Privacy Policy

When you paste JSON into PayloadIQ, it is processed entirely within your browser using JavaScript running locally on your device. The JSON content is not transmitted to any server operated by PayloadIQ.

This includes all transformation tools: TypeScript generation, Zod schemas, Prisma models, GraphQL types, SQL, YAML, CSV, mock data, JSON Schema, JWT decoding, Base64 encoding/decoding, schema quality checks, JSON Explainer, Contract Doctor, and Typed Client generation.

PayloadIQ makes server calls for the following purposes. None of these calls include your pasted JSON.

• Session creation — a lightweight signed session token is issued to identify your browser session and enforce the free daily limit. No payload data is included.
• Usage counting — tool switches are counted server-side to enforce the free daily limit. Only the tool name and a session ID are sent, not your JSON.
• Checkout and payments — when you initiate a payment, a checkout URL is requested from our server. Your JSON is not part of this request.
• License activation and verification — when you enter a license key or restore Pro access, the key is verified server-side. No payload data is involved.

We use Supabase (a hosted PostgreSQL service) to store:

• Session metadata (anonymous session IDs, usage counters, plan status)
• License records (license key, purchase email, device activation status)
• Payment webhook events (for license activation, not payment card details)

Supabase does not store your pasted JSON payloads.

Payments are processed by Stripe and, where available, Revolut. PayloadIQ does not store payment card details. All financial data is handled by the respective payment provider under their privacy policies.

We receive a webhook notification when a payment completes, which contains the order reference and purchase email used to issue your license key. We do not receive or store full card numbers, CVV, or billing addresses.

If Resend is configured, your purchase email address is used to deliver your license key after a successful payment. The email is also used for Magic Link restore flows (signing in to recover Pro access).

We do not send marketing emails. We only send transactional emails related to your purchase and license.

PayloadIQ allows you to share your editor state via a URL hash link (Share button). The hash encodes your current JSON input and selected tool.

Do not share URL hash links that contain sensitive or confidential payload data. Anyone with the URL can decode the JSON from the hash.

PayloadIQ does not store shared links on any server. The data lives only in the URL itself.

PayloadIQ does not embed third-party analytics scripts, advertising trackers, or fingerprinting tools. There are no Google Analytics, Mixpanel, Segment, or similar services on the site.

Basic server logs (IP address, request path, HTTP status) may be retained by the infrastructure provider (Vercel) for security and performance purposes, subject to their privacy policy.

If you have a Pro license, your purchase email and license record are stored on our servers. You may request deletion of this data by contacting support@payloadiq.dev. Note that deleting your license record will permanently deactivate your Pro access.

Free tier users who have not purchased are identified only by an anonymous session token with no personally identifiable information attached.

For privacy questions or data requests: support@payloadiq.dev

Operator: ICS4BIZ & IT SRL, Romania · EU VAT RO40871194