StablePay Sign Up

Privacy Policy

Last updated: March 28, 2026

1. What We Collect

Account Data: Email address, company name, contact name, hashed password. We never store plain-text passwords.

Wallet Addresses: Public wallet addresses you provide. For managed wallets, we also store encrypted private keys (AES-256).

Transaction Data: Order amounts, blockchain transaction hashes, chain, token type, timestamps, payment status.

Chat History: Conversations with the AI assistant are stored to provide continuity and personalized support.

Usage Data: IP addresses (for rate limiting), feature usage patterns.

2. What We Don't Collect

  • Private keys for non-managed wallets (we never have access)
  • Customer (payer) personal data beyond optional email
  • Browsing history or tracking cookies
  • Government-issued identification (no KYC currently required)

3. How We Use Your Data

  • Process and confirm stablecoin payments
  • Calculate and invoice transaction fees
  • Send verification emails and payment notifications
  • Provide AI-assisted onboarding and support
  • Prevent fraud and enforce rate limits
  • Improve the service

4. Data Storage

Data is stored on Railway (PostgreSQL) and served via Vercel. All connections use TLS encryption. Managed wallet private keys are encrypted at rest with AES-256. Database backups are automated by the hosting provider.

5. Third-Party Services

  • Resend: Email delivery (verification codes, invoices, receipts)
  • Anthropic (Claude): AI assistant — your chat messages are sent to Anthropic's API for processing
  • Blockchain RPCs: Public blockchain nodes for payment detection (no personal data sent)

6. Data Retention

Account data: retained while account is active + 90 days after deletion. Transaction records: retained for 7 years (financial compliance). Chat history: retained while account is active, deletable by user. You can request full data export or deletion by contacting us.

7. Your Rights

  • Access your data (available in dashboard)
  • Delete your chat history (via dashboard)
  • Export your transaction data
  • Delete your account (contact us)
  • Withdraw managed wallet funds at any time

8. Security

We use: HTTPS everywhere, bcrypt password hashing (12 rounds), AES-256 encryption for managed wallet keys, Bearer token authentication, rate limiting on all endpoints. We follow OWASP security best practices.

9. Cookies

We use sessionStorage (not cookies) for authentication. No tracking cookies, no analytics cookies, no third-party cookies.

10. Changes

We'll notify you via email of material changes to this policy. Minor changes are posted here with an updated date.

11. Contact

Privacy questions: privacy@wetakestables.shop