Got a question?
Let's talk!
PayByStep Inc.
Terms of Service
Effective Date: October 16, 2025
Last Updated: October 16, 2025
1. Introduction and Acceptance
These Terms of Service ("Terms") constitute a legally binding agreement between PayByStep Inc., a Pennsylvania corporation with its principal place of business at 7600 Stenton Avenue, Apt 11D, Philadelphia, Pennsylvania 19118 ("PayByStep," "we," "us," or "our"), and you ("Customer," "you," or "your") governing your access to and use of the PayByStep platform and related services (collectively, the "Services").
By accessing or using our Services, you expressly acknowledge that you have read, understood, and agree to be bound by these Terms. If you are entering into these Terms on behalf of a company or other legal entity, you represent that you have the authority to bind such entity to these Terms, in which case "you" shall refer to such entity.
IMPORTANT NOTICE REGARDING ARBITRATION: These Terms contain an arbitration clause in Section 16. By agreeing to these Terms, you acknowledge and agree that you are waiving your right to a jury trial and agreeing to resolve disputes through binding arbitration as set forth in Section 16. This waiver must be accepted separately and explicitly.
2. Description of Services
PayByStep provides a software-as-a-service platform that enables businesses to transform invoices and quotes into payment schedules with multiple installments ("Services").
Our Services facilitate the creation, management, and tracking of payment schedules but do not process, transmit, or hold any funds.
Each Customer connects their own payment service provider (PSP) or banking institution to process actual payments.
PayByStep does not act as a payment facilitator, money transmitter, or financial institution.
We do not custody, hold, or transmit funds on behalf of any party.
3. Account Registration and Eligibility
3.1 Eligibility.
You must be at least 18 years of age and have the legal capacity to enter into binding contracts to use our Services. By registering, you represent and warrant that all information you provide is accurate, current, and complete.
3.2 Business Use Only.
Our Services are designed for business-to-business use only. You represent that you are registering and using the Services for legitimate business purposes.
3.3 Account Security.
You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. You agree to notify us immediately at lou@paybystep.com of any unauthorized access or security breach.
4. Subscription Plans and Pricing
4.1 Available Plans.
PayByStep offers multiple subscription tiers:
Pay-As-You-Go: Usage-based pricing with no monthly commitment
Monthly Subscriptions: Fixed monthly fee with auto-renewal
Annual Subscriptions: Fixed annual fee paid upfront with a discount equivalent to two months freeCurrent pricing is available at paybystep.com/pricing and may be updated from time to time with at least thirty (30) days' advance notice to existing Customers.
4.2 Payment Terms.
All fees are due in advance and are non-refundable except as expressly provided in Section 5 (Refund Policy). You authorize PayByStep to charge your designated payment method for all applicable fees.
4.3 Auto-Renewal and Cancellation.
AUTOMATIC RENEWAL NOTICE: Monthly and annual subscriptions automatically renew at the end of each billing period unless canceled prior to the renewal date. By subscribing to auto-renewing plans, you explicitly acknowledge and consent to automatic charges for subsequent billing periods.You may cancel your subscription at any time by accessing your account settings or contacting team@paybystep.com. Cancellation will take effect at the end of the current billing period. No refunds will be provided for unused portions of a billing period except as specified in Section 5.Advance Notice of Renewal: For annual subscriptions, we will send you a notification at least thirty (30) days before your renewal date, informing you of the upcoming charge, the amount, and providing instructions to cancel if you do not wish to renew.
4.4 Price Changes.
We reserve the right to modify our pricing with thirty (30) days' advance written notice. Price changes will not affect your current billing period but will apply upon your next renewal.
5. Refund Policy
5.1 Monthly Subscriptions.
Customers may request a full refund within seven (7) days of their initial subscription charge. Refund requests must be submitted to team@paybystep.com. No refunds are provided for subsequent monthly charges or for partial months of service.
5.2 Annual Subscriptions.
Customers may request a full refund within fourteen (14) days of their initial annual subscription charge. After fourteen (14) days, no refunds will be issued for annual subscriptions. If you cancel after the refund period, your subscription will remain active until the end of the annual term, but will not auto-renew.
5.3 Pay-As-You-Go.
All usage-based charges are final and non-refundable.
5.4 Service Issues.
If you experience technical issues that substantially impair your use of the Services and we are unable to resolve such issues within thirty (30) days of your written notice, you may request a pro-rata refund for the affected period.
6. Acceptable Use Policy
6.1 Prohibited Activities.
You agree not to use the Services to:
Violate any applicable local, state, national, or international law or regulation
Infringe upon the intellectual property rights of PayByStep or any third party
Transmit any material that contains viruses, malware, or other harmful code
Attempt to gain unauthorized access to our systems or networks
Interfere with or disrupt the integrity or performance of the Services
Use the Services for any fraudulent, deceptive, or illegal purpose
Impersonate any person or entity or misrepresent your affiliation with any person or entity
Collect or harvest personal information of other users without their consent
Use the Services to send unsolicited commercial communications (spam)
Reverse engineer, decompile, or disassemble any portion of the Services
Use automated systems (bots, scrapers) to access the Services without our express written permission
6.2 Consequences of Violation.
Violation of this Acceptable Use Policy may result in immediate suspension or termination of your account, removal of prohibited content, and/or legal action.
We reserve the right to investigate suspected violations and to cooperate with law enforcement authorities.
7. Intellectual Property Rights
7.1 PayByStep IP.
The Services, including all software, text, graphics, logos, images, audio, video, data compilations, and other materials, are owned by PayByStep or our licensors and are protected by United States and international copyright, trademark, patent, and other intellectual property laws. You are granted a limited, non-exclusive, non-transferable, revocable license to access and use the Services solely for their intended business purposes during your subscription term.
7.2 Customer Data.
You retain all ownership rights to the data, content, invoices, quotes, and other materials you upload or submit to the Services ("Customer Data"). By using the Services, you grant PayByStep a limited, non-exclusive, worldwide license to host, store, process, and display your Customer Data solely for the purpose of providing the Services to you.
7.3 Feedback.
If you provide us with any suggestions, ideas, enhancement requests, or other feedback regarding the Services, you grant us a perpetual, irrevocable, worldwide, royalty-free license to use such feedback for any purpose without compensation or attribution to you.
8. Data Privacy and Security
8.1 Data Collection.
PayByStep collects and processes business information including company names, contact persons, email addresses, and the content of invoices and quotes submitted through the Services. We do not collect payment card information, bank account credentials, or process any financial transactions.
8.2 Privacy Policy.
Our collection, use, and disclosure of personal information is governed by our Privacy Policy, available at paybystep.com/privacy. By using the Services, you consent to such collection and processing in accordance with our Privacy Policy.
8.3 Data Security.
We implement reasonable administrative, technical, and physical security measures designed to protect your data against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is 100% secure.
8.4 Data Breach Notification.
In the event of a data breach affecting your information, we will notify you and the Pennsylvania Attorney General without unreasonable delay and in accordance with Pennsylvania's Breach of Personal Information Notification Act (BPINA) and other applicable laws.
8.5 International Data Transfers.
As we operate internationally, your data may be transferred to, stored, and processed in countries outside of your residence. By using our Services, you consent to such transfers. We will ensure appropriate safeguards are in place for international data transfers in compliance with GDPR and other applicable data protection laws.
9. Customer Responsibilities
9.1 Compliance.
You are solely responsible for ensuring that your use of the Services complies with all applicable laws, regulations, and industry standards in your jurisdiction.
9.2 Accuracy of Information.
You represent and warrant that all information you provide to PayByStep is accurate, complete, and up-to-date. You agree to promptly update any information that changes.
9.3 Third-Party Integrations.
You are responsible for your relationship with any third-party payment service providers or banking institutions you connect to the Services. PayByStep is not responsible for the actions, errors, or omissions of such third parties.
9.4 End User Agreements.
If you use the Services to interact with your own customers or clients, you are responsible for obtaining all necessary consents and agreements from those parties.
10. Disclaimer of Warranties
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SERVICES ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED.PAYBYSTEP SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. WE DO NOT WARRANT THAT:THE SERVICES WILL MEET YOUR REQUIREMENTS OR EXPECTATIONSTHE SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREEANY ERRORS OR DEFECTS IN THE SERVICES WILL BE CORRECTEDTHE SERVICES WILL BE FREE FROM VIRUSES OR OTHER HARMFUL COMPONENTSTHE RESULTS OBTAINED FROM USE OF THE SERVICES WILL BE ACCURATE OR RELIABLE
Some jurisdictions do not allow the exclusion of implied warranties, so some of the above exclusions may not apply to you. You may have other rights that vary by jurisdiction.
11. Limitation of Liability
11.1 EXCLUSION OF DAMAGES.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL PAYBYSTEP, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, OR AFFILIATES BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO:LOSS OF PROFITS, REVENUE, DATA, OR USELOSS OF BUSINESS OPPORTUNITYBUSINESS INTERRUPTIONLOSS OF GOODWILL OR REPUTATIONCOST OF SUBSTITUTE SERVICESWHETHER IN AN ACTION IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHERWISE, ARISING OUT OF OR IN CONNECTION WITH THE USE OR INABILITY TO USE THE SERVICES, EVEN IF PAYBYSTEP HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
11.2 CAP ON LIABILITY.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, PAYBYSTEP'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS OR THE SERVICES SHALL NOT EXCEED THE TOTAL AMOUNT PAID BY YOU TO PAYBYSTEP DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO LIABILITY, OR ONE HUNDRED DOLLARS ($100), WHICHEVER IS GREATER.
11.3 Essential Purpose.
The limitations in this Section 11 reflect the allocation of risk between the parties. The Services would not be provided without these limitations, and these limitations will apply even if any limited remedy is found to have failed its essential purpose.
11.4 Jurisdictional Limitations.
Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the above limitations may not apply to you.
12. Indemnification
12.1 Customer Indemnification.
You agree to indemnify, defend, and hold harmless PayByStep, its officers, directors, employees, agents, affiliates, and licensors from and against any and all claims, liabilities, damages, losses, costs, expenses, or fees (including reasonable attorneys' fees) arising from or relating to:Your use or misuse of the ServicesYour violation of these Terms or any applicable law or regulationYour violation of any third-party rights, including intellectual property, privacy, or confidentiality rightsAny Customer Data you provide or submit through the ServicesYour relationship with your customers, clients, or any third parties
12.2 PayByStep Indemnification.
PayByStep agrees to indemnify, defend, and hold you harmless from and against any third-party claims alleging that the Services, when used in accordance with these Terms, infringe such third party's valid intellectual property rights. PayByStep's obligations under this Section 12.2 are conditioned upon you:Promptly notifying PayByStep in writing of any such claimGranting PayByStep sole control of the defense and settlement of the claimProviding reasonable cooperation in the defense at PayByStep's expense
12.3 Remedy Options.
If the Services are, or in PayByStep's opinion are likely to become, the subject of an intellectual property infringement claim, PayByStep may, at its option and expense:Procure the right for you to continue using the ServicesReplace or modify the Services to make them non-infringingTerminate your subscription and refund any prepaid, unused fees on a pro-rata basis
12.4 Exclusions.
PayByStep's indemnification obligations do not apply to claims arising from: (a) modifications to the Services not made by PayByStep; (b) use of the Services in combination with third-party products or services not approved by PayByStep; (c) your failure to implement updates or modifications provided by PayByStep; or (d) your breach of these Terms.
13. Term and Termination
13.1 Term.
These Terms commence on the date you first access or use the Services and continue until terminated in accordance with this Section 13.
13.2 Termination by You.
You may terminate these Terms at any time by canceling your subscription and ceasing all use of the Services. For monthly subscriptions, termination takes effect at the end of the current billing month. For annual subscriptions, termination takes effect at the end of the annual term.
13.3 Termination by PayByStep.
We may suspend or terminate your access to the Services immediately, without prior notice or liability, for any reason, including but not limited to:Breach of these Terms or any applicable policyNon-payment of feesFraudulent, illegal, or harmful conductViolation of applicable laws or regulationsExtended periods of inactivity
13.4 Termination for Convenience.
Either party may terminate monthly subscriptions with thirty (30) days' written notice to the other party.
13.5 Effect of Termination.
Upon termination:Your right to access and use the Services immediately ceasesYou remain responsible for all fees and charges incurred through the date of terminationYou must immediately discontinue all use of our intellectual propertySections 7 (Intellectual Property), 10 (Disclaimer), 11 (Limitation of Liability), 12 (Indemnification), 14 (Data Retention and Deletion), and 16 (Dispute Resolution) shall survive termination
14. Data Retention and Deletion
14.1 During Service.
During the term of your subscription, we will retain your Customer Data for the purpose of providing the Services.
14.2 Upon Termination.
Within thirty (30) days following termination, we will delete or anonymize all Customer Data in our possession, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, billing disputes).
14.3 Data Export.
Prior to termination, you may export your Customer Data using the tools provided in your account dashboard. We are not responsible for Customer Data that you fail to export before termination.
14.4 Backup Copies.
Backup copies of Customer Data may remain in our systems for up to ninety (90) days after termination and will be deleted in accordance with our standard backup retention policies.
15. DMCA and Copyright Policy
PayByStep respects the intellectual property rights of others and expects users to do the same. In accordance with the Digital Millennium Copyright Act (DMCA), we will respond to valid notices of copyright infringement.
15.1 Copyright Infringement Claims.
If you believe that content on our Services infringes your copyright, please submit a written notice to our designated DMCA Agent at:
DMCA Agent
PayByStep Inc.
7600 Stenton Ave., Apt 11D
Philadelphia, PA 19118
Email: team@paybystep.com
Your notice must include:
A physical or electronic signature of the copyright owner or authorized representative
Identification of the copyrighted work claimed to have been infringed
Identification of the material claimed to be infringing with sufficient detail to locate it
Your contact information (address, telephone number, email)
A statement that you have a good faith belief that the use is not authorized
A statement under penalty of perjury that the information is accurate and that you are authorized to act on behalf of the copyright owner
15.2 Repeat Infringer Policy.
We maintain a policy of terminating accounts of users who are repeat copyright infringers.
16. Dispute Resolution and Arbitration
16.1 MANDATORY ARBITRATION AND JURY TRIAL WAIVER.READ THIS SECTION CAREFULLY. IT AFFECTS YOUR LEGAL RIGHTS, INCLUDING YOUR RIGHT TO FILE A LAWSUIT IN COURT AND HAVE A JURY HEAR YOUR CLAIMS.BY AGREEING TO THESE TERMS, YOU AGREE THAT YOU ARE WAIVING YOUR RIGHT TO A TRIAL BY JURY AND WAIVING YOUR RIGHT TO PARTICIPATE IN A CLASS ACTION LAWSUIT.Subject to the exceptions in Section 16.6, you and PayByStep agree that any dispute, claim, or controversy arising out of or relating to these Terms, your use of the Services, or your relationship with PayByStep (collectively, "Disputes") will be resolved exclusively through final and binding arbitration, rather than in court.
16.2 Arbitration Procedures.
Any arbitration will be administered by the American Arbitration Association ("AAA") under its Commercial Arbitration Rules and, where appropriate, the AAA's Supplementary Procedures for Consumer Related Disputes. The arbitration will be conducted in Philadelphia, Pennsylvania, or at another mutually agreed location. The arbitrator's decision will be final and binding and may be entered as a judgment in any court of competent jurisdiction.
16.3 Costs of Arbitration.
Payment of all filing, administration, and arbitrator fees will be governed by the AAA's rules. If the arbitrator finds that you cannot afford to pay the AAA's filing, administrative, hearing, and/or other fees and cannot obtain a waiver, PayByStep will pay them for you.
16.4 Class Action Waiver.
YOU AND PAYBYSTEP AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING. Unless both you and PayByStep agree otherwise, the arbitrator may not consolidate more than one person's claims and may not otherwise preside over any form of a representative or class proceeding.
16.5 Informal Dispute Resolution.
Before initiating arbitration, you agree to first contact us at team@paybystep.com to attempt to resolve the dispute informally. We will attempt to resolve the dispute informally by contacting you via email. If a dispute is not resolved within sixty (60) days of submission, you or PayByStep may initiate arbitration proceedings.
16.6 Exceptions to Arbitration.
Notwithstanding the above, either party may bring an action in court for:Injunctive or other equitable relief to protect intellectual property rightsSmall claims court actions (if the claim qualifies)Claims that cannot be arbitrated under applicable law
16.7 Governing Law and Venue.
These Terms and any Disputes will be governed by the laws of the Commonwealth of Pennsylvania, without regard to its conflict of law provisions. Any court proceeding (subject to Section 16.6) must be brought in the state or federal courts located in Philadelphia County, Pennsylvania, and you irrevocably consent to the exclusive jurisdiction and venue of such courts.
17. Service Level Agreement (SLA)
17.1 Uptime Commitment.
PayByStep commits to maintaining a monthly uptime percentage of 99.5% for the Services, excluding scheduled maintenance and circumstances beyond our reasonable control (see Section 18, Force Majeure).
17.2 Scheduled Maintenance.
We may perform scheduled maintenance with at least forty-eight (48) hours' advance notice posted on our status page. Scheduled maintenance windows will not count against our uptime commitment.
17.3 Downtime Calculation.
"Downtime" means the Services are unavailable and you receive error messages when attempting to access the platform. Downtime excludes: (a) unavailability caused by your equipment, network, or internet connectivity; (b) issues with third-party services or integrations; (c) Force Majeure events; (d) actions or omissions by you or your users; (e) scheduled maintenance.
17.4 Service Credits.
If we fail to meet the 99.5% uptime commitment in any given month, you may request a service credit equal to 5% of your monthly subscription fee for each 1% of downtime below our commitment (e.g., if uptime is 98%, you are entitled to a 7.5% credit). Service credits are your sole and exclusive remedy for any failure to meet our SLA. Service credits must be requested within thirty (30) days of the end of the month in which the downtime occurred by emailing lou@paybystep.com.
17.5 Maximum Credit.
The maximum aggregate service credit for any monthly billing period shall not exceed 50% of that month's subscription fee.
18. Force Majeure
Neither party shall be liable for any failure or delay in performance due to circumstances beyond its reasonable control, including but not limited to: acts of God; natural disasters (earthquakes, floods, hurricanes); war, terrorism, or civil unrest; government actions, laws, or regulations; labor strikes or disputes; pandemics or epidemics; failure of third-party telecommunications or internet services; widespread cyberattacks or DDoS attacks; or other events that could not have been reasonably foreseen or prevented (each, a "Force Majeure Event").The affected party must provide prompt written notice to the other party and use commercially reasonable efforts to mitigate the impact of the Force Majeure Event. Performance obligations will be suspended during the Force Majeure Event to the extent such event prevents performance. If a Force Majeure Event continues for more than sixty (60) consecutive days, either party may terminate the affected services by providing written notice to the other party.Financial hardship, economic downturns, and inability to pay obligations shall not constitute Force Majeure Events.
19. Modifications to Terms
We reserve the right to modify these Terms at any time. If we make material changes, we will notify you by email (to the address associated with your account) or by posting a notice on our website at least thirty (30) days before the changes take effect. Material changes will not apply retroactively and will become effective thirty (30) days after posting, except for changes required by law which may take effect immediately.Your continued use of the Services after the effective date of any modifications constitutes your acceptance of the modified Terms. If you do not agree to the modified Terms, you must discontinue use of the Services and may terminate your subscription in accordance with Section 13.
20. General Provisions
20.1 Entire Agreement.
These Terms, together with our Privacy Policy, Cookie Policy, and Data Processing Agreement, constitute the entire agreement between you and PayByStep regarding the Services and supersede all prior agreements, understandings, and communications.
20.2 Assignment.
You may not assign or transfer these Terms or any rights or obligations hereunder without PayByStep's prior written consent. PayByStep may assign these Terms without restriction. Any attempted assignment in violation of this section is void.
20.3 Severability.
If any provision of these Terms is found to be invalid, illegal, or unenforceable, the remaining provisions will continue in full force and effect. The invalid provision will be modified to the minimum extent necessary to make it valid and enforceable.
20.4 Waiver.
No waiver of any term or condition of these Terms shall be deemed a further or continuing waiver of such term or any other term. Our failure to enforce any right or provision of these Terms will not constitute a waiver of such right or provision.
20.5 No Third-Party Beneficiaries.
These Terms do not create any third-party beneficiary rights except as expressly stated herein.
20.6 Relationship of Parties.
The parties are independent contractors. These Terms do not create a partnership, franchise, joint venture, agency, or employment relationship between the parties.
20.7 Notices.
All notices under these Terms must be in writing and sent to the addresses specified herein. Notices to PayByStep should be sent to team@paybystep.com. Notices to you will be sent to the email address associated with your account.
20.8 Export Compliance.
You agree to comply with all applicable export and import control laws and regulations in your use of the Services.
21. Contact Information
For questions about these Terms, please contact us at:
PayByStep Inc.
7600 Stenton Avenue, Apt 11D
Philadelphia, PA 19118
Email: team@paybystep.com
Last Updated: October 16, 2025
1. Introduction and Acceptance
These Terms of Service ("Terms") constitute a legally binding agreement between PayByStep Inc., a Pennsylvania corporation with its principal place of business at 7600 Stenton Avenue, Apt 11D, Philadelphia, Pennsylvania 19118 ("PayByStep," "we," "us," or "our"), and you ("Customer," "you," or "your") governing your access to and use of the PayByStep platform and related services (collectively, the "Services").
By accessing or using our Services, you expressly acknowledge that you have read, understood, and agree to be bound by these Terms. If you are entering into these Terms on behalf of a company or other legal entity, you represent that you have the authority to bind such entity to these Terms, in which case "you" shall refer to such entity.
IMPORTANT NOTICE REGARDING ARBITRATION: These Terms contain an arbitration clause in Section 16. By agreeing to these Terms, you acknowledge and agree that you are waiving your right to a jury trial and agreeing to resolve disputes through binding arbitration as set forth in Section 16. This waiver must be accepted separately and explicitly.
2. Description of Services
PayByStep provides a software-as-a-service platform that enables businesses to transform invoices and quotes into payment schedules with multiple installments ("Services").
Our Services facilitate the creation, management, and tracking of payment schedules but do not process, transmit, or hold any funds.
Each Customer connects their own payment service provider (PSP) or banking institution to process actual payments.
PayByStep does not act as a payment facilitator, money transmitter, or financial institution.
We do not custody, hold, or transmit funds on behalf of any party.
