Privacy Policy
Last updated: March 18, 2026
1. Who We Are
Peppi Card is operated by Dashible, Inc. (“we,” “us,” or “our”). This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our platform at peppipay.com and related services.
2. Information We Collect
Account Information
When you register, we collect:
- Name (first and last)
- Email address
- Password (stored encrypted using bcrypt hashing)
- Phone number (if provided during onboarding)
Financial Information
When you use the platform, we collect:
- Load transaction details (amounts, payment methods, reference IDs)
- Peppi Card Account balances and transaction history
- Agent card configurations and spending limits
- Purchase request records (amounts, merchants, approval/denial decisions)
- Billing address provided during card creation
Agent and API Data
- Agent names and API tokens
- JIT authorization requests and responses
- Policy engine evaluation logs
- Spending counters (daily, weekly, monthly)
Waitlist Information
If you join our waitlist, we collect your email address.
Automatically Collected Data
We use session cookies for authentication. We do not use tracking cookies, analytics pixels, or third-party advertising trackers.
3. How We Use Your Information
- Provide the Service: Process loads, authorize transactions, enforce spending policies, and display your dashboard
- Account Security: Authenticate sessions, verify identity, and prevent unauthorized access
- Financial Record-Keeping: Maintain double-entry ledger records for transparency and auditability
- Communication: Send account-related notifications (email verification, load approvals)
- Platform Improvement: Analyze usage patterns in aggregate to improve features and reliability
4. How We Protect Your Data
- Passwords are hashed with bcrypt (never stored in plain text)
- API tokens are generated with cryptographic randomness
- All traffic is encrypted via HTTPS/TLS
- Session tokens use HTTP-only secure cookies
- Database hosted on Railway with encrypted connections
- Admin access is protected by separate authentication with audit logging
5. Data Sharing
We do not sell, rent, or trade your personal information. We may share data only in these limited circumstances:
- Payment Processors: Transaction data is shared with PayPal, Venmo, or Cash App as needed to process your loads
- Legal Compliance: When required by law, regulation, legal process, or government request
- Safety: To protect against fraud, abuse, or illegal activity
- Business Transfer: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction
6. Data Retention
We retain your account data for as long as your account is active. Financial transaction records are retained for a minimum of 7 years for compliance purposes. Waitlist emails are retained until you unsubscribe or your account is created. You may request deletion of your account by contacting us, subject to legal retention requirements.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access your personal data (available via the dashboard)
- Request correction of inaccurate data
- Request deletion of your account and associated data
- Object to processing of your data
- Request data portability
To exercise any of these rights, contact us at [email protected].
8. Children's Privacy
Peppi Card is not intended for anyone under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a minor, we will take steps to delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last updated” date. For material changes, we will notify you by email. Continued use of Peppi Card after changes constitutes acceptance of the updated policy.
Contact
For privacy-related questions or requests: