Privacy Policy

λ.digital ("we", "us", "our") operates as a non-custodial cryptocurrency payment infrastructure provider. This Privacy Policy explains how we collect, use, and protect information when you use our services.

We collect only what is necessary to provide the Service and operate securely. We do not sell your data.

Account information: When you register as a merchant, we collect your business name, email address, and optionally a webhook URL.

Wallet addresses: Cryptocurrency wallet addresses you register to receive payments. These are stored to route payment detection.

Transaction data: On-chain transaction hashes, amounts, timestamps, and blockchain addresses detected by our watchers. This data is derived from public blockchain records.

API usage: API key hashes (never the plain key), request timestamps, and IP addresses for rate limiting and security purposes.

OAuth data: If you sign in with Google or GitHub, we receive your email address and public profile name from the OAuth provider.

• To create and manage your merchant account
• To detect on-chain payments and deliver webhook notifications
• To authenticate API requests and prevent abuse
• To comply with legal obligations
• To detect and prevent fraud and security incidents
• To send service-related communications

We do not use your data for advertising or sell it to third parties.

Payment transactions are recorded on public blockchains. This data — including wallet addresses and transaction amounts — is publicly visible and inherently outside our control. We detect and store a copy of this data to provide our service, but we cannot delete or modify on-chain records.

We may share your data with:

• Infrastructure providers: Hosting, database, and cloud services required to operate the platform (data is processed under appropriate agreements)
• Law enforcement: When required by law or to prevent fraud and financial crime
• Blockchain RPC providers: Wallet addresses are shared with third-party RPC nodes (Alchemy, TronGrid, TonCenter) to monitor for incoming transactions

We do not sell, rent, or trade your personal data.

Account data is retained for as long as your account is active. Transaction records are retained for a minimum of 5 years for compliance purposes. You may request deletion of your account, subject to legal retention obligations.

We implement appropriate technical and organisational measures to protect your data:

• API keys are hashed (bcrypt) and never stored in plain text
• Webhook payloads are signed with HMAC-SHA256
• All data is transmitted over TLS
• Database access is restricted to internal services only
• Passwords are hashed and salted; we cannot recover them

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and associated data (subject to legal retention requirements)
• Object to or restrict certain processing
• Data portability

To exercise these rights, contact us at admin@λ.digital.

We use session cookies for authentication only. We do not use tracking cookies, advertising cookies, or third-party analytics.

Your data may be processed in countries outside your own. We ensure appropriate safeguards are in place for any international data transfers.

We may update this policy periodically. We will notify you of significant changes by email or by a notice on the Service. Continued use after changes constitutes acceptance.

For privacy-related questions or to exercise your rights:

admin@λ.digital

See also our Terms of Service and AML Policy.