Privacy Policy
PacSpace, Inc. ("PacSpace," "we," "us," or "our") is committed to protecting your privacy while providing recordation infrastructure. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.
This policy applies to information collected through our website (pacspace.io), the Balance API, dashboard, and related services (collectively, the "Service"). Please read this policy carefully. By using the Service, you consent to the practices described herein.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Name and email address
- Company name and business information
- Billing and payment information
- Account credentials (passwords are encrypted)
1.2 API Usage Data
When you use the Balance API, we process:
- Customer identifiers you provide (customerId)
- Transaction amounts (deltas, balances)
- Reference identifiers and metadata you submit
- Timestamps and receipt identifiers
1.3 Technical Data
We automatically collect:
- IP addresses and API request origins
- Browser type and operating system
- Device information
- Usage patterns and access logs
- Error logs and performance data
2. Our Neutrality Commitment in Data Handling
Data Neutrality Principles
As neutral infrastructure, our data handling reflects our core commitment to impartiality. These principles are fundamental to how we operate:
2.1 Equal Treatment
All parties' data is handled identically. We do not provide preferential treatment, faster processing, or enhanced access to any party over another. Our systems treat all authorized users equally.
2.2 No Preferential Access or Disclosure
No party receives data advantages. We do not:
- Share one party's data with their counterparty without authorization
- Provide early access to records
- Offer premium access to verification results
- Sell or license data to third parties for their benefit
2.3 Verification Without Exposure
Parties can verify records without exposing counterparty details. Our verification proofs allow confirmation of data integrity without revealing the underlying data to unauthorized parties.
2.4 Tamper-Evident, Auditable Practices
Our privacy practices themselves are consistent and auditable. We maintain logs of data access and processing that can be audited by appropriate parties upon request.
3. How We Use Information
We use the information we collect for the following purposes:
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Provide the Service | Account info, API data | Contract performance |
| Process transactions | API usage data, billing info | Contract performance |
| Security and fraud prevention | Technical data, access logs | Legitimate interest |
| Service improvement | Aggregated usage patterns | Legitimate interest |
| Communication | Contact information | Contract / Consent |
| Legal compliance | All relevant data | Legal obligation |
4. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), UK, and Switzerland, we process personal data under the following legal bases:
4.1 Contract Performance
Processing necessary to provide the Service you have requested, including account management, API access, and billing.
4.2 Legitimate Interests
Processing for our legitimate business interests, including security, fraud prevention, service improvement, and analytics, where these interests are not overridden by your rights.
4.3 Legal Obligation
Processing required to comply with applicable laws, regulations, or legal processes.
4.4 Consent
Where required, we will obtain your consent before processing personal data for specific purposes, such as marketing communications.
5. Data Sharing and Disclosure
5.1 We Do Not Sell Your Data
PacSpace does not sell, rent, or trade your personal information or Customer Data to third parties for their marketing purposes.
5.2 Service Providers
We may share data with trusted service providers who assist us in operating the Service, including:
- Cloud infrastructure providers (for hosting and storage)
- Payment processors (for billing)
- Analytics providers (aggregated data only)
- Security and monitoring services
These providers are contractually bound to protect your data and use it only for the services they provide to us.
When you submit the contact form on pacspace.io, we use Resend (https://resend.com) as a transactional email subprocessor to deliver your message to our team. Resend processes your submission in transit; the message content is retained in Resend per its standard retention policy. We also briefly process your IP address for abuse prevention (rate limiting) when you submit the form, but we do not persistently store it. See Resend's privacy policy for details.
5.3 Tamper-Evident Recording
As part of our tamper-evident guarantee, content fingerprints of records are committed to verification infrastructure outside any party's control. These fingerprints do not contain readable personal data. They are mathematical proofs that cannot be reversed to reveal the original data.
5.4 Legal Requirements
We may disclose data when required by law, such as in response to valid legal process (subpoenas, court orders), to protect our rights or safety, or to prevent fraud or illegal activity.
5.5 Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. We will notify you of any such change.
6. Data Retention
6.1 Account Data
We retain account information for as long as your account is active, plus a reasonable period thereafter for legal and business purposes (typically 3 years after account closure).
6.2 Verified Records
Consistent with our Data Neutrality Principles, verified records (receipts, proofs, permanent records) are tamper-evident and retained permanently. This is fundamental to the Service's purpose of providing permanent, verifiable truth.
6.3 Technical Logs
Server logs and technical data are retained for 90 days for security and debugging purposes, then deleted or anonymized.
6.4 Deletion Requests
You may request deletion of your account data. We will comply with such requests except where:
- The data is part of a permanent verified record (per our neutrality principles)
- Retention is required by law
- The data is necessary for legitimate business purposes (e.g., billing records)
7. Security Measures
We implement comprehensive security measures to protect your data:
7.1 Technical Safeguards
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- API key authentication with secure key management
- Regular security audits and penetration testing
- Automated threat detection and monitoring
7.2 Operational Safeguards
- Role-based access controls with least-privilege principles
- Employee security training and background checks
- Incident response procedures
- Regular backup and disaster recovery testing
7.3 Incident Response
In the event of a data breach affecting your personal data, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.
8. Your Rights Under GDPR
If you are located in the EEA, UK, or Switzerland, you have the following rights:
8.1 Right to Access
You may request a copy of the personal data we hold about you.
8.2 Right to Rectification
You may request correction of inaccurate personal data.
8.3 Right to Erasure
You may request deletion of your personal data, subject to the limitations described in Section 6.4.
8.4 Right to Restriction
You may request restriction of processing in certain circumstances.
8.5 Right to Data Portability
You may request your data in a structured, machine-readable format.
8.6 Right to Object
You may object to processing based on legitimate interests.
8.7 Rights Related to Automated Decision-Making
PacSpace does not make automated decisions with legal or significant effects based solely on automated processing.
To exercise these rights, contact us at privacy@pacspace.io. We will respond within 30 days.
9. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
9.1 Right to Know
You may request information about the categories and specific pieces of personal information we have collected, the sources of collection, our purposes, and categories of third parties with whom we share data.
9.2 Right to Delete
You may request deletion of your personal information, subject to certain exceptions.
9.3 Right to Correct
You may request correction of inaccurate personal information.
9.4 Right to Opt-Out of Sale/Sharing
PacSpace does not sell personal information or share it for cross-context behavioral advertising. Therefore, there is no need to opt out.
9.5 Right to Non-Discrimination
We will not discriminate against you for exercising your privacy rights.
9.6 Authorized Agents
You may designate an authorized agent to submit requests on your behalf.
To exercise your California privacy rights, contact us at privacy@pacspace.io or call us at the number listed in Section 14.
10. International Data Transfers
PacSpace is based in the United States. If you are located outside the U.S., your data may be transferred to and processed in the U.S.
10.1 Transfer Mechanisms
For transfers from the EEA, UK, or Switzerland, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data processing agreements with appropriate safeguards
10.2 Adequacy
We ensure that any international transfers comply with applicable data protection laws and provide adequate protection for your personal data.
11. Cookies and Tracking
11.1 Our Approach
We use minimal, functional cookies only. We do not use tracking cookies for advertising or cross-site tracking.
11.2 Types of Cookies
| Cookie Type | Purpose | Duration |
|---|---|---|
| Session | Authentication and security | Session |
| Preferences | Remember your settings | 1 year |
| Analytics | Understand Service usage (anonymized) | 1 year |
11.3 Managing Cookies
You can control cookies through your browser settings. Note that disabling cookies may affect Service functionality.
12. Children's Privacy
The Service is designed for business use and is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on our website
- Updating the "Last Updated" date
- Sending email notification for significant changes
Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.
14. Contact Information
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:
PacSpace, Inc.
Privacy Inquiries: privacy@pacspace.io
General Inquiries: contact@pacspace.io
Legal: legal@pacspace.io
Data Protection Officer
For GDPR-related inquiries, you may contact our Data Protection Officer at dpo@pacspace.io.
Supervisory Authority
If you are in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.