1. Introduction

Welcome to x402 Gateway ("we," "us," or "our"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website https://x402gateway.io and our services.

Please read this privacy policy carefully. By using our service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Blockchain Information

When you use our service, we collect the following blockchain-related information:

• Wallet Address: Your Ethereum wallet address for authentication and payment processing
• Transaction Hashes: On-chain transaction identifiers for payment verification
• Block Numbers: Blockchain block information for transaction confirmation
• Signature Data: EIP-712 signatures for payment authorizations

2.2 Gateway Configuration Data

When you create a gateway, we store:

• Gateway Slug: Your chosen unique identifier
• Target API URL: The API endpoint you want to proxy
• Payment Configuration: Amount, recipient address, network
• Request Configuration: HTTP method, headers, body templates (optional)
• Credit Information: Purchased credits and remaining balance
• Gateway Description: Optional description text

2.3 Usage Data

We automatically collect certain information when you use our service:

• Gateway Access Logs: Requests made to your gateways
• Transaction Records: Payment transactions processed through gateways
• Timestamps: Date and time of gateway creation and usage
• Error Logs: Technical errors for debugging purposes

2.4 Technical Data

We may collect technical information including:

• IP Address: For security and fraud prevention
• Browser Information: Browser type and version
• Device Information: Device type and operating system
• Cookies: Authentication and session management cookies

3. How We Use Your Information

We use the collected information for the following purposes:

• Provide Services: To create, manage, and operate your x402 gateways
• Process Payments: To facilitate payment transactions via the x402 protocol
• Authentication: To verify your wallet ownership and authenticate your account
• Analytics: To understand usage patterns and improve our service
• Security: To detect, prevent, and address fraud and security issues
• Customer Support: To respond to your inquiries and provide technical support
• Legal Compliance: To comply with applicable laws and regulations
• Service Improvements: To develop new features and enhance existing functionality

4. Information Sharing and Disclosure

4.1 Blockchain Data

All blockchain transactions are public and permanently recorded on the blockchain. This includes:

• Your wallet address
• Transaction amounts and recipients
• Transaction timestamps and block numbers

Anyone can view this information using blockchain explorers. We have no control over this public data.

4.2 Third-Party Services

We may share information with third-party service providers who assist us in operating our service:

• Privy: Wallet authentication and embedded wallet services
• Turso/LibSQL: Database hosting for gateway configuration
• x402 Facilitator: Payment settlement and verification services
• Base Blockchain: Transaction processing and validation
• Analytics Providers: For usage analytics and service improvement (if applicable)

These service providers are contractually obligated to use your information only for the purposes of providing services to us and are required to maintain the confidentiality of your information.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal requests from government authorities
• Court orders or subpoenas
• Legal proceedings or litigation
• Enforcement of our terms of service
• Protection of our rights, property, or safety, or that of others

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change via email or prominent notice on our website.

5. Data Storage and Security

5.1 Data Storage

Your data is stored in the following locations:

• Database: Turso (LibSQL) serverless database
• Blockchain: Base L2 network (permanently recorded)
• Application Servers: Cloud hosting infrastructure

5.2 Security Measures

We implement appropriate technical and organizational security measures to protect your data, including:

• Encryption of data in transit using HTTPS/TLS
• Secure authentication via Privy wallet integration
• Regular security audits and updates
• Access controls and authorization checks
• Secure database connections and API endpoints

However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

5.3 Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

• Gateway Data: Retained for the lifetime of your gateways or until deletion
• Transaction Records: Retained indefinitely for financial record-keeping
• Blockchain Data: Permanently recorded on the blockchain (immutable)
• Usage Logs: Retained for 90 days unless required for security or legal purposes

6. Your Rights and Choices

6.1 Access and Portability

You have the right to access your personal information and gateway configurations through our dashboard at any time. You can export your gateway data in JSON format.

6.2 Modification and Deletion

You can:

• Update gateway configurations at any time
• Delete gateways (subject to remaining credits)
• Request account deletion by contacting us

Note: Blockchain transactions are immutable and cannot be deleted. Transaction history will remain on the blockchain permanently.

6.3 Opt-Out

You can:

• Disconnect your wallet at any time
• Stop using our service and request data deletion
• Disable cookies through your browser settings (may affect functionality)

6.4 International Users

If you are accessing our service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. By using our service, you consent to this transfer.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Authentication: Maintain your login session
• Preferences: Remember your settings and preferences
• Security: Detect and prevent fraud
• Analytics: Understand how users interact with our service

You can control cookies through your browser settings. However, disabling cookies may affect the functionality of our service.

8. Children's Privacy

Our service is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date at the top of this policy
• Sending you an email notification (for material changes)

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

10. Data Protection Rights (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR):

• Right to Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data
• Right to Restrict Processing: Request limitation of data processing
• Right to Data Portability: Request transfer of your data
• Right to Object: Object to our processing of your data

To exercise these rights, please contact us using the information provided below.

11. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, and shared
• Right to delete personal information held by us
• Right to opt-out of the sale of personal information (we do not sell your information)
• Right to non-discrimination for exercising your privacy rights

12. Contact Information

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

• Website: https://x402gateway.io
• GitHub: github.com/Merit-Systems/x402-token-sdk

We will respond to your inquiry within a reasonable timeframe.

13. Blockchain Privacy Considerations

Important information about blockchain privacy:

• Public Ledger: All transactions are recorded on a public blockchain
• Pseudonymous: Your wallet address is pseudonymous but may be linked to your identity
• Immutable: Blockchain data cannot be modified or deleted
• Transparency: Anyone can view transaction history associated with your wallet address
• No Erasure: "Right to be forgotten" cannot apply to blockchain data

By using cryptocurrency and blockchain technology, you acknowledge and accept these inherent privacy limitations.