English Español Português
Legal

Privacy Policy

Privacy is the product. This page explains exactly what little we collect.

Effective date: June 10, 2026  ·  Version: 1.0

The short version

  • This website collects standard analytics and whatever you choose to type into the contact form. Nothing else.
  • Buyers never need an account. The product is designed so that paying for content requires no name, no email, and no card number.
  • We never have your private keys, your wallet seeds, or the unencrypted content in your vault.
  • If you self-host PrivaPaid, your deployment's data is yours — you own it, you control it, and you are responsible to your buyers for it.

1. This website (privapaid.com)

1.1 Analytics

We use Google Analytics to understand which pages are read and where visitors come from. This involves cookies and collects standard technical data (pages visited, approximate location, device and browser type, IP address as processed by Google). You can block analytics cookies in your browser without affecting the site.

1.2 Contact and early-access forms

If you submit a form, we receive what you typed: name, email, and message, plus company and phone if you choose to provide them. We use it to respond to you and to set you up if you ask for that. We do not sell it, rent it, or add you to marketing lists you didn't ask for.

1.3 The browser-based encryptor

The encryptor at this site runs entirely in your browser. Files you encrypt are never uploaded to us, and generated keys are never transmitted or stored by us. If you lose a key, we cannot recover it — we never had it.

2. The hosted demo

The live demo accepts real Lightning payments. A Lightning payment carries no name, email, or card number, and the demo does not ask for any. The demo records the same operational data any web server records (request logs, IP addresses) and payment events (invoice, payment hash, amount, status) — not who paid.

3. Buyer privacy, by architecture

PrivaPaid is built so that buying content requires no identity:

  • No buyer account, email, or password is required to pay.
  • Payment happens over Bitcoin Lightning — no card network or bank statement entry.
  • Content is encrypted with AES-256-GCM and decrypted in the buyer's browser. No server sees the unencrypted content.

One honest caveat: Lightning payments are routed across network nodes, and routing nodes can see payment metadata in transit. No payment system can promise absolute anonymity; this one is designed to collect nothing it doesn't need.

4. Self-hosted deployments

If you deploy the PrivaPaid software, you are the operator of that deployment and the controller of its data. Your servers, your database, your logs, your buyers. SatsRail does not receive the data your deployment collects, and this policy does not cover your deployment. You are responsible for publishing your own privacy policy and complying with the privacy laws that apply to your business (GDPR, CCPA, or others).

5. The payment rail

If you create a SatsRail account to process payments, the data SatsRail collects from merchants (account email, business name, invoice and payment metadata, API logs) is governed by the SatsRail Privacy Policy.

6. What we never collect

  • Your Bitcoin private keys, wallet seeds, or mnemonics
  • Your buyers' names, emails, or payment card details — none exist in the flow
  • The unencrypted contents of your vault

7. Sharing

We do not sell, rent, or trade personal information. We share data only with service providers needed to run this website (hosting, analytics, email), and when required by law — court orders, subpoenas, or other valid legal process.

8. Retention

  • Form submissions: kept while we have an active conversation or business relationship with you; deleted on request.
  • Analytics: per Google Analytics' standard retention controls.
  • Server logs: rotated on a short cycle (typically 90 days or less).

9. Your rights

You can ask us what we hold about you, ask us to correct it, or ask us to delete it. If you are in the EEA (GDPR) or California (CCPA), you have these rights by statute, including the right to lodge a complaint with your supervisory authority. Write to compliance@satsrail.com — we respond to GDPR requests within 30 days and CCPA requests within 45 days.

10. Children

PrivaPaid is not intended for anyone under 18, and we do not knowingly collect information from children.

11. International transfers

Data collected by this website may be stored and processed in the United States. By using the site, you consent to that transfer.

12. Changes

We may update this policy; changes are effective when posted here. Material changes will be flagged prominently on this page.

13. Contact

Version: 1.0  |  Effective date: June 10, 2026  |  PrivaPaid™ is a trademark of SatsRail.