Last updated: April 2026
XPTP collects only the data necessary to process payments. This includes:
Wallet addresses provided during payment creation are screened against publicly available sanctions lists (e.g. OFAC SDN) and commercial risk assessment tools for compliance purposes. No screening results or address data is retained beyond the 7-day retention window. See our AML/KYC Policy for details.
We do not collect names, email addresses, IP addresses of payers, browser fingerprints, or any form of personal identification.
We do not use cookies, analytics trackers, or any third-party tracking scripts. There are no user accounts, no login systems, and no registration process. We do not perform KYC (Know Your Customer) verification. The service is designed to operate without collecting personal data.
All payment data is automatically and permanently deleted 7 days after creation. This includes payment records, payment options, webhook delivery logs, and associated metadata. This deletion is performed by an automated background job and is irreversible.
Aggregated, anonymized metrics (hourly payment counts and volume totals per chain/token) are also deleted after 7 days. These metrics contain no information that can be linked to individual payments or users.
Cryptocurrency transactions are recorded on public blockchains and are permanently visible to anyone. XPTP has no ability to delete, modify, or hide on-chain transaction data. When you send a cryptocurrency payment, the transaction details (sender address, recipient address, amount, timestamp) are part of the public blockchain record regardless of our data retention practices.
XPTP uses Cloudflare as a reverse proxy for DDoS protection and content delivery. Cloudflare may process network-level data (such as IP addresses) as part of its standard operations. Merchant webhook deliveries are also routed through a Cloudflare Worker proxy so that our server's IP address is not exposed to merchant endpoints. We do not share payment data with any other third party.
Merchants may optionally include an analytics secret when creating payments to enable a self-service analytics dashboard. We store only a SHA-256 hash of this secret, never the plaintext. The hash is used solely to group and aggregate payment data for the merchant's own viewing. The analytics secret and its hash are deleted along with all other payment data after 7 days.
When a payment completes, we send a signed webhook to the URL provided by the merchant. Webhooks follow the Standard Webhooks specification and are delivered through a Cloudflare Worker proxy. The webhook payload contains the payment ID, amount, selected chain/token, transaction hash, and any metadata the merchant included when creating the payment. The merchant is responsible for the handling and storage of this data on their end.
Webhook delivery is retried up to 6 times over approximately 1 hour if the merchant's endpoint is unreachable. Delivery status is tracked per payment and persists across server restarts.
If we receive a valid legal request from a law enforcement authority, we may be required to provide any data we currently hold. Given our 7-day automatic deletion policy, data related to payments older than 7 days will not be available regardless of any request.
We may update this privacy policy at any time. Changes will be reflected by updating the date at the top of this page. Continued use of the service after changes constitutes acceptance.