Privacy Policy
Last updated: May 9, 2026
1. Overview
GoSuitePay ("we", "us", "our") provides a payment integration service connecting SuiteCRM with Stripe. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.
2. Information We Collect
From You (the SuiteCRM User)
| Data | Purpose |
|---|---|
| Business name and SuiteCRM URL | Account setup and service delivery |
| Contact email | Account communications |
| Stripe account ID (via OAuth) | Connecting your Stripe account for payment processing |
Transaction Data
| Data | Purpose |
|---|---|
| Invoice IDs and amounts | Creating payment links and tracking payment status |
| Payment status (paid, expired, refunded) | Syncing payment status back to SuiteCRM |
| Transaction amounts and fees | Fee calculation and reporting |
From Your Customers (End Payers)
GoSuitePay does not collect or store your customers' personal information, payment card details, or billing information. Your customers interact directly with Stripe Checkout, which is hosted and operated by Stripe. All customer payment data is collected and processed by Stripe in accordance with the Stripe Privacy Policy.
3. How We Use Your Information
We use the information we collect to:
- Provide and maintain the Service
- Create payment links and generate QR codes for your invoices
- Process platform fees via Stripe Connect
- Sync payment status updates to your SuiteCRM instance
- Communicate with you about your account and the Service
- Comply with legal obligations
4. Stripe Data Processing
When you connect your Stripe account to GoSuitePay, we share certain information with Stripe to facilitate payment processing, including your business name, invoice amounts, and transaction data. Stripe processes this data in accordance with the Stripe Privacy Policy.
We access the following data from your Stripe account via Stripe Connect:
- Stripe account ID and connection status
- Checkout session status and payment intent results
- Charge, refund, and dispute events (via webhooks)
We do not access your Stripe balance, bank account details, payout history, or other financial data beyond what is needed for payment link processing.
5. Data Sharing
We do not sell, rent, or share your personal information with third parties for marketing purposes. We share data only with:
- Stripe - to facilitate payment processing (as described above)
- Your SuiteCRM instance - to sync payment status updates via signed webhooks
- Legal authorities - when required by law, subpoena, or court order
6. Data Security
We protect your data using:
- API keys stored as cryptographic hashes (we cannot read your API key after initial creation)
- Encrypted storage for sensitive credentials (Stripe refresh tokens)
- HMAC-SHA256 signed webhook callbacks to your SuiteCRM instance
- HTTPS encryption for all data in transit
- Database access restricted to the application service account
7. Data Retention
We retain your account data and transaction records for as long as your account is active, plus 7 years after termination for tax and legal compliance purposes. You may request deletion of your data by contacting us (subject to legal retention requirements).
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data (subject to legal retention requirements)
- Request a copy of your data in a portable format
- Withdraw consent for data processing
To exercise these rights, contact us at [email protected].
9. Cookies
The GoSuitePay website uses only essential session cookies for platform admin authentication. We do not use analytics cookies, tracking pixels, or third-party advertising cookies.
10. Children's Privacy
GoSuitePay is a business-to-business service and is not directed at individuals under 18 years of age. We do not knowingly collect information from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email. The "Last updated" date at the top of this page indicates when the policy was last revised.
12. Contact
For questions about this Privacy Policy or to exercise your data rights, contact us at [email protected].
13. Stripe's Privacy Policy
Payment processing is handled by Stripe. When you provide personal data in connection with GoSuitePay, Stripe receives that personal data and processes it in accordance with Stripe's Privacy Policy.