This article explains:
What personal data Paytia stores about end customers
Why that data is stored
How customer data can be deleted or erased
Whether deletion can be self-served or requires support
What data (if any) is retained in anonymised or limited form
How long customer data is retained
Where customer data may exist behind the scenes (logs, backups, linked systems)
Paytia is designed to minimise personal data, never store sensitive card data, and support GDPR and PCI-DSS compliance.
Paytia stores only the personal data required to support secure payments, receipts, scheduling, workflow, and reconciliation.
Important:
Paytia does not store full card numbers (PAN), CVV, or card expiry dates.
| Data Category | Stored | Purpose |
|---|---|---|
| Customer first name | ✅ Yes | Payment identification and receipts |
| Customer last name | ✅ Yes | Payment identification and receipts |
| Customer email address | ✅ Yes | Payment links, receipts, payment schedules |
| Telephone number | ✅ Yes | Call and transaction cross-reference |
| Call audio recordings | ✅ Optional | Quality, compliance, dispute resolution |
| Call metadata (CDR) | ✅ Yes | Call traceability |
| Transaction metadata | ✅ Yes | Payment processing and reconciliation |
| Reference / invoice numbers | ✅ Yes | Merchant reconciliation |
| Account number (optional field) | ✅ Optional | Merchant-defined |
| Webhook payloads | ✅ Yes | API diagnostics |
| IP addresses (system-level) | ⚠ Limited | Security and fraud prevention |
| Cardholder data (PAN, CVV, expiry) | ❌ No | Never stored |
| DTMF card entry tones | ❌ No | Suppressed and discarded |
Paytia can store audio recordings of telephone calls where enabled by the merchant.
Recording is optional and configurable per account
Paytia custom payment flows ensure that payment card entry is never recorded
DTMF tones are suppressed before recording
Recordings may contain:
Customer voice
Agent voice
Non-sensitive conversation content
Recordings are used for:
Quality assurance
Training
Dispute handling
Regulatory or contractual requirements
Customer-related data is available through the Log Information menu.
Transaction ID and status
Reference / invoice number
Customer name, address and email data
Reference / invoice number
Transaction ID and status
Customer name, address and email data
Call timestamps
Call status
CDR ID
Telephone number
Transaction linkage
Phone numbers
Webhooks sent from Paytia
Delivery status
Responses received
Customer name, address and email data
Payloads received from merchant systems
Paytia responses
Data is stored strictly for defined operational and regulatory purposes:
Processing secure payments
Sending payment links and receipts
Managing scheduled payments
Reconciling payments with merchant systems
Linking calls to transactions
Supporting audits, disputes, and chargebacks
Operational support and troubleshooting
Support workflow
| Identifier | Purpose |
|---|---|
| Unique ID | Links Paytia transactions to the acquiring bank or gateway |
| CDR ID | Links a transaction to a specific telephone call |
| Reference number | Merchant invoice or order reconciliation |
| Account number | Optional merchant-defined identifier |
| Telephone number | Proof of call origin and transaction linkage |
All Paytia customer data is stored in AWS Ireland (EU-West).
No customer data is transferred outside the EU
No processing occurs in non-EU regions
Regional storage may be introduced in future per account configuration
Merchants can:
Export transaction and log data via Excel export
Manage retention settings where available
Tag data as sensitive where available
At present, full deletion of customer data is not self-service. When your account is removed all data is automatically deleted as well.
To delete customer data:
Raise a ticket via the Paytia Support Portal
Please include:
Merchant account name
Customer identifiers (email, reference number, date range)
Data types to be deleted (e.g. recordings, transactions)
| Data Type | Deletion Outcome |
|---|---|
| Customer name and email | Permanently deleted |
| Audio recordings | Permanently deleted |
| Transaction logs | Permanently deleted |
| Call records | Permanently deleted |
| Webhook logs | Permanently deleted |
Some non-identifiable metadata may be retained in a restricted or anonymised form for:
Financial audit obligations
Fraud detection and prevention
Regulatory compliance
This data:
Contains no personal identifiers
Cannot be linked to an individual
Cannot be reverse engineered
Yes.
Paytia applies configurable data retention policies based on data type and merchant configuration.
| Data Type | Typical Retention |
|---|---|
| Transaction logs | Configurable (commonly 6–24 months) |
| Call records | Configurable |
| Audio recordings | Configurable |
| Webhook logs | Short-term diagnostic retention |
| Security logs | Limited retention |
Exact retention settings can be confirmed per merchant account.
Yes, in tightly controlled supporting systems.
| Location | Description |
|---|---|
| Encrypted backups | Time-limited, rotating backups |
| Security monitoring systems | Restricted access |
| Integrated systems | Only where explicitly configured |
Backups are encrypted at rest
Backups rotate automatically
Deleted data is not restored
Residual backup data expires as backups age out
If you request full account deletion:
All customer personal data is removed
All transaction history is deleted
All call records and recordings are erased
Secure payment numbers are released and cannot be reused
Merchants should export any required records before requesting deletion.