3. Account Registration and Eligibility
3.1 Eligibility.
You must be at least 18 years of age and have the legal capacity to enter into binding contracts to use our Services. By registering, you represent and warrant that all information you provide is accurate, current, and complete.
3.2 Business Use Only.
Our Services are designed for business-to-business use only. You represent that you are registering and using the Services for legitimate business purposes.
3.3 Account Security.
You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. You agree to notify us immediately at lou@paybystep.com of any unauthorized access or security breach.
4. Subscription Plans and Pricing
4.1 Available Plans.
PayByStep offers multiple subscription tiers:
Pay-As-You-Go: Usage-based pricing with no monthly commitment
Monthly Subscriptions: Fixed monthly fee with auto-renewal
Annual Subscriptions: Fixed annual fee paid upfront with a discount equivalent to two months freeCurrent pricing is available at paybystep.com/pricing and may be updated from time to time with at least thirty (30) days' advance notice to existing Customers.
4.2 Payment Terms.
All fees are due in advance and are non-refundable except as expressly provided in Section 5 (Refund Policy). You authorize PayByStep to charge your designated payment method for all applicable fees.
4.3 Auto-Renewal and Cancellation.
AUTOMATIC RENEWAL NOTICE: Monthly and annual subscriptions automatically renew at the end of each billing period unless canceled prior to the renewal date. By subscribing to auto-renewing plans, you explicitly acknowledge and consent to automatic charges for subsequent billing periods.You may cancel your subscription at any time by accessing your account settings or contacting team@paybystep.com. Cancellation will take effect at the end of the current billing period. No refunds will be provided for unused portions of a billing period except as specified in Section 5.Advance Notice of Renewal: For annual subscriptions, we will send you a notification at least thirty (30) days before your renewal date, informing you of the upcoming charge, the amount, and providing instructions to cancel if you do not wish to renew.
4.4 Price Changes.
We reserve the right to modify our pricing with thirty (30) days' advance written notice. Price changes will not affect your current billing period but will apply upon your next renewal.
5. Refund Policy
5.1 Monthly Subscriptions.
Customers may request a full refund within seven (7) days of their initial subscription charge. Refund requests must be submitted to team@paybystep.com. No refunds are provided for subsequent monthly charges or for partial months of service.
5.2 Annual Subscriptions.
Customers may request a full refund within fourteen (14) days of their initial annual subscription charge. After fourteen (14) days, no refunds will be issued for annual subscriptions. If you cancel after the refund period, your subscription will remain active until the end of the annual term, but will not auto-renew.
5.3 Pay-As-You-Go.
All usage-based charges are final and non-refundable.
5.4 Service Issues.
If you experience technical issues that substantially impair your use of the Services and we are unable to resolve such issues within thirty (30) days of your written notice, you may request a pro-rata refund for the affected period.
6. Acceptable Use Policy
6.1 Prohibited Activities.
You agree not to use the Services to:
Violate any applicable local, state, national, or international law or regulation
Infringe upon the intellectual property rights of PayByStep or any third party
Transmit any material that contains viruses, malware, or other harmful code
Attempt to gain unauthorized access to our systems or networks
Interfere with or disrupt the integrity or performance of the Services
Use the Services for any fraudulent, deceptive, or illegal purpose
Impersonate any person or entity or misrepresent your affiliation with any person or entity
Collect or harvest personal information of other users without their consent
Use the Services to send unsolicited commercial communications (spam)
Reverse engineer, decompile, or disassemble any portion of the Services
Use automated systems (bots, scrapers) to access the Services without our express written permission
6.2 Consequences of Violation.
Violation of this Acceptable Use Policy may result in immediate suspension or termination of your account, removal of prohibited content, and/or legal action.
We reserve the right to investigate suspected violations and to cooperate with law enforcement authorities.
7. Intellectual Property Rights
7.1 PayByStep IP.
The Services, including all software, text, graphics, logos, images, audio, video, data compilations, and other materials, are owned by PayByStep or our licensors and are protected by United States and international copyright, trademark, patent, and other intellectual property laws. You are granted a limited, non-exclusive, non-transferable, revocable license to access and use the Services solely for their intended business purposes during your subscription term.
7.2 Customer Data.
You retain all ownership rights to the data, content, invoices, quotes, and other materials you upload or submit to the Services ("Customer Data"). By using the Services, you grant PayByStep a limited, non-exclusive, worldwide license to host, store, process, and display your Customer Data solely for the purpose of providing the Services to you.
7.3 Feedback.
If you provide us with any suggestions, ideas, enhancement requests, or other feedback regarding the Services, you grant us a perpetual, irrevocable, worldwide, royalty-free license to use such feedback for any purpose without compensation or attribution to you.
8. Data Privacy and Security
8.1 Data Collection.
PayByStep collects and processes business information including company names, contact persons, email addresses, and the content of invoices and quotes submitted through the Services. We do not collect payment card information, bank account credentials, or process any financial transactions.
8.2 Privacy Policy.
Our collection, use, and disclosure of personal information is governed by our Privacy Policy, available at paybystep.com/privacy. By using the Services, you consent to such collection and processing in accordance with our Privacy Policy.
8.3 Data Security.
We implement reasonable administrative, technical, and physical security measures designed to protect your data against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is 100% secure.
8.4 Data Breach Notification.
In the event of a data breach affecting your information, we will notify you and the Pennsylvania Attorney General without unreasonable delay and in accordance with Pennsylvania's Breach of Personal Information Notification Act (BPINA) and other applicable laws.
8.5 International Data Transfers.
As we operate internationally, your data may be transferred to, stored, and processed in countries outside of your residence. By using our Services, you consent to such transfers. We will ensure appropriate safeguards are in place for international data transfers in compliance with GDPR and other applicable data protection laws.
9. Customer Responsibilities
9.1 Compliance.
You are solely responsible for ensuring that your use of the Services complies with all applicable laws, regulations, and industry standards in your jurisdiction.
9.2 Accuracy of Information.
You represent and warrant that all information you provide to PayByStep is accurate, complete, and up-to-date. You agree to promptly update any information that changes.
9.3 Third-Party Integrations.
You are responsible for your relationship with any third-party payment service providers or banking institutions you connect to the Services. PayByStep is not responsible for the actions, errors, or omissions of such third parties.
9.4 End User Agreements.
If you use the Services to interact with your own customers or clients, you are responsible for obtaining all necessary consents and agreements from those parties.
10. Disclaimer of Warranties
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SERVICES ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED.PAYBYSTEP SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. WE DO NOT WARRANT THAT:THE SERVICES WILL MEET YOUR REQUIREMENTS OR EXPECTATIONSTHE SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREEANY ERRORS OR DEFECTS IN THE SERVICES WILL BE CORRECTEDTHE SERVICES WILL BE FREE FROM VIRUSES OR OTHER HARMFUL COMPONENTSTHE RESULTS OBTAINED FROM USE OF THE SERVICES WILL BE ACCURATE OR RELIABLE
Some jurisdictions do not allow the exclusion of implied warranties, so some of the above exclusions may not apply to you. You may have other rights that vary by jurisdiction.
11. Limitation of Liability
11.1 EXCLUSION OF DAMAGES.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL PAYBYSTEP, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, OR AFFILIATES BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO:LOSS OF PROFITS, REVENUE, DATA, OR USELOSS OF BUSINESS OPPORTUNITYBUSINESS INTERRUPTIONLOSS OF GOODWILL OR REPUTATIONCOST OF SUBSTITUTE SERVICESWHETHER IN AN ACTION IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHERWISE, ARISING OUT OF OR IN CONNECTION WITH THE USE OR INABILITY TO USE THE SERVICES, EVEN IF PAYBYSTEP HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
11.2 CAP ON LIABILITY.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, PAYBYSTEP'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS OR THE SERVICES SHALL NOT EXCEED THE TOTAL AMOUNT PAID BY YOU TO PAYBYSTEP DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO LIABILITY, OR ONE HUNDRED DOLLARS ($100), WHICHEVER IS GREATER.
11.3 Essential Purpose.
The limitations in this Section 11 reflect the allocation of risk between the parties. The Services would not be provided without these limitations, and these limitations will apply even if any limited remedy is found to have failed its essential purpose.
11.4 Jurisdictional Limitations.
Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the above limitations may not apply to you.
12. Indemnification
12.1 Customer Indemnification.
You agree to indemnify, defend, and hold harmless PayByStep, its officers, directors, employees, agents, affiliates, and licensors from and against any and all claims, liabilities, damages, losses, costs, expenses, or fees (including reasonable attorneys' fees) arising from or relating to:Your use or misuse of the ServicesYour violation of these Terms or any applicable law or regulationYour violation of any third-party rights, including intellectual property, privacy, or confidentiality rightsAny Customer Data you provide or submit through the ServicesYour relationship with your customers, clients, or any third parties
12.2 PayByStep Indemnification.
PayByStep agrees to indemnify, defend, and hold you harmless from and against any third-party claims alleging that the Services, when used in accordance with these Terms, infringe such third party's valid intellectual property rights. PayByStep's obligations under this Section 12.2 are conditioned upon you:Promptly notifying PayByStep in writing of any such claimGranting PayByStep sole control of the defense and settlement of the claimProviding reasonable cooperation in the defense at PayByStep's expense
12.3 Remedy Options.
If the Services are, or in PayByStep's opinion are likely to become, the subject of an intellectual property infringement claim, PayByStep may, at its option and expense:Procure the right for you to continue using the ServicesReplace or modify the Services to make them non-infringingTerminate your subscription and refund any prepaid, unused fees on a pro-rata basis
12.4 Exclusions.
PayByStep's indemnification obligations do not apply to claims arising from: (a) modifications to the Services not made by PayByStep; (b) use of the Services in combination with third-party products or services not approved by PayByStep; (c) your failure to implement updates or modifications provided by PayByStep; or (d) your breach of these Terms.
13. Term and Termination
13.1 Term.
These Terms commence on the date you first access or use the Services and continue until terminated in accordance with this Section 13.
13.2 Termination by You.
You may terminate these Terms at any time by canceling your subscription and ceasing all use of the Services. For monthly subscriptions, termination takes effect at the end of the current billing month. For annual subscriptions, termination takes effect at the end of the annual term.
13.3 Termination by PayByStep.
We may suspend or terminate your access to the Services immediately, without prior notice or liability, for any reason, including but not limited to:Breach of these Terms or any applicable policyNon-payment of feesFraudulent, illegal, or harmful conductViolation of applicable laws or regulationsExtended periods of inactivity
13.4 Termination for Convenience.
Either party may terminate monthly subscriptions with thirty (30) days' written notice to the other party.
13.5 Effect of Termination.
Upon termination:Your right to access and use the Services immediately ceasesYou remain responsible for all fees and charges incurred through the date of terminationYou must immediately discontinue all use of our intellectual propertySections 7 (Intellectual Property), 10 (Disclaimer), 11 (Limitation of Liability), 12 (Indemnification), 14 (Data Retention and Deletion), and 16 (Dispute Resolution) shall survive termination
14. Data Retention and Deletion
14.1 During Service.
During the term of your subscription, we will retain your Customer Data for the purpose of providing the Services.
14.2 Upon Termination.
Within thirty (30) days following termination, we will delete or anonymize all Customer Data in our possession, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, billing disputes).
