Privacy & Data Retention

Effective July 13, 2026

What we collect on each request

What we never collect

Why we collect it

To return your diagnostic report, to detect abuse, and for aggregate analytics on how agentic payments are being adopted (request volumes, geography, client stacks). Aggregates may be published; individual records are not sold or shared.

Retention

Request records are retained for up to 24 months, then deleted or irreversibly aggregated. Receipt emails are used to send your receipt and retained with the transaction record.

Security posture

TLS on every connection, encrypted tunnel to origin, least-privilege datastore access, and tamper-evident (hash-chained) request logging. Questions or deletion requests: contact us.

← Back