Skip to content

Privacy Policy

Last updated: February 13, 2026

What We Are

four02 is a paywall-as-a-service platform that lets API sellers monetize their endpoints for AI agents. We operate a proxy that handles x402 payment challenges on behalf of sellers. We are a software service provider — we never hold, custody, or control user funds. All payments settle directly on-chain between agent wallets and seller wallets on Base L2.

What We Collect & Why

We collect the minimum data needed to provide the service:

  • Account information — Email address and password (hashed, never stored in plaintext) when you create a seller account. Optional company name.
  • API configuration — Your API name, origin URL, route paths, pricing, and optional schemas. Used to operate the proxy on your behalf.
  • Wallet addresses — Seller payout addresses and agent sender addresses, used to route on-chain payments. These are public blockchain identifiers, not private keys.
  • Transaction records — Payment amounts, transaction hashes, timestamps, and settlement status. Used for revenue reporting and fraud prevention.
  • Billing data — Subscription tier, prepaid balance, and top-up history. Payment processing is handled entirely by our billing provider.
  • Usage & security logs — IP addresses, user agents, and action types are logged for security auditing and abuse prevention. Sensitive values (wallet addresses, API keys) are redacted in logs.
  • Analytics & session data — We use analytics tools to understand how the dashboard is used. This may include page views, clicks, feature interactions, session recordings (mouse movements, scrolls), device type, browser information, and approximate location derived from IP address. We use this data solely to improve the product. You can opt out of session recordings via your browser's Do Not Track setting.

Blockchain Data Is Public

four02 settles payments on Base L2 (an Ethereum Layer 2 network). Wallet addresses, transaction amounts, and transaction hashes are recorded on a public blockchain. This data is publicly visible and permanently immutable. We cannot delete, modify, or restrict access to on-chain data. Do not use a wallet address that you wish to keep private.

Third-Party Services

We share data with third-party service providers that help us operate the platform. These include providers for database hosting and authentication, blockchain wallet infrastructure, billing and payment processing, edge compute and proxy hosting, and product analytics. Each provider receives only the data necessary for their function and is bound by their own privacy policies. We do not sell your data to any third party.

Cookies & Local Storage

We use session cookies for authentication (keeping you signed in). Our analytics tools may set additional cookies or use local storage to track usage across sessions. We do not use third-party advertising or marketing cookies.

How We Protect Your Data

Passwords are cryptographically hashed and never stored in plaintext. API keys are stored as one-way hashes. All traffic is encrypted in transit via HTTPS/TLS. Database access is restricted by row-level security policies — sellers can only access their own data. Security audit logs are append-only and cannot be modified or deleted.

Your Rights

You can request access to, correction of, or deletion of your personal data at any time by contacting us. Note that:

  • On-chain transaction data cannot be deleted (it lives on a public blockchain).
  • Security audit logs may be retained as required for fraud prevention and legal compliance.
  • Account deletion will remove your seller profile, API configurations, and associated data from our database.

Data Retention

We retain your account data for as long as your account is active. Transaction records and audit logs are retained indefinitely for compliance, dispute resolution, and fraud prevention. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law or for the purposes described above.

Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you by email or by placing a notice on the dashboard. Continued use of four02 after changes take effect constitutes acceptance of the updated policy.

Contact

For privacy-related questions or data requests, email us at privacy@four02.io.