PayWelly Privacy Policy
Version 1.1.0 — Effective May 2026
This Privacy Policy explains what information PayWelly LLC ("we," "our," or "us") collects when you use our platform, how we use it, who we share it with, and the rights you have over it.
1. Information we collect
Account information. When you create a PayWelly account we collect your full name, email address, mobile phone number, and password. If you sign up as a business or corporate account we additionally collect your company name, billing address, and the name and email of any team members you invite.
Identity verification. Once your year-to-date earnings cross the IRS 1099-NEC threshold ($2,000 for tax year 2026, indexed thereafter) we ask Stripe to verify your government-issued ID before you accept your next offer. Stripe collects and retains the ID image, the selfie, and the verification result; PayWelly receives only the verification status (pass / fail) and a session ID. PayWelly never stores ID images.
Payment information. Stripe processes all card and ACH transactions. Stripe collects and retains card numbers, bank account numbers, and any other payment instrument data. PayWelly receives a tokenised customer ID and the last four digits of the instrument for display only.
Engagement activity. We collect everything required to operate the platform: offers you send and receive, contracts you accept, engagements you work, time entries, ratings and reviews, dispute filings, messages you exchange with the other party to a booking, and your reliability score components (on-time clock-in, completion rate, no-show count).
SMS and text-messaging data. If you provide a mobile phone number when you create your account or update your profile, PayWelly may send you text messages through our SMS provider, Twilio. We send two categories of messages, governed by separate consent:
- Transactional and account messages (required to use PayWelly). Two-factor authentication codes, contract acceptance notices, payment receipts, payout confirmations, dispute notifications, and security alerts. You are deemed to consent to these when you provide a mobile number, because they are necessary to operate your account. You can opt out by replying STOP, but doing so will disable SMS-dependent features (like phone-based 2FA), and you may need to switch to email-based notifications for critical account events.
- Marketing messages (separate, opt-in only). Product announcements, tips, and occasional promotional offers. You only receive these if you affirmatively check the SMS marketing box at signup or later in Settings. You can revoke this consent at any time by replying STOP to any marketing text, by toggling the SMS marketing option off in Settings, or by emailing support@paywelly.com. Revocation will be honored within 10 business days, as required by FCC rule (47 CFR §64.1200(a)(10), effective April 11, 2025).
We capture and retain the following metadata for each SMS opt-in: timestamp, IP address, user-agent, the URL where consent was given, the exact text of the disclosure you saw, and the verbatim consent language you checked. We retain this data for at least five years after revocation as our TCPA audit trail.
We do not share, sell, rent, or otherwise disclose your mobile phone number or SMS opt-in data to any third party or affiliate for their own marketing purposes. SMS data is shared only with Twilio (our messaging carrier), with mobile carriers (AT&T, T-Mobile, Verizon, and their MVNOs) for the technical purpose of delivering each message, and with law enforcement when legally compelled. This restriction is permanent and applies regardless of any future change in PayWelly's ownership or business model.
Message and data rates may apply. PayWelly does not charge for SMS, but your mobile carrier may. We try to keep messages short and infrequent, but message volume depends on your activity (a contractor with five active engagements will receive more than one with none).
Mobile app data. If you install the PayWelly iOS or Android app, we additionally collect:
- Push notification tokens. Apple's APNs and Google's FCM issue an opaque token tied to your device when you grant push permission. We use it only to deliver the notifications you've opted into (engagement updates, payment events, security alerts). The token is rotated by the OS automatically and is stored only while you have notifications enabled and are signed in. We do not use push tokens to track you across apps.
- Device identifiers. We collect a vendor-scoped device identifier (IDFV on iOS; Android ID on Android) for security purposes — to recognize trusted devices and detect anomalous logins. We do not collect IDFA (Apple's advertising identifier) and we do not display App Tracking Transparency prompts because we do not engage in cross-app tracking.
- Crash logs and diagnostic data. If the app crashes or hits an error, we collect a stack trace, OS version, app version, device model, and an anonymous installation ID. We do not collect contents of your screen or any PII in crash reports.
