Seller Handbook

---

Our Policies

We require that our software sellers:

• Have a website and only accept payments through their website, or apps using our SDKs.
• Never send their buyers the product checkout link directly as a means to collect payment. Payments should always be made through their website.
• Are never in possession of their buyer card details, for transactions processed through Paddle for PCI DSS Compliance reasons.
• Add this text on their website T&Cs - “Our order process is conducted by our online reseller Paddle.com. Paddle.com is the Merchant of Record for all our orders”.
• Make it clear to buyers what products they’re paying for and what amount they’re committing to before the purchase (including making it clear if they’re entering into a subscription).
• Keep the product description clear to ensure the product’s capabilities and limitations are made very transparent. This should also be updated in the seller dashboard when adding a new product for compliance reasons.
• Take reasonable steps to let buyers correct errors in their order.
• List their terms & conditions, refund policy and buyer support details (email and phone number) clearly on their website.
• Make sure the buyer accepts their terms & conditions and refund policy before they make a purchase.
• Ensure an uninterrupted product fulfilment/activation once the buyer has completed payment.
• Don’t conduct any activities we construe as sales malpractices or deceptive sales tactics.
• Don’t sell products that are on our unsupported products list.
• Have clear product statement descriptors (this is what appears on your buyer’s card statements). So they can recognise what they bought, please use your website or main product’s name. This can be changed under Vendor settings->checkout setting->product descriptor.
• Ensure you notify us of any changes in your refund policy, product T&C or contact details and update your website accordingly.

Best Practices

Paddle recommends that our software sellers:

• Have at least a 30 day money back guarantee as part of their refund policy.
• Get the buyer to confirm before they download content that they are aware that they only have 30 days to cancel or apply for a refund after the order completion date.
• Have a complaint policy with expected turn around times for complaint resolution. As well as details for the appropriate trade ombudsman service, should the complaint not be resolved to the buyer’s satisfaction.
• Ensure that your website has an SSL certificate. Sites with SSL certificates have a “padlock” icon located at the top of your browser window as well as a “https” in the address bar. These confirm to your buyers that the page they’re on is secure and that their data is encrypted.
• An ideal product fulfilment process would include:
  • Display an order success page with the software license keys (if you use licenses) and simple instructions on how to activate post-purchase. If you’re creating your own success page, here’s instructions on how to create a similar page yourself. Cross selling is recommended, but you should not be interrupting the product activation flow at this stage in order to cross sell.
  • If you’re not using our product fulfilment, then ensure an email is instantly sent to the buyer with the software license keys (if you use licenses) and simple instructions on how to activate or get started. This will confirm the contract. We will always send an order receipt to the buyer to confirm the transaction as we are the merchant of record.
  • The above email should also contain links to your terms & conditions, refund policy, buyer support and a way for buyers to contact Paddle directly (usually through providing a link to Paddle.net).

Disputes

Disputes (or Chargebacks) occur when a buyer calls their bank, or PayPal to dispute a charge.

This can be for many reasons, including:

• Fraudulent transaction.
• They don’t recognise the charge.
• Recurring billing cancellation.
• They didn’t receive the product.
• The product was not satisfactory.

Disputes are unfortunately a common part of dealing with online payments, especially for digital goods sales. A buyer can charge back a card payment up to 120 days after the product was delivered.

It’s important that you keep your dispute rate low. An average rate is in the region of 0.1-0.3% of transactions, however a rate above 0.75% is unacceptable. We’ll send you a dispute notification whenever we receive a dispute from one of your buyers, we recommend keeping all dispute alerts always switched on (under vendor settings -> alerts).

When a dispute occurs, Paddle will fight on your behalf, submitting the relevant evidence to your buyer’s bank, or in the instance of misidentified transactions, we reach out to the buyer and attempt to resolve the situation for you. We’ll also email you asking for information we won’t have access to like any direct buyer communication or software usage logs that can aid your chances in winning chargebacks.

Disputes incur a $15 (£15 or €15) fee dependant on the currency the user was charged in. These fees come directly from the buyer’s bank, and we pass that charge onto your Paddle account. Additionally, the original amount of the transaction is also debited from your Paddle account.

If we win a dispute case for you, we return the original amount of the transaction back to your balance, and refund any fees associated with the dispute.

We recommend that our software sellers have a contactable Buyer Support Team to avoid chargebacks by proactively refunding any disputed transactions.

Online Fraud

Our aim is to protect our sellers from fraud, so here are some tips to protect your online business from fraudulent buyers/purchases:

• Be vigilant of unusually large transactions or a buyer who has completed an unusually high number of transactions in a short period of time. Abnormal transaction activity or buyer behavior can be a sign of online fraud. We recommend additional checks like verifying your buyer’s identity or refunding unusually risky transactions to avoid the risk of a chargeback.
• Disputes come with a fee of $15 so when a chargeback is received, a software seller would not only lose the transaction amount, they’d also need to pay an additional $15 fee. So it’s in your best interests to refund any transactions that may carry the risk of a chargeback.
• Ensure you have a secure online checkout process by including SSL checkout security on your checkout pages. Paddle’s checkout iframe already uses this security as it is hosted on an ‘https:’ page.
• Use enterprise level antivirus software on all employee devices to protect your business from any type of malware attacks.
• Ensure you use strong passwords across your organisation.
• Don’t store sensitive buyer information physically (on paper, files, etc); store this data virtually with secure 128 bit encryption.
• Any 3rd party software patch updates should always be up to date.
• Always retain any buyer communication and software usage reports to aid with your chances of winning chargebacks.

If you notice a suspicious buyer, please report them to help@paddle.com immediately.

PCI Compliance

The Payment Card Industry Data Security Standard (PCI DSS) applies to companies of any size that accept credit card payments.

Paddle is PCI DSS SAQ A Compliant - this means that we do not directly store card information and are PCI Compliant for web transactions only. As a result, any sellers who use Paddle for software sales cannot store, process and transmit cardholder data either physically or virtually.

An example of a transaction that isn’t compliant is when a seller takes their buyer’s card details over the phone and processes a payment for software using the payment link themselves. The only way our software sellers can use Paddle for sales is through integrating our payment link into a working website or app.

GDPR Compliance

The European Union (EU) introduced a landmark regulation called the General Data Protection Regulation (GDPR in short) in May 2018.

The goal of the GDPR is to give EU residents improved privacy rights and control over their personal data, protecting them from privacy breaches and leaks.

Every organisation that handles, markets or tracks the personal data of EU residents is liable, even if they’re not based in Europe. In the case of software companies who sell their products globally, this new regulation applies to them, no matter where they’re based.

There are strong penalties in place for non-compliance: up to €20m or 4% of global annual turnover, whichever is higher.

Making sure we were compliant, and in turn that the personal data of the buyers buying your products was treated correctly, whilst continuing to provide a great buyer experience has been an important focus for us when implementing the GDPR. Here are the main concepts of the GDPR:

Personal data requires lawful processing

This means that you shouldn’t buy email lists where you don’t know how consent was acquired, and we can’t enable newsletters to buyers if we don’t know whether they’ve consented to them.

Buyers should specify exactly what communications they want to receive from you

This means that the language explaining how you will contact them needs to be very clear and respect your buyers opt in preferences - leading to fewer unsubscribes and spam reports.

Buyers will have a right to transparency around the collection and processing of their data

This means that they’ll be able to ask us for the data we store on them, as well as receiving it in a simple format.

Buyers can request the right to be forgotten

This means that if asked, we will remove all their personal data - letting you focus on the best buyers.

Implementing all of this could be complex

Just ask our in-house GDPR experts who have been looking into its correct application! We’ve rolled out changes to ensure that it is simple and straightforward for you and will always keep you informed.

To read more about GDPR at Paddle click here. For any data security questions or data removal requests email help@paddle.com.

Tax and Compliance

Read more about tax and compliance at Paddle here.