Skip to main content
Payment security is fundamental to Right Spot. This page explains in detail how your financial information is protected and why you can trust that your payment credentials are never exposed to us.

The key point: We never see your card details

When you pay with a credit or debit card on Right Spot, you are redirected to PayPal’s secure checkout page. Your card information is entered directly on PayPal’s website-not on ours. This is not just a policy; it is how the entire payment system is designed. Here is what happens when you pay with a card through PayPal:
  1. You click to pay and are redirected to PayPal’s official website (paypal.com)
  2. You enter your card details directly into PayPal’s secure form
  3. PayPal encrypts and processes the payment with your card issuer
  4. PayPal sends Right Spot only a confirmation that payment was successful
  5. You are redirected back to Right Spot to see your order confirmation
At no point does your card number, expiration date, or security code pass through Right Spot servers. We never see it. We cannot see it. The system does not allow it. IMAGE PLACEHOLDER: Payment flow diagram showing user going to PayPal, entering card there, and Right Spot receiving only confirmation

How PayPal protects your card information

PayPal is one of the world’s largest payment processors, handling over $1.36 trillion in payment volume annually. When you pay through PayPal-whether using your PayPal balance or a card-your financial information stays with PayPal.

What PayPal’s merchant protection means for you

According to PayPal’s official documentation, merchants (like Right Spot) receive only:
  • A transaction ID confirming the payment
  • The payment amount
  • Your PayPal email address (if you used a PayPal account)
  • Basic transaction status information
Merchants do not receive:
  • Your full card number
  • Your card expiration date
  • Your card security code (CVV/CVC)
  • Your billing address details
  • Your bank account information
  • Your PayPal password
This is by design. PayPal operates as what the payment industry calls a “payment gateway” or “payment facilitator.” Their entire business model depends on keeping your financial information secure and never exposing it to merchants.

Official documentation and proof

PayPal publishes extensive documentation about their security practices. Here are official resources you can review: PayPal Security Center: https://www.paypal.com/us/security - PayPal’s official security information page explaining their protection measures. PayPal Privacy Policy: https://www.paypal.com/privacy-center - Details what information PayPal shares with merchants (which does not include your card details). How PayPal Works for Buyers: https://www.paypal.com/us/webapps/mpp/how-paypal-works - Official explanation of how your information stays protected when you pay. From PayPal’s security documentation:
“When you pay with PayPal, your financial information is never shared with the seller.”
This statement comes directly from PayPal and applies to all transactions, including card payments made through PayPal checkout.

Technical explanation: Why we cannot access your card

The payment flow is designed at a technical level to prevent merchants from accessing card data: Redirect-based checkout: When you click “Pay with PayPal,” your browser navigates to paypal.com. You are no longer on our website. The form you fill out is PayPal’s form, hosted on PayPal’s servers, secured by PayPal’s SSL certificate. No card data transmission to merchants: PayPal’s API for merchants uses tokens and transaction IDs. There is no API endpoint that would allow us to request your card details, even if we wanted to. PayPal simply does not offer that capability. PCI DSS compliance architecture: PayPal is PCI DSS Level 1 certified—the highest level of payment card industry security certification. Part of how they maintain this certification is by architecturally preventing card data from reaching merchants. Paypal's Diagram

How each payment method protects you

Credit and debit cards (via PayPal)

When you pay with a card through PayPal:
  • You enter card details on PayPal’s secure website
  • PayPal encrypts and processes the payment
  • Right Spot receives only a transaction confirmation
  • Your card details never touch our systems
What we receive: Transaction ID, payment amount, confirmation of success. What we never receive: Card number, expiration date, CVV, billing address.

PayPal balance

When you pay with your PayPal balance:
  • You authorize payment directly on PayPal’s website
  • Your PayPal credentials never leave PayPal
  • We receive only confirmation of payment
What we receive: Transaction ID, payment amount, your PayPal email. What we never receive: PayPal password, linked account details.

UPI (India)

UPI payments are processed through UPI Gateway:
  • You authorize in your UPI app using your PIN
  • Your UPI PIN never leaves your device
  • We receive only confirmation of the transfer
What we receive: Transaction reference, payment amount. What we never receive: UPI PIN, bank account details.

Litecoin

Cryptocurrency payments work on the blockchain:
  • You send LTC from your wallet using your private keys
  • Your wallet credentials never leave your device
  • We see only the incoming transaction
What we receive: Transaction hash, payment amount. What we never receive: Private keys, wallet passwords.

What this means in practice

If Right Spot were ever breached

In the hypothetical scenario of a security breach at Right Spot, your payment credentials would remain completely safe because:
  • We do not have your card numbers—PayPal does
  • We do not have your PayPal password—PayPal does
  • We do not have your UPI PIN—your bank does
  • We do not have your crypto keys—your wallet does
The most sensitive information on our systems is your email address and Discord username. Your financial data simply is not here to steal.

You can verify this yourself

When you reach the payment step:
  1. Look at your browser’s address bar-you will see “paypal.com,” not our domain
  2. The SSL certificate (padlock icon) shows PayPal’s certificate, not ours
  3. Any card form you fill out is on PayPal’s page
This is not a claim you need to take on faith. You can observe it directly every time you make a payment.

Additional security measures

Beyond payment architecture, Right Spot implements: HTTPS everywhere: All connections to our site use modern TLS encryption. Secure session handling: Login sessions use HttpOnly cookies that cannot be accessed by JavaScript. Fraud monitoring: We watch for suspicious activity patterns. Discord OAuth security: We never see your Discord password—Discord handles authentication.

Common questions

No. We do not store card details because we never receive them. Each purchase requires entering your card information on PayPal again. This is by design—there is no card data on our end to store.
Displaying a card form on our site would require us to handle card data, which would create security risks and compliance obligations. By redirecting to PayPal, your card data stays in PayPal’s secure environment. This is the safer approach.
PayPal has been processing payments since 1998 and handles transactions for over 400 million active accounts worldwide. They are PCI DSS Level 1 certified and invest heavily in security. They also offer buyer protection if something goes wrong with a purchase.
You do not need a PayPal account to pay with a card. On PayPal’s checkout page, there is an option to pay with a debit or credit card without creating an account. Your card is still processed securely through PayPal.
Yes. When you check out, open your browser’s developer tools (F12) and go to the Network tab. You will see that when you enter card details, the data is sent to paypal.com domains, not to our servers. The only data we receive from PayPal is a transaction confirmation.

Summary

Your payment security on Right Spot is guaranteed by the fact that we use PayPal as our payment gateway. Your card information goes directly to PayPal, is processed by PayPal, and stays with PayPal. We receive only confirmation that you paid—nothing more. This is not a promise or a policy. It is how the payment system is built. There is no mechanism for us to access your card details even if we wanted to.
This concludes the security documentation. Return to Documentation home or explore other sections using the sidebar navigation.