14.3 Data Export.
Prior to termination, you may export your Customer Data using the tools provided in your account dashboard. We are not responsible for Customer Data that you fail to export before termination.
14.4 Backup Copies.
Backup copies of Customer Data may remain in our systems for up to ninety (90) days after termination and will be deleted in accordance with our standard backup retention policies.
15. DMCA and Copyright Policy
PayByStep respects the intellectual property rights of others and expects users to do the same. In accordance with the Digital Millennium Copyright Act (DMCA), we will respond to valid notices of copyright infringement.
15.1 Copyright Infringement Claims.
If you believe that content on our Services infringes your copyright, please submit a written notice to our designated DMCA Agent at:
DMCA Agent
PayByStep Inc.
7600 Stenton Ave., Apt 11D
Philadelphia, PA 19118
Email: team@paybystep.com
Your notice must include:
A physical or electronic signature of the copyright owner or authorized representative
Identification of the copyrighted work claimed to have been infringed
Identification of the material claimed to be infringing with sufficient detail to locate it
Your contact information (address, telephone number, email)
A statement that you have a good faith belief that the use is not authorized
A statement under penalty of perjury that the information is accurate and that you are authorized to act on behalf of the copyright owner
15.2 Repeat Infringer Policy.
We maintain a policy of terminating accounts of users who are repeat copyright infringers.
16. Dispute Resolution and Arbitration
16.1 MANDATORY ARBITRATION AND JURY TRIAL WAIVER.READ THIS SECTION CAREFULLY. IT AFFECTS YOUR LEGAL RIGHTS, INCLUDING YOUR RIGHT TO FILE A LAWSUIT IN COURT AND HAVE A JURY HEAR YOUR CLAIMS.BY AGREEING TO THESE TERMS, YOU AGREE THAT YOU ARE WAIVING YOUR RIGHT TO A TRIAL BY JURY AND WAIVING YOUR RIGHT TO PARTICIPATE IN A CLASS ACTION LAWSUIT.Subject to the exceptions in Section 16.6, you and PayByStep agree that any dispute, claim, or controversy arising out of or relating to these Terms, your use of the Services, or your relationship with PayByStep (collectively, "Disputes") will be resolved exclusively through final and binding arbitration, rather than in court.
16.2 Arbitration Procedures.
Any arbitration will be administered by the American Arbitration Association ("AAA") under its Commercial Arbitration Rules and, where appropriate, the AAA's Supplementary Procedures for Consumer Related Disputes. The arbitration will be conducted in Philadelphia, Pennsylvania, or at another mutually agreed location. The arbitrator's decision will be final and binding and may be entered as a judgment in any court of competent jurisdiction.
16.3 Costs of Arbitration.
Payment of all filing, administration, and arbitrator fees will be governed by the AAA's rules. If the arbitrator finds that you cannot afford to pay the AAA's filing, administrative, hearing, and/or other fees and cannot obtain a waiver, PayByStep will pay them for you.
16.4 Class Action Waiver.
YOU AND PAYBYSTEP AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING. Unless both you and PayByStep agree otherwise, the arbitrator may not consolidate more than one person's claims and may not otherwise preside over any form of a representative or class proceeding.
16.5 Informal Dispute Resolution.
Before initiating arbitration, you agree to first contact us at team@paybystep.com to attempt to resolve the dispute informally. We will attempt to resolve the dispute informally by contacting you via email. If a dispute is not resolved within sixty (60) days of submission, you or PayByStep may initiate arbitration proceedings.
16.6 Exceptions to Arbitration.
Notwithstanding the above, either party may bring an action in court for:Injunctive or other equitable relief to protect intellectual property rightsSmall claims court actions (if the claim qualifies)Claims that cannot be arbitrated under applicable law
16.7 Governing Law and Venue.
These Terms and any Disputes will be governed by the laws of the Commonwealth of Pennsylvania, without regard to its conflict of law provisions. Any court proceeding (subject to Section 16.6) must be brought in the state or federal courts located in Philadelphia County, Pennsylvania, and you irrevocably consent to the exclusive jurisdiction and venue of such courts.
17. Service Level Agreement (SLA)
17.1 Uptime Commitment.
PayByStep commits to maintaining a monthly uptime percentage of 99.5% for the Services, excluding scheduled maintenance and circumstances beyond our reasonable control (see Section 18, Force Majeure).
17.2 Scheduled Maintenance.
We may perform scheduled maintenance with at least forty-eight (48) hours' advance notice posted on our status page. Scheduled maintenance windows will not count against our uptime commitment.
17.3 Downtime Calculation.
"Downtime" means the Services are unavailable and you receive error messages when attempting to access the platform. Downtime excludes: (a) unavailability caused by your equipment, network, or internet connectivity; (b) issues with third-party services or integrations; (c) Force Majeure events; (d) actions or omissions by you or your users; (e) scheduled maintenance.
17.4 Service Credits.
If we fail to meet the 99.5% uptime commitment in any given month, you may request a service credit equal to 5% of your monthly subscription fee for each 1% of downtime below our commitment (e.g., if uptime is 98%, you are entitled to a 7.5% credit). Service credits are your sole and exclusive remedy for any failure to meet our SLA. Service credits must be requested within thirty (30) days of the end of the month in which the downtime occurred by emailing lou@paybystep.com.
17.5 Maximum Credit.
The maximum aggregate service credit for any monthly billing period shall not exceed 50% of that month's subscription fee.
18. Force Majeure
Neither party shall be liable for any failure or delay in performance due to circumstances beyond its reasonable control, including but not limited to: acts of God; natural disasters (earthquakes, floods, hurricanes); war, terrorism, or civil unrest; government actions, laws, or regulations; labor strikes or disputes; pandemics or epidemics; failure of third-party telecommunications or internet services; widespread cyberattacks or DDoS attacks; or other events that could not have been reasonably foreseen or prevented (each, a "Force Majeure Event").The affected party must provide prompt written notice to the other party and use commercially reasonable efforts to mitigate the impact of the Force Majeure Event. Performance obligations will be suspended during the Force Majeure Event to the extent such event prevents performance. If a Force Majeure Event continues for more than sixty (60) consecutive days, either party may terminate the affected services by providing written notice to the other party.Financial hardship, economic downturns, and inability to pay obligations shall not constitute Force Majeure Events.
19. Modifications to Terms
We reserve the right to modify these Terms at any time. If we make material changes, we will notify you by email (to the address associated with your account) or by posting a notice on our website at least thirty (30) days before the changes take effect. Material changes will not apply retroactively and will become effective thirty (30) days after posting, except for changes required by law which may take effect immediately.Your continued use of the Services after the effective date of any modifications constitutes your acceptance of the modified Terms. If you do not agree to the modified Terms, you must discontinue use of the Services and may terminate your subscription in accordance with Section 13.
20. General Provisions
20.1 Entire Agreement.
These Terms, together with our Privacy Policy, Cookie Policy, and Data Processing Agreement, constitute the entire agreement between you and PayByStep regarding the Services and supersede all prior agreements, understandings, and communications.
20.2 Assignment.
You may not assign or transfer these Terms or any rights or obligations hereunder without PayByStep's prior written consent. PayByStep may assign these Terms without restriction. Any attempted assignment in violation of this section is void.
20.3 Severability.
If any provision of these Terms is found to be invalid, illegal, or unenforceable, the remaining provisions will continue in full force and effect. The invalid provision will be modified to the minimum extent necessary to make it valid and enforceable.
20.4 Waiver.
No waiver of any term or condition of these Terms shall be deemed a further or continuing waiver of such term or any other term. Our failure to enforce any right or provision of these Terms will not constitute a waiver of such right or provision.
20.5 No Third-Party Beneficiaries.
These Terms do not create any third-party beneficiary rights except as expressly stated herein.
20.6 Relationship of Parties.
The parties are independent contractors. These Terms do not create a partnership, franchise, joint venture, agency, or employment relationship between the parties.
20.7 Notices.
All notices under these Terms must be in writing and sent to the addresses specified herein. Notices to PayByStep should be sent to team@paybystep.com. Notices to you will be sent to the email address associated with your account.
20.8 Export Compliance.
You agree to comply with all applicable export and import control laws and regulations in your use of the Services.
21. Contact Information
For questions about these Terms, please contact us at:
PayByStep Inc.
7600 Stenton Avenue, Apt 11D
Philadelphia, PA 19118
Email: team@paybystep.com
Privacy Policy
Effective Date: October 16, 2025
Last Updated: October 16, 2025
1. Introduction
PayByStep Inc. ("PayByStep," "we," "us," or "our") is committed to protecting your privacy and ensuring transparency in how we collect, use, and protect your personal information. This Privacy Policy describes our practices regarding data collected through our website at paybystep.com and our software-as-a-service platform (collectively, the "Services").This Privacy Policy applies to business users of our Services and individuals whose information is processed through our Services. By using our Services, you consent to the data practices described in this policy.
2. Information We Collect
2.1 Information You Provide Directly
When you register for an account or use our Services, we collect:
Business Information: Company name, business address, business type, tax identification number
Contact Information: Name, email address, phone number, job title
Account Credentials: Username, password (stored in encrypted form)
Payment Information: Billing address (payment card details are processed by our third-party payment processor and are not stored on our servers)
Transaction Data: Invoices, quotes, payment schedules, and related business documents you create or upload
Communications: Content of messages you send to us through customer support, email, or other channels
2.2 Information Collected Automatically
When you access our Services, we automatically collect:
Device Information: IP address, browser type and version, operating system, device identifiers
Usage Data: Pages visited, features used, time spent on pages, clicks, scrolling behavior
Log Data: Access times, error logs, referring URLs
Cookies and Similar Technologies: See Section 10 for details
2.3 Information from Third Parties
We may receive information from:
Payment Service Providers: Transaction status and basic account verification information (we do not receive or store complete payment credentials)
Analytics Providers: Aggregated analytics and usage statistics
Business Partners: If you access our Services through a partner integration
2.4 Information We Do NOT Collect
PayByStep does NOT collect, process, or store:
Complete payment card numbers (credit/debit card details)
Bank account credentials or login information
Funds or money on behalf of any party
End-user consumer payment information (your customers' payment details)
3. How We Use Your Information
We use the information we collect for the following purposes:
3.1 Service Delivery
Providing, maintaining, and improving the Services
Creating and managing your account
Processing transactions and sending related information
Generating invoices and payment schedules
Providing customer support and responding to inquiries
3.2 Communication
Sending service-related announcements and updates
Responding to your comments and questions
Sending newsletters and marketing communications (with your consent)
Conducting surveys and collecting feedback
3.3 Business Operations
Analyzing usage patterns to improve our Services
Detecting and preventing fraud, abuse, and security incidents
Enforcing our Terms of Service and other policies
Complying with legal obligations and protecting legal rights
3.4 Marketing and Analytics
Personalizing your experience
Conducting research and analytics to improve our offerings
Sending promotional materials about new features (you may opt out at any time)
4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), UK, or Switzerland, we process your personal data based on the following legal grounds:
Contract Performance: Processing necessary to provide the Services you've requested
Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention, improving our Services, and direct marketing (where we have considered and balanced any potential impact on you and your rights)
Consent: Where you have given explicit consent for specific processing activities (e.g., marketing emails)
Legal Obligations: Where processing is necessary to comply with legal or regulatory requirements
5. How We Share Your Information
We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:
5.1 Service Providers
We share information with trusted third-party service providers who assist us in operating our Services, including:Cloud hosting providers (infrastructure services)Payment processors (billing and subscription management)Analytics providers (usage statistics and performance monitoring)Customer support toolsEmail service providersThese service providers are contractually obligated to protect your information and may only use it for the specific purposes we authorize.
