NoHoldPayBeta
Sign inStart accepting
Legal documents
Policy

Privacy Policy

Last updated:
May 28, 2026
Effective:
May 28, 2026

This Privacy Policy explains what information NoHoldPay ("we", "us", "our") collects, how we use it, who we share it with, and how we protect it.

Questions about this Policy may be submitted through the contact page.

1. Roles

We process two kinds of personal information:

  1. Merchant information - about the businesses and people who sign up for or manage a NoHoldPay account.
  2. Customer information - about end users who pay one of our merchants via a NoHoldPay-hosted checkout, link, or invoice.

For customer information, NoHoldPay processes information as a service provider to the merchant. Merchants remain responsible for their customer relationships, including any customer-facing privacy notices they are required to publish.

2. Information we collect

2.1 Information merchants provide

  • Account details. Email address. Display name. Optional Google account identifier if you sign in via Google OAuth.
  • Password. NoHoldPay does not store passwords in plaintext. We store only a one-way password hash.
  • Two-factor authentication. If you enable two-factor authentication, we store the secret needed to verify one-time codes encrypted at rest.
  • Wallet material you provide. Depending on the chain, this is one of:
    • An extended public key (xpub / zpub / vpub / tpub) for HD-derived UTXO chains. This is public-key material - it lets us derive addresses and observe incoming payments, but it cannot be used to spend funds.
    • A public address (EVM, TRON, Solana, XRP, Stellar/XLM).
    • For CREATE2 / PDA forwarder modes: treasury or recipient addresses and related public routing or authorization information needed to route or settle payments. We do not receive your treasury private keys.
    • For Monero: your primary address and your private view key. The view key is a sensitive secret. It lets us see wallet activity, history, and balances needed to detect and reconcile payments for that wallet, and it may reveal more than the individual payments you create through NoHoldPay. It does not let us move or spend funds. We store view keys encrypted at rest and decrypt them only as needed to detect and reconcile payments. You acknowledge this trade-off explicitly when you create a Monero wallet.
  • Business information. Information you add to your merchant profile, such as business name, logo, public-facing description, and other profile fields you configure.
  • API keys you generate. API keys are shown to you once at creation. We store only lookup metadata and a one-way hash of the full key.
  • Webhook configuration. Endpoint URLs, event allowlists, and webhook signing secrets.
  • Notification preferences. Which events should reach you by in-app notification, email, or webhook.

2.2 Information generated or observed for merchant accounts

  • Sessions. When you sign in, we issue a signed session token. The token is delivered to your browser in a protected cookie that is not accessible to browser JavaScript. Sessions are also tracked server-side so we can revoke them and protect your account.
  • Audit log. Meaningful account actions, such as logins, wallet changes, and security-sensitive settings changes, are recorded in an append-only audit trail.
  • Payment data. For each payment we record: payment ID, merchant ID, chain, coin, amount requested, amount received, status, transaction hash(es), receiving address, customer email where provided, customer IP where applicable, coarse geographic location where resolved, timestamps, and links to payment links / invoices.
  • API request data. Request method, path, response status, timing, response size, IP address, and request ID. Standard request logs do not store full request bodies.
  • Webhook delivery records. Each delivery attempt, its HTTP status, latency, and the next retry time.
  • Aggregate metrics. Counts, rates, and error frequencies used for monitoring, service reporting, and dashboard summaries.

2.3 Information about merchant customers

When a customer visits a NoHoldPay-hosted checkout page or pays through a payment link / invoice, we may collect:

  • IP address of the visitor, extracted from the request chain. We use this for security (rate limits, fraud detection) and to resolve coarse geographic location.
  • Coarse geographic location (country and, for internal fraud and abuse review, approximate city) resolved from the IP. We use a local copy of MaxMind GeoLite2 for this resolution, so your customer's IP is not transmitted to MaxMind in real time.
  • Wallet address the customer paid from (visible on the blockchain transaction).
  • Transaction hash of the customer's payment (visible on the blockchain transaction).
  • Payment-related events the customer triggers (e.g. clicking "I have paid", pasting a transaction hash, requesting a refund).
  • Customer contact or refund details if you or the customer provide them, such as invoice customer name, invoice customer email, invoice address fields, payment customer email, refund address, or optional refund email.

We do not perform customer KYC on behalf of merchants. We do not request government IDs, biometric data, or verified identity profiles from merchant customers.

2.4 Information we do not collect

  • Your private spending keys. NoHoldPay does not see, store, or transmit the private keys that let someone spend from your receiving wallets. The wallet material we hold is limited to extended public keys, public addresses and routing information, optional feature-specific authorization material, and Monero view keys (which cannot spend).
  • Verified customer identity data. We do not collect your customers' government IDs, biometric data, or verified identity profiles.
  • Browser fingerprints beyond standard request metadata.
  • Advertising / tracking cookies. See the Cookie Policy.
  • Cross-site tracking pixels.

3. How we use information

We use the information described above to:

  • Authenticate you and protect your account.
  • Detect incoming payments by watching the relevant blockchains.
  • Generate per-payment addresses, destination tags, payment references, and forwarder addresses.
  • Calculate platform fees, manage your prepaid balance, and produce reports.
  • Send transactional emails (e.g. password reset, security notifications, payment alerts).
  • Send webhooks to endpoints you configure.
  • Detect and prevent fraud and abuse (rate limiting, IP-based heuristics, sanity checks on payment behavior).
  • Operate and improve the service (monitoring, debugging, capacity planning).
  • Comply with legal obligations and respond to lawful requests.

We do not sell personal information. We do not use personal information for behavioral advertising.

4. How we protect information

We use the following safeguards:

Encryption at rest

Sensitive fields are encrypted at rest using platform-managed encryption keys. The fields we encrypt include:

  • Two-factor authentication secrets.
  • Sensitive tokens required to deliver optional service features.
  • Feature-specific signing material used only for optional broadcast features you enable.
  • Monero view keys.
  • XRP and Stellar/XLM per-wallet payment-reference material.

Encryption in transit

Production connections between your browser and NoHoldPay use TLS. Webhook endpoints are checked for unsafe destinations, and HTTPS is strongly recommended and may be required for production accounts or future enforcement.

Password and API-key hashing

Passwords and API keys are stored as one-way hashes. Full API keys are shown only once when created and are not stored in plaintext.

Session handling

Session tokens are stored in protected cookies that are not accessible to browser JavaScript. Sessions are revocable server-side. Merchant sessions default to a 24-hour lifetime.

Network defenses

  • Outbound URL safety checks. Webhook endpoints and platform-configured providers are checked against private, local, link-local, and cloud-metadata network ranges where applicable, including at connection time. Monero infrastructure uses separate private-network controls where configured.
  • Security headers. Our responses include browser security headers designed to reduce content-sniffing, clickjacking, and other browser-based attack risks.
  • Rate limits. Per-IP rate limits apply to authentication, checkout, real-time checkout updates, API endpoints, and invoice send / resend.
  • Cloudflare Turnstile. Bot challenges on sensitive merchant forms, such as merchant login, merchant signup, and password reset, when enabled.

Security safeguards

  • Append-only audit records for security-sensitive actions.
  • Deployment checks for supported smart-contract and forwarder modes.
  • Monitoring and alerting for broadcast features.
  • Controls that pause affected features when a serious service risk is detected.

Although we use safeguards designed to protect information, no security program can guarantee absolute protection.

5. Who we share information with

5.1 Service providers we use

We use third-party services in the operation of NoHoldPay. They process information only as needed for their role:

ProviderPurposeInformation processed
Configured blockchain nodes and providers (NoHoldPay-operated nodes, third-party RPC / API providers, and public blockchain endpoints)Run nodes or APIs we query for chain state and broadcastingPublic on-chain addresses, transaction hashes, and request data required by the node or API
Configured rate providersCrypto-to-fiat and fiat-to-fiat exchange rate quotesAsset, fiat, and currency-pair quote requests; no merchant or customer personal data is required
Configured email providersSend transactional emailRecipient email address and email body
Cloudflare TurnstileAnti-bot challenge on merchant account formsVisitor IP and browser metadata required by the challenge
Google (only if you sign in with Google)OAuth identity verificationYour Google email, basic profile, Google account identifier, and token-validation metadata
MaxMind GeoLite2Coarse geographic resolution from IPNo real-time disclosure of customer IP; NoHoldPay performs local lookups
Configured TRON Energy providersTRON Energy marketplace for platform-paid broadcasts and settlementsPublic TRON addresses and order amounts
NoHoldPay-hosted Monero scanning infrastructure (only if Monero is enabled)Detects incoming Monero payments by scanning with your view keyYour view key while scanning, plus Monero wallet activity and payment events needed for detection and matching

Provider use depends on NoHoldPay's deployment and operational configuration. NoHoldPay-operated nodes and scanners are part of our own infrastructure, not third-party providers.

