Privacy Policy | PaaS by Payments as a Service™

01. Who This Applies To

This Privacy Policy describes how PaaS by Payments as a Service™ LLC, operating as part of DataNav Solutions, handles personal and business information collected through getpaas.net, including the Statement Analyzer tool, the savings calculator, and the contact and lead capture forms.

It does not cover practices of third-party services we link to, including DataNav Solutions corporate properties (datanavsolutions.com, datanavmg.com), which operate under their own respective privacy notices.

02. Information We Collect

Statements You Upload to the Analyzer

When you upload a merchant processing statement, the file is sent to our server, transmitted to our AI analysis provider for real-time processing, and a structured analysis is returned to your browser. The original file is not written to disk on our servers and is not retained after the request completes.

Lead Capture and Contact Information

When you enter an email address to unlock a full fee breakdown, or submit the contact form on the homepage, we collect the information you provide. This may include name, business name, email address, monthly processing volume, current processor, and any message text. This information is used to respond to your inquiry and follow up about PaaS services.

Technical Information

Our web server logs standard request information for security and operational purposes only: IP address, timestamp, user agent, and the page or endpoint requested. These logs are retained for 30 days and then rotated out. We do not use cookies for advertising, analytics, or cross-site tracking.

03. How AI Analysis Works

The Statement Analyzer uses a large language model provided by Anthropic (the maker of the Claude family of models) to extract structured fee data from your uploaded statement. We want to be precise about what this means for your data.

What Anthropic does with API data: Anthropic does not use API inputs or outputs to train its models. API submissions may be retained on Anthropic's infrastructure for a limited period (typically up to 30 days) for trust and safety review, after which they are deleted under Anthropic's documented retention policies.

What this means for you in plain terms: When you upload a statement, that file briefly travels through Anthropic's API for analysis. It is not used to train any AI model. It is not visible to other Anthropic customers. It is not visible to other PaaS users. It is not retained on our servers. It may be temporarily retained on Anthropic's infrastructure under their abuse-monitoring policy, then deleted.

For Anthropic's full policy, see anthropic.com/legal/privacy and their commercial terms.

04. How We Use Your Information

To deliver the analysis you requested. The structured fee breakdown, savings comparison, and any follow-up audit work you requested.
To respond to inquiries. If you submit a contact form or unlock a breakdown by entering your email, we will respond and may follow up about PaaS services or schedule a discovery call.
To prevent abuse. Rate limits and IP-based throttling protect the analyzer from automated misuse and runaway costs.
To meet legal obligations. If we are required by law to retain or disclose specific information, we will, and we will narrow any disclosure to what is strictly required.

05. What We Never Do

We do not sell your data. Period. Not statement data, not contact data, not aggregated data.
We do not share your data with marketing partners or data brokers.
We do not run advertising trackers, retargeting pixels, or third-party analytics scripts on getpaas.net.
We do not train AI models on your statements or contact information. Neither we nor our AI analysis provider use this data for model training.
We do not retain uploaded statements on our servers. Files are processed in transit and discarded.

06. Data Retention

Different categories are retained for different durations:

Uploaded statements: Not retained on our servers. Briefly held by Anthropic per their abuse-monitoring policy, then deleted.
Lead capture emails (statement analyzer gate): Retained until you request deletion or until 24 months of inactivity, whichever is sooner.
Contact form submissions: Retained as long as the inquiry remains active, plus a reasonable record-keeping period after.
Server access logs: 30 days, then rotated and deleted.
Rate-limit tracking files: Auto-pruned hourly. The hashed identifier is one-way and cannot be reversed back to your IP.

07. Your Rights

Regardless of where you live, you may at any time:

Ask us what information we hold about you.
Ask us to correct any of it.
Ask us to delete it.
Opt out of any future communications.

California Residents (CCPA / CPRA)

You have the right to know what categories of personal information we collect, the right to request deletion, and the right to opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising as defined under the CPRA.

EU and UK Residents (GDPR / UK GDPR)

If you are in the EU or UK, you have rights of access, rectification, erasure, restriction, portability, and objection under GDPR. Our lawful basis for processing is legitimate interest (responding to your request) and consent (when you submit a contact form or upload a statement for analysis).

To exercise any of these rights, contact us through the homepage contact form. We respond within 30 days.

08. Security

All connections to getpaas.net are encrypted with TLS (HTTPS).
The Statement Analyzer endpoint validates origin, file type, and size before processing.
API credentials for our AI provider are stored outside the public web directory.
Rate limiting protects the analyzer from automated abuse.
Our payment processing infrastructure operates under PCI DSS Level 1 standards. Cardholder data is never handled by getpaas.net itself.

No system is invulnerable. If we ever discover a breach affecting your information, we will notify you and any required regulators within the timeframes required by applicable law.

09. Children

This site and the services described here are intended for businesses and adult professionals. We do not knowingly collect information from anyone under 18. If you believe a minor has submitted information to us, contact us through the homepage and we will delete it.

10. Cookies and Tracking

getpaas.net uses no advertising cookies, no third-party analytics, no retargeting pixels, no Facebook Pixel, no Google Analytics, and no cross-site tracking.

The site uses standard server logs and short-lived session-state cookies (where present) only as required for the page to function. None of these are shared with third parties.

11. Sub-Processors and Vendors

We rely on a small number of third-party services to operate getpaas.net. As of the last updated date above, these are:

HostGator (web hosting and email infrastructure)
Anthropic (AI analysis of uploaded statements)
Google Fonts (typography only, no analytics)

Payment processing partnerships involve additional regulated sub-processors (card networks, sponsor banks, gateway providers). Those relationships are governed by your separate merchant services agreement and the applicable card network rules.

12. Changes to This Policy

If we make material changes to this Policy, we will update the "Last Updated" date at the top of this page and, where appropriate, post a notice on the homepage. Continued use of the site after a material change indicates acceptance of the revised Policy.

13. Contact

For privacy questions, data access requests, or deletion requests, use the contact form on getpaas.net. We respond within 30 days.

For corporate inquiries, reach the parent company at datanavsolutions.com.