What is PayHeld and how does it work?

PayHeld is a payment protection platform for freelancers and clients. When a client pays, funds are securely held by Stripe until the work is complete. Both parties approve the release, or payment auto-releases after 7 days. This protects both freelancers (guaranteed payment) and clients (only pay for completed work).

How much does PayHeld cost?

PayHeld charges a 5% platform fee when payments are released. This is significantly lower than Upwork (20% fee) and Fiverr (20% fee). There are no monthly subscriptions, no hidden fees, and no upfront costs. You only pay when you successfully complete a transaction.

Is PayHeld safe and secure?

Yes. PayHeld uses Stripe Connect for all payment processing, providing bank-level security with 256-bit encryption. Funds are held securely by Stripe until work is approved. We never store credit card information, and all transactions are PCI-DSS compliant. Your money is protected by Stripe's fraud detection and dispute resolution systems.

How is PayHeld different from Upwork or Fiverr?

PayHeld has 75% lower fees (5% vs 20%), no forced marketplace (you bring your own clients), payment links that work without accounts, and faster payouts. Unlike Upwork and Fiverr, you keep full control of your client relationships and don't compete in a crowded marketplace. Perfect for freelancers who find their own clients.

Do I need an account to use PayHeld?

Clients don't need an account to pay via payment links. Freelancers need a free account to receive payments and connect their Stripe account. Account setup takes less than 5 minutes with email verification and Stripe Connect onboarding.

When do I get paid as a freelancer?

Funds release when the client approves your work, or automatically after 7 days if there's no dispute. Once released, money transfers to your bank account within 1-2 business days via Stripe. You can also request early release if both parties agree.

What happens if there's a dispute?

If there's a dispute, both parties can submit evidence through PayHeld's dispute resolution system. Our team reviews all evidence and makes a fair decision based on the project agreement, deliverables, and communication. The dispute process typically takes 3-5 business days.

Can I use PayHeld for international payments?

Yes! PayHeld supports global payments in 135+ currencies through Stripe. Both clients and freelancers can be anywhere in the world. Currency conversion is handled automatically, and payouts work in most countries where Stripe is available.

What types of projects can I use PayHeld for?

Any freelance or contractor work: web development, design, writing, marketing, video production, consulting, virtual assistance, and more. PayHeld works for one-time projects, recurring work, milestone-based contracts, and hourly agreements. Both online and local services are supported.

How does PayHeld compare to traditional payment methods?

PayHeld is specifically built for freelance work with lower fees (5%), faster setup, and features like payment links, milestone tracking, and automatic dispute resolution. Unlike direct bank transfers or PayPal, PayHeld holds funds securely until work is approved, protecting both parties. Optimized for $50-$50,000 freelance projects.

Cookie Policy | PayHeld

1. Introduction

PayHeld uses cookies and similar technologies to provide secure payment holding services, protect your funds from fraud, and deliver a personalized platform experience. This Cookie Policy explains what these technologies are, why we use them, and how you can control them.

By using PayHeld's website and services, you consent to our use of cookies as described in this policy. This notice should be read alongside our Privacy Policy, which provides comprehensive information about how we collect, use, and protect your personal data.

For questions about cookies or data privacy, contact us at privacy@payheld.com.

2. What Are Cookies?

Cookies are small text files placed on your device (computer, smartphone, or tablet) when you visit a website. When you return to our site, your browser sends these files back to us, allowing PayHeld to recognize you, remember your preferences, and provide essential security features.

Understanding Cookie Types:

Session Cookies — Automatically deleted when you close your browser. These help you navigate PayHeld during a single visit and are essential for maintaining your login state and payment transaction security.

Persistent Cookies — Remain on your device for a set period (ranging from 10 minutes to 2 years, depending on purpose) or until you manually delete them. These remember your preferences between visits and help us detect fraudulent activity patterns.

Similar Technologies — We also use pixel tags (tiny graphics that help us measure page visits), local storage (browser-based information storage), and web beacons to enhance platform functionality and security. For simplicity, we refer to these collectively as "cookies" in this policy.

First-Party vs. Third-Party — PayHeld sets first-party cookies directly, while trusted partners like Stripe (payment processing) and Google Analytics set third-party cookies to provide specific services we cannot offer alone.

3. Why PayHeld Uses Cookies

Cookies enable PayHeld to protect your funds, streamline payment transactions, and continuously improve our payment platform. Here's how we use them:

Payment Security & Fraud Protection Cookies help us protect your held funds by detecting unauthorized access attempts, preventing fraudulent payment releases, and ensuring transactions originate from verified devices. For example, our security cookies can identify suspicious patterns like repeated failed login attempts or unusual payment behavior that may indicate account compromise.