5.2 To merchants (about their customers)

We make payment data available to merchants through the dashboard, API, and configured webhooks to provide payment processing, reconciliation, and reporting. Merchant dashboard and API views may include payer IP and country-level location where available. City-level location is reserved for internal fraud and abuse review. Standard payment webhooks include payment status, amounts, chain, coin, receiving address, transaction hash(es), and refund address where relevant; they do not include payer IP, location, or optional refund email.

5.3 To customers (about merchants)

Hosted checkout pages display the merchant's business name, logo (if set), and any merchant-provided payment description. We do not display merchant private contact information to customers without the merchant's configuration.

5.4 Public blockchain data

When a payment is made on a public blockchain, the transaction is publicly visible to anyone running a node or block explorer. This visibility is a property of the network and is not a separate disclosure by NoHoldPay. Privacy-enhancing chains (Monero) reveal less, but on transparent chains (Bitcoin, Ethereum, etc.) addresses, amounts, and timing are public.

5.5 Legal disclosures

We may disclose information when required by valid legal process (subpoena, court order) or where we have a good-faith belief that disclosure is necessary to:

  • Comply with applicable law.
  • Protect our rights, property, or safety, or that of our users or the public.
  • Investigate fraud, security, or technical issues.

We may challenge overly broad requests and may notify the affected merchant where legally permitted and practical.

5.6 Business transfers

If NoHoldPay is involved in a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction. We will provide notice where required by law or reasonably practical.

6. Data retention

We retain data for as long as your account is active and as long as needed to:

  • Provide the service.
  • Comply with our legal, accounting, and reporting obligations.
  • Resolve disputes and enforce our agreements.

After account closure:

  • Audit log entries are kept indefinitely as a security and integrity control.
  • Encrypted service records for old wallets may be retained where needed for security, accounting, forensics, or rotation continuity.
  • Payment records are kept for accounting and dispute purposes, typically for at least the local statutory record-keeping period.

You may request earlier deletion of personal data that is not required for security, accounting, legal, or service-continuity purposes by contacting us through the contact page. We will explain what we can and cannot delete and why.

7. Your rights

Depending on where you live, privacy laws may give you rights over your personal information. In any case, you may make the following requests:

  • Access. You may access much of your account data in the dashboard. For other requests, contact us.
  • Correction. You may update your account profile, wallet labels, and other supported fields from the dashboard. For other corrections, contact us.
  • Deletion. Close your account and request deletion of personal data. We will handle the request to the extent legally and technically possible (see Section 6).
  • Export. Request a machine-readable export of your account data.
  • Withdraw consent. Where we process information based on your consent (e.g. marketing email - currently we do not run any), you can withdraw that consent.
  • Complain. If you have concerns about our handling of your data, contact us. You may also have the right to complain to a data-protection regulator in your jurisdiction.

Send rights requests to contact us. We may ask you to verify your identity before acting on a request.

8. International transfers

NoHoldPay may operate servers and use service providers in jurisdictions different from your own. We rely on technical safeguards, including encryption in transit and at rest, and where applicable on contractual safeguards with our providers to protect information in cross-border processing.

9. Children

NoHoldPay is not directed at children under 18. We do not knowingly collect personal information from children. If you believe a child has provided information to us, contact us and we will take reasonable steps to delete it.

10. Cookies

See the separate Cookie Policy. In short:

  • We use a limited set of strictly necessary cookies for authentication and session continuity.
  • We may use local preference storage to remember display preferences such as theme.
  • We do not use advertising or cross-site tracking cookies.

11. Notifications you receive

We send several categories of notifications:

  • Transactional. Account verification, password reset, security alerts, and important payment events. Some transactional notices are required for account security or service operation and are not configurable.
  • Service. Webhook failures, gap-filler events, balance alerts, and similar dashboard signals. You can configure supported service notifications in your notification preferences.
  • Critical service alerts. Some security or service-continuity alerts are not configurable because they relate to serious incidents or operational risk.
  • Marketing. We do not currently run a marketing list. If we ever do, it will be opt-in only and you can unsubscribe at any time.

12. Changes

We may update this document. Material changes will be announced via email and/or via the dashboard at least 14 days before they take effect when reasonably practical. Changes required for legal, security, risk, chain-support, or urgent operational reasons may take effect sooner. The header of this document reflects the current version.

13. Contact

Privacy questions, requests, or complaints:

Contact: open the contact page Subject line suggestion: "Privacy: [your question]"

We aim to respond within 30 days where reasonably possible.