This Privacy Policy explains how Maltibase (“we”, “our”, or “us”) collects, uses, stores, and protects payment-related data processed through Stripe.
This policy applies only to data handled in connection with Stripe payment services and does not cover other Maltibase data practices.

1. Data Collected via Stripe

When users make payments, subscriptions, or financial transactions on Maltibase, the following data may be processed through Stripe:

  • Name, email address, and billing details
  • Transaction details (amount, currency, date, status)
  • Payment method information (card type, last four digits, expiration date)
  • Bank-related metadata for payouts (where applicable)
  • Device, IP address, and fraud-prevention signals
  • Stripe-generated customer and transaction identifiers

Important:
Maltibase does not store or process full card numbers, CVV codes, or sensitive authentication data.
All sensitive payment data is securely handled directly by Stripe.

2. Purpose of Data Usage

Stripe-related data is used strictly for the following purposes:

  • Processing payments, subscriptions, and refunds
  • Managing user billing and transaction records
  • Preventing fraud, chargebacks, and unauthorized transactions
  • Compliance with financial, tax, and regulatory obligations
  • Customer support related to payments
  • Account reconciliation and financial reporting

Stripe data is not used for advertising, profiling, or resale.

3. Data Sharing & Third Parties

Maltibase does not sell or rent payment data.

Stripe-related data may be shared only with:

  • Stripe, as the authorized payment processor
  • Financial institutions involved in payment settlement
  • Regulatory or legal authorities when required by law
  • Essential service providers operating under strict data-processing agreements

All third parties are required to maintain appropriate security and confidentiality standards.

4. Data Storage & Security

Maltibase follows industry-standard security practices, including:

  • PCI-DSS compliant payment processing via Stripe
  • Encrypted data transmission (HTTPS / TLS)
  • Tokenization of payment information
  • Secure server and access controls
  • Limited internal access to payment-related records
  • Continuous monitoring for fraud and security threats

Sensitive payment credentials are never stored on Maltibase servers.

5. Data Retention & Deletion

  • Transaction records are retained only as long as necessary for legal, accounting, and compliance purposes.
  • Users may request deletion of non-essential payment data linked to their account.
  • Data required for regulatory, tax, or dispute resolution purposes may be retained as legally required.

Payment Data Requests:
Email: privacy@maltibase.com

6. User Rights & Control

Users have the right to:

  • Access their transaction history
  • Request correction of inaccurate billing information
  • Request deletion of account-linked payment data (subject to legal obligations)

Payment methods can be updated or removed securely via Stripe-supported interfaces.

7. Stripe Policy Compliance

Maltibase complies fully with:

  • Stripe Services Agreement
  • Stripe Privacy Policy
  • PCI-DSS requirements
  • Applicable financial and data-protection regulations

Stripe payment data is processed only for legitimate business purposes and disclosed uses.

8. Policy Scope Limitation

This policy applies only to Stripe payment and billing data.
Other Maltibase data activities are governed by Maltibase’s general Privacy Policy.

9. Contact Information

For Stripe or payment-related privacy inquiries:

Maltibase Privacy Team
Email: privacy@maltibase.com
Website: https://policy.maltibase.com

Stripe Review Checklist (You’re Covered)

✔ Clear payment data disclosure
✔ Stripe as processor explicitly stated
✔ No storage of sensitive card data
✔ PCI-DSS compliance acknowledged
✔ Data retention & deletion explained