Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Blockchain Addresses: When using the facilitator service, your public blockchain address is included in payment verification and settlement requests.
• Payment Data: Transaction details (amounts, recipient addresses, network identifiers) submitted for verification or settlement.
• Feedback: Any information you voluntarily provide through GitHub issues or community channels.

1.2 Automatically Collected Information

• Usage Data: Page views, referral sources, and general interaction patterns on our websites (via privacy-respecting analytics).
• Technical Data: IP address, browser type, device type, and operating system for security and performance purposes.
• API Logs: Request timestamps, endpoints accessed, and response codes for the facilitator service.

1.3 Information We Do NOT Collect

• Private keys or seed phrases (these never leave your device)
• Personal identity information (name, email, phone) unless you voluntarily provide it
• Wallet balances or transaction history beyond what you submit to our services
• Cookies for advertising or cross-site tracking

2. How We Use Information

• Payment Processing: Verify payment signatures and execute on-chain settlements through the facilitator service.
• Service Operation: Maintain, monitor, and improve our services' performance and reliability.
• Security: Detect and prevent abuse, fraud, or unauthorized access to our services.
• Rate Limiting: Ensure fair usage of the facilitator API.
• Analytics: Understand usage patterns to improve documentation and developer experience.

3. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. Information may be shared in the following limited circumstances:

• Blockchain Networks: Settlement transactions are broadcast to public blockchains by design. Transaction data on-chain is publicly visible.
• Infrastructure Providers: We use Cloudflare for hosting and RPC providers for blockchain access. These providers process requests on our behalf.
• Legal Requirements: We may disclose information if required by law or valid legal process.

4. Data Retention

• API Logs: Retained for 30 days for debugging and security purposes, then deleted.
• Analytics Data: Aggregated and anonymized after 90 days.
• Settlement Records: Transaction hashes are retained as proof of settlement. On-chain data is permanent by nature.

5. Security

We implement industry-standard security measures to protect information:

• All services are served over HTTPS/TLS
• Facilitator private keys are stored in encrypted environments
• Rate limiting and abuse detection on all API endpoints
• Regular security audits of the open-source codebase
• Infrastructure monitoring via Grafana dashboards

6. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request deletion of your data from our systems
• Object to or restrict processing of your data
• Request a copy of your data in a portable format

To exercise these rights, contact us via GitHub or our community channels.

7. Open Source Transparency

T402 is an open-source protocol. The facilitator service code is publicly auditable at github.com/t402-io/t402. You can verify exactly what data is processed and how.

Self-hosted facilitator deployments are not covered by this policy. Operators of self-hosted instances are responsible for their own privacy practices.

8. Third-Party Services

Our services integrate with or link to:

• Blockchain RPC Providers: For transaction submission and verification
• Cloudflare: For CDN and DDoS protection
• GitHub: For source code hosting and issue tracking

Each third-party service has its own privacy policy. We encourage you to review their policies.

9. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated date. Significant changes will be announced through our community channels.

10. Contact

For privacy-related inquiries:

• GitHub Issues: github.com/t402-io/t402/issues
• Security concerns: Security Advisories
• Community: Telegram