Privacy & Cookie Policy
Last updated: July 2026
This policy explains how PurserPay (“we”, “our”, “the platform”) handles data through its stateless web interface. PurserPay is built around data dissociation: your payout roster never leaves your device, and the only information we hold — your own billing details — is encrypted and stored apart from any payout activity.
1. Stateless architecture & data minimization
PurserPay runs no user accounts and keeps no centralized store of your operational data. What little we do hold is minimized and dissociated by design.
Payroll & roster data: Every CSV file, wallet distribution, payee name, and payout amount is parsed and held strictly inside your own browser (IndexedDB). Your roster is never uploaded to us and never leaves your device in readable form.
Account & billing details: The one exception is the account holder's own billing information (legal name, country of incorporation, tax ID), used to invoice the software subscription. It is stored server-side, encrypted at rest (AES-256 via pgcrypto) and keyed by a one-way wallet hash — dissociated by design, so your identity is never tied to your payouts.
Non-custodial principle: We never collect, store, or access your private keys, seed phrases, or funds. All on-chain actions are signed directly by your own TRON wallet.
2. Technical storage & cookie disclosure
To comply with global data-protection frameworks (including GDPR), we use native browser storage instead of tracking cookies. We deploy no marketing, analytics, or third-party profiling cookies.
Browser storage: Your roster and active distribution tables live in your browser's IndexedDB. Small technical values — wallet connection state and interface preferences — may use localStorage or a strictly technical session cookie. None of it is transmitted to us.
Session lifecycle: This data is entirely user-controlled. Clearing your browser's site data, cache, or cookies destroys all local records permanently.
3. Server-side compliance & network routing
Before a batch can be signed, the platform performs two validation steps.
OFAC & sanctions screening: Destination addresses are screened server-side against international sanctions lists. Each address is salted-hashed and checked in memory; addresses are never stored, logged, or tied to your identity, and a match blocks the batch.
Public ledger interactions: Once you sign, the transaction is routed to public TRON nodes. On-chain data (recipient addresses, amounts, block timestamps) is inherently public and immutable by the nature of distributed ledgers.
4. Your rights & data control
You hold sovereignty over your operational history.
Your roster: Device-local and under your sole control — erase it any time by clearing your browser's site data.
Your billing details: You may request erasure at any time (GDPR Art. 17); on request we permanently wipe your encrypted billing record from our database.
5. Contact
For technical or infrastructure support, contact our operational desk at info@purserpay.app.