- App version and OS metadata. We record what version of the app you're on and what OS version it's running on, so we can support older versions correctly and notify you about updates.
What we don't collect. We do not collect precise device location. We do not collect contacts, photos, microphone audio, camera streams, calendar data, or health data. We do not use any third-party advertising SDKs, analytics SDKs that share data across apps, or session-replay tools.
In-App Purchases. PayWelly does not use Apple In-App Purchase or Google Play Billing. Payments for engagements are processed through Stripe per Apple App Review Guideline 3.1.3(e), the person-to-person services exemption, because services are delivered in person (or remotely between two specific individuals) and not consumed inside the app.
Device + diagnostic. Standard server logs (IP, user agent, request path, status code, timestamp) are retained for 90 days for security and debugging. Mobile push tokens are stored only while you are signed in and have notifications enabled.
Location. PayWelly does not collect precise device location. Job locations are entered manually by the Poster and shown to potential Contractors as a static address.
2. How we use it
- To operate the platform. Connect Contractors and Posters, route messages, trigger notifications about offers / shift reminders / payouts.
- To process payments and file taxes. Stripe charges Posters, pays out Contractors, and (acting as our payments processor) files Form 1099-NEC with the IRS for any Contractor who exceeds the threshold.
- To enforce safety and compliance. Run identity verification, monitor for fraud, investigate disputes, comply with subpoenas and law-enforcement requests where legally required.
- To improve the product. Aggregated, non-identifying analytics on platform activity (e.g., median time-to-fill by job category) inform product decisions. We do not sell user-level data to third parties.
3. Who we share it with
- Stripe Inc. Card data, identity-verification inputs, payouts. Governed by Stripe's privacy policy at https://stripe.com/privacy.
- The other party to a booking. When you accept an offer, the Poster sees the Contractor's name, profile photo, ratings, and the contractor agreement signed at acceptance; the Contractor sees the Poster's name, company (if applicable), and rating.
- Service providers under contract. Resend (transactional email), Twilio (SMS), Supabase (database hosting), Vercel (compute hosting). Each is contractually bound to use the data only to provide the service.
- Law enforcement, where compelled. We respond to lawful requests (subpoena, search warrant) and share only the data legally required. We push back on overbroad requests.
We do not sell, rent, or share your personal information for cross-context behavioural advertising. We do not have advertising on PayWelly.
Financial data and GLBA. PayWelly is not a "financial institution" under the Gramm-Leach-Bliley Act. Stripe Inc. acts as the regulated payments processor for all card, ACH, escrow, payout, identity-verification, and tax-reporting activity on PayWelly. Stripe's collection, use, and protection of your financial information (card numbers, bank account numbers, government ID, tax ID, W-9, 1099-NEC data) is governed by Stripe's privacy notices at https://stripe.com/privacy and https://stripe.com/legal/privacy-center, not by this Privacy Policy. PayWelly receives only tokenized identifiers, verification status (pass/fail), and the last four digits of payment instruments — never raw financial data.
Business customers and Data Processing Addenda. If you use PayWelly as a corporate or multi-location business account, you may be acting as a controller or processor of your own contractors' data under applicable privacy law (GDPR, CCPA, VCDPA, etc.). PayWelly is a separate controller of contractor data for the limited purposes described in this Policy. Business customers may request a Data Processing Addendum (DPA) by emailing team@paywelly.com; we will execute our standard DPA at no additional charge.
4. Retention
| Data type | Retention |
|---|---|
| Account profile (anonymised after deletion) | 7 years (1099 substantiation) |
| Payments + payouts + 1099 records | 7 years (IRS 1099-NEC retention) |
| Contractor agreements | 7 years (employment-status evidence) |
| SMS opt-in audit trail | 5 years post opt-out (TCPA) |
| Server / security logs | 90 days |
| Push tokens, in-app messages | Until you delete your account |
| Identity verification records | Held by Stripe per their policy |
When you request account deletion via in-app settings, your profile is anonymised within 24 hours; your sign-in identity is permanently removed 30 days later. Tax-bearing records remain in anonymised form for the periods above.
