PayPal ACH Payment Privacy & Guarantee Statement

“We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Information against loss, misuse, unauthorized access, disclosure, and alteration.”
“PayPal employs encryption in transit and at rest for all personal data. We also employ industry-standard pseudonymization techniques, such as tokenization to protect personal data where applicable.”

ACH Authorization, Retention & Merchant Obligations

Merchants agree PayPal is permitted to document and store ACH Authorization, including timestamp, Merchant logo and applicable ACH credentials. Merchants shall maintain data sufficient to reconstruct the transaction authorization and provide evidence upon request. PayPal

Data Retention & Deletion Requirements

While a Merchant keeps a customer's Data, and for three (3) years thereafter (or longer if required under applicable law), the Merchant must retain records sufficient for PayPal to verify compliance. If a customer requests deletion, the Merchant shall securely delete the Data and notify PayPal. Upon PayPal’s request, the Merchant shall promptly delete any Data at risk from a security issue. PayPal