This notice tells you what personal information we collect, why we collect it, who we share it with, and the rights you have under US state privacy laws. If you're in the UK or EU, our GB privacy policy applies instead.
1. Who we are
Paytia Limited is a UK company. We build secure telephone payment software for contact centres. We serve US customers from our UK operations, and we work with US-based sub-processors for infrastructure. Under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), we act as a “business” when we process your information for our own purposes, and as a “service provider” when we process data on behalf of our business customers.
You can reach us at [email protected] or by mail at 447 Broadway, 2nd Floor #1258, New York, NY 10013.
2. What personal information we collect
In the past 12 months we've collected the following categories of personal information, defined under Cal. Civ. Code §1798.140. Identifiers include your name, email, postal address, phone number, IP address, and account ID. Commercial information covers billing records, subscription history, and services you've bought. We log internet and network activity too — pages viewed, referral URLs, session data, device information, cookies, and similar tech. Geolocation is approximate only, derived from IP; we don't collect precise location. If you sign up or contact sales we'll also hold professional details like your job title, company, and industry. From all of that we draw basic inferences about your preferences and how you use the service.
We don't collect information about your race, religion, sexual orientation, health data, biometric identifiers, or precise geolocation. We don't knowingly collect personal information from anyone under 16.
Sensitive personal information
We process account login credentials, which count as “sensitive personal information” under CPRA. We use this only to authenticate you and keep your account secure — never to infer anything about you. You have the right to limit our use of sensitive PI (see Section 8).
3. Where we get your information
We collect personal information in three ways. Most comes directly from you — when you sign up, request a demo, contact support, subscribe to marketing, or fill in a form on our site. Some is collected automatically as you use the site and service, through cookies, server logs, and analytics tools like Google Analytics 4. The rest comes from third parties we work with: payment processors, identity verification providers, CRM and marketing tools (such as Zoho), and partners who refer you to us.
4. Why we use your information
We use personal information to deliver the Paytia service and keep it running reliably, to bill you and manage your account, to meet legal, regulatory, and PCI DSS obligations, and to keep our platform secure by detecting fraud, abuse, and unauthorized access. We also use it to answer your questions, send you marketing about Paytia products where you've agreed or where we have a legitimate basis (you can opt out any time), and improve the product based on analytics and feedback.
5. Who we share your information with
We share personal information with service providers and sub-processors — cloud hosting (AWS), analytics (Google), CRM (Zoho), email delivery, and customer support tooling. Every one of them is bound by contract to use the data only for us. We share with payment processors so we can take payments securely; card data is handled by PCI DSS Level 1 certified processors and never stored on our systems. We disclose to legal and regulatory bodies where we're required to by subpoena, court order, or other valid legal process. Data may also pass to Paytia group affiliates if and when they exist, or transfer as part of a business deal if Paytia is ever acquired, merged, or restructured.
6. Do we “sell” or “share” your information?
Under CCPA, “sell” and “share” have specific meanings. “Sharing” covers disclosing personal information for cross-context behavioral advertising.
We don't sell personal information for money. That said, our use of analytics and advertising cookies (Google Analytics and Google Ads, for example) can count as “sharing” under California law, because these tools can combine your data with other sources for interest-based advertising.
You can opt out any time — see Do Not Sell or Share My Personal Information. We also honor Global Privacy Control (GPC) signals automatically.
7. How long we keep your information
We keep personal information only as long as we need it. Account data stays for the life of your account plus 6 years after closure, to meet tax and audit obligations. Billing records stay for 7 years to meet US tax record-keeping requirements. Support tickets are kept for 3 years from last contact. Marketing preferences stay until you unsubscribe, and we keep a suppression list indefinitely so we don't email you again by mistake. Site analytics follow GA4's default retention of 14 months.
8. Your rights under US state privacy laws
If you live in California, CCPA and CPRA give you the right to know what personal information we've collected about you, where we got it, why we use it, and who we share it with. You can ask us to delete it (subject to legal exceptions) or correct anything that's wrong. You can tell us not to sell or share your data, including for cross-context behavioral advertising. You can restrict our use of sensitive PI, though we only use it for security and authentication anyway. And we won't charge you more, give you worse service, or deny you anything for exercising these rights.
Multi-state notice
If you live in Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, New Hampshire, New Jersey, Kentucky, Maryland, Minnesota, Rhode Island, Tennessee, Indiana, or Nebraska, you've got broadly similar rights under your state privacy law (VCDPA, CPA, CTDPA, UCPA, TDPSA, OCPA, and equivalents). We treat requests from these states the same way we treat California ones. If your state gives you a right of appeal (Virginia, Colorado, Connecticut) and we turn down your request, you can appeal by replying to our decision email.
9. How to exercise your rights
You've got two options. Use our online request form at /us/legal/privacy-request, or email [email protected]with the subject line “Privacy Request”.
We'll confirm we've got your request within 10 business days and respond within 45. If we need longer we'll tell you why and take up to another 45 days.
Verification
Before we act on a request to know, delete, or correct, we need to be reasonably sure it's really you. We'll ask you to confirm information we already hold — the email on your account, recent billing details, or a challenge-response code sent to your registered email. We won't ask for new sensitive information just to verify you.
Authorized agents
You can use an authorized agent to submit a request on your behalf. We'll need written permission from you, plus verification of your identity (unless you've given the agent power of attorney under California Probate Code §4000). We may contact you directly to check the agent is acting on your behalf.
10. Global Privacy Control
Our site honors the Global Privacy Control (GPC) signal. If your browser sends a GPC header, we treat that as a valid opt-out of sale and sharing for that browser and device — no form, no email, no delay.
11. Children
Paytia isn't aimed at children. We don't knowingly collect personal information from anyone under 13 (COPPA) or under 16 (CCPA/CPRA). If you think we've collected data from a child, email [email protected]and we'll delete it.
12. Security
We're PCI DSS Level 1 certified and run Cyber Essentials Plus. Personal information is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access is restricted on a need-to-know basis with multi-factor authentication. No system is ever 100% secure, but we take this seriously.
13. International transfers
Paytia is based in the UK, so if you're in the US your data will be transferred to and processed in the United Kingdom (which has an adequacy decision from the European Commission). We use Standard Contractual Clauses and the UK IDTA where required.
14. Changes to this policy
We'll update this policy from time to time. If we make material changes, we'll tell you by email or by a notice on the site before the changes take effect. The “Last updated” date at the top of the page always reflects the most recent version.
15. Contact
Questions about this policy or how we handle your information? Email [email protected] or write to us at:
Paytia Limited
Attn: Privacy Team
447 Broadway, 2nd Floor #1258, New York, NY 10013
California residents can also file a complaint with the California Privacy Protection Agency at cppa.ca.gov or the Attorney General at oag.ca.gov.
Last Updated: 14 April 2026. Questions? [email protected].