5. Your rights and choices
5.1 Universal rights — applies to everyone. Regardless of where you live, at any time you may:
- See the personal data we hold about you (data export available in Settings → Data export).
- Correct inaccurate data (edit your profile, or email support@paywelly.com if a field isn't editable).
- Delete your PayWelly account (Settings → Delete account, subject to the retention exceptions in Section 4). The deletion process begins immediately and completes within 30 days; tax-bearing records are retained in anonymized form per IRS requirements.
- Choose what messages you receive (Settings → Notification preferences): - Marketing email — toggle off and you'll receive only transactional email. - Marketing SMS — toggle off (or reply STOP to any marketing text) and you'll receive only transactional SMS. - Push notifications — toggle off at the OS level (iOS: Settings → PayWelly → Notifications; Android: Settings → Apps → PayWelly → Notifications) or per-category in the app.
5.2 California (CCPA / CPRA). California residents have the right to: know what personal information we collect and how we use it; delete personal information; correct inaccurate personal information; opt out of any sale or sharing of personal information (PayWelly does not sell or share personal information for cross-context behavioral advertising, so this right is satisfied by default); and not be discriminated against for exercising any of these rights. To exercise CCPA rights, email privacy@paywelly.com with the subject line "CCPA request" or use the in-app data tools. We will verify your identity and respond within 45 days.
5.3 Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA). Residents of these states have substantially similar rights: access, deletion, correction, portability, and the right to opt out of certain processing. Same contact path: privacy@paywelly.com. We will respond within the timeframe required by the applicable state law (45 days for VCDPA / CTDPA / UCPA; 45 days for CPA, extendable by 45). PayWelly does not sell personal data or use it for targeted advertising as defined in any of these statutes.
5.4 EU / UK / Switzerland (GDPR / UK-GDPR). Residents have rights of access, rectification, erasure, restriction of processing, data portability, objection to processing based on legitimate interests, and the right to lodge a complaint with a supervisory authority. To exercise GDPR rights, email privacy@paywelly.com. We will respond within 30 days.
5.5 Do Not Call Registry. If your number is on the National Do Not Call Registry, you will not receive marketing calls from PayWelly. You will still receive transactional SMS and (if you've opted in) marketing SMS, because the DNC Registry does not by itself opt you out of SMS programs you've consented to. Reply STOP to any SMS to opt out.
5.6 Right to withdraw E-SIGN consent. Per 15 USC §7001(c)(1)(B)(i)(II), you may withdraw your consent to receive legally required records in electronic form at any time, with no fee. To withdraw, email privacy@paywelly.com. Because PayWelly's contract, payment, and tax-form delivery model relies on electronic delivery, withdrawal of E-SIGN consent will result in termination of your PayWelly account; we will deliver any remaining required records (your final 1099-NEC, any pending dispute resolution) on paper to your last verified mailing address. Withdrawal does not invalidate any records or contracts already delivered or signed electronically before the date of withdrawal.
6. Security
PayWelly encrypts data at rest (AES-256) and in transit (TLS 1.2+). We use Supabase Row Level Security so that authenticated users can only read rows that belong to them. Service-role access is limited to a small number of API routes audited in the codebase. Production access is restricted to PayWelly engineering staff under MFA. We do not store plaintext passwords.
7. Children
PayWelly is not directed at anyone under 18. We do not knowingly collect data from anyone under 18. If you become aware that a child has provided information to us, please contact team@paywelly.com and we will delete it.
8. Changes
We will publish a new version of this Policy when we make material changes. The new version becomes effective on its effective_at timestamp. Material changes that expand the data we collect or how we share it will be notified to active users via email at least 30 days before they take effect.
9. Contact
PayWelly LLC 8 The Green, Suite D Dover, DE 19901 United States
Phone: +1 (202) 656-0056 Privacy & general questions: team@paywelly.com Customer support: support@paywelly.com
Version 1.1.0 · Effective 5/18/2026 · View Terms of Service