Essential Platform Functionality Without certain cookies, core features would not work. These enable you to: - Stay logged in while managing payments and projects - Complete OAuth authentication when signing up via Google or other providers - Process secure payments through our integration with Stripe - Maintain CSRF protection against cross-site attacks - Store your cookie consent preferences

Service Improvement & Analytics We use Google Analytics (a privacy-focused analytics service) to understand how freelancers and clients use PayHeld. This helps us identify which features are most valuable, where users encounter difficulties, and how we can make the platform more intuitive. Analytics data is anonymized and used only in aggregate form—we never use it to identify individual users.

Compliance with Payment Regulations As a payment platform, PayHeld must maintain transaction records and security measures to comply with financial regulations and our obligations to Stripe (our payment processor). Certain cookies support these legally required functions.

You cannot opt out of essential cookies without losing access to core payment features. However, you can disable optional analytics cookies through your browser settings (see Section 7).

4. Detailed Cookie Inventory

PayHeld uses 10 specific cookies to provide secure payment holding services. Below is our complete cookie inventory organized by category:

ESSENTIAL COOKIES (Cannot Be Disabled) These cookies are strictly necessary for PayHeld to function and cannot be disabled without preventing you from using core payment features:

Authentication & Security: • next-auth.session-token (__Secure-next-auth.session-token in production) — Manages your login session and keeps you authenticated. Uses enhanced security prefix in production for maximum protection. Duration: 7 days.

• next-auth.csrf-token (__Host-next-auth.csrf-token in production) — Protects against cross-site request forgery (CSRF) attacks by validating that payment requests originate from PayHeld. Uses highest security prefix in production. Duration: Session (deleted when browser closes).

• next-auth.callback-url — Temporarily stores your OAuth callback URL during Google/social authentication flows. Duration: Session.

• pendingUserRole — Stores your selected role (freelancer or client) during OAuth signup to ensure you're directed to the correct dashboard after authentication. Duration: 10 minutes maximum.

Payment Processing & Fraud Prevention: • __stripe_mid — Set by Stripe (our payment processor) for fraud detection and payment security. Helps identify legitimate payment sessions and prevent unauthorized transactions. Managed by Stripe under PCI-DSS compliance. Duration: 1 year.

• __stripe_sid — Stripe session identifier that tracks your payment session to ensure transaction integrity and prevent duplicate charges. Duration: 30 minutes.

Consent Management: • payheld_consent — Stores your cookie consent preferences so we remember your choice about analytics cookies. Duration: 1 year.

ANALYTICS COOKIES (Optional — Can Be Disabled) These cookies help us understand how users interact with PayHeld so we can improve the platform. They do not collect personally identifiable information:

• _ga — Google Analytics cookie that distinguishes unique visitors using anonymized identifiers. Helps us measure total user counts and traffic patterns. Duration: 2 years.

• _gid — Google Analytics cookie that distinguishes users within a 24-hour period for daily traffic analysis. Duration: 24 hours.

• _gat — Google Analytics cookie that throttles request rates to prevent excessive data collection and protect user privacy. Duration: 1 minute.

How to Control Analytics Cookies: You can opt out using the Google Analytics opt-out browser add-on (https://tools.google.com/dlpage/gaoptout) or by managing your browser's cookie settings (see Section 7).

5. Third-Party Service Providers

PayHeld partners with trusted third-party services that set their own cookies to provide functionality we cannot deliver independently. These partners are carefully selected for their security standards and privacy practices.

Payment Processing — Stripe, Inc. What they do: Process all payment transactions, detect fraud, prevent duplicate charges, and maintain PCI-DSS Level 1 compliance (the highest payment security standard).

Cookies used: __stripe_mid (fraud prevention), __stripe_sid (payment session tracking)

Why essential: PayHeld cannot process payments without Stripe's secure infrastructure. Their cookies are critical for protecting your financial information, preventing fraudulent transactions, and ensuring secure payment holds.

Analytics — Google LLC What they do: Provide anonymized analytics about website traffic, page views, user flows, and platform performance.

Cookies used: _ga (user identification), _gid (daily analytics), _gat (rate limiting)

Why we use it: Helps us understand which features are most valuable, where users encounter difficulties, and how to improve the platform. All data is anonymized and used only in aggregate form.

