In a nutshell:
- Paddle acts as a Merchant of Record
- We handle all local taxes for you (VAT, GST, Service Tax and the likes) in 40+ countries, including collecting, accounting for and paying it to the Tax Authorities. You have nothing to do.
- We handle the compliance with local laws and regulations. You have nothing to do.
- We protect you from fraudulent transactions and help you fight chargebacks. We combine the built-in protection of the payment providers we use with our proprietary rules and algorithms.
How do we operate?
We act on your behalf as what is called a Merchant of Record (MOR).
From a legal point of view, this means that we are the reseller of your software. Most importantly, this also means that we assume responsibility for both compliance with local laws and regulations and handling of taxes on your behalf. We have to behave as if we had created the software ourselves.
Contracting with MOR gives considerable benefits to you, because you don’t need to do anything, when it comes to dealing with compliance and taxes anywhere in the world: we handle everything for you automatically as part of our normal service. As we detail in a minute, you’ll see that this is both really important and really complex.
This is very different from a normal Payment Service Provider like PayPal, Stripe or Adyen, who do not act as a Merchant of Record. They process your payments just as we do, but you still need to handle all the local compliance and taxes yourself. Not doing this properly in any country you’re selling, exposes you to potential fines, penalties and other legal issues - even if you’re just a solo developer!
In practice, your customers are still your customers. They’re buying your software, they see your name, your design, your website or app. We just facilitate the operations for you by handling the payment processing, compliance and end-to-end taxes.
How complex can these sales taxes be?
Very complex - and getting more complex each year since 2015.
First, it is important to know that this applies to everyone selling digital software or content, whether you are a solo developer working on your fledgling app or a large multinational software business.
In 2015 the European Union changed their VAT rules: taxes are now charged based on where your customer is based, rather than where your company is located (our CFO wrote about it back then). Some other countries decided to follow the same route, which means that there are now 40+ countries where you need to deal with local taxes.
The rates applied vary. The type of transactions where taxes apply (with individual customers, companies or both) vary. Minimum thresholds vary (although in most countries you need to collect taxes from your very first local customer).
At this point, you probably feel relieved that we have a dedicated finance and legal team who handles all of that for you, so you don’t need to handle any of it.
All you need to do is decide, whether you want to charge on top of your price, or keep it “all inclusive”. In the background, we’ll collect the right taxes, follow the proper accounting rules, organize and process local tax payments.
I like details: what exactly do you do on my behalf?
Here is a list of our responsibilities. If you sell using a payment provider, rather than a Merchant of Record like us, please note that you must handle all of this yourself if you want to comply with the local laws enacted in Europe, Russia, Australia, South Africa etc.
- Monitoring the Sales Tax thresholds in the jurisdictions where Sales Tax is introduced and applying for Sales Tax registration once the threshold is reached;
- Applying for Sales Tax registration in jurisdictions with no threshold;
- Appointing Tax Agents and Tax representatives in jurisdictions where it is mandatory to have one (this additional external cost of compliance can exceed thousands of dollars annually);
- Differentiating the sales between B2C and B2B to make sure we account for Sales Tax on either B2C sales or both B2B and B2C transactions (this is case-by-case based and detailed and up-to-date knowledge and understanding of the local Sales Taxes and other relevant laws is required);
- Reporting and remitting the Sales tax to the Local Tax Authorities (a monthly / quarterly process with 40 different countries, involving cross-border funds transfers in multiple currencies);
- Monitoring all the changes with regards to the Sales Tax rates in jurisdictions where the Sales Tax has already in place as well as all the proposed changes for the new jurisdictions around the world;
- Ensuring the supporting documentation / receipts / invoices that are issued to both B2C and B2B customers are also fully compliant with local Sales Tax laws;
- Ensuring we have systems in place to support the automation of the sales process from the Sales Tax perspective (i.e. applying correct rates to the correct jurisdictions / types of sale / types of customers / collecting / storing of data etc);
- Dealing with other relevant reporting and compliance requirements (i.e. EC Sales list applicable in Europe to detail all the transactions with all your B2B customers).
We’re happy to provide more details to your finance or legal team: contact us for more information.
How do you handle fraud and compliance?
We use 3 layers to protect against fraud: our payment providers, 3rd party software and our own proprietary algorithms.
Firstly, we use several payment providers in the background to process customer transactions, including PayPal and card providers. They have excellent built-in anti-fraud solutions, which we use to protect you.
Secondly, we use various 3rd party anti-fraud softwares to ensure Paddle is secure, and to prevent fraud or malicious checkout activity.
Finally, we maintain our own anti-fraud algorithm on top of the first 2 layers, specifically designed for the needs of software sales. We essentially allocate a fraud score to every single transaction that goes through our system. This score represents the likelihood that the transaction is a case of card misuse or fraud, and takes into account lots of real time factors such as recent card transactions that appear fraudulent, use different cardholder names or appear in different locations.
A transaction with a high score will be flagged for manual review by our fraud team. This freezes the transaction and the funds until a decision has been made.
We never view or store any customer’s full credit or debit card details on our platform. Paddle uses a number of Payment Card Industry (“PCI”) compliant providers to process credit and debit card transactions and as an additional security measure uses a third party tokenisation service as a layer between Paddle and the providers.
We are PCI compliant and adhere to the Payment Card Industry Data Security Standard. As set out above, all credit card transactions are handled on our behalf by PCI compliant providers.