Privacy Policy

Version beta-v1.0 · Effective March 1, 2026

1. Introduction

Obolo ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your data.

This policy applies to all users of the Obolo platform, including API providers who register through our dashboard. By using our Service, you agree to the practices described in this policy.

2. Information We Collect

We collect the following categories of information:

Account & Identity Data

Email addressRequired for account creation and communication
Company nameUsed on your public provider profile
CountryUsed for compliance and analytics
Wallet addressYour blockchain payment address
Wallet verification statusWhether you have proven ownership of your wallet

Usage & Transaction Data

API call logsTimestamp, endpoint, chain, token, amount — for billing and analytics
Transaction hashesOn-chain references for payment verification
Endpoint configurationsYour registered API endpoint URLs and rate limits
Earnings dataCumulative and per-period revenue figures

Legal & Compliance Data

ToS acceptance timestampWhen you accepted each version of our Terms
Partial IP addressFirst two octets only (e.g. 192.168.x.x) — for legal audit trail
Admin activity logActions taken by platform admins affecting your account

Technical Data

Browser / device typeCollected by our hosting infrastructure (Vercel)
Session dataAuthentication tokens stored in secure cookies

3. How We Use Your Information

We use your data only for the following purposes:

  • Service delivery — processing API calls, verifying payments, routing transactions.
  • Billing & payouts — calculating earnings, processing withdrawal requests.
  • Security — detecting fraud, replay attacks, and unauthorized access.
  • Communication — sending transactional emails (payment notifications, alerts).
  • Analytics — understanding platform usage to improve the Service.
  • Legal compliance — maintaining audit logs to satisfy legal obligations.
  • Support — diagnosing and resolving issues you report.

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

4. Information Sharing

We share your data only in the following circumstances:

Service Providers

We use the following third-party services to operate the platform. Each processes data only as necessary to provide their service to us:

  • Supabase — database and authentication hosting
  • Vercel — application hosting and CDN
  • Cloudflare — API proxy and DDoS protection
  • Resend — transactional email delivery
  • Alchemy / RPC providers — blockchain data queries
  • Bridge / Stripe — payout processing (only if you configure payouts)

Legal Requirements

We may disclose your information if required by law, subpoena, court order, or governmental authority, or to protect the rights, property, or safety of Obolo, its users, or the public.

Business Transfer

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your data is transferred to a different privacy policy.

5. Data Retention

We retain your data for the following periods:

Account dataUntil account deletion request is processed
Transaction logs7 years (regulatory requirement for financial records)
API call logs90 days rolling (compressed to daily summaries after 90 days)
Audit logs3 years
ToS acceptance recordsIndefinitely (legal compliance)
Session data24 hours

After account deletion, personal identifiers are purged within 30 days. Anonymized, aggregated data may be retained indefinitely for analytics.

6. Security

We implement industry-standard security measures to protect your data, including:

  • TLS encryption for all data in transit
  • AES-256-GCM encryption for sensitive credentials at rest
  • Row-level security (RLS) in our database — each provider sees only their own data
  • HMAC-signed webhooks to verify payload authenticity
  • Replay attack protection for all payment transactions
  • Admin role separation with audit logging of all privileged actions

No system is perfectly secure. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — Request a copy of the personal data we hold about you.
  • Correction — Request correction of inaccurate or incomplete data.
  • Deletion — Request deletion of your account and personal data (subject to retention requirements above).
  • Portability — Request your data in a machine-readable format.
  • Restriction — Request that we limit processing of your data in certain circumstances.
  • Objection — Object to processing based on legitimate interests.

To exercise any of these rights, contact us through the dashboard support channel. We will respond within 30 days. We may require identity verification before processing requests.

California residents (CCPA): You have the right to know what personal information we collect, to opt out of sale (we do not sell your data), and to non-discrimination for exercising your rights.

EEA/UK residents (GDPR/UK GDPR): Our legal basis for processing is contract performance (providing the Service) and legitimate interests (security and fraud prevention). You have the right to lodge a complaint with your local supervisory authority.

8. Cookies

Obolo uses only strictly necessary cookies for session management and authentication. We do not use tracking, advertising, or analytics cookies. No third-party tracking scripts are loaded on dashboard pages.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes, we will update the version number above and, where required, obtain your renewed consent through the in-dashboard acceptance gate.

11. Contact

For privacy-related questions or requests, please contact us through the Obolo dashboard support channel. We will respond to all requests within 30 days.

Version beta-v1.0 · March 1, 2026