Privacy Policy

Last updated: May 2026

Gate402 ("we", "our", or "us") operates gate402.dev and api.gate402.dev. This Privacy Policy explains what information we collect, how we use it, and what rights you have regarding your data.

1. Information We Collect

Account Information

When you sign in with GitHub OAuth, we receive and store:

• Your GitHub username and email address
• Your GitHub profile ID (used as your unique identifier)
• Your profile avatar URL (for display purposes only)

We do not receive your GitHub password or private repositories.

API Usage Data

When you use Gate402 to monetize your API, we store:

• API call logs: timestamp, endpoint path, amount paid, payer wallet address, transaction hash
• These logs are used to power your real-time dashboard and revenue analytics
• Logs are stored indefinitely unless you request deletion

Payment Information

Gate402 does not process or store credit card information directly. All subscription billing for the Pro plan is handled by Stripe. For on-chain USDC payments, we store only the public Solana transaction hash — we never have access to any private keys.

Solana Wallet Addresses

When you configure a receiving wallet, we store your public Solana wallet address. This is a public blockchain address — not sensitive information. We use it to verify that payments were sent to the correct destination.

Technical Data

We may collect standard server logs including:

• IP addresses (for rate limiting and security)
• Browser user agent strings
• Request timestamps and response codes

2. How We Use Your Information

We use the information we collect to:

• Provide and operate the Gate402 dashboard and API
• Verify on-chain payments on the Solana blockchain
• Send payment alert emails when you receive USDC (if enabled)
• Deliver webhook events to your configured URL
• Detect and prevent abuse and fraud
• Improve our service and fix bugs

3. Data Sharing

We do not sell your personal data. We share data only with:

Supabase — Database and authentication provider. Your account data and API call logs are stored in Supabase-managed PostgreSQL databases. supabase.com/privacy

Stripe — Payment processor for Pro plan subscriptions. When you subscribe, Stripe processes your card and stores billing data per their privacy policy. stripe.com/privacy

Resend — Email delivery service used to send payment alert emails. resend.com/legal/privacy-policy

Railway — Cloud hosting provider for our API server. railway.app/legal/privacy

Vercel — Cloud hosting provider for our dashboard. vercel.com/legal/privacy-policy

We do not share your data with any other third parties for advertising or marketing purposes.

4. Blockchain Data

Solana blockchain transactions are public and permanent. When a payment is made to your wallet address, the transaction is permanently recorded on the Solana blockchain and is publicly visible to anyone. This is inherent to how blockchain technology works and is outside our control.

5. Data Retention

• Account data: retained while your account is active
• API call logs: retained indefinitely for analytics; delete-on-request available
• Email logs: not retained (Resend does not store email content)
• Stripe billing data: retained per Stripe's policy (typically 7 years for tax purposes)

6. Your Rights

Depending on your location, you may have the right to:

• Access — the personal data we hold about you
• Delete — your account and associated data
• Export — your API call logs in CSV format (available in the dashboard)
• Correct — inaccurate personal data
• Object — to specific processing of your data

To exercise any of these rights, email us at: privacy@gate402.dev

7. Security

We implement standard security practices including:

• HTTPS encryption for all data in transit (enforced by Cloudflare)
• Row-level security in our database (Supabase RLS)
• No storage of private keys or payment credentials
• API keys are randomly generated UUIDs that you can rotate at any time

8. Cookies

Gate402 uses minimal cookies:

• Session cookie — required for authentication after GitHub login
• Preference cookies — none currently

We do not use advertising or tracking cookies.

9. Children

Gate402 is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, contact us immediately at privacy@gate402.dev.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this page. Continued use of Gate402 after changes constitutes acceptance of the updated policy.

11. Contact

For privacy questions or to exercise your rights: