Privacy Policy

We collect the minimum we need to run the Service: an email or Google identity to log you in, a public handle and display name, wallet addresses you choose to publish, and the messages you send or receive. We do not sell personal data, we do not show ads, and we are non-custodial — your funds never touch our servers. The amount and content of paid messages stay hidden in the inbox until you reveal them, and our email notifications never leak either.

Pay to Chat is operated by the team behind paytochat.fun. For data-protection requests, write to privacy@paytochat.fun.

Account data

• Authentication identifier — email + password hash, or your Google account ID — handled by Firebase Auth.
• Public profile — handle, display name, optional bio, optional avatar URL, and optional links (X / Instagram / website).
• Settings — minimum tip threshold, notify-above threshold, cool-off length, accepted chains and tokens, email-notifications toggle, auto-reply template.
• Wallet addresses — Ethereum and/or Solana addresses you publish to receive tips. These are public on-chain identifiers.

Message data

• Sanitized message body (HTML), a plain-text projection used for previews, and any inline images you attach.
• On-chain references for paid messages: transaction hash, chain, token, sender address, recipient address, verified amount.
• Status and timestamps: created, paid, opened.

Conversation data

• Participant pair, last-message timestamp, unread counts, the running cool-off window, and the cumulative paid total in that thread.

Operational data

• Server logs (e.g. failed payment-verification attempts, send / open errors). These contain user IDs, IP addresses, and request metadata, and we retain them up to 30 days for abuse prevention.
• Email-delivery metadata from SendGrid (bounces, deferrals) for paid-message notifications you have opted into.

We do not use marketing cookies or third-party ad / analytics trackers. We rely on first-party authentication cookies set by Firebase and the standard cookies your wallet connector (RainbowKit, Solana Wallet Adapter) uses to remember your last connection.

• Run the Service — render your public profile, route messages, verify on-chain payments, send the configured email notifications, enforce abuse limits.
• Email notifications — when a paid message lands above your “notify above” threshold, we send a minimal email through SendGrid. The email never contains the message body or the tip amount; it only links you to the inbox so you can reveal both there. You can disable email notifications in Settings.
• Security & fraud prevention — detecting duplicate transaction hashes, flagging suspicious senders, blocking spam.
• Legal compliance — responding to lawful requests, sanctions screening, audit trails for the messaging platform.

We do not use your data to train machine-learning models. We do not sell or rent personal data. We do not target ads.

• Contract — to deliver the Service you signed up for (account, messaging, payment verification).
• Legitimate interest — keeping the Service secure and free of abuse, debugging.
• Consent — email notifications when enabled, optional analytics if we ever introduce them.
• Legal obligation — sanctions / law-enforcement compliance.

Stablecoin transfers happen on public blockchains (Solana mainnet and Ethereum mainnet). The sender wallet, recipient wallet, token, amount, and timing are publicly visible on those chains and are not controlled by us. When you publish a wallet address on your profile, anyone can correlate it with on-chain activity. Use a fresh address if you want to keep your tip activity separate from your other on-chain identity.

• Firebase Authentication, Firestore, and Cloud Storage — operated by Google. Data is stored in the Firebase project's configured region.
• Vercel — hosts the Next.js front end and serverless API routes. Logs may transit Vercel's infrastructure (default region us-east-1).
• SendGrid (Twilio) — outbound transactional email for paid-message notifications.
• Public RPC providers — used to read transaction status from Solana and Ethereum. Requests carry the transaction hash but no user identity.
• WalletConnect Cloud — relays wallet pairings; the WalletConnect project ID is public.

These providers act as data processors. By using the Service you consent to your data being processed in their infrastructure, including transfers to the United States or other regions where they operate. Where required, we rely on Standard Contractual Clauses for cross-border transfers.

• Account profile and messages persist until you delete the account.
• Server logs: up to 30 days unless extended by an active investigation.
• Email-delivery metadata: up to 30 days at SendGrid.
• On-chain transaction data is permanent on the underlying blockchains and outside our control.

Depending on where you live, you have rights to access, rectify, delete, restrict, port, or object to processing of your personal data. To exercise any of these, email privacy@paytochat.fun from the address on your account. We will respond within 30 days.

You also have the right to lodge a complaint with your local data-protection authority (e.g. the ICO in the UK, your DPA in the EU).

The Service is not intended for anyone under 18. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will remove it.

We use Firebase's security rules to deny client writes to messages and lock conversation updates to a single field (unreadCount). API routes verify Firebase ID tokens and on-chain transactions before persisting anything. Inline images are sanitized server-side before storage. We don't custody funds, so even a server compromise can't move your stablecoins.

Despite all this, no system is perfectly secure. If you suspect your account has been accessed without your permission, change your password, sign out of all sessions, and email security@paytochat.fun.

We may update this policy. Material changes will be reflected by updating the “Last updated” date above and, where feasible, by notifying signed-in users in-app.