๐Ÿ›ก Turning off TLS 1.0 and 1.1

On the 30th of June 2018 the PCI Security Council, made up of Visa, MasterCard, American Express, Discover and JCB, are deprecating TLS 1.0 and 1.1; this is in an effort to keep card payments secure.

As we announced back in March we have worked with sellers to get everyone ready for this change, turning off TLS 1.0 and 1.1 temporarily in 3 separate occasions to run real-world readiness assessments.

In conclusion we have now turned off TLS 1.0 and 1.1 which were only still used by a very small minority of buyers.

๐Ÿ‡ง๐Ÿ‡พBelarus Sales Tax Support

As of the 20 June 2018, we've had to begin charging sales tax for buyers purchasing in Belarus. If you have exclusive VAT enabled on your seller account then your existing subscriptions will have their recurring cost increased to accommodate the VAT.

Get in touch if you have any questions on how we handle sales taxes today.

๐Ÿ” Increased security for custom checkout links

We've noticed an insecurity in our signature generation for custom checkout links, where (in certain situations), parameters including price can be changed by the end customer.

Following an audit of transactions, it doesn't appear to have been exploited. We've contacted sellers who use custom checkout links directly, just in case. However, we take issues like this seriously and have rolled out an immediate fix.

If you have any questions, reach out to our team today.

๐Ÿ” Removing sign-up and sign-in on our Checkout

When we launched Paddle 6 years ago, we operated as a software marketplace, helping both software sellers and buyers connect. Software buyers could create a Paddle personal account, and log into their account on the Checkout to pay.

This made sense at the time. 6 years later, this has turned into a legacy feature that is barely used and no longer represents a great way to speed up a purchase. Passwords are lost or forgotten, innovations like Apple Pay are introduced...

We simply believe we can help you run and grow better without it, and as bonus ship faster without the burden of a legacy feature.

We are turning off all sign-up and sign-in functionality for buyers on our Checkout. We don't expect you to see any impact but as usual simply reach out if you'd like to chat.

๐Ÿ–ผ Branding your Order Confirmation Emails and Customer Invoices

We've introduced a new set of customization options of the Order Confirmation email and Customer Invoice we send after a purchase, helping you show your brand throughout the whole customer journey.

You can now specify both a Company Display Name and a Product Website in your Dashboard.


We will then show your Company Display Name, linking to the Product Website if you'd indicated it. As a fallback we will show the Paddle logo and link to our website if you haven't provided any branding information.


If you wish to display your logo, simply contact our Success team.

๐Ÿ“ฅ Changes to IP Address Sharing in Webhooks

Following our previous GDPR communications, on the 21st of May we will stop passing the IP address of software buyers in the alert webhook we send for a non-subscription "Payment Succeeded" confirmation.

The reason for this change is that under the GDPR, the IP address of a customer is considered as personal data. Going forward we will therefore limit its use to the processing of orders (for example using it as an element of our anti-fraud protection algorithms).

If you need access to IP addresses to provide a great service, please get in touch to discuss GDPR-compliant solutions with our team.

๐Ÿ‡ช๐Ÿ‡ฌ Adding Arabic to our Checkout

We've recently added a new language, Arabic, to our Checkout - adding to the existing ๐Ÿ‡บ๐Ÿ‡ธ English, ๐Ÿ‡ฉ๐Ÿ‡ช German, ๐Ÿ‡ช๐Ÿ‡ธ Spanish, ๐Ÿ‡ซ๐Ÿ‡ท French, ๐Ÿ‡ฎ๐Ÿ‡น Italian, ๐Ÿ‡ฏ๐Ÿ‡ต Japanese, ๐Ÿ‡ณ๐Ÿ‡ฑ Dutch, ๐Ÿ‡ต๐Ÿ‡ฑ Polish, ๐Ÿ‡ต๐Ÿ‡น Portuguese, ๐Ÿ‡ท๐Ÿ‡บ Russian and ๐Ÿ‡จ๐Ÿ‡ณ Chinese (Simplified).

As a consequence our conversion rate in Arabic countries has jumped by 32%!

We only support left to right Arabic at the moment but do plan to improve on this in the future.

โ™ป๏ธ Adapting Checkout Recovery to the GDPR

Following our recent GDPR announcement, we are rolling out changes to our Checkout Recovery.

Checkout Recovery is one of the ways you can grow your revenue and minimize checkout abandonment, by sending a series of smart emails to customers who have started their purchase journey without finishing it. You can choose to add a discount in these emails as an incentive.

In order to preserve your ability to fight checkout abandonment, we need to implement a couple of changes so that these emails stay compliant going forward:

  1. Opt-out links, as well as the ability to re-subscribe will be added to all Checkout Recovery emails. We are adding these to offer customers more control in the way they give, and take away informed consent to the kind of marketing material they receive.
  2. Customers who have not provided consent in the checkout will receive a slimmed down reminder without any promotional offer. We are making this change because under the GDPR, marketing emails cannot be sent to customers without their initial consent.

Here are examples of Checkout Recovery emails sent if customers have provided consent - both with and without a promotional offer.

Without a promotional offer

mkt recovery email (1st).png

With a promotional offer

mkt recovery email (1st + discount).png

And here is an example of a Checkout Recovery email sent to customers who have not provided consent - who are still able to unsubscribe entirely from these emails.

functional recovery email (1st).png

๐Ÿš€ Introducing Third-Party Affiliate Integrations

We've added documentation of how to track affiliate sales with the following leading platforms in Paddle:

  • iDevAffiliate
  • CJ Affiliate
  • HasOffers
  • Impact Radius
  • Tapfiliate
  • WebGains
  • Voluum

This allows you to easily pass the right data such as the sale value and currency to the product name to these platforms, automating the payment of affiliate commissions and performance reporting for transactions processed via our checkout.

To learn more about tracking third party affiliate sales, read our implementation guide.

๐Ÿ”‘ Initial GDPR changes live

We've deployed a number of changes related to GDPR today.

If you previously automatically opted your customers in to marketing on the checkout you will need to make some changes. If you had a customised opt-in message on your checkout then this will changed to our standard and GDPR compliant message.

In the next few days we'll deploy the remaining changes that mean you can make your use of Paddle GDPR compliant. Full details of these changes and what you're required to do before the GDPR deadline are here.

For further context read our rollout announcement to learn more about our approach to GDPR.

No published changelogs yet.

Surely Paddle will start publishing changelogs very soon.

Check out our other public changelogs: Buffer, Mention, Respond by Buffer, JSFiddle, Olark, Droplr, Piwik Pro, Prott, Ustream, ViralSweep, StartupThreads, Userlike, Unixstickers, Survicate, Envoy, Gmelius, CodeTree