Authentication — NextAuth.js (Open Source) What they do: Provide secure OAuth authentication flows for logging in with Google, GitHub, and other social providers.

Cookies used: next-auth.session-token, next-auth.csrf-token, next-auth.callback-url

Why essential: Enables you to sign up and log in using existing accounts rather than creating new credentials.

Documentation: https://next-auth.js.org/

Infrastructure — Vercel, Inc. What they do: Host PayHeld's website and provide content delivery network (CDN) services for fast, reliable access worldwide.

Cookies used: Hosting infrastructure cookies (technical, session-based)

Why essential: Vercel delivers PayHeld's platform to your browser. Without their infrastructure, you would not be able to access the website.

Important: These third parties operate under their own privacy policies. We recommend reviewing their policies to understand how they handle your data. PayHeld does not control third-party cookies but selects partners with strong privacy commitments.

6. Cookie Lifespan & Data Retention

Cookies have varying lifespans based on their security and functionality requirements. Understanding these durations helps you make informed decisions about your privacy.

Session Cookies (Expire Immediately) Deleted automatically when you close your browser. Used for temporary security and navigation: • CSRF tokens (next-auth.csrf-token) — Expires when browser closes • OAuth callback URLs (next-auth.callback-url) — Expires when browser closes

Very Short-Term (Minutes to Hours) Used for brief, time-sensitive operations: • Role selection cookie (pendingUserRole) — 10 minutes (OAuth signup only) • Stripe payment session (__stripe_sid) — 30 minutes (active payment only) • Analytics rate limiting (_gat) — 1 minute (prevents data overload) • Analytics daily tracking (_gid) — 24 hours (daily user counts)

Short-Term (1 Week) Balances security with convenience: • Session authentication (next-auth.session-token) — 7 days (keeps you logged in)

Long-Term (1 Year) Used for persistent preferences and security: • Cookie consent (payheld_consent) — 1 year (remembers your choice) • Stripe fraud detection (__stripe_mid) — 1 year (detects suspicious patterns)

Extended (2 Years) Used only for anonymous analytics: • Google Analytics user ID (_ga) — 2 years (traffic measurement)

Data Retention Policy Information collected via cookies is retained for up to 1 year from cookie expiry for security analysis, fraud prevention, and platform improvement. Analytics data is anonymized and aggregated. We delete cookie data when no longer necessary for its original purpose or as required by applicable law.

Your Control You can delete cookies at any time through your browser settings (Chrome: Settings > Privacy > Clear browsing data; Firefox: Settings > Privacy > Clear Data; Safari: Preferences > Privacy > Manage Website Data). Note that deleting essential cookies will log you out and may prevent payment processing.

7. How to Control Cookies

You have multiple ways to manage cookies and protect your privacy. Here are your options:

Browser-Level Cookie Controls Most browsers allow granular cookie management. You can block all cookies, allow only first-party cookies, delete cookies when closing your browser, or create exceptions for trusted sites like PayHeld.

Chrome 1. Open Settings > Privacy and security > Cookies and other site data 2. Choose "Block third-party cookies" or "Block all cookies" 3. Manage site-specific exceptions under "Sites that can always use cookies" Direct link: chrome://settings/cookies

Firefox 1. Open Settings > Privacy & Security > Cookies and Site Data 2. Select "Delete cookies and site data when Firefox is closed" for session-only cookies 3. Use "Manage Exceptions" to allow PayHeld cookies while blocking others Direct link: about:preferences#privacy

Safari (Mac) 1. Open Safari > Preferences > Privacy 2. Choose "Block all cookies" or "Block cross-site tracking" 3. Use "Manage Website Data" to delete specific cookies Note: Blocking all cookies will prevent PayHeld from functioning

Microsoft Edge 1. Open Settings > Cookies and site permissions > Manage and delete cookies and site data 2. Choose "Block third-party cookies" or "Block all cookies" 3. Add exceptions under "Allow" Direct link: edge://settings/content/cookies

Third-Party Opt-Outs You can disable specific third-party cookies without affecting essential PayHeld functionality:

Google Analytics: Install the Google Analytics opt-out browser add-on at https://tools.google.com/dlpage/gaoptout. This prevents all Google Analytics tracking across all websites you visit.

