Skip to content
Payzium.

Trust Center

What we do with your information, in plain language.

Handing over a statement or an application is a real step. Here is what happens after: where your file lives, who reads it, how long we keep it, and how we protect it. Every claim on this page is something you can verify in the code or the policy.

Where your data lives

Your data, in Canada.

When you upload a processing statement or a boarding document, the file is stored in a private Vercel Blob store in Montreal, Quebec. It never leaves that store to reach us; the file stays inside a Canadian data region for its entire life.

This matters under Quebec Law 25: personal information collected on the Payzium application is processed inside Canada by default. The full list of sub-processors we use for the site, and the categories of information each one handles, is in section 5.2 of our Privacy Policy.

Read the sub-processor list

What we collect

The necessity principle, with the receipts.

We collect what a merchant application actually needs. The business, the owner, the volume, the industry, the bank details for funding, the identification the processor requires. Nothing extra.

Consent is captured before you type anything on a form that stores personal information, and the exact wording you agreed to is stamped on your record with a version tag. If we ever change the wording, the version changes and the older tag stays on your record so you can prove what you consented to at the time.

  • The Terms and the Privacy Policy each carry a version stamp.
  • Every /apply submission stamps the current version on the record at submit.
  • The site does not collect a social insurance number through the web form. When the processor asks for it, that step happens outside the site.

Read the Privacy Policy

How long we keep it

The plain-language retention schedule.

The full schedule is in section 7 of the Privacy Policy. The short version:

Onboarded merchants
Up to seven years
Kept while the account is live and for the retention window our record-keeping obligations require after that. Standard for financial services.
Applications you started but did not submit
30 days of inactivity
A draft that goes quiet for 30 days is destroyed by an automated sweep. No human clean-up required; the sweep runs on a schedule.
Applications you submitted but did not complete
90 days of inactivity
If you submitted but did not finish the boarding steps, and 90 days pass with no activity, the record is destroyed by the same sweep.
Applications we declined
Up to one year
We keep a minimal record of the decision for up to a year. After that, an automated sweep anonymizes the record in place: the personal fields are stripped, and the bucketed outcome counters are all that remains.

Who sees it

A small team, and the processing partner.

Two groups see the merchant-facing information on your application.

Payzium's own team is small. Everyone with access is named, and access is scoped to the work: the founder, the operations lead, and support when a specific ticket needs it. There is no outbound sales team reading applications for a follow-up call.

The processing partner that carries the underwriting decision sees the application in the format the processor requires. That handoff is described role-formula style in the Privacy Policy sub-processor table; we do not name specific rail providers in our marketing copy.

Your information is not sold, and it is not used to send you marketing from a company you did not choose.

How we protect it

The practices you can verify.

Each item below is something the code enforces on every request. If a claim is not on this list, we did not make it.

  • Encrypted transport everywhere.

    Every page and every form submits over HTTPS. A browser-level policy header tells the browser to refuse a plain-HTTP downgrade for our domain for two years, and to enforce the same rule for every subdomain.

  • Locked-down response headers.

    The site sends a matched set of security headers on every response: framing is refused, MIME-type sniffing is off, referrer scope is trimmed, and the browser permissions surface for the page (camera, microphone, geolocation, and more) is closed by default.

  • Token-gated document uploads.

    When you upload a statement or a boarding document, the browser cannot write to storage directly. It has to ask the server for a short-lived upload token before writing anything. The token is scoped to one path and one file type and expires quickly, so a leaked token cannot be reused later or aimed at a different account.

  • Single-use links for coming back to your application.

    If you want to finish the application later, we can send you a resume link by email. The link is time-boxed, and once you use it to submit, the token behind it is revoked so the same link cannot be reused.

  • Bot protection on public forms.

    The public forms that write to a database (application start, statement analysis, contact) run through a bot-check challenge before the write. Automated traffic is filtered before it can reach the underlying data.

Quebec and Law 25

The Quebec application runs in French, by default.

Under the Charter of the French Language, we present Payzium's application to Quebec merchants in French. The English version of the application is not the default in Quebec; a merchant can expressly elect English later, and if they do, the sequence is documented and stamped on the record.

Maurizio Verrelli, President, is the Person in Charge of the Protection of Personal Information for Payzium Holding Inc. under Quebec Law 25. Privacy questions and requests reach him directly.

Bookkeeper questions

What a careful reader asks before uploading.

Does Payzium sell my information?
No. Your information is not sold, and it is not used to send you marketing from a company you did not choose. Section 5 of the Privacy Policy lists every sub-processor we use for the site and the category of information each one handles.
Where is my statement actually stored?
In a private Vercel Blob store hosted in Montreal, Quebec. Files stay inside that Canadian data region for their entire life on our side.
If I abandon my application, what happens to what I entered?
A draft that goes quiet for 30 days is destroyed by an automated retention sweep. A submitted application that goes quiet for 90 days is destroyed by the same sweep. A declined application is kept for up to a year, then anonymized in place so the personal fields are gone and the outcome counters remain.
Do you make any compliance claims about Payzium itself?
We publish what the code enforces: encrypted transport, locked-down response headers, token-gated document uploads, single-use resume links, and bot protection on public forms. We do not publish compliance-badge claims about Payzium as an institution because we do not carry those certifications, and it would not be honest to imply we do.
What are the Honest Rate Promise and Pay less or it's free?
Two written commitments that live outside marketing copy. The Honest Rate Promise refunds a junk fee at twice the amount if we ever charge one. Pay less or it's free refunds every Payzium fee for the 90-day guarantee window if you did not save on processing, and covers switching costs up to CA$1,000. Both are on the site and are enforceable, not vibes.

Ready when you are

See what you would pay, and open an account.

The rate on the page is the rate on the statement. Run your own numbers on the calculator, then open a free account when you are ready.