Privacy Policy

Last updated: February 2026

TL;DR

We collect what we need to run the service. We don't sell your data. We don't track you across the web. We're not an ad company.

What we collect

Account data

  • Email address (for login and notifications)
  • Password hash (bcrypt, 12 rounds) — or OAuth ID if you sign up via GitHub/Google/Discord
  • Business name and description (encrypted at rest)
  • Solana wallet public key (for settlements). Private key encrypted with AES-256-GCM
  • External withdrawal address you configure
  • Two-factor authentication secret (encrypted at rest)
  • API key (encrypted at rest, hashed separately for O(1) lookup)

Payment provider data (Relays)

  • API keys (encrypted at rest, AES-256)
  • Account ID, business name, country, MCC
  • Statement descriptor, default currency

We only request minimal API permissions: create payments, check status. No access to payouts, refunds, or balance.

Transaction data

  • Payment amounts, timestamps, status, currency
  • Relay and Client IDs involved
  • Provider transaction IDs (encrypted)
  • Fee percentages, payout amounts, referral splits
  • Solana wallet addresses and tx hashes (on-chain, public)

Card metadata (from Stripe, not entered by us)

  • Card last 4 digits, BIN, brand, country (all encrypted at rest)
  • Cardholder name (encrypted)
  • Card fingerprint (encrypted) — used for fraud pattern detection
  • Stripe Radar fraud score
  • Decline reason if payment fails (encrypted)

We never see or store full card numbers. Stripe handles card input client-side. We only receive metadata from the PaymentIntent response after the charge.

Technical data

  • IP address (encrypted at rest, used for rate limiting and fraud prevention)
  • User agent string (stored with session for device identification)
  • Webhook endpoints you configure (encrypted at rest, validated against private IP ranges)

Reviews & comments

  • Review text and rating (public, one per Relay-Client pair)
  • Comment replies (public, linked to your account)

What we don't collect

  • Buyer card numbers or payment details (handled by Stripe/PayPal directly)
  • Browsing history or cookies beyond session auth
  • Location data beyond IP-derived country

How we use it

  • Run the service: Route payments, match pool, settle funds
  • Security: Detect fraud, rate limit abuse, prevent unauthorized access
  • Communication: Transaction notifications, service updates
  • Disputes: Investigate chargebacks and resolve conflicts

Who sees it

  • You: Full access to your own data via dashboard and API
  • Counterparties: Relays see Client region, chargeback score, volume stats, and reserve amount (post-transaction). Clients see Relay fee and rating. Never identities
  • Your webhooks: When a payment status changes, we POST decrypted payment details to your configured webhook URL. This includes amounts, card metadata, fraud score, wallet addresses, and tx hashes. Secure your endpoint
  • Solana blockchain: Wallet public keys, USDC transfer amounts, and tx hashes are permanently visible on-chain

We don't sell data. We don't share with advertisers. We don't do "partners" or "affiliates" bullshit.

Third-party services

  • Stripe: Payment processing. We send encrypted API keys to create PaymentIntents and check status. Stripe handles card input directly — card numbers never touch our servers
  • Solana (via Alchemy RPC): Blockchain operations — wallet balances, USDC transfers, transaction confirmations. Alchemy receives webhook notifications for wallet activity
  • OAuth providers (Google, GitHub, Discord): Authentication only. We receive your email and provider ID. We don't post to your accounts or access anything else

Security

  • All sensitive fields encrypted with AES-256-GCM (authenticated encryption) at rest. Unique IV per value
  • API keys hashed with HMAC-SHA256 for constant-time lookup (no timing leaks)
  • Passwords hashed with bcrypt (12 rounds)
  • HTTPS everywhere
  • Session tokens: 32 random bytes, httpOnly, secure, sameSite lax, 30-day expiry
  • Rate limiting on all endpoints
  • Webhook URLs validated against private/internal IP ranges (SSRF protection)
  • Two-factor authentication (TOTP) required for all withdrawals
  • No plain-text secrets in logs or responses

Retention

  • Account data: Until you request deletion
  • Transaction history: Retained indefinitely (for dispute resolution and compliance), even after account deletion
  • Session/IP logs: 90 days
  • Blockchain data (wallet addresses, tx hashes): Permanent and public on Solana — we can't delete this

Your rights

  • Export: Request a copy of your data
  • Delete: Request account deletion (transaction history retained for compliance)
  • Correct: Update your info via dashboard

Reach out on Discord for export or deletion requests.

Cookies

One cookie: session_token. HttpOnly, Secure, SameSite Lax, 30-day expiry. That's it. No tracking cookies, no analytics pixels, no "we value your privacy" popup that's actually asking permission to spy on you.

Changes

We'll update this page if something changes. Check the date at the top.

Contact

Privacy questions? Discord. We actually read them.