Mobile Device Controls iOS (iPhone/iPad): Settings > Safari > Block All Cookies (or use "Prevent Cross-Site Tracking" for less restrictive blocking)

Android: Chrome app > Settings > Site settings > Cookies > Choose blocking level

Important Trade-Offs to Understand Disabling cookies affects your PayHeld experience in these ways:

Essential Cookies (Cannot Disable Without Breaking PayHeld): • Authentication cookies: You cannot stay logged in; you'll be logged out immediately and unable to access your account • CSRF protection: Payment processing will fail for security reasons • Stripe cookies: You cannot make or receive payments without these • OAuth cookies: You cannot sign up or log in using Google or other social accounts

Analytics Cookies (Safe to Disable): • Google Analytics: No functional impact; PayHeld works normally, but we lose valuable insights into how to improve the platform

Recommendation: Use browser settings to block third-party cookies (blocks analytics) while allowing first-party cookies (keeps PayHeld functional). This balances privacy with usability.

8. Do Not Track (DNT) Signals

We acknowledge Do Not Track (DNT) browser signals as an emerging privacy standard.

Current Status: - DNT automatic detection is not currently implemented on our platform - You can manually opt-out of analytics cookies using browser settings or the Google Analytics opt-out add-on (see Section 7.2) - Essential cookies for authentication and payment processing cannot be disabled as they are necessary for the service to function

We are evaluating DNT signal support for future implementation as browser standards evolve.

To enable DNT in your browser (which will signal your preference to websites): - Chrome: Settings > Privacy and security > Send a "Do Not Track" request - Firefox: Settings > Privacy & Security > Send websites a "Do Not Track" signal - Safari: Preferences > Privacy > Ask websites not to track me - Edge: Settings > Privacy > Send Do Not Track requests

9. Your Privacy Rights

Depending on where you live, you may have specific legal rights regarding cookies and personal data. PayHeld respects these rights and provides mechanisms to exercise them.

GDPR Rights (European Economic Area, UK, Switzerland) If you are located in the EEA, UK, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

Right to Consent & Withdrawal: You must actively consent to non-essential cookies before we set them. You can withdraw consent at any time through your browser settings or by contacting privacy@payheld.com. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to Access: You can request information about what cookies we use, how long they last, and what data they collect. Contact privacy@payheld.com to request a copy of your cookie-related data.

Right to Deletion ("Right to be Forgotten"): You can delete cookies through your browser settings at any time (see Section 7). You can also request deletion of data collected via cookies by contacting privacy@payheld.com, though we may retain data required for legal compliance or fraud prevention.

Right to Object: You can object to analytics cookies through browser settings or the Google Analytics opt-out add-on. Essential cookies cannot be declined without preventing you from using PayHeld's payment services.

Right to Data Portability: You can request an export of data collected via cookies in a structured, machine-readable format (JSON or CSV). Contact privacy@payheld.com with your request.

Right to Lodge a Complaint: If you believe PayHeld is not respecting your privacy rights, you can file a complaint with your local data protection authority.

CCPA Rights (California, United States) If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

Right to Know: You can request disclosure of the categories and specific pieces of personal information collected via cookies in the past 12 months.

Right to Delete: You can request deletion of personal information collected via cookies, subject to certain exceptions for security, fraud prevention, and legal compliance.

Right to Opt-Out: You have the right to opt out of the "sale" of personal information. PayHeld does not sell personal information. Analytics cookies are used only for internal platform improvement.

Right to Non-Discrimination: PayHeld will not discriminate against you for exercising your CCPA rights. Essential services remain available regardless of cookie preferences.

Other Jurisdictions If you live outside the EEA or California, you may still have privacy rights under local laws. Contact privacy@payheld.com to learn about your specific rights.

How to Exercise Your Rights Email: privacy@payheld.com with your request Response Time: We will respond within 30 days (GDPR) or 45 days (CCPA) Identity Verification: We may ask for information to verify your identity before fulfilling requests No Fee: Exercising your rights is free, though we may charge a reasonable fee for excessive or repetitive requests

10. Changes to This Policy

PayHeld may update this Cookie Policy as our services evolve, new technologies emerge, or legal requirements change. We are committed to transparency in how we communicate these updates.

