Effective July 17, 2026
Yito Pay Privacy Policy.
This policy explains the information Yito Pay processes to create orders, confirm Stripe payment events, support customers, secure the service, and understand website use.
Yito Pay Privacy Policy scope and roles
This Privacy Policy applies to pay.yito.ai, the Yito Pay payment control layer, support communications, and approved product integrations. Yito Pay may act as a service provider or processor for the seller that offers a product. That seller may have its own privacy policy and remains responsible for the information it collects directly.
Stripe processes payment details under its own terms and privacy disclosures. Yito Pay does not receive or store full card numbers or CVC values. The payment interface is provided by Stripe.
Information we process
Order and account context
We process app identifiers, external order and user references supplied by an approved product backend, registered SKU, quantity, amount, currency, order state, entitlement state, and timestamps. We also process Stripe identifiers for Checkout Sessions, Payment Intents, customers, subscriptions, refunds, invoices, and disputes when needed to reconcile a transaction.
Technical and security information
We may process IP address, request time, endpoint, HTTP status, user agent, rate-limit digest, error details, and security events. Credentials, Checkout client secrets, full signature headers, card data, and CVC values are excluded from ordinary application logs.
Support and analytics information
Support information
When you contact us, we process your reply address, message, order references, and any information you choose to provide. Please do not send sensitive card data, passwords, API keys, or identity documents unless a verified process specifically requires them.
Website analytics
We use a self-hosted, cookieless analytics service at click.pageview.click to understand aggregate page use. Google Analytics 4 is loaded with analytics storage denied by default and is enabled only after a visitor grants that choice through the site control. Browser signals and local consent state determine whether optional analytics storage is used.
How we use, share, and retain information
We use information to authenticate approved applications, create and reconcile orders, prevent duplicate operations, provide Checkout and billing management, verify Stripe events, synchronize subscriptions and refunds, send signed entitlement updates, answer support requests, detect abuse, maintain service reliability, comply with legal obligations, and improve user-facing documentation.
Sharing
Information may be shared with the responsible product seller, Stripe, infrastructure providers such as Cloudflare and Neon, analytics providers configured on this site, professional advisers, and authorities when legally required. We do not sell personal information. Each provider processes information under its own contractual and security obligations.
Retention
Order, subscription, refund, dispute, webhook, and entitlement records are retained for the period needed for reconciliation, fraud prevention, support, accounting, legal obligations, and dispute handling. Short-lived checkout tokens expire automatically. Rate-limit records are deleted on a rolling basis. Support and analytics information is retained only as long as reasonably needed for its stated purpose.
Security, international processing, and user rights
We use HTTPS, scoped application credentials, keyed credential digests, encrypted platform secrets, signature verification, database constraints, access controls, and operational monitoring. No system can guarantee absolute security. Infrastructure and payment providers may process information in countries other than your own, subject to their applicable transfer safeguards.
Your choices and rights
You can decline optional GA4 analytics or reopen Privacy choices from the footer. Depending on your location, you may have rights to request access, correction, deletion, restriction, objection, portability, or information about processing. Some payment records must be retained for legal, accounting, security, or dispute purposes.
To make a request, email contact@pay.yito.ai. Identify the product and order context without sending payment credentials. We may need to coordinate with the responsible seller or verify that the request concerns your account.
Changes and contact
We may update this policy when the service, providers, or legal requirements change. The effective date at the top identifies the current version. Material changes will be presented through an appropriate notice.
Contact
Questions about this policy can be sent to contact@pay.yito.ai.
Build on a reliable payment boundary
Give every SaaS product one secure way to charge.
Start with the integration guide, then register the app, domain, and server credentials before enabling checkout.