Paidy

Paidy

Paidy scripts embed buy-now-pay-later payment option interfaces on Japanese e-commerce checkout pages. Visitors selecting Paidy as a payment method share purchase amounts, contact details, and billing information with Paidy's payment processing infrastructure to complete installment-based transactions.

Back to Vendor Library

Overview

Paidy is Japan's leading buy-now-pay-later (BNPL) payment service, acquired by PayPal in 2021 for approximately $2.7 billion USD. The platform allows Japanese consumers to make online and in-store purchases and pay later — via monthly convenience store payments, bank transfers, or installment plans — without requiring a credit card or pre-registration. Paidy's "3-click checkout" uses just a phone number and email address to complete a purchase, with Paidy handling its own risk assessment in real time.

When Paidy's scripts appear on e-commerce websites, they are embedding a payment option within the checkout flow specifically designed for the Japanese consumer market. The integration is functionally comparable to how Klarna, Afterpay, or PayPal appear as payment methods on Western e-commerce sites.

What This Script Does

Paidy's scripts (widget.paidy.com/paidy.js) embed BNPL payment functionality directly into Japanese e-commerce checkout flows:

Payment option rendering: The script displays Paidy as a selectable payment method during checkout, showing the merchant's accepted Paidy plan types (pay-in-3, pay-in-12, monthly payment) along with estimated monthly installment amounts. This widget loads from Paidy's CDN at widget.paidy.com.

Identity verification and risk assessment: When a customer selects Paidy, the checkout collects the customer's Japanese phone number and email address. Paidy performs a real-time proprietary risk assessment using these identifiers combined with its own behavioral and payment history data to approve or decline the transaction. This assessment happens server-side at Paidy's infrastructure.

Transaction authorization: The script handles the payment authorization handshake between the merchant's checkout, the customer's browser, and Paidy's payment infrastructure. Upon approval, Paidy issues an authorization token that the merchant uses to capture the payment.

Session state management: Cookies are set to maintain checkout session continuity through the multi-step authorization and confirmation flow. These are strictly functional session cookies scoped to the payment interaction.

Merchant SDK events: The Paidy.js library fires JavaScript events (e.g., on_success, on_close, on_error) that the merchant's checkout code listens to in order to advance the order flow upon payment completion.

Consent & Compliance

Paidy's payment scripts operate within a clear legal and compliance framework:

  • APPI (Japan): Japan's Act on the Protection of Personal Information governs Paidy's data handling. As a payment service provider, Paidy has a clear contractual and regulatory basis for collecting and processing the personal information necessary for payment processing and credit assessment. Paidy maintains a published privacy policy in Japanese covering these processing activities.
  • GDPR: While Paidy primarily serves Japan, GDPR applies if EU residents access Japanese e-commerce sites. Payment processing has a clear lawful basis under Article 6(1)(b) — performance of a contract — for the personal data collected during checkout.
  • ePrivacy Directive: Session cookies set during a payment flow are strictly necessary for the payment service the customer has explicitly selected. These are exempt from prior consent requirements under Article 5(3) of the ePrivacy Directive.
  • PCI-DSS: Paidy's payment infrastructure is PCI-DSS compliant. Card data (for Paidy's card-linked features) is handled through tokenization within Paidy's certified environment.

Should You Block This Without Consent?

Paidy's scripts serve a purely functional payment purpose — processing transactions that customers explicitly initiate by selecting Paidy as their payment method at checkout. The data collection is limited to what is strictly necessary for payment processing and real-time credit assessment. Blocking Paidy without consent would prevent customers from completing purchases using this payment method.

No.

Visit website

Consent Categories

Functional

Also Known As

paidy consentpaidy cookiespaidy bnpl privacybuy now pay later consentpaidy scriptspaidy japan payments

Industries

Finance

Tracked Domains (1)

paidy.comFunctional

Frequently Asked Questions

Does Paidy require cookie consent on Japanese e-commerce sites?

No. Paidy's session cookies are strictly necessary for completing a payment transaction the customer explicitly chose. Under Japan's APPI and the ePrivacy Directive's strictly necessary exemption, payment flow cookies are exempt from prior consent requirements.

What does the Paidy.js script do during a checkout session?

Paidy.js renders the BNPL payment option, collects the customer's phone number and email for real-time risk assessment, handles the payment authorization handshake, and fires completion events the merchant listens to. Card data is not involved — Paidy uses phone and email for identity verification.

How does ConsentStack treat Paidy in a consent configuration?

ConsentStack classifies Paidy as an essential functional vendor and exempts it from consent-gating. Since Paidy only activates when a customer selects it as their payment method, ConsentStack treats its scripts and session cookies as strictly necessary for completing the transaction the customer initiated.

Related Vendors

Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Maps
Google Maps
Google Maps is the dominant web mapping service used for embedded maps and location features on websites. Scripts load interactive map tiles, geocoding, and Places API functionality through the Maps JavaScript API. May set cookies to remember map preferences and manage API quota.
Google Search
Google Search
Google Search appears on websites through the Programmable Search Engine, enabling custom site-specific search functionality. Scripts load the search widget from Google's servers to render search bars and display results within the host website. Sends search queries to Google's index and may set cookies for search personalization and query history.
Microsoft Power Apps
Microsoft Power Apps
Microsoft Power Apps is a low-code application development platform that enables embedded business applications on websites. Scripts load custom app interfaces from Microsoft's cloud, render form controls and data views, and connect to backend data sources through Power Platform connectors. Sets session cookies to maintain application state and user authentication.
Microsoft Teams
Microsoft Teams
Microsoft Teams is a workplace communication and collaboration platform that can be embedded on websites for chat, meetings, and document sharing. Embedded widgets load from Microsoft's servers to enable real-time messaging, video calls, and file collaboration. Sets authentication and session cookies to verify participant identity and maintain connection state.
Microsoft Viva
Microsoft Viva
Microsoft Viva is an employee experience platform that surfaces on websites through embedded engagement and learning modules. Scripts load content feeds and knowledge cards from Microsoft's cloud infrastructure. Sets authentication cookies for user identity and personalized workplace content delivery.

Manage consent for Paidy

ConsentStack automatically detects and manages Paidy trackers so your site stays compliant with global privacy regulations.

Get started free