r — read access to your shop's receipts and transactions, so we can detect new paid orders.
• listings_r — read access to your shop's listings, so we can match incoming receipts to digital products you have configured for delivery.

We poll Etsy's receipts endpoint at most once every five minutes per connection, within a daily request budget. We use the buyer's email address (from the receipt) only to send the digital delivery email associated with that order. We do not use it for marketing, do not sell it, do not share it with third parties (other than the email-delivery subprocessor in section 5), and do not use it across other merchants.

If we observe Etsy revoking our refresh token (e.g. because you removed our app from your shop), we mark the connection inactive, stop polling, and notify the merchant.

You can disconnect at any time from the dashboard or by removing the YourSender app from your Etsy account at etsy.com/your/apps. On disconnect we immediately stop polling and stop using your Etsy data for new deliveries. Existing order records are retained per section 6.

4. Why we use this data (legal bases)

• Contract performance: to provide the Service you signed up for — receiving orders, matching to products, sending delivery emails, billing you.
• Legitimate interests: to keep the Service secure (rate limiting, fraud detection, audit logs), to monitor errors, and to communicate operational messages.
• Legal obligation: to retain billing records as required by tax law.
• Consent: for analytics cookies, where required.

5. Subprocessors and third parties

We rely on the following subprocessors. Each is bound by their own privacy policy and (where applicable) a Data Processing Addendum with us:

• Railway (US) — application, dashboard, and marketing-site hosting; managed Postgres and Redis.
• Stripe (US/IE) — payment processing.
• Resend (US) — transactional email delivery.
• Cloudflare R2 (global edge) — object storage for uploaded digital products.
• Sentry (US) — error and performance monitoring.
• Google Analytics (US) — only when you have consented.

We do not sell personal data. We do not share personal data with third parties for their own marketing purposes.

6. How long we keep data

• Account data: while your account is active, plus up to 90 days after closure for backups and audit logs.
• Billing records: 7 years (or as required by applicable tax law in Poland).
• Order, receipt, and delivery records: while your account is active and for up to 24 months after closure, then deleted or anonymised.
• OAuth tokens and webhook secrets: while the connection is active. Deleted within 30 days of disconnect.
• Server logs: 30 days. Sentry events: per the retention configured at Sentry (90 days by default).

7. International transfers

Our hosting and most subprocessors are based in the United States. Where personal data is transferred outside the European Economic Area, the United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) and supplementary measures (encryption in transit and at rest) as required by GDPR.

8. Security

• All traffic to and from the Service is encrypted with TLS 1.2+.
• Passwords are hashed with bcrypt. OAuth tokens, refresh tokens, TOTP secrets, and webhook secrets are encrypted at rest with AES-256-GCM.
• Access to production systems is restricted and audited.
• Tenant data is logically isolated; every database query is bound to the authenticated tenant's identifier.

9. Your rights

Depending on where you live, you may have the right to access, correct, delete, export (port), restrict, or object to our processing of your personal data, and to withdraw consent where processing is based on consent. To exercise any of these rights, email [email protected].

Buyers: if you bought a product from a merchant who uses YourSender and want your data deleted, please contact the merchant first — they are the controller of buyer data. If you cannot reach them, contact us and we will assist within 30 days.

Residents of the European Economic Area, the United Kingdom, and Switzerland have the right to lodge a complaint with their local data-protection authority.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect personal data from them.

11. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email to active merchants and posted on this page with a new “Last updated” date. Continued use of the Service after the effective date constitutes acceptance.

12. Contact

Questions about this policy or your data: [email protected].