5.2 Business Transfers
If PayByStep is involved in a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.
5.3 Legal Requirements
We may disclose your information if required to do so by law or in response to:
Valid legal requests from government authorities, courts, or law enforcement
Subpoenas, court orders, or legal process
Situations involving threats to physical safety, violations of our Terms, or protection of legal rights
Investigation of fraud, security issues, or technical problems
5.4 With Your Consent
We may share your information with third parties when you explicitly consent to such sharing.
5.5 Aggregated or Anonymized Data
We may share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify you for research, marketing, or other business purposes.
6. International Data Transfers
PayByStep operates internationally and may transfer, store, and process your information in countries outside of your residence, including the United States and other countries where we or our service providers operate.When we transfer personal data from the EEA, UK, or Switzerland to countries that have not been deemed to provide an adequate level of protection, we implement appropriate safeguards, including:Standard Contractual Clauses approved by the European CommissionBinding Corporate RulesOther lawful transfer mechanisms under GDPRBy using our Services, you consent to the transfer of your information to countries outside of your residence.
7. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
During Active Subscription:
We retain all account and transaction data for the duration of your active subscription.
After Termination: Within thirty (30) days of account termination, we will delete or anonymize your personal data, except:
Information required to be retained for legal, tax, or regulatory compliance (typically 7 years for financial records)
Information necessary for fraud prevention or security purposes
Aggregated, anonymized data that cannot identify you
Information in backup systems (deleted within 90 days per our backup retention cycle)
You may request deletion of your data at any time by contacting dpo@paybystep.com, subject to legal retention requirements.
8. Your Rights and Choices
Depending on your location, you may have the following rights regarding your personal information:
8.1 Rights Under GDPR (EEA, UK, Switzerland)Right to Access:
Request a copy of the personal data we hold about you
Right to Rectification: Request correction of inaccurate or incomplete data
Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data under certain circumstances
Right to Restrict Processing: Request that we limit how we use your data
Right to Data Portability: Receive your data in a structured, machine-readable format and transmit it to another controller
Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
Right to Lodge a Complaint: File a complaint with your local data protection authority
8.2 Rights Under CCPA (California Residents)
Right to Know: Request disclosure of personal information collected, used, shared, or sold
Right to Delete: Request deletion of personal information
Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information (Note: PayByStep does not sell personal information)
Right to Correct: Request correction of inaccurate personal information
Right to Limit Use of Sensitive Personal Information: Limit use of sensitive personal information
Right to Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights
8.3 Exercising Your Rights
To exercise any of these rights, please contact us at dpo@paybystep.com.
We will respond to your request within:
30 days for GDPR requests (extendable by 2 months if complex)
45 days for CCPA requests (extendable by 45 days if necessary)
We may need to verify your identity before processing your request.
There is no fee for submitting a request, but we may charge a reasonable fee for manifestly unfounded or excessive requests.
8.4 Marketing Communications
You may opt out of receiving promotional emails by:
Clicking the "unsubscribe" link in any marketing email
Adjusting your email preferences in your account settings
Contacting us at dpo@paybystep.com or team@paybystep.com
Please note that even if you opt out of marketing communications, we will still send you transactional and service-related messages.
9. Data Security
We implement industry-standard technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction, including:
Encryption: Data in transit is encrypted using TLS/SSL protocols; sensitive data at rest is encrypted
Access Controls: Role-based access controls and authentication mechanisms
Network Security: Firewalls, intrusion detection systems, and regular security assessments
Monitoring: Continuous monitoring for suspicious activity and security incidents
Employee Training: Regular security awareness training for all personnel with access to personal data
Vendor Management: Due diligence and contractual safeguards with third-party processorsHowever, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.
10. Cookies and Tracking Technologies
10.1 What Are Cookies?
Cookies are small text files stored on your device when you visit our website. We use cookies and similar tracking technologies to enhance your experience, analyze usage, and deliver relevant content.
10.2 Types of Cookies We Use
Strictly Necessary Cookies:
Essential for the operation of our website and Services (e.g., authentication, security). These cannot be disabled.
Functional Cookies: Remember your preferences and settings to enhance your experience (e.g., language preferences).
Analytics Cookies: Collect information about how you use our Services to help us improve performance and user experience (e.g., Google Analytics).
Marketing Cookies: Track your browsing activity to deliver relevant advertisements and measure campaign effectiveness.
10.3 Cookie Consent
When you first visit our website, we will ask for your consent to use non-essential cookies. You can manage your cookie preferences at any time through our Cookie Consent Manager or your browser settings.For users in the EEA, UK, and California: We will not place non-essential cookies on your device until you provide explicit consent.
10.4 Third-Party Cookies
We may allow third-party service providers (e.g., analytics providers, advertising networks) to place cookies on your device. These third parties have their own privacy policies governing their use of information.
10.5 Managing Cookies
You can control cookies through your browser settings:Chrome: Settings > Privacy and Security > CookiesFirefox: Options > Privacy & Security > CookiesSafari: Preferences > Privacy > CookiesEdge: Settings > Privacy > CookiesPlease note that disabling cookies may affect the functionality of our Services
10.6 Do Not Track
Some browsers offer a "Do Not Track" (DNT) signal. Currently, there is no industry standard for responding to DNT signals. We do not currently respond to DNT signals, but we honor opt-out preferences expressed through our Cookie Consent Manager.
11. Children's Privacy
Our Services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected information from a child under 18, we will take steps to delete such information promptly.If you believe we have collected information from a child under 18, please contact us immediately at dpo@paybystep.com.
12. Data Processing Agreement (DPA)
If you process personal data of individuals located in the EEA, UK, or Switzerland using our Services, you may be a data controller and we may act as a data processor on your behalf. In such cases, we will enter into a Data Processing Agreement (DPA) with you to comply with GDPR requirements.Our standard DPA is available upon request at lou@paybystep.com or can be accessed at paybystep.com/dpa.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:Posting a notice on our websiteSending an email to the address associated with your accountUpdating the "Last Updated" date at the top of this policyMaterial changes will take effect thirty (30) days after notice is provided. Your continued use of the Services after the effective date constitutes acceptance of the updated Privacy Policy.We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
14. Contact Us and Data Protection Officer
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
PayByStep Inc.
Attention: Data Protection Officer
7600 Stenton Avenue, Apt 11D
Philadelphia, PA 19118
Email: dpo@paybystep.com
For EEA/UK/Switzerland residents: You have the right to lodge a complaint with your local supervisory authority if you believe we have not adequately addressed your concerns.
Last Updated: October 16, 2025
1. Introduction
PayByStep Inc. ("PayByStep," "we," "us," or "our") is committed to protecting your privacy and ensuring transparency in how we collect, use, and protect your personal information. This Privacy Policy describes our practices regarding data collected through our website at paybystep.com and our software-as-a-service platform (collectively, the "Services").This Privacy Policy applies to business users of our Services and individuals whose information is processed through our Services. By using our Services, you consent to the data practices described in this policy.
2. Information We Collect
2.1 Information You Provide Directly
When you register for an account or use our Services, we collect:
Business Information: Company name, business address, business type, tax identification number
Contact Information: Name, email address, phone number, job title
Account Credentials: Username, password (stored in encrypted form)
Payment Information: Billing address (payment card details are processed by our third-party payment processor and are not stored on our servers)
Transaction Data: Invoices, quotes, payment schedules, and related business documents you create or upload
Communications: Content of messages you send to us through customer support, email, or other channels
2.2 Information Collected Automatically
When you access our Services, we automatically collect:
Device Information: IP address, browser type and version, operating system, device identifiers
Usage Data: Pages visited, features used, time spent on pages, clicks, scrolling behavior
Log Data: Access times, error logs, referring URLs
Cookies and Similar Technologies: See Section 10 for details
2.3 Information from Third Parties
We may receive information from:
Payment Service Providers: Transaction status and basic account verification information (we do not receive or store complete payment credentials)
Analytics Providers: Aggregated analytics and usage statistics
Business Partners: If you access our Services through a partner integration
2.4 Information We Do NOT Collect
PayByStep does NOT collect, process, or store:
Complete payment card numbers (credit/debit card details)
Bank account credentials or login information
Funds or money on behalf of any party
End-user consumer payment information (your customers' payment details)
3. How We Use Your Information
We use the information we collect for the following purposes:
3.1 Service Delivery
Providing, maintaining, and improving the Services
Creating and managing your account
Processing transactions and sending related information
Generating invoices and payment schedules
Providing customer support and responding to inquiries
3.2 Communication
Sending service-related announcements and updates
Responding to your comments and questions
Sending newsletters and marketing communications (with your consent)
Conducting surveys and collecting feedback
3.3 Business Operations
Analyzing usage patterns to improve our Services
Detecting and preventing fraud, abuse, and security incidents
Enforcing our Terms of Service and other policies
Complying with legal obligations and protecting legal rights
3.4 Marketing and Analytics
Personalizing your experience
Conducting research and analytics to improve our offerings
Sending promotional materials about new features (you may opt out at any time)
4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), UK, or Switzerland, we process your personal data based on the following legal grounds:
Contract Performance: Processing necessary to provide the Services you've requested
Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention, improving our Services, and direct marketing (where we have considered and balanced any potential impact on you and your rights)
Consent: Where you have given explicit consent for specific processing activities (e.g., marketing emails)
Legal Obligations: Where processing is necessary to comply with legal or regulatory requirements
5. How We Share Your Information
We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:
5.1 Service Providers
We share information with trusted third-party service providers who assist us in operating our Services, including:Cloud hosting providers (infrastructure services)Payment processors (billing and subscription management)Analytics providers (usage statistics and performance monitoring)Customer support toolsEmail service providersThese service providers are contractually obligated to protect your information and may only use it for the specific purposes we authorize.
5.2 Business Transfers
If PayByStep is involved in a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.
5.3 Legal Requirements
We may disclose your information if required to do so by law or in response to:
Valid legal requests from government authorities, courts, or law enforcement
Subpoenas, court orders, or legal process
Situations involving threats to physical safety, violations of our Terms, or protection of legal rights
Investigation of fraud, security issues, or technical problems
5.4 With Your Consent
We may share your information with third parties when you explicitly consent to such sharing.
5.5 Aggregated or Anonymized Data
We may share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify you for research, marketing, or other business purposes.
6. International Data Transfers
PayByStep operates internationally and may transfer, store, and process your information in countries outside of your residence, including the United States and other countries where we or our service providers operate.When we transfer personal data from the EEA, UK, or Switzerland to countries that have not been deemed to provide an adequate level of protection, we implement appropriate safeguards, including:Standard Contractual Clauses approved by the European CommissionBinding Corporate RulesOther lawful transfer mechanisms under GDPRBy using our Services, you consent to the transfer of your information to countries outside of your residence.
7. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
During Active Subscription:
We retain all account and transaction data for the duration of your active subscription.
