Privacy Policy
How we process account, usage, and compliance data while keeping payment settlement on-chain and non-custodial.
1. Introduction & Scope
This Privacy Policy explains how XPayr ("we", "us", or "the Platform") collects, uses, stores, and protects information when you access or use our services.
XPayr operates as a non-custodial, smart-contract based crypto payment infrastructure (SaaS). We provide blockchain-based smart contract routing software that enables merchants to accept cryptocurrency payments. XPayr does not custody, pool, or control user funds at any point. All payment transactions are executed autonomously on-chain through verified smart contracts.
This policy applies to all users of XPayr services, including merchants, API integrators, and website visitors. By using our platform, you acknowledge and agree to the practices described in this policy.
XPayr services are not available to persons located in the United States, the European Union, or Turkey. By accessing the platform, you represent and warrant that you are not a restricted person under applicable law.
2. Data We Collect
We collect the following categories of information to operate and improve our services:
Account Information: Email address, username, password hash, and two-factor authentication details provided during registration.
Merchant Profile Data: Business name, business category, website URL, and payout wallet addresses submitted during merchant onboarding.
Transaction Metadata: On-chain transaction hashes, payment amounts, network identifiers, and settlement status. Note: All transaction data is publicly available on the respective blockchain and is not considered private information.
Technical & Usage Data: IP addresses, browser type, device identifiers, access timestamps, pages visited, and API call logs collected automatically for security and performance analysis.
Support Records: Communications, tickets, and correspondence exchanged through our support channels.
Important: We do not collect or store private keys, seed phrases, or wallet credentials. XPayr never has access to or control over your cryptocurrency funds.
3. How We Use Data
We use collected information for the following purposes:
Service Delivery: To create and maintain your account, process merchant configurations, generate payment links, and facilitate on-chain smart contract interactions.
Security & Fraud Prevention: To detect unauthorized access, prevent abuse, monitor suspicious activity patterns, and protect the integrity of our infrastructure.
Compliance: To fulfill legal obligations, respond to lawful requests from authorities, and implement risk-based controls as required by applicable regulations.
Product Improvement: To analyze usage patterns, optimize platform performance, improve user interfaces, and develop new features.
Communication: To send service-related notifications, security alerts, policy updates, and respond to support inquiries.
All payment execution remains fully autonomous on-chain through smart contracts. XPayr data processing activities are limited to the software infrastructure layer and do not involve custody or movement of user funds.
4. Data Sharing & Third Parties
XPayr does not sell, rent, or trade your personal information to third parties. We may share data only in the following limited circumstances:
Blockchain Networks: Transaction data is inherently public on blockchain networks. Anyone can view on-chain transaction details including wallet addresses and amounts.
Infrastructure Providers: We use trusted hosting, CDN, and cloud infrastructure providers to deliver our services. These providers process data solely on our behalf and under strict confidentiality agreements.
Analytics: We may use privacy-respecting analytics tools to understand platform usage patterns. No personally identifiable information is shared with analytics providers.
Legal Requirements: We may disclose information when required by law, court order, or governmental request, or when necessary to protect our rights, safety, or property.
Business Transfers: In the event of a merger, acquisition, or asset sale, user data may be transferred as part of the transaction, subject to the same privacy protections described in this policy.
5. Data Retention
We retain your information only for as long as necessary to fulfill the purposes outlined in this policy.
Active Accounts: Account and profile data is retained for the duration of your active account. You may request deletion at any time by contacting support.
Inactive Accounts: Accounts with no activity for 24 consecutive months may be flagged for archival or deletion, subject to legal hold requirements.
Transaction Records: On-chain transaction metadata is retained for compliance and audit purposes for a minimum of 5 years after the transaction date, or longer if required by applicable law.
Technical Logs: Server and access logs are retained for up to 12 months for security analysis, after which they are automatically purged.
Legal Holds: Certain data may be retained beyond standard periods if required by ongoing legal proceedings, regulatory investigations, or compliance obligations.
6. Security Measures
We implement industry-standard security measures to protect the information we process:
Encryption: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. Sensitive data at rest is encrypted using AES-256.
Access Controls: Internal access to user data is restricted to authorized personnel only, enforced through role-based access controls, multi-factor authentication, and audit logging.
Infrastructure Security: Our servers are hosted in SOC 2 compliant data centers with physical security controls, redundant power, and network monitoring.
No Fund Custody: As a non-custodial platform, XPayr never stores, holds, or has access to your cryptocurrency private keys or funds. All payments are routed through on-chain smart contracts that execute autonomously without our intervention.
Incident Response: We maintain incident response procedures and will notify affected users without undue delay in the event of a data breach that poses a risk to their rights or freedoms.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
Right of Access: You may request a copy of the personal data we hold about you.
Right to Correction: You may request correction of inaccurate or incomplete personal data.
Right to Deletion: You may request deletion of your personal data, subject to our legal retention obligations.
Right to Data Portability: You may request your data in a structured, machine-readable format for transfer to another service.
Right to Object: You may object to certain types of data processing, such as processing for analytics purposes.
To exercise any of these rights, please contact us at the email address provided in Section 8 below. We will respond to verified requests within 30 days.
Please note: On-chain transaction data cannot be modified or deleted as it is permanently recorded on public blockchain networks. This is a fundamental characteristic of blockchain technology and is outside our control.
8. Contact & Updates
Contact: For privacy-related inquiries, data requests, or complaints, please contact us at: [email protected]
Policy Updates: We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated through a notice on our platform or via email to registered users.
The "Last updated" date at the top of this page indicates when this policy was most recently revised. Continued use of our services after any update constitutes acceptance of the revised policy.
Governing Framework: This policy is governed by the laws of the jurisdiction in which XPayr operates. Any disputes arising from this policy shall be resolved in accordance with the dispute resolution provisions in our Terms of Service.