1. Who we are
Payme B.V. (“PayMe”, “we”, “us”) provides a payment platform for businesses. We supply point-of-sale software, payment terminals, and payment links that let merchants accept payments from their customers.
For the personal data described in this statement, Payme B.V. is the data controller, unless we say otherwise below. Where a merchant uses PayMe to sell to their own customers, that merchant is the controller for the underlying order, and PayMe is the controller only for the payment processing.
- Legal entity
- Payme B.V., trading as PayMe
- Registered address
- Spaarndammerstraat 127-3, 1013 TE Amsterdam, the Netherlands
- Chamber of Commerce
- 98308157
- [email protected]
- +31 6 12918389
We provide support by email and WhatsApp. We do not operate a telephone support line.
2. What this statement covers
This statement applies to:
- the PayMe POS app for Android and iOS, including the Tap to Pay and payment-terminal editions;
- the PayMe dashboard at app.paymepos.com;
- payments made through PayMe, including payment links and in-store payments.
It does not cover a merchant’s own handling of your data as their customer, nor the websites and services of third parties we link to.
3. Data we collect
3.1 Account and onboarding data
When you create a PayMe account and onboard your business, we collect the information you provide:
| Category | What it includes |
|---|---|
| Personal details | First and last name, email address, phone number. |
| Credentials | The password you choose, and the verification code we email you. Passwords are stored only in hashed form and are never stored on your device. |
| Business details | Company name, legal form, Chamber of Commerce (KVK) or other business registration number, registered address, business phone number, and industry classification. |
| Store details | Store name, the descriptor that appears on your customers’ bank statements, and store address and phone number. |
3.2 Identity verification (KYC)
Payment regulation requires us to verify the identity of the businesses and people we onboard. This check is carried out by Adyen N.V., our payment service provider, in a hosted onboarding flow that opens in a secure browser window from the app or dashboard.
In that flow, Adyen collects your identity document (passport, driving licence or national ID), your business bank account (IBAN) for payouts, and details of your owners, directors and ultimate beneficial owners. These details are submitted directly to Adyen. PayMe does not see, receive or store your identity document or bank account number — we receive only the resulting verification status.
3.3 Device data
When you enrol a device as a payment terminal, we collect a device identifier generated by the operating system, the device name and model, and the operating system it runs. We use this to register the device, keep your terminals apart from one another, and detect unauthorised devices.
3.4 Location
The PayMe POS app may ask for access to your device’s precise location. Where you grant it, location may be used to record where a payment terminal is operating — which supports fraud prevention and card scheme and regulatory requirements. Adyen’s payment software, which is built into the app, also requires location access: on Android, discovering a nearby card reader over Bluetooth cannot be done without it.
Granting location access is optional and you can decline it or withdraw it at any time in your device settings. Features that depend on location may be unavailable if you do. We do not use location for advertising, and we do not track your location in the background.
3.5 Nearby devices (Bluetooth)
The payment software can connect to supported card readers over Bluetooth. Where you grant this permission, it is used to discover and pair with those readers.
We do not use Bluetooth to determine your location, to detect nearby people, or for advertising. Granting it is optional.
3.6 Camera
The app uses the camera to scan QR codes and barcodes — for example to enrol a terminal or to scan a product. Camera images are processed on your device and are not stored, uploaded or sent to us. We do not take photographs and we do not access your photo library.
3.7 Transaction data
When a payment is made through PayMe, we process the amount and currency, the payment method used, the transaction and payment reference, the date and time, the status of the payment, whether it can be refunded, and the receipt details. The app also keeps a short list of your most recent transactions on the device so you can view and refund them.
Card details are handled by Adyen, not by PayMe. Card numbers are captured inside Adyen’s certified payment software and are never stored by the PayMe app or by our systems.
3.8 Diagnostics and crash reports
To keep the app stable and secure, we collect crash reports, error messages and technical diagnostics through Sentry. Before a report leaves your device, we automatically remove sensitive values — card data, passwords, tokens, PINs and email addresses are filtered out, and your account identifiers are irreversibly hashed. We do not record your screen and we do not capture what you type.
4. What we do not collect
To be explicit, the PayMe app does not:
- contain any advertising or marketing SDKs, and does not collect an advertising ID. We do not sell personal data, and we do not share it with data brokers or advertising networks;
- contain third-party analytics or user-tracking SDKs;
- access your contacts, messages, call logs, calendar, photo library, microphone, or health data;
- collect biometric data;
- store card numbers.
5. App permissions
The PayMe POS app asks for the following device permissions. You can review or withdraw any of them at any time in your device settings.
| Permission | Why it is needed | Asks you? |
|---|---|---|
| Camera | Scanning QR codes and barcodes. Images stay on the device. | Yes — optional |
| Location | Recording where a terminal operates, for fraud prevention and regulatory requirements. The payment software also needs it to discover card readers over Bluetooth, which Android does not permit without location access. | Yes — optional |
| Nearby devices (Bluetooth) | Discovering and connecting to card readers supported by the payment software. We do not use Bluetooth to track you or to detect nearby people. | Yes — optional |
| Contactless payments (NFC) | Reading contactless cards on Tap to Pay devices. Card data is read inside the payment provider’s software, not by PayMe. | No prompt |
| Internet, network and Wi-Fi state | Communicating with PayMe, processing payments, and reaching payment terminals on the local network. | No prompt |
| Background service | Keeping a payment and its data in sync while it is being completed. | No prompt |
| Hiding overlay windows | A security measure: it stops other apps drawing over the payment screen while you take a payment. | No prompt |
| Vibration | Haptic feedback when a payment completes. | No prompt |
Some of these permissions are required by Adyen’s payment software, which is built into the app, rather than by PayMe directly. Only camera, location and nearby devices produce a prompt you can accept or decline; the rest are granted at install time and carry no personal data on their own.
6. Why we process, and on what basis
Under the General Data Protection Regulation (GDPR) we must have a legal basis for every use of your personal data. Ours are:
| Purpose | Legal basis |
|---|---|
| Creating and managing your account and terminals | Performance of our contract with you |
| Processing payments and paying out your funds | Performance of our contract with you |
| Verifying your identity and screening for financial crime | Legal obligation (anti-money-laundering and payment services law) |
| Keeping financial and transaction records | Legal obligation (Dutch tax law) |
| Preventing fraud, securing our platform, and keeping the app stable | Our legitimate interest in a safe and reliable service |
| Supporting you when you contact us | Performance of our contract, and our legitimate interest in helping our customers |
| Accessing your camera or location | Your consent, given through the device permission prompt |
8. Where data is stored
We store and process personal data in the European Economic Area (EEA):
- our platform and database are hosted with DigitalOcean in Amsterdam, the Netherlands;
- payments are processed by Adyen N.V. in the Netherlands;
- email is sent by Resend, which stores it in Ireland;
- crash reports are processed by Sentry in the EU.
Some providers may process limited data outside the EEA — for example for support. Where that happens, we rely on the European Commission’s Standard Contractual Clauses or an adequacy decision to protect it.
9. How long we keep data
| Data | Retention period |
|---|---|
| Transaction and financial records | 7 years, as required by the Dutch statutory tax retention obligation. |
| Identity verification (KYC) records | 5 years after the end of our relationship, as required by anti-money-laundering law. |
| Account and business details | For as long as your account is active, and afterwards only where a retention obligation above applies. |
| Crash reports and diagnostics | Up to 90 days. |
| Transactions cached on your device | A short list of recent transactions, cleared when you sign out or uninstall the app. |
10. How we protect data
- All traffic between the app, the dashboard and our systems is encrypted in transit (TLS).
- Card data is captured and processed inside Adyen’s PCI DSS certified payment software. It never reaches PayMe’s systems.
- Sensitive values are stripped from our logs and crash reports before they leave your device.
- Passwords are stored only as salted hashes, never in plain text.
- Access to personal data inside PayMe is limited to staff who need it.
11. Your rights
Under the GDPR you have the right to:
- Access the personal data we hold about you;
- Rectify data that is incorrect or incomplete;
- Erase your data, where we have no overriding obligation to keep it;
- Restrict or object to our processing;
- Receive your data in a portable format and have it transferred to another provider;
- Withdraw consent at any time, where we rely on consent — for example by turning off a device permission.
To exercise any of these rights, email [email protected]. We respond within one month.
If you are not satisfied, you may lodge a complaint with the Dutch data protection authority, the Autoriteit Persoonsgegevens, or with the supervisory authority where you live.
12. Deleting your account and data
You can ask us to delete your PayMe account and the personal data associated with it at any time.
Email [email protected] from the address registered to your account, with the subject “Account deletion request”. We will verify that the request comes from you and confirm once it is done.
What is deleted
Your account, your profile and contact details, your store and terminal configuration, and the data cached on your devices.
What we must keep
We are legally required to retain transaction and financial records for 7 years (Dutch tax law) and identity verification records for 5 years (anti-money-laundering law). We keep these records for that period even after your account is deleted, and we use them for nothing else. Once the period expires, they are deleted.
Uninstalling the app removes the data cached on your device, but does not by itself delete your PayMe account.
13. Children
PayMe is a service for businesses. It is not directed at children, and we do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, contact us and we will delete it.
14. Changes to this statement
We may update this statement as our service develops or the law changes. The version and effective date at the top of this page always reflect the current version. If a change materially affects you, we will notify you in the app, in the dashboard, or by email before it takes effect.
15. Contact us
For any question about this statement or about your personal data, contact us:
- [email protected]
- +31 6 12918389
- Post
- Payme B.V., Spaarndammerstraat 127-3, 1013 TE Amsterdam, the Netherlands