Privacy Policy

txdecode is a pay-per-call API with no accounts and no sign-up. This policy describes the minimal data the service handles, why, and how long it is kept. Last updated 2026-06-14.

1. What we collect

Requests to the API and the website are logged with a small, fixed set of operational data:

• A salted hash of the client IP address — not the raw IP. The hash is used as an opaque bucket key; it cannot be reversed to the original address.
• The user agent string sent by the client.
• Request metadata: timestamp, requested path, HTTP method, status code, and response latency.

We do not collect names, emails, account identifiers, or any other personally identifiable information. There is no account system, so there is nothing to register and no profile to build.

2. Why we collect it

The operational data above is used for three purposes only:

• Rate limiting — the hashed IP keys the pre-payment rate limit (30 requests per minute per IP per endpoint).
• Fraud and abuse prevention — detecting and blocking abusive traffic patterns.
• Aggregate analytics — counting requests, errors, and latency to operate and improve the service.

3. Analytics

Website analytics run on self-hosted Umami. It is cookieless: no cookies are set, no cross-site identifiers are stored, and no data is sent to third-party trackers or advertising networks. There are no Google Analytics, no pixels, and no fingerprinting beyond the coarse-grained, aggregate page-view counts Umami records.

4. Wallet addresses

Payments settle through the x402 protocol on Base. The wallet addresses involved in a payment are visible on-chain by design — that is a property of the public blockchain, not of this service. We do not link wallet addresses to any identity, and we hold no mapping between a wallet and a person, IP, or session.

5. Data retention

Raw logs — including hashed IPs, user agents, and request metadata — are retained for 90 days, then deleted. Aggregated counters (request totals, error rates, latency summaries) contain no identifiers and are kept indefinitely.

6. No data sales, no sharing

We do not sell, rent, or share the data we collect with third parties. The only exception is disclosure required by a valid legal order; given what we hold, that amounts to hashed IPs and request metadata, never PII.

7. GDPR and deletion requests

The only data tied to a request originator is the salted IP hash. To exercise a deletion request, contact us at support@txdecode.com. We honor it by purging the corresponding IP-hash bucket from raw logs, since that hashed bucket is all we have. On-chain payment data lives on Base and is outside our control to delete.

8. Contact

Questions about this policy or a privacy request: support@txdecode.com.