Version 1.1, December 2023
HTTPay is a bridge between point-of-sales that don't connect to Bluetooth devices and Zettle card readers. As such, some data is being processed. An overview is given below.
For your security, all communication between the server and the POS and the server and the companion apps, is encrypted using HTTPS. All requests are authenticated with randomly generated authenticated tokens and pairing of devices happens by entering the pairing code of a device while the device is listening for new organisations to join.
| Data that is processed | Processed by | Goal | Stored for |
|---|---|---|---|
| Device information Device ID (randomly generated) Device token (randomly generated) Device name (set by user) Linked organisation Device online status and last online date Google Play Device Integrity status App version | HTTPay.nl | Functionality Uniquely identifying devices, authentication and authorization | 30 days after last device activity |
| Organisation information Organisation name (set by user) Organisation ID (randomly generated) Creation/Update timestamps | HTTPay.nl | Functionality Linking companion devices and points-of-sale (POS) to each other | When no API tokens remain (which is at most 90 days after last use) |
| ApiToken information ApiToken ID (randomly generated) Organisation ID (randomly generated) Linked organisation(s) Last usage timestamp | HTTPay.nl | Functionality Authentication and authorization | 90 days after last usage of token |
| Payment Intents Payment amount Tipping mode Description Linked device | HTTPay.nl | Functionality Starting a payment | During the requests (up to 15 seconds if the device is unreachable) |
| Payment Result Payment method Payment status (success/failure/cancellation) Zettle reference number | HTTPay.nl | Functionality Convening payment result back to POS | During the requests (up to 15 seconds if the device is unreachable) |
| Payment cancellation request Linked device | HTTPay.nl | Functionality Stopping payments from the POS | During the requests (up to 15 seconds if the device is unreachable) |
| Payment information Card numbers, expiry dates, etc. of the customer | Zettle (PayPal) | Functionality Accepting payments | https://www.zettle.com/nl/juridisch/privacybeleid https://www.zettle.com/gb/legal/privacy-policy |
| Location information | Zettle (PayPal) | Legal requirements, fraud prevention | |
| Other information | Zettle (PayPal) | ||
| Device information Application Metadata Device attestation token | Google | Verify application integrity, licensing status and device integrity for usage with the Play Integrity API | https://play.google.com/about/play-terms/index.html |
For questions about the processing of your data, please reach out to the developer of the app at support [at] pietershgv [dot] nl