What Triggers Policy Updates: - Adding new cookies or third-party services (e.g., new payment providers, analytics tools) - Removing cookies no longer necessary for our services - Changes in data retention periods or cookie durations - Updates to comply with new privacy regulations (GDPR, CCPA, or other laws) - Technical changes to how cookies function or what data they collect - Changes to third-party service providers (e.g., switching from one analytics platform to another)

How We Notify You of Changes: Material Changes — If we add new cookie categories, extend data retention periods, or introduce tracking that requires consent, we will: 1. Update the "Last Updated" date at the top of this policy (currently: November 18, 2025) 2. Display a notification banner on PayHeld when you next log in 3. Request renewed consent if required by law (especially for EU/UK users under GDPR) 4. Send an email notification to active users explaining the changes

Minor Changes — For technical updates that don't affect your privacy (e.g., updating cookie names, fixing typos, clarifying existing language), we will: 1. Update the "Last Updated" date 2. Not require renewed consent unless legally required

Accessing Previous Versions: We maintain records of previous Cookie Policy versions. If you would like to review an earlier version, contact privacy@payheld.com with the date range you're interested in, and we will provide a copy.

Your Responsibility: We recommend reviewing this policy periodically (every 6-12 months) to stay informed about our cookie practices. By continuing to use PayHeld after we post changes, you accept the updated policy.

Questions About Changes: If you have questions about a specific update or want clarification about how changes affect you, email privacy@payheld.com. We're happy to explain.

11. Questions & Contact Information

If you have questions about this Cookie Policy, want to exercise your privacy rights, or need assistance managing cookies, we're here to help.

Privacy Questions & Cookie Inquiries: Email: privacy@payheld.com Subject Line: Please include "Cookie Policy Question" for faster routing Expected Response Time: Within 5 business days for general inquiries; within 30 days for GDPR requests; within 45 days for CCPA requests

Data Protection Officer: For formal privacy concerns or data protection matters, contact our Data Protection Officer: Email: dpo@payheld.com

European Union / UK Representative: If you are located in the EEA, UK, or Switzerland and wish to contact our EU representative: Email: eu-privacy@payheld.com

Mailing Address: PayHeld, Inc. Attention: Privacy Team [Company Address] Wilmington, DE 19801 United States

Technical Support: If you're experiencing technical issues with cookies (e.g., cannot log in, payment processing errors): Email: support@payheld.com Include: Your browser type, device, and description of the issue

What to Include in Your Email: To help us respond quickly, please provide: - Your PayHeld account email (if applicable) - Specific cookies you have questions about - Your country/region (for jurisdiction-specific rights) - Description of your question or request

We take privacy seriously and will respond to all inquiries professionally and promptly.

12. Learn More About Cookies & Privacy

Want to deepen your understanding of cookies, online privacy, and data protection? Here are trusted resources:

Understanding Cookies & Online Privacy: AllAboutCookies.org — Comprehensive, user-friendly guide to how cookies work and how to control them https://www.allaboutcookies.org

Network Advertising Initiative (NAI) — Learn about online advertising and opt out of interest-based ads https://www.networkadvertising.org/choices/

Digital Advertising Alliance (DAA) — Industry self-regulation for online behavioral advertising https://www.aboutads.info/choices/

Privacy Regulatory Authorities: If you have concerns about how PayHeld handles your data, these regulatory bodies can help:

European Union / EEA: European Data Protection Board (EDPB) — Coordinates GDPR enforcement across EU member states https://edpb.europa.eu

UK Information Commissioner's Office (ICO) — UK data protection authority https://ico.org.uk/for-the-public/online/cookies/

United States: Federal Trade Commission (FTC) — Consumer privacy protection and enforcement https://www.ftc.gov/tips-advice/business-center/privacy-and-security

California Attorney General — CCPA enforcement and guidance https://oag.ca.gov/privacy/ccpa

Browser Privacy Tools: Privacy Badger — Browser extension that blocks invisible trackers (by Electronic Frontier Foundation) https://privacybadger.org

uBlock Origin — Open-source ad blocker and privacy tool https://ublockorigin.com

DuckDuckGo Privacy Essentials — Browser extension for tracker blocking https://duckduckgo.com/app

Related PayHeld Policies: For comprehensive privacy and legal information, review these related documents:

Security Practices — Technical and organizational measures we use to protect your data Contact privacy@payheld.com for our security whitepaper

Data Processing Agreement (DPA) — For enterprise clients requiring GDPR-compliant data processing terms Available upon request at legal@payheld.com

Payment Security Compliance — Stripe PCI-DSS certification and PayHeld security measures https://stripe.com/docs/security/stripe

Educational Resources: Mozilla Privacy Not Included — Reviews of products and their privacy practices https://foundation.mozilla.org/en/privacynotincluded/

Electronic Frontier Foundation (EFF) — Digital rights and privacy advocacy https://www.eff.org/issues/privacy

Privacy International — Global privacy rights organization https://privacyinternational.org

Questions about cookies? Contact us at privacy@payheld.com