After Termination: Within thirty (30) days of account termination, we will delete or anonymize your personal data, except:
Information required to be retained for legal, tax, or regulatory compliance (typically 7 years for financial records)
Information necessary for fraud prevention or security purposes
Aggregated, anonymized data that cannot identify you
Information in backup systems (deleted within 90 days per our backup retention cycle)
You may request deletion of your data at any time by contacting dpo@paybystep.com, subject to legal retention requirements.
8. Your Rights and Choices
Depending on your location, you may have the following rights regarding your personal information:
8.1 Rights Under GDPR (EEA, UK, Switzerland)Right to Access:
Request a copy of the personal data we hold about you
Right to Rectification: Request correction of inaccurate or incomplete data
Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data under certain circumstances
Right to Restrict Processing: Request that we limit how we use your data
Right to Data Portability: Receive your data in a structured, machine-readable format and transmit it to another controller
Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
Right to Lodge a Complaint: File a complaint with your local data protection authority
8.2 Rights Under CCPA (California Residents)
Right to Know: Request disclosure of personal information collected, used, shared, or sold
Right to Delete: Request deletion of personal information
Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information (Note: PayByStep does not sell personal information)
Right to Correct: Request correction of inaccurate personal information
Right to Limit Use of Sensitive Personal Information: Limit use of sensitive personal information
Right to Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights
8.3 Exercising Your Rights
To exercise any of these rights, please contact us at dpo@paybystep.com.
We will respond to your request within:
30 days for GDPR requests (extendable by 2 months if complex)
45 days for CCPA requests (extendable by 45 days if necessary)
We may need to verify your identity before processing your request.
There is no fee for submitting a request, but we may charge a reasonable fee for manifestly unfounded or excessive requests.
8.4 Marketing Communications
You may opt out of receiving promotional emails by:
Clicking the "unsubscribe" link in any marketing email
Adjusting your email preferences in your account settings
Contacting us at dpo@paybystep.com or team@paybystep.com
Please note that even if you opt out of marketing communications, we will still send you transactional and service-related messages.
9. Data Security
We implement industry-standard technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction, including:
Encryption: Data in transit is encrypted using TLS/SSL protocols; sensitive data at rest is encrypted
Access Controls: Role-based access controls and authentication mechanisms
Network Security: Firewalls, intrusion detection systems, and regular security assessments
Monitoring: Continuous monitoring for suspicious activity and security incidents
Employee Training: Regular security awareness training for all personnel with access to personal data
Vendor Management: Due diligence and contractual safeguards with third-party processorsHowever, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.
10. Cookies and Tracking Technologies
10.1 What Are Cookies?
Cookies are small text files stored on your device when you visit our website. We use cookies and similar tracking technologies to enhance your experience, analyze usage, and deliver relevant content.
10.2 Types of Cookies We Use
Strictly Necessary Cookies:
Essential for the operation of our website and Services (e.g., authentication, security). These cannot be disabled.
Functional Cookies: Remember your preferences and settings to enhance your experience (e.g., language preferences).
Analytics Cookies: Collect information about how you use our Services to help us improve performance and user experience (e.g., Google Analytics).
Marketing Cookies: Track your browsing activity to deliver relevant advertisements and measure campaign effectiveness.
10.3 Cookie Consent
When you first visit our website, we will ask for your consent to use non-essential cookies. You can manage your cookie preferences at any time through our Cookie Consent Manager or your browser settings.For users in the EEA, UK, and California: We will not place non-essential cookies on your device until you provide explicit consent.
10.4 Third-Party Cookies
We may allow third-party service providers (e.g., analytics providers, advertising networks) to place cookies on your device. These third parties have their own privacy policies governing their use of information.
10.5 Managing Cookies
You can control cookies through your browser settings:Chrome: Settings > Privacy and Security > CookiesFirefox: Options > Privacy & Security > CookiesSafari: Preferences > Privacy > CookiesEdge: Settings > Privacy > CookiesPlease note that disabling cookies may affect the functionality of our Services
10.6 Do Not Track
Some browsers offer a "Do Not Track" (DNT) signal. Currently, there is no industry standard for responding to DNT signals. We do not currently respond to DNT signals, but we honor opt-out preferences expressed through our Cookie Consent Manager.
11. Children's Privacy
Our Services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected information from a child under 18, we will take steps to delete such information promptly.If you believe we have collected information from a child under 18, please contact us immediately at dpo@paybystep.com.
12. Data Processing Agreement (DPA)
If you process personal data of individuals located in the EEA, UK, or Switzerland using our Services, you may be a data controller and we may act as a data processor on your behalf. In such cases, we will enter into a Data Processing Agreement (DPA) with you to comply with GDPR requirements.Our standard DPA is available upon request at lou@paybystep.com or can be accessed at paybystep.com/dpa.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:Posting a notice on our websiteSending an email to the address associated with your accountUpdating the "Last Updated" date at the top of this policyMaterial changes will take effect thirty (30) days after notice is provided. Your continued use of the Services after the effective date constitutes acceptance of the updated Privacy Policy.We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
14. Contact Us and Data Protection Officer
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
PayByStep Inc.
Attention: Data Protection Officer
7600 Stenton Avenue, Apt 11D
Philadelphia, PA 19118
Email: dpo@paybystep.com
For EEA/UK/Switzerland residents: You have the right to lodge a complaint with your local supervisory authority if you believe we have not adequately addressed your concerns.
Cookie Policy
Effective Date: October 16, 2025
Last Updated: October 16, 2025
1. What Are Cookies?
Cookies are small text files that are placed on your computer or mobile device when you visit a website. Cookies are widely used to make websites work more efficiently and provide information to website owners.
2. How We Use Cookies
PayByStep uses cookies and similar tracking technologies to:Enable essential features and functionalityRemember your preferences and settingsUnderstand how you use our ServicesImprove our website performance and user experienceDeliver relevant marketing contentAnalyze traffic and usage patterns
3. Types of Cookies We Use
3.1 Strictly Necessary Cookies
These cookies are essential for the operation of our website and Services. They enable core functionality such as security, authentication, and access to secure areas. Our website cannot function properly without these cookies, and they cannot be disabled.Examples:Session identification cookiesAuthentication cookiesSecurity cookiesLoad balancing cookies
3.2 Functional Cookies
These cookies allow us to remember choices you make (such as language preferences or region) and provide enhanced, personalized features.Examples:Language preference cookiesUser interface customization cookiesRecently viewed items
3.3 Analytics and Performance Cookies
These cookies collect information about how visitors use our website, such as which pages are visited most often and error messages received. This helps us improve how our website works.Examples:Google Analytics cookiesSession recording and heatmap toolsPerformance monitoring tools
3.4 Marketing and Advertising Cookies
These cookies track your browsing habits to deliver advertisements relevant to you and your interests. They may also be used to limit the number of times you see an advertisement and measure the effectiveness of advertising campaigns.
Examples:
Retargeting cookies
Social media cookies (Facebook Pixel, LinkedIn Insight Tag)
Advertising network cookies
4. Cookie Duration
Session Cookies:
Temporary cookies that expire when you close your browser.
Persistent Cookies:
Remain on your device for a set period or until you delete them. The duration varies depending on the cookie's purpose:
Functional cookies: Up to 1 year
Analytics cookies: Up to 2 years
Marketing cookies: Up to 13 months
5. Third-Party Cookies
We work with third-party service providers who may set cookies on your device when you visit our website. These third parties have their own privacy policies and cookie policies:
Google Analytics: Google Privacy Policy
Stripe: Stripe Privacy Policy
6. Your Cookie Choices
6.1 Cookie Consent Manager
When you first visit our website, you will see a cookie consent banner allowing you to:Accept all cookiesReject non-essential cookiesCustomize your cookie preferences by categoryYou can change your cookie preferences at any time by clicking the "Cookie Settings" link in our website footer or by accessing our Cookie Consent Manager.
6.2 Browser Settings
You can also control cookies through your browser settings:
Google Chrome:Settings > Privacy and Security > Cookies and other site dataChoose your preferred cookie setting
Mozilla Firefox:Options > Privacy & SecurityUnder "Cookies and Site Data," choose your preferences
Safari:Preferences > PrivacyChoose your cookie blocking preferences
Microsoft Edge:Settings > Privacy, search, and servicesUnder "Cookies and site permissions," choose your preferences
6.3 Opt-Out Links
You can opt out of certain third-party cookies:
Google Analytics: Google Analytics Opt-Out
Network Advertising Initiative: NAI Opt-Out
Digital Advertising Alliance: DAA Opt-Out
6.4 Important Note
If you disable or reject cookies, some features of our Services may not function properly. Strictly necessary cookies cannot be disabled as they are essential for the operation of our website.
7. Do Not Track Signals
Some web browsers have a "Do Not Track" (DNT) feature that signals to websites you visit that you do not want to be tracked. Currently, there is no universal standard for how companies should respond to DNT signals.We do not currently respond to DNT browser signals. However, you can use the cookie controls described above to manage your tracking preferences.
8. Changes to This Cookie Policy
We may update this Cookie Policy from time to time to reflect changes in technology, legislation, or our data practices. Any updates will be posted on this page with a revised "Last Updated" date.We encourage you to review this Cookie Policy periodically.
9. Contact Us
If you have questions about our use of cookies or this Cookie Policy, please contact us:
PayByStep Inc.
7600 Stenton Avenue, Apt 11D
Philadelphia, PA 19118
Email: dpo@paybystep.com
Last Updated: October 16, 2025
1. What Are Cookies?
Cookies are small text files that are placed on your computer or mobile device when you visit a website. Cookies are widely used to make websites work more efficiently and provide information to website owners.
2. How We Use Cookies
PayByStep uses cookies and similar tracking technologies to:Enable essential features and functionalityRemember your preferences and settingsUnderstand how you use our ServicesImprove our website performance and user experienceDeliver relevant marketing contentAnalyze traffic and usage patterns
3. Types of Cookies We Use
3.1 Strictly Necessary Cookies
These cookies are essential for the operation of our website and Services. They enable core functionality such as security, authentication, and access to secure areas. Our website cannot function properly without these cookies, and they cannot be disabled.Examples:Session identification cookiesAuthentication cookiesSecurity cookiesLoad balancing cookies
3.2 Functional Cookies
These cookies allow us to remember choices you make (such as language preferences or region) and provide enhanced, personalized features.Examples:Language preference cookiesUser interface customization cookiesRecently viewed items
3.3 Analytics and Performance Cookies
These cookies collect information about how visitors use our website, such as which pages are visited most often and error messages received. This helps us improve how our website works.Examples:Google Analytics cookiesSession recording and heatmap toolsPerformance monitoring tools
3.4 Marketing and Advertising Cookies
These cookies track your browsing habits to deliver advertisements relevant to you and your interests. They may also be used to limit the number of times you see an advertisement and measure the effectiveness of advertising campaigns.
Examples:
Retargeting cookies
Social media cookies (Facebook Pixel, LinkedIn Insight Tag)
Advertising network cookies
4. Cookie Duration
Session Cookies:
Temporary cookies that expire when you close your browser.
Persistent Cookies:
Remain on your device for a set period or until you delete them. The duration varies depending on the cookie's purpose:
Functional cookies: Up to 1 year
Analytics cookies: Up to 2 years
Marketing cookies: Up to 13 months
5. Third-Party Cookies
We work with third-party service providers who may set cookies on your device when you visit our website. These third parties have their own privacy policies and cookie policies:
Google Analytics: Google Privacy Policy
Stripe: Stripe Privacy Policy
6. Your Cookie Choices
6.1 Cookie Consent Manager
When you first visit our website, you will see a cookie consent banner allowing you to:Accept all cookiesReject non-essential cookiesCustomize your cookie preferences by categoryYou can change your cookie preferences at any time by clicking the "Cookie Settings" link in our website footer or by accessing our Cookie Consent Manager.
