Privacy Policy

Last updated: 2026-05-18.2

This page explains, in plain English, what data Pagely collects from you, why, for how long, and who we share it with. Compliant with GDPR (EU 2016/679), LGPD (Brazilian Law 13.709/2018), and CCPA/CPRA (California).

What we collect and why

Email and full name

To create your account, sign you in via magic link, and issue payment receipts.

Legal basisContract performance (GDPR art. 6(1)(b) / LGPD art. 7º V).
RetentionAs long as your account exists. Anonymized immediately on deletion (replaced with a neutral tombstone).
Shared withResend (email delivery), Stripe (billing).

WhatsApp

For support contact and order notifications (optional).

Legal basisConsent (GDPR art. 6(1)(a) / LGPD art. 7º I).
RetentionAs long as your account exists. Removable in /account/settings.
Shared withNot shared.

Tax ID (CPF/CNPJ — Brazil only)

Required by the Brazilian tax authority (Receita Federal) for PIX receipts.

Legal basisLegal obligation (Brazilian Law 9.430/96).
Retention5 years after last transaction (mandatory fiscal retention).
Shared withAsaas (PIX processing).

Billing address

To process charges and meet payment gateway KYC.

Legal basisContract performance + legal obligation.
Retention5 years (fiscal retention).
Shared withStripe (KYC), Asaas (BR).

Session cookies

To keep you signed in between pages.

Legal basisStrictly necessary.
Retention30 days or until logout.
Shared withNot shared.

Analytics cookies (Microsoft Clarity)

To understand where users get stuck and improve the product.

Legal basisConsent (cookie banner).
Retention180 days.
Shared withMicrosoft (Clarity provider).

IP + user-agent (anonymous visits)

To count unique visitors and detect abuse. Hashed before storage.

Legal basisLegitimate interest (GDPR art. 6(1)(f) / LGPD art. 7º IX).
RetentionDaily-rotating hash; 90 days.
Shared withNot shared.

Who else sees your data

We work with processors that handle data on our behalf under a DPA, only for the purpose described.

  • StripeSlot payments + Connect onboardingUnited States / Ireland
  • AsaasPIX processing (Brazil)Brazil
  • ResendTransactional emailUnited States
  • Cloudflare R2Image storageUnited States
  • OpenAICopy + image analysisUnited States
  • fal.aiImage variants generationUnited States
  • Microsoft ClarityAnalytics + session replay (opt-in)United States
  • RailwayDatabase hostingUnited States
  • VercelSite hostingUnited States

Your rights

Under GDPR, LGPD and CCPA you can exercise the rights below at any time. Most are available straight from /account/settings.

  • Confirm whether we process your data
  • Access a copy of everything we hold about you (JSON export)
  • Correct inaccurate data
  • Erase, block or anonymize data (except items retained by legal obligation)
  • Portability
  • Withdraw consent (cookie banner + delete-account endpoint)
  • Know who we share with (list above)
  • California: opt out of 'sale' or 'sharing' (Do Not Sell link in footer)
  • Lodge a complaint with your local data protection authority

How long we keep data

Each data category has its own period (see table above). In general: account data while the account exists; fiscal data 5 years; security logs 90 days; analytics cookies 180 days. When you delete your account, personal data is anonymized immediately (replaced with a neutral tombstone); linked records (sales, payments) stay in anonymized form for the 5-year fiscal retention period.

How we protect it

TLS 1.2+ everywhere. Passwords and tokens are hashed (never stored in plaintext). Third-party OAuth tokens are AES-256-GCM encrypted at rest. Access to sensitive data is restricted to specific operators with audit logs. We never store card data — Stripe and Asaas do, both PCI-DSS certified.

Children

Pagely is not directed to anyone under 18. If we discover data collected from a minor without verifiable parental consent, we delete it immediately.

Changes to this policy

When we change it, we update the 'last updated' date at the top. For material changes, we re-prompt your cookie consent before you continue using Pagely.

Get in touch

Data Protection Officer:

[email protected]

Learn moreCookie Policy · Terms of Use