PayChainHQ

Legal

Privacy Policy

This policy explains how PayChainHQ handles information when businesses use the public site, dashboard, API, hosted invoice pages, and related support channels.

Last updated March 8, 2026Applies to public site, dashboard, API, and hosted invoice surfaces
Privacy PolicyTerms of ServiceCookie PolicySecurity

Scope

This policy applies to PayChainHQ-operated websites, developer documentation, business dashboard surfaces, public invoice pages, and operational APIs.

It covers information we collect directly from businesses, their authorized users, customers interacting with hosted invoice surfaces, and technical metadata generated while the service operates.

Information we collect

  • Account and business profile data, including company name, business identifiers, contact details, invited team members, and subscription status.
  • Payment and transaction data, including invoice identifiers, customer references, deposit addresses, blockchain network selection, webhook delivery records, and withdrawal requests.
  • Authentication and security data, including login events, password reset activity, step-up authentication events, IP addresses, user-agent strings, and session metadata.
  • Support and communication data, including onboarding review notes, customer service messages, and product feedback.

How we use information

  • To create and operate business accounts, issue API credentials, and manage team access.
  • To create invoices, monitor deposits, process withdrawals, reconcile balances, and deliver webhook events.
  • To protect the service through fraud checks, sanctions-related controls, abuse monitoring, rate limiting, and audit logging.
  • To communicate with businesses about account activity, onboarding, billing, security, and product changes.

Service providers and subprocessors

PayChainHQ uses third-party infrastructure and service providers to host the application, deliver transactional email, monitor blockchain activity, and support wallet and treasury security operations.

Where applicable, this includes MPC-backed key infrastructure providers such as Turnkey for controlled wallet and treasury signing operations.

We disclose operationally necessary providers only to the extent required to run the service, comply with law, or fulfill customer instructions.

Retention

We retain account, payment, billing, audit, and security data for as long as reasonably necessary to provide the service, comply with legal obligations, resolve disputes, and maintain financial records.

Retention windows vary by data type. Security logs and notification records may be retained for shorter operational periods than account or reconciliation data.

Security protections

We use access controls, environment separation, audit logging, webhook signing, approval flows, and privileged-operation checks to reduce unauthorized access risk.

No system is completely risk-free, but we design PayChainHQ to reduce key exposure and keep sensitive treasury operations behind controlled workflows.

Your choices and rights

Businesses may review and update account information through the dashboard and may request assistance with access, correction, or deletion requests where legally permitted.

Some data must be retained to meet regulatory, contractual, or security obligations, even after an account is closed.

Changes to this policy

We may update this policy as the product, infrastructure, or legal obligations evolve. Material changes will be reflected by updating the effective date and, where appropriate, by providing additional notice.