6.2 Browser Settings
You can also control cookies through your browser settings:
Google Chrome:Settings > Privacy and Security > Cookies and other site dataChoose your preferred cookie setting
Mozilla Firefox:Options > Privacy & SecurityUnder "Cookies and Site Data," choose your preferences
Safari:Preferences > PrivacyChoose your cookie blocking preferences
Microsoft Edge:Settings > Privacy, search, and servicesUnder "Cookies and site permissions," choose your preferences
6.3 Opt-Out Links
You can opt out of certain third-party cookies:
Google Analytics: Google Analytics Opt-Out
Network Advertising Initiative: NAI Opt-Out
Digital Advertising Alliance: DAA Opt-Out
6.4 Important Note
If you disable or reject cookies, some features of our Services may not function properly. Strictly necessary cookies cannot be disabled as they are essential for the operation of our website.
7. Do Not Track Signals
Some web browsers have a "Do Not Track" (DNT) feature that signals to websites you visit that you do not want to be tracked. Currently, there is no universal standard for how companies should respond to DNT signals.We do not currently respond to DNT browser signals. However, you can use the cookie controls described above to manage your tracking preferences.
8. Changes to This Cookie Policy
We may update this Cookie Policy from time to time to reflect changes in technology, legislation, or our data practices. Any updates will be posted on this page with a revised "Last Updated" date.We encourage you to review this Cookie Policy periodically.
9. Contact Us
If you have questions about our use of cookies or this Cookie Policy, please contact us:
PayByStep Inc.
7600 Stenton Avenue, Apt 11D
Philadelphia, PA 19118
Email: dpo@paybystep.com
Data Processing Agreement (DPA)
Effective Date: October 16, 2025
This Data Processing Agreement ("DPA") forms part of the Terms of Service between PayByStep Inc. ("Processor") and the entity agreeing to the Terms of Service ("Controller") and applies where and only to the extent that Processor processes Personal Data on behalf of Controller in the course of providing the Services.
1. Definitions
"Personal Data" has the meaning given in the GDPR and includes any information relating to an identified or identifiable natural person.
"Processing" has the meaning given in the GDPR and includes any operation performed on Personal Data.
"Data Subject" means the individual to whom Personal Data relates.
"GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
"Sub-processor" means any third party appointed by Processor to process Personal Data on behalf of Controller.
2. Scope and Roles
2.1 This DPA applies to the processing of Personal Data by Processor on behalf of Controller through the use of the Services.
2.2 The parties acknowledge that Controller is the data controller and Processor is the data processor with respect to Personal Data processed under this DPA.2.3 The subject matter, duration, nature, and purpose of processing, and the types of Personal Data and categories of Data Subjects are described in Annex A to this DPA.
3. Processor's Obligations
3.1 Instructions. Processor shall process Personal Data only on documented instructions from Controller, including with regard to transfers of Personal Data to third countries or international organizations, unless required to do so by applicable law. Processor shall immediately inform Controller if, in its opinion, an instruction infringes GDPR or other data protection provisions.
3.2 Confidentiality. Processor shall ensure that persons authorized to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
3.3 Security. Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
Pseudonymization and encryption of Personal Data
Ongoing confidentiality, integrity, availability, and resilience of processing systems
Ability to restore availability and access to Personal Data in a timely manner in the event of an incident
Regular testing, assessment, and evaluation of the effectiveness of technical and organizational measures
3.4 Sub-processors.(a) Controller provides general authorization for Processor to engage Sub-processors. A current list of Sub-processors is available at paybystep.com/subprocessors.(b) Processor shall notify Controller at least thirty (30) days in advance of any intended changes concerning the addition or replacement of Sub-processors. Controller may object to the engagement of a new Sub-processor on reasonable data protection grounds by notifying Processor within fourteen (14) days of receiving notice. If Controller objects, the parties shall work together in good faith to find a resolution. If no resolution can be found, Controller may terminate the affected Services.(c) Processor shall ensure that Sub-processors are bound by written agreements containing data protection obligations no less protective than those in this DPA.
3.5 Data Subject Rights. Processor shall, taking into account the nature of the processing, assist Controller by implementing appropriate technical and organizational measures to fulfill Controller's obligation to respond to requests from Data Subjects exercising their rights under GDPR (access, rectification, erasure, restriction, portability, objection).
3.6 Assistance with Compliance. Processor shall assist Controller in ensuring compliance with obligations under GDPR Articles 32 to 36, taking into account the nature of processing and information available to Processor, including:
Security of processing
Data breach notifications
Data protection impact assessments
Prior consultation with supervisory authorities
3.7 Data Breach Notification. Processor shall notify Controller without undue delay and in any event within seventy-two (72) hours after becoming aware of a Personal Data breach affecting Controller's Personal Data. Such notification shall include:Description of the nature of the breachCategories and approximate number of Data Subjects affectedCategories and approximate number of Personal Data records concernedLikely consequences of the breachMeasures taken or proposed to address the breach
3.8 Deletion or Return of Data. Upon termination of Services, Processor shall, at Controller's choice, delete or return all Personal Data to Controller and delete existing copies unless applicable law requires storage of Personal Data.
3.9 Audits. Processor shall make available to Controller all information necessary to demonstrate compliance with this DPA and allow for and contribute to audits, including inspections, conducted by Controller or an auditor mandated by Controller. Controller shall provide reasonable notice of any audit (at least thirty (30) days) and conduct audits during regular business hours, in a manner that does not unreasonably interfere with Processor's operations.
4. International Data Transfers
4.1 Where Personal Data processed under this DPA is transferred from the EEA, UK, or Switzerland to countries that do not ensure an adequate level of data protection, the parties agree that such transfers shall be governed by the Standard Contractual Clauses approved by the European Commission (Commission Implementing Decision (EU) 2021/914 of 4 June 2021).
4.2 The Standard Contractual Clauses are incorporated by reference into this DPA and shall take precedence in the event of any conflict with other provisions of this DPA.
4.3 For purposes of the Standard Contractual Clauses:Controller is the "data exporter"Processor is the "data importer"The Annexes to the Standard Contractual Clauses are populated with the information in Annex A and Annex B of this DPA
5. Liability and Indemnification
5.1 Each party's liability arising out of or related to this DPA shall be subject to the limitations and exclusions of liability set forth in the Terms of Service.
5.2 Processor shall indemnify Controller against any claims, liabilities, costs, or damages arising from Processor's breach of this DPA, provided that Controller:
Promptly notifies Processor of the claim
Grants Processor sole control of the defense and settlement
Provides reasonable cooperation at Processor's expense
6. Term and Termination
This DPA shall remain in effect for as long as Processor processes Personal Data on behalf of Controller. Upon termination, the provisions relating to data deletion, confidentiality, and audits shall survive.
7. Governing Law
This DPA shall be governed by the same law as the Terms of Service.
8. Contact Information
For questions regarding this DPA, please contact:
PayByStep Inc.
Attention: Data Protection Officer
Email: dpo@paybystep.com
This Data Processing Agreement ("DPA") forms part of the Terms of Service between PayByStep Inc. ("Processor") and the entity agreeing to the Terms of Service ("Controller") and applies where and only to the extent that Processor processes Personal Data on behalf of Controller in the course of providing the Services.
1. Definitions
"Personal Data" has the meaning given in the GDPR and includes any information relating to an identified or identifiable natural person.
"Processing" has the meaning given in the GDPR and includes any operation performed on Personal Data.
"Data Subject" means the individual to whom Personal Data relates.
"GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
"Sub-processor" means any third party appointed by Processor to process Personal Data on behalf of Controller.
2. Scope and Roles
2.1 This DPA applies to the processing of Personal Data by Processor on behalf of Controller through the use of the Services.
2.2 The parties acknowledge that Controller is the data controller and Processor is the data processor with respect to Personal Data processed under this DPA.2.3 The subject matter, duration, nature, and purpose of processing, and the types of Personal Data and categories of Data Subjects are described in Annex A to this DPA.
3. Processor's Obligations
3.1 Instructions. Processor shall process Personal Data only on documented instructions from Controller, including with regard to transfers of Personal Data to third countries or international organizations, unless required to do so by applicable law. Processor shall immediately inform Controller if, in its opinion, an instruction infringes GDPR or other data protection provisions.
3.2 Confidentiality. Processor shall ensure that persons authorized to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
3.3 Security. Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
Pseudonymization and encryption of Personal Data
Ongoing confidentiality, integrity, availability, and resilience of processing systems
Ability to restore availability and access to Personal Data in a timely manner in the event of an incident
Regular testing, assessment, and evaluation of the effectiveness of technical and organizational measures
3.4 Sub-processors.(a) Controller provides general authorization for Processor to engage Sub-processors. A current list of Sub-processors is available at paybystep.com/subprocessors.(b) Processor shall notify Controller at least thirty (30) days in advance of any intended changes concerning the addition or replacement of Sub-processors. Controller may object to the engagement of a new Sub-processor on reasonable data protection grounds by notifying Processor within fourteen (14) days of receiving notice. If Controller objects, the parties shall work together in good faith to find a resolution. If no resolution can be found, Controller may terminate the affected Services.(c) Processor shall ensure that Sub-processors are bound by written agreements containing data protection obligations no less protective than those in this DPA.
3.5 Data Subject Rights. Processor shall, taking into account the nature of the processing, assist Controller by implementing appropriate technical and organizational measures to fulfill Controller's obligation to respond to requests from Data Subjects exercising their rights under GDPR (access, rectification, erasure, restriction, portability, objection).
3.6 Assistance with Compliance. Processor shall assist Controller in ensuring compliance with obligations under GDPR Articles 32 to 36, taking into account the nature of processing and information available to Processor, including:
Security of processing
Data breach notifications
Data protection impact assessments
Prior consultation with supervisory authorities
3.7 Data Breach Notification. Processor shall notify Controller without undue delay and in any event within seventy-two (72) hours after becoming aware of a Personal Data breach affecting Controller's Personal Data. Such notification shall include:Description of the nature of the breachCategories and approximate number of Data Subjects affectedCategories and approximate number of Personal Data records concernedLikely consequences of the breachMeasures taken or proposed to address the breach
3.8 Deletion or Return of Data. Upon termination of Services, Processor shall, at Controller's choice, delete or return all Personal Data to Controller and delete existing copies unless applicable law requires storage of Personal Data.
3.9 Audits. Processor shall make available to Controller all information necessary to demonstrate compliance with this DPA and allow for and contribute to audits, including inspections, conducted by Controller or an auditor mandated by Controller. Controller shall provide reasonable notice of any audit (at least thirty (30) days) and conduct audits during regular business hours, in a manner that does not unreasonably interfere with Processor's operations.
4. International Data Transfers
4.1 Where Personal Data processed under this DPA is transferred from the EEA, UK, or Switzerland to countries that do not ensure an adequate level of data protection, the parties agree that such transfers shall be governed by the Standard Contractual Clauses approved by the European Commission (Commission Implementing Decision (EU) 2021/914 of 4 June 2021).
