Privacy Policy

Effective date: February 21, 2026 · Last updated: June 5, 2026

1. Overview

CheapTokens (“we,” “us,” or “our”) operates CheapTokens.ai, a Taborlin service (the “Service”). This Privacy Policy explains what information we collect, how we use it, and your choices regarding that information.

The Service is designed with privacy in mind. We do not require account creation and collect the minimum data necessary to process transactions and operate the Service.

2. Information We Collect

2.1 Information you provide directly

  • Wallet address. When you make a purchase, your blockchain wallet address is recorded as part of the x402 payment flow. This is a public blockchain address, not personally identifiable information in most contexts.
  • Email address. If you optionally provide an email address to receive a purchase receipt, we store and use it solely for that transactional email.
  • Wallet-authenticated account requests. If you use wallet recovery, reveal, reissue, supplier, or Reserve-account features, we process wallet signatures and related request metadata to verify control of the wallet.

2.2 Information collected automatically

  • Transaction data. Purchase amounts, dates, discount rates applied, API key identifiers, encrypted API keys where needed for wallet-authenticated reveal/reissue/status, and payment settlement hashes.
  • Audit logs. We maintain immutable audit logs of important operations (purchases, key creation, expiration, vault deposits/withdrawals) for security and operational integrity.
  • Server logs. Standard web server logs including IP addresses, request timestamps, and user agent strings. These are used for security monitoring and debugging.
  • Aggregate analytics. We may use privacy-preserving site analytics, such as Vercel Analytics, to understand page performance and basic usage patterns. We do not use advertising pixels or cross-site behavioral ad tracking.

2.3 Information we do NOT collect

  • We do not store your full API key in plaintext. Where wallet recovery, reveal, reissue, status, or Reserve features require key recovery, the key is encrypted at rest and access is gated by wallet authentication or admin controls.
  • We do not intercept, log, or store your API requests to Venice.ai or the responses you receive. Once your key is issued, API traffic flows directly between you and Venice.ai.
  • We do not store your wallet private keys, seed phrases, or signing credentials.
  • We do not use advertising pixels or analytics services to profile individual users across sites.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Transaction processing. To fulfill purchases, provision API keys, and settle payments.
  • Transactional communication. To send purchase receipts via email if you provide an email address.
  • Service operation. To manage daily capacity, track inventory, process supplier deposits and withdrawals, and run expiration cron jobs.
  • Security and fraud prevention. To detect and prevent duplicate payments (replay attacks), unauthorized access, and abuse of the Service.
  • Auditing. To maintain an immutable record of system operations for dispute resolution and operational integrity.
  • Legal compliance. To comply with applicable legal obligations.

4. Data Sharing and Third Parties

We do not sell your personal information. We share data with third parties only as necessary to operate the Service:

  • Venice.ai. We send a key description (which includes your wallet address and purchase dates) to Venice.ai when provisioning your API key. Venice.ai's use of this data is governed by their own Privacy Policy.
  • Base blockchain. Payment transactions are recorded on the Base L2 public blockchain. Blockchain data is publicly visible by design.
  • x402 protocol. Payment verification data (including wallet address and payment details) is shared with the x402 facilitator for payment settlement.
  • Bridge and payment providers. If you use an optional cross-chain payment route, payment details may be processed by the relevant bridge or payment provider.
  • Resend. If you provide an email address, it is shared with Resend for email delivery. Resend's privacy policy governs their handling of this data.
  • Hosting and database providers. Our application runs on Vercel and our database is hosted by a managed database provider such as Neon. These providers process data as part of hosting the Service.
  • Analytics providers. Aggregate web analytics may be processed by Vercel or similar infrastructure providers.

We may also disclose information if required by law, legal process, or governmental request, or to protect the rights, property, or safety of CheapTokens, Taborlin, our users, or the public.

5. Blockchain and Public Data

The Service uses blockchain technology for payments. By making a purchase, you acknowledge that:

  • Your wallet address and transaction amounts are recorded on the Base L2 blockchain, which is a public, immutable ledger.
  • Blockchain transactions cannot be deleted or modified after confirmation.
  • While wallet addresses are pseudonymous, they may be linked to your identity through blockchain analysis or other means outside our control.
  • Public transparency pages may link to on-chain settlement transactions, but we avoid displaying buyer wallet addresses in public purchase activity where the product does not need them.

6. Data Retention

We retain data for the following periods:

  • Purchase records. Retained indefinitely for accounting and dispute resolution purposes.
  • Audit logs. Retained indefinitely as an immutable operational record.
  • Email addresses. Retained only as part of purchase records if provided.
  • Server logs. Retained for up to 90 days, then deleted.
  • Expired API key references. Key IDs, last-6-character identifiers, and encrypted key material where needed for recovery/reissue/status are retained as part of purchase records unless no longer operationally necessary.

7. Data Security

We implement reasonable security measures to protect the information we store, including:

  • Timing-safe authentication for admin and cron routes
  • Rate limiting on public API endpoints
  • Payment hash deduplication to prevent replay attacks
  • Safety checks to prevent accidental leakage of admin credentials
  • Encryption at rest for recoverable API keys
  • Encrypted database connections

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

8. Your Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information:

  • Access. You may request a copy of the information we hold about your wallet address.
  • Correction. You may request correction of inaccurate information.
  • Deletion. You may request deletion of your email address. Note that purchase records, audit logs, and blockchain data cannot be deleted due to operational and legal requirements.
  • Data portability. You may request your purchase data in a machine-readable format.

To exercise these rights, contact us at privacy@cheaptokens.ai. We will respond within 30 days.

9. Cookies and Local Storage

The Service does not use advertising cookies or cross-site tracking cookies. We may use strictly necessary cookies or local storage for functional purposes such as theme preferences, wallet flow state, or checkout recovery. We may also use privacy-preserving aggregate analytics to understand service usage and performance.

10. Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect information from children under 18. If we become aware that we have collected information from a child under 18, we will take steps to delete it.

11. International Data Transfers

The Service is operated from the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States. By using the Service, you consent to this transfer. We rely on standard contractual clauses and other lawful transfer mechanisms where applicable.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be indicated by updating the “Last updated” date at the top of this page. Continued use of the Service after changes constitutes acceptance of the revised policy. For material changes, we will make reasonable efforts to provide notice (such as a banner on the site).

13. Contact

For questions or requests regarding this Privacy Policy, contact us at: