Privacy Policy

Scope and applicability

This Privacy Policy (the "Policy") applies to paytempo.app, all related subdomains, the TempoPay merchant console, the TempoPay payment link generator, and any application, API, integration, or surface operated by the TempoPay project (collectively, the "Service"). By accessing or using the Service, you acknowledge that you have read and understood this Policy.

This Policy should be read together with our Terms of Service and Risk Disclosure. Where there is any conflict between this Policy and a specific contract signed directly with a merchant partner, the directly signed contract controls for that merchant only.

Non-custodial nature

TempoPay is non-custodial by design. This has direct consequences for what we can and cannot see, and for what we can and cannot do on your behalf:

• We never hold, store, move, freeze, or reverse user funds.
• We never generate, request, import, or store private keys, seed phrases, mnemonic backups, hardware wallet secrets, or session signing keys.
• All transfers occur directly between user wallets on the underlying blockchain network.
• All transaction finality, confirmation time, and irreversibility are determined by the relevant blockchain, not by TempoPay.

Information we collect

We collect only the minimum data required for the Service to operate, and we try to make that collection transparent.

Payment link metadata

When you create a payment link through the Service, we store:

• A unique link identifier (UUID).
• The selected network (for example Solana or Base) and asset (for example SOL, USDC or ETH).
• The intended payment amount.
• The recipient wallet address you provided.
• The timestamp of creation and any subsequent status change.
• Upon successful settlement, the transaction hash reported by the paying wallet and the block explorer URL derived from it.

Technical and access logs

Like most internet-facing services, our reverse proxy and application layer may record:

• IP address, approximate geolocation inferred from IP, user-agent string, operating system, browser, and referrer.
• HTTP method, endpoint, status code, response size, and request duration.
• Security signals such as rate-limit events and abusive pattern indicators.

These logs are used for debugging, abuse prevention, infrastructure monitoring, and capacity planning.

Wallet addresses

Public wallet addresses that interact with the Service (for example to create, open, pay or verify a link) are visible to us in the same way they are visible to anyone reading the public blockchain. We treat these addresses as identifiers strictly necessary to operate payment link functionality.

Merchant console state

When you use the merchant console (dashboard), certain profile-like records may be stored locally in your browser (see Cookies and local storage) and, where applicable, synced to our backend:

• Merchant display name, bio, and avatar reference.
• Saved wallet identities you explicitly save, and the default recipient you choose per chain.
• Activity log entries produced by actions you take inside the console.

Information we do not collect

TempoPay is deliberately built so that it does not need, and therefore does not ask for, most of what custodial services ask for. We do not collect:

• Government-issued identification documents, selfies, or biometric data.
• Bank account numbers, credit card numbers, or any traditional banking credentials.
• Tax identifiers such as SSN, TIN, VAT or equivalent.
• Private keys, mnemonic phrases, hardware wallet secrets, or wallet extension passwords.
• The content of messages exchanged inside connected third-party wallets.

On-chain data

Blockchain networks are public, append-only, permissionless, and effectively permanent. Any transaction that settles through a payment link is recorded on the underlying chain and will remain publicly readable forever.

This has practical consequences for your privacy:

• Your wallet address, the amount you sent or received, the timestamp, the counterparty address, and the transaction hash are public by design.
• Anyone, including data analytics firms, compliance vendors, and governments, can observe this data without our involvement.
• TempoPay cannot delete, encrypt, anonymize, or otherwise modify on-chain records.

If this profile of exposure is not acceptable for a given payment, do not use a payment link for it.

Cookies and local storage

The Service may use first-party cookies and browser local storage to:

• Persist merchant console state (saved wallets, default recipients, profile metadata) across sessions.
• Remember your network and asset preferences while creating links.
• Mitigate abuse (for example rate-limit tokens).

We do not use third-party advertising cookies, advertising identifiers, or behavioral retargeting trackers. You can clear local storage from within your browser settings at any time; doing so will reset the console to its initial state.

Third-party wallets and RPC providers

To operate, the Service interacts with third-party components that have their own privacy characteristics. These include, without limitation:

• Wallet providers such as Phantom, MetaMask, Rabby, Coinbase Wallet and similar. When you connect a wallet, the wallet provider may see your browser, IP, and usage patterns subject to its own policy.
• RPC and node providers used to broadcast and read blockchain state (for example Solana mainnet endpoints, Base mainnet endpoints, and equivalents).
• Block explorers such as Solana Explorer, Solscan, Basescan, and similar services linked from payment confirmations.
• Infrastructure providers such as our hosting, DNS, and content delivery partners.

TempoPay does not control the privacy practices of these third parties. Their terms and policies apply when you interact with them. We pick providers we consider reasonable, but their behaviour is outside our administrative control.

How we use information

We use the information described above strictly to:

• Operate and maintain the payment link creation, verification and settlement flow.
• Render and persist merchant console state (saved wallets, defaults, activity).
• Prevent, detect and respond to abuse, fraud, attacks and service disruption.
• Debug incidents, understand performance, and improve reliability.
• Comply with applicable law, lawful process, and safety obligations.

We do not sell personal information. We do not rent contact lists. We do not share personal information with advertisers.

Information sharing and disclosure

We may share limited information only in the following situations:

• Service providers that process data on our behalf strictly to operate TempoPay infrastructure (hosting, DNS, monitoring, error tracking).
• Legal and safety obligations, where we have a good-faith belief that disclosure is required to comply with law, a binding legal request, or to protect the rights, property or safety of TempoPay, users or the public.
• Corporate events such as a future reorganization, merger, acquisition or asset transfer, in which case the receiving party will be bound by substantially equivalent privacy obligations.

Data retention

We retain information only as long as needed for the purposes described in this Policy, or as required by applicable law. Concretely:

• Payment link records persist while they remain useful to the merchant who created them, or as required by law.
• Access and application logs are retained for a limited window, rotated, and then deleted.
• Merchant console state stored in local storage persists until cleared by you through the console reset option or through your browser settings.

Security practices

We apply standard engineering practices to protect the parts of the system we control, including:

• TLS for all HTTPS traffic between client and server.
• Principle of least privilege for operator access to production systems.
• Regular dependency updates and vulnerability monitoring.
• Segregation between public-facing services and internal tooling.

Your rights and choices

Depending on your jurisdiction, you may have rights such as access, rectification, deletion, portability, and objection relating to personal data we hold about you. Because TempoPay is non-custodial and collects minimal personal data, many of these rights are naturally limited by what we actually hold.

To exercise applicable rights, contact tempopay support. We may need to verify your ability to control a specific wallet address or email before responding.

International users

TempoPay operates on the public internet and may be accessed from jurisdictions worldwide. By using the Service, you understand that information may be processed in jurisdictions other than your own, with different legal protections. You are responsible for compliance with your local laws, including any applicable sanctions, export controls, and digital asset regulations.

Children

The Service is not directed to individuals under the age of 18. We do not knowingly collect data from children. If you believe a child has provided personal information to us, contact us so we can investigate and, where appropriate, remove it.

Changes to this policy

We may update this Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Material changes may be communicated through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the revised Policy.

Contact

Questions about this Policy, or requests related to your rights, can be sent through the contact page.