Privacy Policy

Last updated: February 19, 2026

1. Introduction

PayzCore ("Company", "we", "us") is committed to protecting the privacy and security of information collected through our blockchain monitoring platform ("Platform"). This Privacy Policy explains how we collect, use, store, and protect your information when you register for an account or use our Services.

2. Information We Collect

Account Information

When you register for an account, we collect:

  • Name and email address
  • Hashed password (we never store plaintext passwords)
  • Account role and subscription plan
  • Two-factor authentication settings (encrypted)

Wallet & Blockchain Data

When you use our monitoring features, we store:

  • Extended public keys (xPub) that you provide for address derivation
  • Manually entered static blockchain addresses that you provide for payment monitoring
  • Derived blockchain addresses (public, watch-only)
  • Address assignment records (which payment request is associated with which address)
  • Publicly available blockchain transaction data (transaction hashes, amounts, sender addresses) detected by our monitoring
  • Customer-submitted transaction hashes (in transaction ID verification mode)

Important: We never collect, store, or have access to your private keys, seed phrases, or any credentials that could be used to control your funds. xPub keys are watch-only and cannot be used to spend or move funds.

Usage Data

When you use our Platform, we may collect:

  • API request logs (endpoints accessed, timestamps)
  • Authentication events (login attempts, IP addresses)
  • Webhook delivery logs (URLs, response codes, timestamps)

3. How We Use Information

We use collected information to:

  • Provide, maintain, and improve our monitoring and notification Services
  • Authenticate users and manage access control
  • Derive blockchain addresses from your xPub keys for monitoring purposes
  • Send webhook notifications when blockchain activity is detected
  • Send transactional emails (account verification, security alerts)
  • Monitor system performance, security, and abuse prevention
  • Enforce rate limits and subscription plan restrictions
  • Comply with legal obligations

4. Data Sharing

We do not sell, rent, or trade personal information. We may share data only:

  • With your explicit consent
  • To comply with legal obligations or law enforcement requests
  • To protect our rights, safety, or property
  • With essential service providers who assist in delivering our Services, including:
    • Resend (email delivery for account verification and notifications)
    • Infrastructure providers (hosting and database services)

All service providers are bound by confidentiality obligations and are prohibited from using your data for any purpose other than providing their services to us.

5. Data Security

We implement industry-standard security measures including:

  • Encryption of data in transit (TLS/HTTPS)
  • Bcrypt hashing for passwords (12 rounds)
  • AES encryption for sensitive secrets (TOTP keys)
  • HMAC-SHA256 for webhook signature verification
  • Two-factor authentication (TOTP) support
  • Role-based access control with data isolation
  • Rate limiting on all authentication and API endpoints
  • Regular security monitoring and logging

6. Data Retention

We retain account data for as long as your account is active. Upon account deletion or termination, your data will be deleted within 90 days unless a longer retention period is required by law.

Blockchain transaction data detected by our monitoring may be retained for the duration of your account for reporting and historical reference purposes.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Request data portability
  • Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Cookies

Our Platform uses only essential cookies for authentication and session management. We do not use tracking cookies, advertising cookies, analytics cookies, or any third-party tracking services.

9. Third-Party Services

Our Platform interacts with the following third-party services:

  • TronGrid & Etherscan — Blockchain APIs for reading publicly available transaction data across TRC20, BEP20, ERC20, Polygon, and Arbitrum. We send only blockchain addresses (public data), no personal information.
  • Resend — Email delivery service for account verification and notifications. Receives your email address only.

Each third-party service has its own privacy policy. We share the minimum data necessary for each service to function.

10. International Data

Our servers may be located in different jurisdictions. By using our Platform, you consent to the transfer and processing of your data in these jurisdictions. We ensure appropriate safeguards are in place for any cross-border data transfers.

11. Children's Privacy

Our Platform is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from minors. If you believe we have collected information from a minor, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Platform. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of our Services after changes constitutes acceptance of the updated policy.

13. Contact

For questions about this Privacy Policy or our data practices, contact us at [email protected].