Privacy Policy

Last updated: 13 June 2026

This is a template privacy policy for a self-hosted deployment of the Crypto Payment Gateway. Review it with qualified legal counsel and adapt it to your jurisdiction before relying on it in production.

1. Who we are

The Crypto Payment Gateway ("the Service") is operated by the entity deploying it ("we", "us"). The Service lets merchants accept USDT payments and manage subscriptions. For privacy questions, contact admin@crypto-payment-gateway.slonix.dev.

2. Data we process

Account data: the email address you supply when a user record is created.
Payment data: invoice amounts, the deposit addresses we generate, on-chain transaction hashes, confirmation counts and payment status.
Subscription data: start and end dates and current status.
Technical data: request metadata and server logs (timestamps, error traces). Sensitive material such as wallet seeds and private keys is redacted from logs.

We do not collect names, postal addresses, card numbers, or government identifiers, and we do not run third-party trackers or advertising cookies.

3. Public blockchain data

Payments settle on public blockchains (Ethereum and TRON). Transaction amounts, addresses and timestamps are inherently public and permanent on those networks, outside our control. Do not treat on-chain data as private.

4. How we use data

To create invoices, detect and confirm payments, and activate or extend subscriptions.
To send webhook notifications to the merchant application that created the invoice.
To secure, debug and operate the Service.

5. Legal basis & retention

We process data to perform the payment service you request and for our legitimate interest in operating it securely. Records are retained as long as needed to provide the Service and to meet accounting or legal obligations, then deleted or anonymised.

6. Sharing

We share data only with infrastructure providers required to run the Service (e.g. the blockchain RPC/API providers you configure) and where required by law. We never sell personal data.

7. Security

Funds are held in non-custodial HD wallets controlled by the operator's seed. API access can be gated by an API key, webhooks are signed with HMAC-SHA256, and secrets are kept out of logs. No system is perfectly secure; use strong keys and protect your seed.

8. Your rights

Depending on your jurisdiction you may request access to, correction of, or deletion of your personal data. Contact the address above; note that on-chain records cannot be altered or removed.

9. Changes

We may update this policy; the "last updated" date will change accordingly. Continued use after an update constitutes acceptance.