Privacy Policy

Last updated: March 2026

1. Overview

algo-wallet ("we", "us", "our") operates the x402 payment routing platform at ai-agentic-wallet.com and its API at api.ai-agentic-wallet.com. This Privacy Policy explains what data we collect, how we use it, and your rights.

2. Data We Collect

  • Algorand addresses — public blockchain addresses you register as agents. These are public by nature.
  • Transaction metadata — settlement timestamps, amounts, and transaction IDs stored for audit and velocity enforcement. All amounts are in micro-USDC.
  • API usage telemetry — request counts, error rates, and latency metrics. No request body content is retained.
  • IP addresses — hashed (SHA-256) for rate limiting. Raw IPs are never stored persistently.
  • WebAuthn credentials — public-key credentials only. Private keys never leave your device.

3. Data We Do NOT Collect

  • Algorand mnemonics or private keys (never transmitted to our servers)
  • Names, email addresses, or personally identifying information
  • Cookies or cross-site tracking identifiers
  • Payment card information

4. How We Use Data

  • Enforcing velocity limits and fraud detection
  • Providing settlement history in the developer portal
  • Operating the Wallet Guardian and on-chain monitor
  • Debugging and improving system reliability

5. Data Retention

Settlement records are retained for 7 days in Redis. Aggregated telemetry metrics are retained for 30 days. Velocity window data auto-expires after each rolling window (10 minutes or 24 hours). Recipient anomaly records expire after 90 days.

6. Third Parties

  • Algorand / Nodely — blockchain node providers. Transaction data is public on-chain by design.
  • Railway — infrastructure hosting for the API and Redis. Subject to Railway's privacy policy.
  • Sentry — error monitoring. Sentry receives error stack traces and request paths, but not request bodies or mnemonics.

We do not sell data to third parties.

7. Your Rights

Because we do not collect personally identifying information, most GDPR/CCPA rights (access, deletion, portability) apply only to your on-chain Algorand address, which is public by the nature of the blockchain and cannot be deleted. You may delete your agent registry entry via the developer portal at any time.

8. Contact

Questions? Reach out via the developer portal or open an issue on GitHub.

← Back to home·Terms of Service