AgentPaywall Privacy Policy

This Policy applies to personal data processed by AgentPaywall in connection with the Services. AgentPaywall acts as a data controller for personal data we determine how to process, and may act as a processor for limited data handling tasks performed for developers.

Where this Policy conflicts with mandatory local law, mandatory local law controls.

Depending on your interactions with Services, we may collect:

• Identity and account data, such as wallet address, display name, and email.
• Authentication data, including login provider identifiers and session metadata.
• Transaction-linked metadata, such as API id, tx signature, timestamp, and call amount.
• Technical telemetry, such as IP address, user-agent, device type, and error logs.
• Support communications and feedback you submit to us.

We process personal data for legitimate service operations, including:

• Providing account access and authenticating users.
• Verifying API payment proofs and recording transaction outcomes.
• Preventing fraud, abuse, replay attacks, and security incidents.
• Maintaining reliability, debugging, and improving product performance.
• Complying with legal obligations, sanctions controls, and lawful requests.
• Communicating service notices, incident updates, and policy changes.

Where required by applicable law (including GDPR-style regimes), our lawful bases may include performance of a contract, legitimate interests, legal obligations, and consent where consent is required for specific processing activities.

Blockchain networks are public and append-only. If you submit wallet addresses or transaction signatures, those values may be publicly visible and may remain visible indefinitely.

Even if data is removed from our internal systems, on-chain records generally cannot be deleted by AgentPaywall. You should not place sensitive personal data directly on-chain.

We may share personal data only as reasonably necessary with:

• Cloud hosting, analytics, logging, and infrastructure providers.
• Authentication and wallet integration providers.
• Developers and API consumers where needed to complete payment-gated calls.
• Professional advisers, auditors, and legal counsel.
• Law enforcement or regulators when legally required.

We do not sell personal data in exchange for monetary consideration.

We may process data in countries other than your country of residence. Where required, we use appropriate transfer safeguards, such as standard contractual clauses or equivalent mechanisms, for cross-border transfers.

We keep personal data only for as long as needed for the purposes described in this Policy, including security, legal, accounting, and dispute-resolution requirements.

• Account records are retained while your account is active.
• Security logs may be retained for abuse prevention and incident response.
• Financial and transaction records are retained for compliance and audit obligations.

Depending on your location, you may have rights to access, correct, delete, restrict, object, or port certain personal data. You may also have the right to withdraw consent where processing relies on consent.

We may need to verify your identity before fulfilling requests and may deny or limit requests where permitted by law.

We use administrative, technical, and organizational safeguards intended to protect personal data, including access controls, encryption in transit, least-privilege system design, and monitoring for suspicious behavior.

No system is completely secure. You are responsible for securing your wallets, devices, credentials, and API keys.

Services are not directed to children and are not intended for users below the age of majority in their jurisdiction. If you believe a minor provided personal data, contact us so we can review and take appropriate action.

We may update this Privacy Policy from time to time. Material changes will be posted with an updated effective date. Continued use of Services after changes means you accept the revised Policy.

For privacy questions or to submit data rights requests, contact: privacy@agentpaywall.com.

If you are in a jurisdiction with a data protection authority, you may also have the right to lodge a complaint with your local supervisory authority.