Data Trust & Compliance

Privacy Policy.

1. Introduction

PayoutMatching B.V. ("we", "us", "PayoutMatching") respects the privacy of its users and partners. This Privacy Policy describes what data we collect, how we use it and what rights you have under the General Data Protection Regulation (GDPR). This policy applies to all services offered through the PayoutMatching platform and our website.

2. Data Controller vs. Data Processor

In the context of our services, PayoutMatching fulfils two roles:

  • Data Controller: For data relating to our direct customers (such as contact persons and account information).
  • Data Processor: For the operational data that our customers load into the Platform (such as transaction data of their end customers). In this case the customer is the data controller and PayoutMatching is the data processor.

3. Data We Collect

A. Directly Provided Data

When creating an account or requesting a demo we collect: Name, business email address, phone number, company name, Chamber of Commerce number and VAT number.

B. Operational Platform Data

Via API integrations with marketplaces (such as Bol.com, Amazon, Shopify) we process: Order data, payout specifications, settlements and shipping status.

C. Automatically Collected Data

IP addresses, browser type, device information and usage statistics via functional and analytical cookies to ensure the security and functioning of the Platform.

4. Purposes of Processing

We use the collected data exclusively for the following purposes:

  • Delivering the agreed services (reconciliation, content generation, etc.).
  • Invoicing our services and managing the business relationship.
  • Improving our algorithms and AI models (exclusively on an aggregated and anonymised basis).
  • Complying with legal obligations, such as tax legislation.
  • Securing our Platform against fraud and misuse.

5. Retention Periods

We do not retain personal data longer than necessary for the purposes for which it was collected:

  • Account data: Up to 2 years after termination of the contract.
  • Tax data: In accordance with the statutory retention period of 7 years.
  • Operational data: Up to 30 days after termination of the contract, unless otherwise agreed in a specific data processing agreement.

6. Sharing Data with Third Parties

PayoutMatching does not share data with third parties for commercial purposes. We use trusted sub-processors for our infrastructure:

  • Amazon Web Services (AWS): For hosting and data storage (Servers in Frankfurt, DE).
  • Stripe: For processing payments.
  • HubSpot: For CRM and customer communications.

Data processing agreements compliant with GDPR requirements have been concluded with all these parties.

7. Security

We apply strict security measures to protect data against loss, theft and unauthorised access. This includes AES-256 encryption, multi-factor authentication (MFA), regular penetration tests and a strict access policy for employees.

8. Your Rights

Under the GDPR you have the following rights:

  • Right of access and rectification.
  • Right to erasure ("right to be forgotten").
  • Right to restriction of processing.
  • Right to data portability.
  • Right to object to processing.

Requests can be directed to our Data Protection team at privacy@payoutmatching.com. We will respond to your request within 30 days.

9. Changes

PayoutMatching reserves the right to periodically update this Privacy Policy. Material changes will be proactively communicated by email to our active users.

Compliance ID: GDPR-MQ-2026-v1.8

Last updated: 8 May 2026