Privacy Policy

1. Introduction

PayChains ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our crypto payment processing platform, APIs, hosted checkout pages, dashboard, and related services (collectively, the "Service").

By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Service.

2. Information We Collect

2.1 Information You Provide

• Account information: name, email address, password, and organization details when you register for an account.
• Payment and billing data: wallet addresses, transaction amounts, token types, chain preferences, and billing contact details.
• API credentials: API keys, webhook URLs, and integration configuration data.
• Communications: information you provide when contacting our support team or submitting feedback.

2.2 Information Collected Automatically

• Usage data: API call logs, request/response metadata, timestamps, endpoints accessed, and error rates.
• Device and browser information: IP address, browser type and version, operating system, device identifiers, and screen resolution.
• Blockchain data: on-chain transaction hashes, block confirmations, wallet addresses, token transfer amounts, and network identifiers. Note that blockchain transactions are inherently public.

2.3 Information from Third Parties

We may receive information from blockchain networks and public data sources to help monitor transactions, detect fraud, and improve our Service. PayChains does not perform identity verification (KYC) on merchants or their customers.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain the Service, including processing payments, generating deposit addresses, and delivering webhook notifications.
• To manage your account, authenticate access, and issue API credentials.
• To monitor blockchain networks for transaction confirmations and payment status updates.
• To process billing, calculate transaction fees, and generate invoices.
• To detect, prevent, and address fraud, abuse, security incidents, and technical issues.
• To comply with applicable legal obligations where required by law.
• To communicate with you about service updates, security alerts, and support inquiries.
• To analyze usage patterns and improve the performance, reliability, and features of the Service.

4. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Essential cookies: maintain your authenticated session and remember security preferences. These are required for the Service to function.
• Analytics cookies: understand how users interact with our dashboard and documentation to improve the experience.
• Preference cookies: remember your settings such as preferred chains, display currency, and theme.

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service.

5. Third-Party Services

We may share information with the following categories of third-party service providers:

• Blockchain networks: transaction data is broadcast to and recorded on public blockchain networks (Ethereum, Polygon, BSC, Arbitrum, Base, and others) as an inherent part of processing payments.
• Cloud infrastructure providers: for hosting, data storage, and content delivery.
• Analytics providers: to help us understand usage patterns and improve the Service.
• Blockchain RPC providers: for reading on-chain transaction data, confirming payments, and interacting with smart contracts.
• Communication providers: for sending transactional emails, webhook deliveries, and support communications.

We require all third-party providers to handle your data in accordance with applicable data protection laws and our contractual obligations.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specifically:

• Account data: retained for the lifetime of your account plus 30 days after deletion request.
• Transaction records: retained for a minimum of 5 years to comply with financial record-keeping obligations.
• API logs: retained for 90 days for debugging and security analysis, then aggregated and anonymized.
• Blockchain data: on-chain data is permanent and cannot be deleted due to the immutable nature of blockchain technology.

7. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256).
• BIP-44 HD wallet derivation to ensure unique deposit addresses per payment with no address reuse.
• HMAC-SHA256 signature verification on all webhook deliveries.
• Regular security audits and penetration testing.
• Role-based access controls and multi-factor authentication for internal systems.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete personal data.
• Deletion: request deletion of your personal data, subject to our retention obligations.
• Portability: request a machine-readable export of your data.
• Objection: object to certain types of processing of your personal data.
• Restriction: request that we limit processing of your personal data under certain circumstances.

To exercise any of these rights, please contact us at support@paychains.dev. We will respond to your request within 30 days.

Please note that certain data, particularly on-chain blockchain transaction data, cannot be modified or deleted due to the immutable nature of distributed ledger technology.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after any changes constitutes acceptance of the revised policy.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: