Back
Legal

Privacy Policy

Effective date: 1 March 2026

Pre-auth.com ("Pre-auth", "we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and the choices you have. By using our website or services, you agree to the practices described here.

1. Information We Collect

Information you provide directly

When you sign up for early access or contact us, we collect your email address and any other details you voluntarily submit.

Card data — handled by our acquirer

Pre-auth.com does not collect, store, or process raw payment card numbers. Card data entered during a pre-authorization flow is transmitted directly to the acquiring bank or payment infrastructure provider integrated with the merchant's account. The acquirer is responsible for card data security in accordance with PCI DSS. We never have access to full card numbers at any point.

Transaction and pre-authorization data

We receive event data from the acquirer (via webhooks or API callbacks) and store derived transaction records in our platform. This includes: pre-authorization reference IDs, authorization status (approved, declined, released, captured), hold amounts and currencies, timestamps, and merchant-defined booking or reference identifiers. This data is necessary to operate the dashboard and reporting features of our Service.

Customer data entered by merchants

Merchants using our platform may enter details about their customers (such as name, email address, or booking reference) when initiating a pre-authorization. Pre-auth.com stores this information on behalf of the merchant and processes it solely to deliver the Service. Merchants are responsible for obtaining appropriate consents from their customers before submitting this data.

Usage data

We automatically collect standard log data when you visit our website or use our platform, including your IP address, browser type, pages visited, and the date and time of your visit. This data is used solely for security and service-improvement purposes.

Cookies

We use essential cookies to operate the website and analytics cookies (where you have consented) to understand how visitors interact with our site. You can manage cookie preferences in your browser settings.

2. How We Use Your Information

  • To send you product updates, launch announcements, and early-access notifications (only if you signed up for them).
  • To operate, maintain, and improve our platform and services.
  • To comply with legal obligations and prevent fraud.
  • To respond to your enquiries and support requests.
  • To orchestrate card pre-authorization requests through our payment infrastructure partner on behalf of our merchant customers.
  • To maintain transaction records, pre-authorization logs, and customer data entered by merchants, for the purpose of operating the Service's dashboard, reporting, and audit features.

We will never sell your personal data to third parties.

3. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA) or the UK, we process your personal data under the following legal bases:

  • Consent — for marketing emails and non-essential cookies.
  • Legitimate interests — for security monitoring, fraud prevention, and improving our service.
  • Contractual necessity — to deliver the service you or your business has requested.
  • Legal obligation — where processing is required by law.

4. Data Sharing

We may share your information with:

  • Service providers — trusted third parties who help us deliver our services (e.g., cloud hosting, email delivery, payment processors), bound by confidentiality obligations.
  • Acquirers and payment infrastructure providers — transaction data is routed through the acquiring bank or payment infrastructure provider integrated with your account. Their privacy policy governs their handling of data. Card data never passes through Pre-auth.com's systems.
  • Legal and regulatory authorities — where required by applicable law, court order, or regulatory requirement.

We do not share your data with advertising networks or data brokers.

5. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations. Waitlist email addresses are kept until you unsubscribe or we are no longer operating the waitlist. Transaction records and pre-authorization logs are retained for a minimum of 7 years in line with financial recordkeeping obligations. Customer data stored on behalf of merchants is retained for the duration of the merchant's active account, and deleted within 90 days of account closure upon request.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the data we hold about you.
  • Correction — ask us to correct inaccurate or incomplete data.
  • Erasure — request deletion of your personal data, subject to legal obligations.
  • Restriction — ask us to restrict processing in certain circumstances.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — at any time, where processing is based on your consent.

To exercise any of these rights, contact us at privacy@pre-auth.com.

7. Security

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, role-based access controls, and regular security assessments. Card data is handled exclusively by the acquiring bank or payment infrastructure provider — Pre-auth.com does not sit within the card data environment. Despite these measures, no system is entirely secure; we encourage you to use a strong, unique password for any account you create with us.

8. International Transfers

We operate from Australia and may transfer your data to service providers in other countries. Where transfers occur outside of your jurisdiction, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses for EEA/UK transfers).

9. Children's Privacy

Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the effective date. Continued use of our services after changes take effect constitutes acceptance of the updated policy.

11. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us:

Pre-auth.com
privacy@pre-auth.com