← x402email

Privacy Policy

Last updated: February 10, 2025

What we collect

When you send email through x402email, we store the following in our database:

  • Wallet addresses — payer/sender wallet for payment verification and abuse prevention.
  • Email metadata — sender address, recipient addresses, subject line, and SES message ID.
  • Subdomain ownership — which wallet owns which subdomain, authorized signers.
  • SIWX nonces — used nonces for replay attack prevention. No personal data.

What we do not collect

  • Email bodies — we do not store the content of your emails. Email bodies are passed directly to AWS SES for delivery and not persisted.
  • Cookies or tracking — this site sets no cookies, uses no analytics, and does not track visitors.
  • Personal identity — we identify users by wallet address only. We do not collect names, physical addresses, or phone numbers.

How we use your data

  • Send logs — used for rate limiting, abuse detection, and bounce/complaint monitoring. Required to maintain deliverability for all users.
  • Subdomain records — used to verify ownership and authorize senders.
  • Payment records — used to verify x402 payment settlement.

Third parties

Your email is processed by:

We do not sell or share your data with anyone else.

Data retention

Send logs are retained indefinitely for abuse prevention. SIWX nonces are retained for replay prevention. Subdomain records persist for the lifetime of the subdomain. We may implement automated log rotation in the future.

Your rights

Since we identify users by wallet address only, there is no account to delete. If you want your send logs removed, open an issue on GitHub and we will process your request.

Changes

We may update this policy at any time. Continued use of the service after changes constitutes acceptance.