LZSPayment Request
Back

Terms of Service & Privacy Policy

Last updated: April 2026

1. About This Service

LZS Payment Request is an internal administrative tool operated by LZS (“we”, “us”, “our”), a UK-based business. It allows authorised administrators to generate Stripe-hosted payment request links and QR codes for customers, primarily for Thai Baht (THB) transactions.

This tool is not a public-facing service. Access is restricted to authorised personnel only.

2. Authorised Use

Access to this system is granted only to individuals explicitly authorised by LZS. Unauthorised access, sharing of credentials, or use of this system for any purpose outside of legitimate LZS business operations is strictly prohibited.

Administrators are responsible for:

  • Keeping their login credentials secure and confidential.
  • Ensuring payment requests are created only for genuine transactions.
  • Logging out when their session is no longer needed.

3. Payment Processing

All payments are processed by Stripe, a third-party payment processor. By using this system to generate payment links, you acknowledge that:

  • Stripe’s Terms of Service and Privacy Policy apply to all payment transactions.
  • LZS does not store card details. All cardholder data is handled exclusively by Stripe.
  • Payment requests may be denominated in Thai Baht (THB), British Pounds (GBP), US Dollars (USD), or Euros (EUR), as selected by the administrator at the time of creation.

4. Data We Store

This system stores the following data within a Supabase-hosted database:

  • Payment requests — amount, currency, description, Stripe session ID, payment status, and timestamps.
  • Admin profiles — email address and role, linked to your Supabase authentication account.
  • Audit logs — a record of all administrative actions including the acting administrator’s email and timestamp.
  • Webhook configuration — Discord webhook URLs added by administrators.

Data is not shared with third parties beyond Stripe (for payment processing) and Supabase (for hosting and authentication).

5. Data Retention

Payment request records and audit logs are retained indefinitely unless an administrator performs a data reset via the Settings panel. Administrators are responsible for ensuring data retention practices comply with applicable laws, including UK GDPR.

6. Privacy & UK GDPR

LZS is based in the United Kingdom and is subject to UK GDPR and the Data Protection Act 2018. We do not collect or store any customer personal data directly. Customer data is handled solely by Stripe under their privacy policy.

Administrators have the right to request access to, correction of, or deletion of their profile data by contacting us directly.

7. Session Security

Sessions are automatically terminated after a configured period. Two-factor authentication (2FA) is available and recommended for all accounts.

8. Limitation of Liability

LZS accepts no liability for losses arising from unauthorised access resulting from failure to maintain credential security, incorrect payment amounts entered by administrators, or disruptions to Stripe’s payment processing service.

9. Changes to These Terms

We may update these terms from time to time. Continued use of the system following any update constitutes acceptance of the revised terms.

10. Contact

For any questions regarding these terms or data privacy, please contact the LZS system administrator directly.