4.2 The Standard Contractual Clauses are incorporated by reference into this DPA and shall take precedence in the event of any conflict with other provisions of this DPA.
4.3 For purposes of the Standard Contractual Clauses:Controller is the "data exporter"Processor is the "data importer"The Annexes to the Standard Contractual Clauses are populated with the information in Annex A and Annex B of this DPA
5. Liability and Indemnification
5.1 Each party's liability arising out of or related to this DPA shall be subject to the limitations and exclusions of liability set forth in the Terms of Service.
5.2 Processor shall indemnify Controller against any claims, liabilities, costs, or damages arising from Processor's breach of this DPA, provided that Controller:
Promptly notifies Processor of the claim
Grants Processor sole control of the defense and settlement
Provides reasonable cooperation at Processor's expense
6. Term and Termination
This DPA shall remain in effect for as long as Processor processes Personal Data on behalf of Controller. Upon termination, the provisions relating to data deletion, confidentiality, and audits shall survive.
7. Governing Law
This DPA shall be governed by the same law as the Terms of Service.
8. Contact Information
For questions regarding this DPA, please contact:
PayByStep Inc.
Attention: Data Protection Officer
Email: dpo@paybystep.com
Appendices
ANNEX A:
Details of Processing
Subject Matter: Provision of SaaS platform for invoice and payment schedule management
Duration: For the duration of the Services subscription
Nature and Purpose of Processing: To enable Controller to create, manage, and track payment schedules for invoices and quotes
Types of Personal Data:
Business contact information (names, email addresses, phone numbers)
Company information
Job titles
Invoice and quote content
Communication records
Categories of Data Subjects:
Controller's employees and authorized users
Controller's customers and clients (business entities)
Contact persons at Controller's customers
Frequency of Transfer: Continuous during the term of the Services
Special Categories of Data: None
(Processor does not intentionally collect or process special categories of data)
ANNEX B:
Security Measures
Processor implements the following technical and organizational security measures:
1. Physical Security:
Data centers operated by reputable third-party providers with SOC 2 Type II certification
24/7 physical security and surveillance
Restricted access with multi-factor authentication
2. Technical Security:
Encryption in transit (TLS 1.2 or higher)
Encryption at rest for sensitive data fields
Regular security patching and updates
Firewall and intrusion detection/prevention systems
Regular vulnerability scanning and penetration testing
3. Access Control:
Role-based access control (RBAC)
Multi-factor authentication for administrative access
Principle of least privilege
Regular access reviews
4. Organizational Measures:
Background checks for employees with access to Personal Data
Confidentiality agreements with all employees
Regular security awareness trainingIncident response plan and procedures
Business continuity and disaster recovery plans
5. Monitoring and Logging:
Centralized logging of access and activities
Security information and event management (SIEM) system
Continuous monitoring for anomalies
Acceptable Use Policy
This Acceptable Use Policy supplements the Terms of Service and defines prohibited activities when using PayByStep's Services.
1. General Prohibitions
You agree NOT to use the Services to:
1.1 Illegal Activities
Violate any applicable law, regulation, or ordinance
Engage in any fraudulent, deceptive, or illegal activity
Facilitate money laundering, terrorist financing, or other financial crimes
Violate export control or economic sanctions laws
1.2 Intellectual Property Infringement
Infringe copyrights, trademarks, patents, or other intellectual property rights
Upload or distribute pirated software or content
Use the Services to distribute unauthorized copies of copyrighted material
1.3 Security and System Integrity
Attempt unauthorized access to PayByStep systems, networks, or user accounts
Introduce viruses, malware, ransomware, trojans, or other malicious code
Conduct penetration testing or security scanning without written authorization
Reverse engineer, decompile, or disassemble the Services
Bypass or circumvent security features or access controls
Use automated systems (bots, scrapers, crawlers) without permission
Overburden or disrupt the Services or servers/networks
Launch denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks
1.4 Privacy and Data Protection
Violate the privacy or data protection rights of others
Collect, harvest, or scrape personal information without authorization
Share or sell personal data in violation of privacy laws
Access, use, or disclose another user's data without permission
1.5 Abuse and Harassment
Harass, threaten, stalk, or abuse other users
Post or transmit hateful, discriminatory, or offensive content
Engage in cyberbullying or intimidation
Impersonate any person or entity or company
1.6 Spam and Unsolicited Communications
Send unsolicited commercial emails (spam)
Conduct mass email campaigns without proper consent
Use the Services for phishing or social engineering attacks
Distribute chain letters or pyramid schemes
1.7 False Information
Provide false, misleading, or fraudulent information
Create fake accounts or use false identities
Misrepresent your affiliation with any person or entity
1.8 Competitive Activities
Use the Services to develop competing products or services
Benchmark the Services against competitors without permission
Monitor the availability, performance, or functionality for competitive purposes
2. Prohibited Content
You may not upload, post, or transmit through the Services:
Content that is illegal, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, or otherwise objectionable
Content that infringes intellectual property rights or violates privacy rights
Content containing viruses, malware, or harmful code
Content that promotes violence, terrorism, or illegal activities
Child sexual abuse material (CSAM) or content exploiting minors
Content that violates any applicable law or regulation
3. Account Responsibilities
You are responsible for all activity that occurs under your account
You must not share account credentials with unauthorized persons
You must not allow third parties to use your account
You must maintain accurate account information
You must promptly report any security breaches or unauthorized access
4. Consequences of Violation
Violation of this Acceptable Use Policy may result in:
Immediate Actions:
Suspension of your account without notice
Removal of prohibited content
Throttling or limiting of accessTermination of Services
Further Actions:
Reporting to law enforcement authorities
Legal action to recover damages
Permanent ban from the Services
Cooperation with authorities in investigations
PayByStep reserves the right to investigate suspected violations and take appropriate action at our sole discretion.
We may also cooperate with law enforcement and regulatory authorities.
5. Reporting Violations
If you become aware of any violation of this Acceptable Use Policy, please report it immediately to:
Email: lou@paybystep.com
Subject: Acceptable Use Policy Violation Report
Please provide as much detail as possible, including:
Description of the violation
Date and time observed
Account or user involved (if known)
Supporting evidence (screenshots, URLs, etc.)
6. Updates
We reserve the right to update this Acceptable Use Policy at any time. Material changes will be communicated in accordance with our Terms of Service.
Details of Processing
Subject Matter: Provision of SaaS platform for invoice and payment schedule management
Duration: For the duration of the Services subscription
Nature and Purpose of Processing: To enable Controller to create, manage, and track payment schedules for invoices and quotes
Types of Personal Data:
Business contact information (names, email addresses, phone numbers)
Company information
Job titles
Invoice and quote content
Communication records
Categories of Data Subjects:
Controller's employees and authorized users
Controller's customers and clients (business entities)
Contact persons at Controller's customers
Frequency of Transfer: Continuous during the term of the Services
Special Categories of Data: None
(Processor does not intentionally collect or process special categories of data)
ANNEX B:
Security Measures
Processor implements the following technical and organizational security measures:
1. Physical Security:
Data centers operated by reputable third-party providers with SOC 2 Type II certification
24/7 physical security and surveillance
Restricted access with multi-factor authentication
2. Technical Security:
Encryption in transit (TLS 1.2 or higher)
Encryption at rest for sensitive data fields
Regular security patching and updates
Firewall and intrusion detection/prevention systems
Regular vulnerability scanning and penetration testing
3. Access Control:
Role-based access control (RBAC)
Multi-factor authentication for administrative access
Principle of least privilege
Regular access reviews
4. Organizational Measures:
Background checks for employees with access to Personal Data
Confidentiality agreements with all employees
Regular security awareness trainingIncident response plan and procedures
Business continuity and disaster recovery plans
5. Monitoring and Logging:
Centralized logging of access and activities
Security information and event management (SIEM) system
Continuous monitoring for anomalies
Acceptable Use Policy
This Acceptable Use Policy supplements the Terms of Service and defines prohibited activities when using PayByStep's Services.
1. General Prohibitions
You agree NOT to use the Services to:
1.1 Illegal Activities
Violate any applicable law, regulation, or ordinance
Engage in any fraudulent, deceptive, or illegal activity
Facilitate money laundering, terrorist financing, or other financial crimes
Violate export control or economic sanctions laws
1.2 Intellectual Property Infringement
Infringe copyrights, trademarks, patents, or other intellectual property rights
Upload or distribute pirated software or content
Use the Services to distribute unauthorized copies of copyrighted material
1.3 Security and System Integrity
Attempt unauthorized access to PayByStep systems, networks, or user accounts
Introduce viruses, malware, ransomware, trojans, or other malicious code
Conduct penetration testing or security scanning without written authorization
Reverse engineer, decompile, or disassemble the Services
Bypass or circumvent security features or access controls
Use automated systems (bots, scrapers, crawlers) without permission
Overburden or disrupt the Services or servers/networks
Launch denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks
1.4 Privacy and Data Protection
Violate the privacy or data protection rights of others
Collect, harvest, or scrape personal information without authorization
Share or sell personal data in violation of privacy laws
Access, use, or disclose another user's data without permission
1.5 Abuse and Harassment
Harass, threaten, stalk, or abuse other users
Post or transmit hateful, discriminatory, or offensive content
Engage in cyberbullying or intimidation
Impersonate any person or entity or company
1.6 Spam and Unsolicited Communications
Send unsolicited commercial emails (spam)
Conduct mass email campaigns without proper consent
Use the Services for phishing or social engineering attacks
Distribute chain letters or pyramid schemes
1.7 False Information
Provide false, misleading, or fraudulent information
Create fake accounts or use false identities
Misrepresent your affiliation with any person or entity
1.8 Competitive Activities
Use the Services to develop competing products or services
Benchmark the Services against competitors without permission
Monitor the availability, performance, or functionality for competitive purposes
2. Prohibited Content
You may not upload, post, or transmit through the Services:
Content that is illegal, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, or otherwise objectionable
Content that infringes intellectual property rights or violates privacy rights
Content containing viruses, malware, or harmful code
Content that promotes violence, terrorism, or illegal activities
Child sexual abuse material (CSAM) or content exploiting minors
Content that violates any applicable law or regulation
3. Account Responsibilities
You are responsible for all activity that occurs under your account
You must not share account credentials with unauthorized persons
You must not allow third parties to use your account
You must maintain accurate account information
You must promptly report any security breaches or unauthorized access
4. Consequences of Violation
Violation of this Acceptable Use Policy may result in:
Immediate Actions:
Suspension of your account without notice
Removal of prohibited content
Throttling or limiting of accessTermination of Services
Further Actions:
Reporting to law enforcement authorities
Legal action to recover damages
Permanent ban from the Services
Cooperation with authorities in investigations
PayByStep reserves the right to investigate suspected violations and take appropriate action at our sole discretion.
We may also cooperate with law enforcement and regulatory authorities.
5. Reporting Violations
If you become aware of any violation of this Acceptable Use Policy, please report it immediately to:
Email: lou@paybystep.com
Subject: Acceptable Use Policy Violation Report
Please provide as much detail as possible, including:
Description of the violation
Date and time observed
Account or user involved (if known)
Supporting evidence (screenshots, URLs, etc.)
6. Updates
We reserve the right to update this Acceptable Use Policy at any time. Material changes will be communicated in accordance with our Terms of Service.
© 2025 All rights reserved