Paytia Data Processing
Customer Personal Data Storage, Retention, and Deletion at Paytia Overview This article explains: What personal data Paytia stores about end customers Why that data is stored How customer data can be deleted or erased Whether deletion can be ...
Customer Personal Data Storage, Retention, and Deletion at Paytia
Overview
This article explains:
What personal data Paytia stores about end customers
Why that data is stored
How customer data can be deleted or erased
Whether deletion can be self-served or requires support
What data (if any) is retained in anonymised or limited form
How long customer data is retained
Where customer data may exist behind the scenes (logs, backups, linked systems)
Paytia is designed to minimise personal data, never store sensitive card data, and support GDPR and PCI-DSS compliance.
What Personal Data Does Paytia Store About End Customers?
Paytia stores only the personal data required to support secure payments, receipts, scheduling, workflow, and reconciliation.
Important:
Paytia does not store full card numbers (PAN), CVV, or card expiry dates.
Categories of Personal Data Stored
| Data Category | Stored | Purpose |
|---|---|---|
| Customer first name | ✅ Yes | Payment identification and receipts |
| Customer last name | ✅ Yes | Payment identification and receipts |
| Customer email address | ✅ Yes | Payment links, receipts, payment schedules |
| Telephone number | ✅ Yes | Call and transaction cross-reference |
| Call audio recordings | ✅ Optional | Quality, compliance, dispute resolution |
| Call metadata (CDR) | ✅ Yes | Call traceability |
| Transaction metadata | ✅ Yes | Payment processing and reconciliation |
| Reference / invoice numbers | ✅ Yes | Merchant reconciliation |
| Account number (optional field) | ✅ Optional | Merchant-defined |
| Webhook payloads | ✅ Yes | API diagnostics |
| IP addresses (system-level) | ⚠ Limited | Security and fraud prevention |
| Cardholder data (PAN, CVV, expiry) | ❌ No | Never stored |
| DTMF card entry tones | ❌ No | Suppressed and discarded |
Audio Call Recordings
Paytia can store audio recordings of telephone calls where enabled by the merchant.
Key Points
Recording is optional and configurable per account
Paytia custom payment flows ensure that payment card entry is never recorded
DTMF tones are suppressed before recording
Recordings may contain:
Customer voice
Agent voice
Non-sensitive conversation content
Recordings are used for:
Quality assurance
Training
Dispute handling
Regulatory or contractual requirements
Where Is Customer Data Visible in the Platform?
Customer-related data is available through the Log Information menu.
Log Information Sub-Menus
1. Transaction Logs
Transaction ID and status
Reference / invoice number
Customer name, address and email data
2. Reports
Reference / invoice number
Transaction ID and status
Customer name, address and email data
Reference / invoice number
Transaction ID and status
Customer name, address and email data
2. Call Records
Call timestamps
Call status
CDR ID
Telephone number
Transaction linkage
Phone numbers
3. Third-Party Logs
Webhooks sent from Paytia
Delivery status
Responses received
Customer name, address and email data
4. Third-Party Webhook Logs
Payloads received from merchant systems
Paytia responses
Why Does Paytia Store This Data?
Data is stored strictly for defined operational and regulatory purposes:
Processing secure payments
Sending payment links and receipts
Managing scheduled payments
Reconciling payments with merchant systems
Linking calls to transactions
Supporting audits, disputes, and chargebacks
Operational support and troubleshooting
Support workflow
Stored Identifiers Explained
| Identifier | Purpose |
|---|---|
| Unique ID | Links Paytia transactions to the acquiring bank or gateway |
| CDR ID | Links a transaction to a specific telephone call |
| Reference number | Merchant invoice or order reconciliation |
| Account number | Optional merchant-defined identifier |
| Telephone number | Proof of call origin and transaction linkage |
Where Is Customer Data Stored?
All Paytia customer data is stored in AWS Ireland (EU-West).
No customer data is transferred outside the EU
No processing occurs in non-EU regions
Regional storage may be introduced in future per account configuration
How Can Customer Data Be Deleted or Erased?
