Privacy Policy
This Privacy Policy describes how Devinsidercode ("we", "us", or "our") collects, uses, and protects information in connection with the payment.devinsidercode.com platform (the "Service"). We are a SaaS platform serving optical and vision care providers. We manage payment processing and point-of-sale terminals for our merchant clients, connecting them to payment infrastructure through Stripe, Inc.
1. Who We Are
Devinsidercode operates a SaaS payment platform purpose-built for optical and vision care businesses. We provide merchant clients ("Merchants") with managed point-of-sale terminals, API-based payment processing, and subscription management — all powered by Stripe, Inc. as the underlying payment processor. We purchase Stripe processing fee quotas on our Merchants' behalf and provision terminals for in-person payment acceptance at their practices.
We do not directly process card or payment credentials. All sensitive payment data is handled by Stripe in accordance with PCI DSS standards.
2. Information We Collect
We collect information necessary to provide, operate, and improve the Service:
- Merchant account data: business name, owner name, contact email, phone number, practice address, and API credentials used to access the platform.
- End-user / patient payment data: name, email, billing address, and payment method information submitted at point-of-sale terminals or through merchant-facing payment flows. This data is transmitted to Stripe for processing and is not stored in our systems beyond what is required for transaction reconciliation and complaint resolution.
- Transaction metadata: subscription IDs, plan identifiers, invoice records, Stripe customer IDs, terminal session identifiers — used for billing management and support.
- Terminal provisioning data: hardware identifiers, activation records, and location data associated with point-of-sale terminals deployed at Merchant premises.
- Technical data: IP addresses, HTTP request logs, and webhook events for security, fraud prevention, and debugging.
3. How We Use Information
- To route and process payment applications to Stripe on behalf of Merchants.
- To provision and manage point-of-sale terminals at Merchant locations.
- To purchase and allocate Stripe processing fee quotas to Merchants as part of their subscription.
- To manage Merchant subscriptions — upgrades, downgrades, cancellations.
- To investigate and resolve payment complaints and disputes.
- To send transactional notifications related to payment events, terminal status, and billing.
- To maintain platform security, prevent fraud, and meet legal obligations.
4. Data Sharing with Stripe
Stripe, Inc. is our exclusive payment processing partner. Payment application data collected through the Service is transmitted to Stripe for processing under their own privacy framework. Please review Stripe's Privacy Policy. By using our Service or making a payment at a Merchant terminal, you acknowledge that payment data will be shared with Stripe.
5. Point-of-Sale Terminals
We order, configure, and provision physical payment terminals for Merchants. Terminal hardware is managed through Stripe's hardware program. Transaction data captured at terminals is transmitted directly to Stripe and subject to Stripe's data handling practices. We retain terminal provisioning records and session metadata for operational and support purposes.
6. Complaint Handling
We manage payment complaints on behalf of our Merchants. Relevant transaction metadata may be reviewed by our support staff and, where required, shared with Stripe or the Merchant to resolve the dispute. We aim to acknowledge complaints within 3 business days and resolve within 15 business days.
7. Data Retention
We retain account and transaction metadata for as long as necessary to provide the Service and comply with applicable legal, tax, and financial regulations — generally no longer than 7 years. Webhook and technical logs are retained for up to 90 days.
8. Data Security
We implement industry-standard security measures: TLS encryption, API key authentication, tenant isolation, and regular security reviews. No system is 100% secure. We cannot guarantee absolute security of data transmitted over public networks.
9. Your Rights
Depending on your jurisdiction, you may have rights to access, correct, or request deletion of personal data we hold. To exercise these rights, contact us at privacy@devinsidercode.com. We will respond within 30 days.
10. Third-Party Services
Stripe is the sole payment processor used by the Service. We do not sell personal data to third parties and do not use data for advertising.
11. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects any changes. Continued use of the Service constitutes acceptance of the updated policy.
12. Contact
- Email: privacy@devinsidercode.com
- Website: devinsidercode.com