Privacy Policy

Last updated: May 7, 2026

Easy Admin ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services (the "Service"). Please read this policy carefully. By using the Service, you consent to the practices described herein.

1. Information We Collect

1.1 Personal Information

When you register for an account or use the Service, we may collect the following personal information:

• Identity data: Full name, email address, and account credentials.
• Billing data: Billing name, billing address (street, city, state, postal code, country), and business information (company name, tax ID) if applicable.
• Profile data: Account preferences, workspace memberships, and role assignments.

1.2 Payment Data

We use Stripe as our third-party payment processor. When you add a payment method:

• We never store your full card number, CVV, or complete card details on our servers.
• Your card details are collected directly by Stripe through their secure, PCI DSS-compliant infrastructure (Stripe Elements).
• We store locally: A Stripe token reference, card brand (e.g., Visa, Mastercard), last four digits, expiration month/year, and a Stripe customer identifier. This is used solely for display and transaction management purposes.
• Stripe stores: Your full tokenized card details, customer record, and transaction history on their secure servers. Stripe's handling of your data is governed by Stripe's Privacy Policy.

1.3 Transaction Data

We maintain records of all payment transactions including: amounts charged, currency, transaction status, gateway charge identifiers, receipt URLs, payment type (credit top-up, subscription, etc.), and associated metadata. This data is necessary for billing, accounting, dispute resolution, and regulatory compliance.

1.4 Usage Data

We automatically collect information about how you interact with the Service, including:

• Credit consumption and balance history.
• Feature usage patterns and access logs.
• Browser type, IP address, device information, and session data.
• Pages visited, timestamps, and referral sources.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery: To operate, maintain, and provide the features of the Service.
• Payment processing: To process transactions, manage subscriptions, issue credits, and handle billing-related communications.
• Authentication & security: To verify your identity, protect against fraud, and secure your account. This includes sending payment verification emails when your bank requires additional authentication (3D Secure / SCA).
• Communication: To send transactional emails (payment receipts, verification requests, account notifications), and service-related announcements.
• Improvement: To analyze usage patterns and improve the Service's functionality and user experience.
• Legal compliance: To comply with applicable laws, regulations, and legal processes.

3. Third-Party Services

We share your information with the following categories of third-party service providers, solely for the purposes described in this policy:

Provider	Purpose	Data Shared
Stripe	Payment processing	Name, email, billing address, payment method details
Email service provider	Transactional emails	Name, email address

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

• Account data: Retained while your account is active and for a reasonable period after termination to allow for account reactivation or dispute resolution.
• Payment records: Retained for a minimum of 7 years to comply with financial recordkeeping and tax obligations.
• Usage logs: Retained for up to 12 months for operational purposes, then anonymized or deleted.
• Deleted payment methods: Soft-deleted records (retaining only the token reference and basic metadata) are kept for audit trail purposes.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit (TLS/SSL) and at rest.
• PCI DSS compliance through Stripe for all payment card handling.
• Access controls and authentication requirements for administrative access.
• Regular security assessments and monitoring.
• Webhook signature verification for all payment gateway communications.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information, subject to our legal retention obligations.
• Portability: Request a machine-readable copy of your data.
• Objection: Object to certain processing of your personal information.
• Withdrawal of consent: Where processing is based on consent, withdraw your consent at any time.

To exercise any of these rights, please contact us using the information provided below. We will respond to your request within 30 days.

7. Cookies & Tracking Technologies

We use cookies and similar technologies for the following purposes:

• Essential cookies: Required for the Service to function (session management, CSRF protection, authentication).
• Functional cookies: To remember your preferences and settings (theme mode, workspace selection).

We do not currently use third-party advertising or analytics tracking cookies. If this changes, we will update this policy and provide appropriate notice and consent mechanisms.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States (where Stripe processes payments). When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or the service provider's certification under applicable data protection frameworks.

9. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR). Our legal bases for processing your information include:

• Contract performance: Processing necessary to fulfill our contractual obligations to you (account management, service delivery, payment processing).
• Legitimate interests: Processing for fraud prevention, security, service improvement, and internal analytics, where our interests do not override your rights.
• Consent: Where you have given explicit consent for specific processing activities.
• Legal obligation: Processing required to comply with applicable laws.

You have the right to lodge a complaint with your local data protection supervisory authority if you believe your rights have been violated.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes your acceptance of the revised policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: privacy{{ str_replace(['http://', 'https://'], '', config('app.url', 'example.com')) }}