Self-Service via the Platform
Merchants can:
Export transaction and log data via Excel export
Manage retention settings where available
Tag data as sensitive where available
At present, full deletion of customer data is not self-service. When your account is removed all data is automatically deleted as well.
Deletion via Support Request
To delete customer data:
Raise a ticket via the Paytia Support Portal
- Or emailtechsupport@paytia.com
Please include:
Merchant account name
Customer identifiers (email, reference number, date range)
Data types to be deleted (e.g. recordings, transactions)
Does Deletion Fully Remove the Data?
Yes — With Limited, Controlled Exceptions
| Data Type | Deletion Outcome |
|---|---|
| Customer name and email | Permanently deleted |
| Audio recordings | Permanently deleted |
| Transaction logs | Permanently deleted |
| Call records | Permanently deleted |
| Webhook logs | Permanently deleted |
Limited Retention (Anonymised)
Some non-identifiable metadata may be retained in a restricted or anonymised form for:
Financial audit obligations
Fraud detection and prevention
Regulatory compliance
This data:
Contains no personal identifiers
Cannot be linked to an individual
Cannot be reverse engineered
Is Any Customer Data Automatically Deleted?
Yes.
Paytia applies configurable data retention policies based on data type and merchant configuration.
Typical Retention Timeframes
| Data Type | Typical Retention |
|---|---|
| Transaction logs | Configurable (commonly 6–24 months) |
| Call records | Configurable |
| Audio recordings | Configurable |
| Webhook logs | Short-term diagnostic retention |
| Security logs | Limited retention |
Exact retention settings can be confirmed per merchant account.
Is Customer Data Stored Anywhere Else?
Yes, in tightly controlled supporting systems.
Supporting Storage Locations
| Location | Description |
|---|---|
| Encrypted backups | Time-limited, rotating backups |
| Security monitoring systems | Restricted access |
| Integrated systems | Only where explicitly configured |
Backups and Deletion
Backups are encrypted at rest
Backups rotate automatically
Deleted data is not restored
Residual backup data expires as backups age out
Account Deletion
If you request full account deletion:
All customer personal data is removed
All transaction history is deleted
All call records and recordings are erased
Secure payment numbers are released and cannot be reused
Merchants should export any required records before requesting deletion.
More in Compliance
Address Verification for card processing (AVS)
What is Address Verification in Card Processing? Address Verification, also known as the Address Verification Service (AVS), is a security measure used during card payment transactions. Its purpose is to reduce fraud by ensuring the billing address ...
Data privacy
Data Privacy Between Paytia and Its Merchant Transactions This article provides detailed questions and answers about data privacy related to transactions processed by Paytia. Table of Contents AWS Unique ID CDR ID Reference Number Account Number ...
Does using Paytia combat fraud?
Does Using Paytia Combat Fraud? The quick answer is yes. Paytia’s solutions are designed to protect your business, staff, and customers from potential fraud risks associated with handling sensitive payment card details. How Paytia Protects Your ...
How does Paytia help us with our Payment Card Industry Data Security Standard (PCI-DSS) compliance?
How Does Paytia Help with PCI-DSS Compliance? Paytia makes achieving PCI-DSS compliance simple and efficient for your business. As a PCI-DSS Level 1 service provider, we handle the complexities of securing telephone payments, allowing you to focus on ...
Strong Customer Authentication and phone payments: FAQs
Strong Customer Authentication (SCA) and Phone Payments: FAQs The EU Payment Services Directive (PSD2) requires merchants and payment providers to ensure that, when a cardholder is not present, their identity is verified using two-factor ...
What is DTMF Suppression?
DTMF Suppression in Paytia Paytia extends DTMF suppression with agent-guided instruction prompts to reduce training overhead and increase the speed of deployment for DTMF suppression-driven payment card capture services. How DTMF Suppression Works ...
Still need help?
Our support team is here to help. Submit a ticket and we'll get back to you within one business day.