Privacy Policy

ZeeloPay (“we”, “us”, “our”) operates the website zeelopay.com and the ZeeloPay platform, which enables UK freelancers and small businesses to create payment links and send invoices to clients worldwide.

ZeeloPay is the data controller for the personal data described in this policy. We are registered in England and Wales and process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For questions about this policy or to exercise your rights, contact us at: privacy@zeelopay.com

Account information: name, email address, and password (hashed) when you register.

Business information: business name, address, VAT number — provided voluntarily in your account settings and used to populate invoices.

Payment and transaction data: invoice amounts, client names, client email addresses, and payment statuses. Card and bank details are handled exclusively by Stripe and are never stored on our systems.

Client data: when you create an invoice or payment link you provide client names, email addresses, and billing addresses. You are responsible for having a lawful basis to share this data with us.

Usage data: pages visited, actions taken within the dashboard, timestamps, and IP addresses — collected automatically for security and service improvement.

Cookies: session cookies required for authentication and optional analytics cookies. See Section 9 for details.

We process your data under the following UK GDPR lawful bases:

• Contract performance — to provide our services, process payments, and send invoices on your behalf.
• Legitimate interests — to prevent fraud, improve our platform, send service-related communications, and maintain security.
• Legal obligation — to comply with financial regulations, anti-money laundering requirements, and tax law.
• Consent — for any optional marketing emails. You may withdraw consent at any time.

• Create and manage your ZeeloPay account
• Generate payment links and invoices on your behalf
• Process payments via Stripe and cryptocurrency payment processors
• Send invoice emails to your clients using your name and business details
• Detect overdue invoices and send you status notifications
• Provide customer support
• Detect and prevent fraud and abuse
• Comply with legal obligations

We do not sell your personal data. We share data only with the following trusted processors:

• Stripe, Inc.— payment processing and seller payouts. Stripe is certified to PCI-DSS Level 1. Data may be transferred to the United States under Stripe's Standard Contractual Clauses.
• Supabase, Inc. — secure database hosting. Data is stored in EU-region servers and governed by Standard Contractual Clauses.
• Resend, Inc. — transactional email delivery for invoice and notification emails. Data is processed under Standard Contractual Clauses.
• Coinbase Commerce— optional cryptocurrency payment processing. Subject to Coinbase's privacy policy.
• Vercel, Inc. — cloud hosting provider for our web application. Data processed under Standard Contractual Clauses.

We may disclose data to law enforcement or regulatory authorities if required by law or to protect the rights and safety of users.

ZeeloPay is based in the United Kingdom. Some of our third-party processors are located outside the UK and EEA, including in the United States. Where we transfer personal data internationally, we ensure appropriate safeguards are in place — such as Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO) or an adequacy decision — to protect your data to the same standard required in the UK.

If you are accessing ZeeloPay from outside the UK, your data will be transferred to and processed in the UK and any countries in which our processors operate. By using our service, you acknowledge this transfer.

We retain your account data for as long as your account is active. If you close your account, we will delete your personal data within 90 days unless we are required to retain it longer by law (for example, financial records which UK law requires us to keep for 6 years).

Invoice and transaction records are retained for 7 years to comply with HMRC requirements.

Client data included in invoices is retained for the same period as the associated invoice.

You have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Rectification: ask us to correct inaccurate or incomplete data.
• Erasure: request deletion of your data where there is no legal basis for continued processing.
• Restriction: ask us to limit how we use your data while a dispute is resolved.
• Portability: receive your data in a machine-readable format.
• Objection: object to processing based on legitimate interests.
• Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, email privacy@zeelopay.com. We will respond within 30 days. If you are unhappy with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

We use the following types of cookies:

• Essential cookies: required for authentication and security (session management). These cannot be disabled.
• Analytics cookies: used to understand how our service is used and to improve it. These are optional.

You can manage cookie preferences in your browser settings. Disabling essential cookies will prevent you from signing in.

We implement industry-standard security measures including encrypted connections (TLS), hashed passwords, and access controls. Payment card data is never stored on our servers — all card processing is handled by Stripe, which is PCI-DSS Level 1 certified.

No method of transmission over the internet is 100% secure. In the event of a data breach that affects your rights and freedoms, we will notify you and the ICO as required by law.

We may update this policy from time to time. We will notify you of material changes by email or by a prominent notice on our website. Continued use of ZeeloPay after changes take effect constitutes acceptance of the updated policy.

For any privacy-related queries, contact us at privacy@zeelopay.com or write to: ZeeloPay, England, United Kingdom.