Privacy Policy

Last updated: February 12, 2026

1. Introduction

Paywalless is a non-custodial payment protocol built on the Base blockchain. Privacy is core to our design. We collect the absolute minimum data required to operate the protocol. This Privacy Policy explains what we collect, what we don't collect, and how we use the data we do store.

2. What We Collect

Paywalless stores only the data necessary to facilitate payment verification and content delivery:

• Wallet addresses — Seller wallet addresses provided during product creation, used to verify payment recipients.
• Transaction hashes — Blockchain transaction identifiers used for payment verification and replay protection.
• Product metadata — Product titles, prices, and access durations as configured by the seller.
• Encrypted content references — Destination URLs encrypted with AES-256-GCM at rest. These are encrypted string references only — Paywalless never accesses, caches, or stores the actual content.
• Product identifiers — Randomly generated hex identifiers used to reference products.

3. What We Do NOT Collect

Paywalless is designed to operate without personal information. We do not collect:

• Names, email addresses, or phone numbers
• Passwords or account credentials (there are no accounts)
• Government-issued identification
• Physical addresses or location data
• Browsing history or behavioral tracking data
• Cookies for advertising, analytics, or user profiling
• IP addresses for identification purposes
• Device fingerprints or cross-site tracking identifiers

4. Blockchain Data

Paywalless operates on the Base blockchain, a public Ethereum Layer 2 network. All blockchain transactions are public by nature and can be viewed by anyone using a block explorer. Paywalless does not control the visibility, immutability, or retention of blockchain data. Wallet addresses and transaction details on the blockchain are permanently public and cannot be deleted by Paywalless or any other party.

5. How We Use Data

The data we collect is used exclusively for protocol operation:

• Product display — Showing product title and price to prospective buyers on checkout pages.
• Payment verification — Verifying on-chain transaction receipts to confirm payment to the correct seller for the correct product and amount.
• Content delivery — Decrypting the stored URL reference and issuing a one-time redirect to the buyer after successful payment verification.
• Replay protection — Recording used transaction hashes to prevent a single payment from being used to access content multiple times beyond the allowed duration.

6. Data Storage

Protocol data is stored in Google Cloud Firestore, a managed database service provided by Google Cloud Platform. Content reference URLs are encrypted using AES-256-GCM encryption before storage and are decrypted only at the moment of content delivery (server-side 302 redirect). Encryption keys are stored as environment variables on the server and are never exposed to clients, logged, or included in responses.

7. Third-Party Services

Paywalless relies on the following third-party services to operate:

• Google Cloud Platform — Server infrastructure (Cloud Run) and database (Firestore). Subject to Google Cloud Terms of Service.
• Firebase Hosting — Static page delivery. Subject to Firebase Terms of Service.
• Base blockchain — Payment settlement and transaction verification. Base is a public blockchain; all transactions are publicly visible.
• Coinbase Smart Wallet SDK — Wallet connection for buyers. The SDK runs client-side in the buyer's browser. Paywalless does not receive or store wallet private keys.

Each third-party service has its own privacy practices. We encourage you to review their respective privacy policies.

8. Cookies

Paywalless does not use tracking cookies, analytics cookies, advertising cookies, or any form of cross-site tracking. The Coinbase Smart Wallet SDK may use minimal technical cookies or local storage for wallet session management in the buyer's browser. These are controlled by Coinbase and are not accessible to Paywalless.

9. Data Retention

• Product data — Stored for as long as the product exists on the platform. Sellers may request product removal.
• Transaction hashes — Stored indefinitely for replay protection purposes.
• Blockchain data — Immutable and permanently stored on the public blockchain. This is inherent to blockchain technology and outside the control of Paywalless.

10. Changes & Contact

Paywalless may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

For questions or concerns about this Privacy Policy or our data practices, please reach out via the project's public channels.