Data we do NOT collect
- Merchant names, legal entities, tax IDs, or banking details (we don't ask)
- Customer names, addresses, or ID documents (handled by Moonpay & co. directly)
- Customer card numbers (they go straight to the licensed processor, never touch our servers)
- Customer wallet addresses (unless they choose crypto-direct payment)
- Browser fingerprints or tracking cookies
Data we DO store
- Merchant's USDC Polygon wallet address (required to route payments)
- Transaction metadata: amount, currency, timestamp, provider chosen, session ID, payment status
- Optional: customer email (if passed) to auto-fill on Moonpay; not retained beyond the session
- IP address and country for rate-limiting and fraud prevention (kept 30 days)
Third-party processors
When a customer clicks a payment provider, their data is transmitted to that provider directly:
- Moonpay: card details + KYC on high-value purchases
- Revolut Ramp: same
- Binance Pay: same
- Transak / Banxa: same
- On-chain settlement partner: wallet orchestration; sees amount + routing address
- Cloudflare: proxy, network-level logs (IP, request time)
- Vercel: hosts our app, server logs
- Upstash Redis: stores transaction metadata (EU or US, depending on region)
GDPR rights (EU residents)
You have the right to access, delete, or export your personal data. Since we don't collect names or contact info, there's usually nothing tied to your identity to export. To request removal of any data linked to your wallet, email hi@peptide-pay.com.
Blockchain data is public
On-chain transactions are visible on polygonscan.com and cannot be deleted. Your wallet address and all its transactions are a permanent public record.
Contact
hi@peptide-pay.com