Who we are
"Weft" is the operator of the MCP payment hub service at weftpay.xyz.
Operating entity: pre-incorporation. Operator and data controller information will be published after formal incorporation.
Until incorporation, all data protection requests should be directed via GitHub Issues: github.com/holasergio/weft/issues.
Scope
This policy covers the processing of personal data on the Weft platform — for tenants (devs/operators) and end-users of services via Weft.
What data we process
| Category | Examples | Source | Why |
|---|---|---|---|
| Account identifiers | Bearer token, tenant alias, optional Telegram chat_id | At sign-up | Auth, notifications |
| Service usage logs | tenant + service id + amount + timestamp + request id | On each call | Billing, audit, fraud |
| On-chain addresses | HD-derived deposit/withdraw addresses | Derived from operator mnemonic + alias | Settlement on Base |
| Webhook delivery logs | tenant + URL + status | On webhook event | Visibility |
| Service provider metadata | service id, title, description, endpoint, owner, price | At registration | Public registry |
We do not collect:
- Real names, physical addresses, bank cards (no fiat in V0.x).
- Cookies (no website tracking).
- Email content or conversations.
- Browser fingerprints, behavioral analytics.
Legal basis (GDPR Art. 6)
- Account creation, authentication:
Performance of contract (6.1.b) - Usage logs, billing:
Performance of contract (6.1.b) - Audit trails, fraud prevention:
Legitimate interest (6.1.f) - Operational notifications via Telegram:
Consent (6.1.a)— opt-in only - Webhook delivery:
Performance of contract (6.1.b)
Retention
- Tenant balance state — until 1 year after account closure
- Ledger entries — 7 years (financial audit)
- On-chain transaction records — permanent (blockchain immutable)
- Webhook delivery logs — 90 days
- Backups (encrypted) — daily 14d, weekly 6mo, monthly 7y
Sharing
We share data with:
- Blockchain network operators (Base, Ethereum) — implicit by nature of public blockchain.
- RPC providers (Alchemy, Infura, public Base RPC) — to read/write blockchain.
- Cloud infrastructure (Hetzner, EU/Germany) — server hosting. Hetzner is GDPR-compliant.
- Webhook destinations — chosen by you as a tenant.
- Telegram — only if you opt in via
subscribe_telegram.
We do not sell user data.
International transfers
If you are in the EU, your data is processed primarily in Germany (Hetzner Nürnberg). On-chain operations involve global blockchain infrastructure that crosses jurisdictions. RPC providers may have US presence.
For EU-to-US: standard contractual clauses (SCCs) apply where applicable.
Your rights (GDPR Art. 15-22)
You may:
- Access — request a copy of your tenant data via GitHub Issue: open an issue
- Rectify — correct inaccurate data
- Erase — close your account; on-chain records remain by nature of blockchain (we cannot delete from the chain)
- Restrict — pause processing
- Portability — receive data in machine-readable JSON
- Object — object to legitimate-interest processing
- Lodge a complaint — with your local data protection authority
Response within 30 days.
Security
- Bearer tokens hashed (V1 roadmap); currently demo mode plaintext per-tenant
- HD master mnemonic — file mode 0600, server-side, never transmitted over the wire
- HTTPS via Let's Encrypt (TLS 1.3)
- Rate limiting (60 req/min/IP)
- Daily encrypted backups (AES-256 GPG symmetric)
- SOC 2 Type 1 audit: planned within 3 months of incorporation
Smart contract caveat
Funds deposited into the WeftEscrow contract are governed by contract code, not our policy. The contract is open-source and externally auditable. We have admin privileges to (a) charge user balances on calls, (b) rotate operator key — but cannot withdraw user funds to ourselves or beyond the routes encoded in the contract.
Changes
Material changes are announced via:
- Email to all tenants
- Telegram channel announcement
- GitHub repository changelog
Contact
- Data protection requests: GitHub Issue
- All security incidents: Security advisory
- A DPO will be appointed post-incorporation.