Legal · Privacy

Privacy Policy

What Apa collects, why, and how it is handled. Apa is non-custodial and tries to collect as little as possible to run a crypto checkout.

Last updated June 2026

1. Data we collect

  • Email address. Used to create your account and sign you in. Apa does not use passwords.
  • Wallet addresses. The receive addresses you configure and the customer addresses that appear in a payment. Public blockchain addresses, not private keys — Apa never has access to keys.
  • Payment metadata. Amounts, assets, networks, route details, status and timestamps for the payments you create.
  • Usage data. Basic technical data such as IP address, browser type and interactions with the dashboard, used for security and to improve the Service.

2. How we use it

  • To operate checkout, create payment sessions and route payments.
  • To authenticate you and secure your account.
  • To send transactional and service messages you have asked for.
  • To detect abuse, fraud and security issues, and to comply with law.

Apa does not sell your personal data and does not use it for third-party advertising.

3. Email and one-time passcodes

Apa signs you in with a one-time passcode sent to your email. These emails are delivered through Resend, our email provider. Your email address is shared with Resend only to deliver these messages, subject to Resend's own privacy terms.

4. On-chain data is public

Payments settle on public blockchains. Wallet addresses, amounts, assets and transaction hashes are publicly visible and permanent on those chains. Apa cannot edit, hide or delete on-chain data, and this is inherent to how public blockchains work.

5. Cookies and sessions

Apa uses strictly necessary cookies and session tokens to keep you signed in and to protect against abuse. It does not use advertising or cross-site tracking cookies.

6. Sharing with providers

Apa shares the minimum data needed with infrastructure providers that help run the Service — including third-party routing and bridging providers for routed payments, our email provider (Resend), and hosting and analytics vendors. These providers process data on Apa's behalf under their own terms.

7. Data retention

Account and payment metadata is retained while your account is active and for as long as needed to meet legal, accounting and security obligations. On-chain records remain on the blockchain permanently and are outside Apa's control.

8. Your rights

Depending on where you live, you may have rights to access, correct, export or delete the personal data Apa holds about you, and to object to certain processing. To make a request, contact us using the details below. Note that on-chain data cannot be deleted.

9. Security

Apa uses encryption in transit, access controls and the non-custodial architecture itself — Apa never holds funds or private keys — to limit risk. No system is perfectly secure, and you are responsible for keeping your own wallet and email account safe.

10. Contact

Privacy questions and requests can be sent to [email protected].