CheapTokens is beta/experimental software. Use at your own risk.

Privacy Policy

Effective date: February 21, 2026 · Last updated: February 21, 2026

1. Overview

CheapTokens (“we,” “us,” or “our”) operates CheapTokens.ai (the “Service”). This Privacy Policy explains what information we collect, how we use it, and your choices regarding that information.

The Service is designed with privacy in mind. We do not require account creation and collect the minimum data necessary to process transactions and operate the Service.

2. Information We Collect

2.1 Information you provide directly

  • Wallet address. When you make a purchase, your blockchain wallet address is recorded as part of the x402 payment flow. This is a public blockchain address, not personally identifiable information in most contexts.
  • Email address. If you optionally provide an email address to receive a purchase receipt, we store and use it solely for that transactional email.

2.2 Information collected automatically

  • Transaction data. Purchase amounts, dates, discount rates applied, API key identifiers (last 6 characters only), and payment settlement hashes.
  • Audit logs. We maintain immutable audit logs of important operations (purchases, key creation, expiration, vault deposits/withdrawals) for security and operational integrity.
  • Server logs. Standard web server logs including IP addresses, request timestamps, and user agent strings. These are used for security monitoring and debugging.

2.3 Information we do NOT collect

  • We do not store your full API key. Only the last 6 characters are retained for identification purposes.
  • We do not intercept, log, or store your API requests to Venice.ai or the responses you receive. Once your key is issued, API traffic flows directly between you and Venice.ai.
  • We do not store your wallet private keys, seed phrases, or signing credentials.
  • We do not use tracking cookies, advertising pixels, or analytics services that profile individual users.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Transaction processing. To fulfill purchases, provision API keys, and settle payments.
  • Transactional communication. To send purchase receipts via email if you provide an email address.
  • Service operation. To manage daily capacity, track inventory, process supplier deposits and withdrawals, and run expiration cron jobs.
  • Security and fraud prevention. To detect and prevent duplicate payments (replay attacks), unauthorized access, and abuse of the Service.
  • Auditing. To maintain an immutable record of system operations for dispute resolution and operational integrity.
  • Legal compliance. To comply with applicable legal obligations.

4. Data Sharing and Third Parties

We do not sell your personal information. We share data with third parties only as necessary to operate the Service:

  • Venice.ai. We send a key description (which includes your wallet address and purchase dates) to Venice.ai when provisioning your API key. Venice.ai's use of this data is governed by their own Privacy Policy.
  • Base blockchain. Payment transactions are recorded on the Base L2 public blockchain. Blockchain data is publicly visible by design.
  • x402 protocol. Payment verification data (including wallet address and payment details) is shared with the x402 facilitator for payment settlement.
  • Resend. If you provide an email address, it is shared with Resend for email delivery. Resend's privacy policy governs their handling of this data.
  • Hosting providers. Our application runs on Vercel and our database on Railway. These providers process data as part of hosting the Service.

We may also disclose information if required by law, legal process, or governmental request, or to protect the rights, property, or safety of CheapTokens, our users, or the public.

5. Blockchain and Public Data

The Service uses blockchain technology for payments. By making a purchase, you acknowledge that:

  • Your wallet address and transaction amounts are recorded on the Base L2 blockchain, which is a public, immutable ledger.
  • Blockchain transactions cannot be deleted or modified after confirmation.
  • While wallet addresses are pseudonymous, they may be linked to your identity through blockchain analysis or other means outside our control.

6. Data Retention

We retain data for the following periods:

  • Purchase records. Retained indefinitely for accounting and dispute resolution purposes.
  • Audit logs. Retained indefinitely as an immutable operational record.
  • Email addresses. Retained only as part of purchase records if provided.
  • Server logs. Retained for up to 90 days, then deleted.
  • Expired API key references. Key IDs and last-6-character identifiers are retained as part of purchase records. Full API keys are never stored.

7. Data Security

We implement reasonable security measures to protect the information we store, including:

  • Timing-safe authentication for admin and cron routes
  • Rate limiting on public API endpoints
  • Payment hash deduplication to prevent replay attacks
  • Safety checks to prevent accidental leakage of admin credentials
  • Encrypted database connections

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

8. Your Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information:

  • Access. You may request a copy of the information we hold about your wallet address.
  • Correction. You may request correction of inaccurate information.
  • Deletion. You may request deletion of your email address. Note that purchase records, audit logs, and blockchain data cannot be deleted due to operational and legal requirements.
  • Data portability. You may request your purchase data in a machine-readable format.

To exercise these rights, contact us at privacy@cheaptokens.ai. We will respond within 30 days.

9. Cookies and Local Storage

The Service does not use tracking cookies or third-party analytics. We may use strictly necessary cookies or local storage for functional purposes such as theme preferences. These do not track you across sites and do not contain personal information.

10. Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect information from children under 18. If we become aware that we have collected information from a child under 18, we will take steps to delete it.

11. International Data Transfers

The Service is operated from the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States. By using the Service, you consent to this transfer. We rely on standard contractual clauses and other lawful transfer mechanisms where applicable.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be indicated by updating the “Last updated” date at the top of this page. Continued use of the Service after changes constitutes acceptance of the revised policy. For material changes, we will make reasonable efforts to provide notice (such as a banner on the site).

13. Contact

For questions or requests regarding this Privacy Policy, contact us at: