Privacy Policy

Last updated: 18 March 2026

Who we are

Parsley Pay is an invoicing platform for small businesses and freelancers, operated from Stamford, United Kingdom. When this policy refers to "we", "us", or "our", it means Parsley Pay.

What data we collect

We only collect data that is necessary to provide the service. We do not use analytics, tracking pixels, or advertising cookies.

Account information

  • Email address
  • First name and last name
  • Business name and business address
  • Business logo (if uploaded)

Customer information you provide

  • Company name, contact name, and email address
  • Address and notes (optional)
  • Preferred currency

Invoice data

  • Invoice numbers, line item descriptions and amounts, dates, memos, and payment status
  • Payment link view count and last viewed date (no IP addresses or device information are recorded)

Payment credentials

  • Your Stripe API key and webhook secret, which are encrypted at rest using AES-256-GCM and only decrypted in memory when processing a payment

How we use your data

  • To create and send invoices on your behalf
  • To process payments through your connected Stripe account
  • To send you authentication emails (magic links) so you can sign in
  • To manage your subscription to Parsley Pay
  • To generate invoice PDFs
  • To notify you when a payment fails

Authentication

We use passwordless magic link authentication. When you sign in, we send a one-time link to your email that expires after 15 minutes. We do not store passwords. A session token is stored in your browser's local storage and sent with each request. You can revoke it at any time by logging out.

Third-party services

We share data with the following services only as needed to operate the platform:

Stripe

We use Stripe to process subscription payments for your Parsley Pay account, and to process invoice payments on your behalf through your own Stripe account. Data shared with Stripe includes your name, email address, invoice amounts, currency, and your customer's email address. Stripe's privacy policy is available at stripe.com/privacy.

Mailgun

We use Mailgun's EU infrastructure to send transactional emails, including magic link sign-in emails, invoice delivery emails (with PDF attachments), and payment failure notifications. Data shared with Mailgun includes recipient email addresses, names, and email content. Mailgun's privacy policy is available at mailgun.com/legal/privacy-policy.

Gotenberg

We use a self-hosted instance of Gotenberg to generate invoice PDFs. Invoice data is sent to this service over our internal network and is not shared externally.

Cookies and tracking

We do not use cookies, tracking pixels, or third-party analytics on our marketing site or application. The only client-side data we store is your authentication token in local storage, which is removed when you log out.

Data security

  • Stripe API keys and webhook secrets are encrypted at rest using AES-256-GCM
  • Authentication tokens are cryptographically random and magic link tokens are hashed with SHA-256 before storage
  • All connections to third-party services use HTTPS
  • Email is sent via Mailgun's EU infrastructure

Data retention

Your account data and invoice records are retained for as long as your account is active. Magic link tokens expire after 15 minutes and are marked as used once redeemed. If you wish to have your data deleted, please contact us and we will remove your account and associated data.

Your rights

Under UK data protection law, you have the right to access, correct, or delete your personal data. You may also request a copy of the data we hold about you. To exercise any of these rights, contact us at the address below.

Changes to this policy

We may update this policy from time to time. When we do, we will revise the "Last updated" date at the top of this page.

Contact

If you have questions about this privacy policy or how we handle your data, please email us at support@parsleypay.com.