Legal overview
This page summarizes how PayLoad handles your data, your rights (GDPR/CCPA), and the agreements that govern use of the service. PayLoad is operated by Nugent Brothers Enterprises LTD (company number NI719078) trading as “PayLoad.”
Terms of Service — product use, acceptable use, liability, and termination.
Privacy Notice — data we collect, why we collect it, and how long we keep it.
Data Processing Addendum (DPA) — controller/processor terms and SCCs for EU/UK users.
GDPR compliance
Data subject rights — Access, rectification, erasure, restriction, objection, and portability. Email NBE@nugentweb.online to exercise rights. We will respond within statutory timelines.
Lawful bases — Contract (providing the service), Legitimate Interests (fraud prevention, service quality), Consent (marketing if opted in). We do not sell personal data.
Subprocessors — Infrastructure, email, and payments (e.g., hosting provider, email delivery, Stripe). Listed in the DPA.
Data retention — Account data kept while the account is active; backups follow retention schedules; deletes propagate within 30 days unless law requires retention.
International transfers — Protected by SCCs and appropriate safeguards per the DPA.
Security — TLS in transit, encrypted storage for files, TOTP support, scoped API keys, and audit logs for key account events.
Breach notice — We notify affected users and regulators without undue delay in line with GDPR Article 33/34.
Audit logging
We maintain audit logs for signups, logins, email verification, API key issuance, credit movements, uploads, shares, and admin actions. Logs include timestamp, actor, IP, user agent, and event metadata (with sensitive fields stripped).
Data requests & contacts
Data access/erasure — Email NBE@nugentweb.online with the email tied to your account. We may request verification.
Security — Report issues to NBE@nugentweb.online.
Data Protection Officer — NBE@nugentweb.online.