Privacy Policy
Last Updated: February 16, 2026
Summary: We collect only what’s necessary to provide our AP automation and daily pay services. We never sell your data. Your financial information is encrypted and protected.
1. Introduction
Paier, Inc. (“Paier,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our accounts payable automation and daily pay platform (the “Service”).
By using our Service, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, company name, phone number
- Business Information: Company address, tax ID (EIN), business type
- Payment Information: Bank account details for ACH transfers, payment preferences
- Documents: Invoices, receipts, W-9 forms, contracts uploaded to the platform
2.2 Information Collected Automatically
- Usage Data: Pages visited, features used, time spent on the Service
- Device Information: Browser type, operating system, device identifiers
- Log Data: IP address, access times, referring URLs
2.3 Information from Third Parties
- Plaid: Bank account information, transaction history, account balances (with your authorization)
- Google (Gmail): Email metadata and content for invoice detection and fraud prevention (with your authorization). See Section 9 for details.
- Payroll Providers: Employee information, pay schedules (with employer authorization)
3. How We Use Your Information
| Purpose | Data Used |
|---|---|
| Process payments and transfers | Bank account info, payment details |
| Invoice processing and AP automation | Uploaded documents, vendor info, email data |
| Daily pay disbursements | Employee info, bank accounts |
| Fraud detection (Guardian AI) | Transaction patterns, email analysis, usage data |
| Email scanning & inbox intelligence | Gmail data (with authorization) |
| Customer support | Account info, usage history |
| Service improvements | Aggregated, anonymized usage data |
4. How We Share Your Information
We do not sell your personal information. We share data only with:
- Payment Processors: Stripe, Dwolla, Plaid — to process transactions
- Cloud Infrastructure: Supabase, Vercel — to host and operate the Service
- AI Services: Anthropic (Claude) — to power Bob from Accounting and document processing
- Accounting Software: QuickBooks — with your authorization for sync
- Legal Compliance: When required by law or to protect our rights
5. Data Security
We implement industry-standard security measures:
- Encryption at Rest: All data encrypted using AES-256
- Encryption in Transit: TLS 1.3 for all communications
- Access Controls: Role-based access with principle of least privilege
- Infrastructure: SOC 2 Type II compliant hosting (Supabase, Vercel)
- Monitoring: Guardian AI monitors for suspicious activity 24/7
6. Data Retention
We retain your data for as long as your account is active or as needed to provide services. After account deletion:
- Personal data is deleted within 30 days
- Financial records may be retained for 7 years for legal/tax compliance
- Email scan data is permanently deleted within 30 days
- Anonymized data may be retained for analytics
7. Your Rights
You have the right to:
- Access: Request a copy of your personal data
- Correction: Update inaccurate information
- Deletion: Request deletion of your data
- Portability: Receive your data in a portable format
- Opt-out: Unsubscribe from marketing communications
- Revoke Email Access: Disconnect your Gmail at any time from Settings or from your Google Account permissions
To exercise these rights, contact us at privacy@paier-ai.com.
8. Plaid Data
When you connect your bank account through Plaid, you authorize Plaid to share your financial data with us. Plaid’s handling of your data is governed by Plaid’s Privacy Policy. We use this data solely to:
- Verify bank account ownership
- Process ACH transfers
- Display account balances and transaction history
9. Google API & Gmail Data
Google API Services User Data Policy: Paier’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
9.1 What We Access
When you connect your Gmail account, Paier accesses your email data using the following Google API scopes:
- Gmail Read-Only (gmail.readonly): We scan your inbox to detect invoices, receipts, subscription renewals, and potential phishing or fraud threats. We only read email metadata (sender, subject, date) and body content for business-relevant emails. We do not access drafts, spam, or trash folders.
- Gmail Send (gmail.send): When you explicitly choose to reply to a vendor or business contact through our AI assistant, we send the email on your behalf from your Gmail account. We never send emails without your explicit action and approval.
- User Email (userinfo.email): We use your email address to identify your account.
9.2 How We Use Gmail Data
- Invoice Detection: Automatically identify invoices and bills in your inbox and extract vendor, amount, and due date information for accounts payable management.
- Fraud & Threat Detection: Our Guardian AI analyzes emails for phishing attempts, spoofed domains, suspicious payment requests, and other fraud indicators to protect your business.
- Subscription Tracking: Detect renewal notices and subscription changes to help you manage recurring expenses.
- Vendor Communication: Enable you to reply to vendors and business contacts directly through our AI assistant with your review and approval.
9.3 What We Do NOT Do
- We do not sell, share, or transfer your email data to third parties for advertising, marketing, or any purpose unrelated to providing our Service.
- We do not use your email data to build user profiles for advertising.
- We do not allow humans to read your emails unless required for security investigations, with your consent, or as required by law.
- We do not retain raw email content after processing. Only extracted business data (vendor names, amounts, dates, risk scores) is stored.
- We do not send emails on your behalf without your explicit approval.
9.4 Data Retention & Revocation
Extracted business data (invoice details, threat assessments) is retained while your account is active. You can disconnect your Gmail at any time from Settings, which immediately revokes Paier’s access to your Gmail account. You may also revoke access directly from your Google Account permissions.
Upon disconnection or account deletion, all stored email scan data is permanently deleted within 30 days.
10. Children’s Privacy
Our Service is not intended for individuals under 18. We do not knowingly collect data from children.
11. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email or a notice on our Service.
12. Contact Us
If you have questions about this Privacy Policy, please contact us:
- Email: privacy@paier-ai.com
- Address: Paier, Inc., New York, NY