Hypawave Privacy Policy

Privacy Policy

Last Updated: May 7, 2026

1. Overview

Hypawave provides Bitcoin Lightning payment-gated delivery and execution infrastructure. Developers and agents can create payment requests, attach encrypted files or metadata, verify Lightning settlement, and unlock files, API access, data, or actions after payment is confirmed.

Hypawave is non-custodial for principal payments. Buyer-to-creator payments are sent directly from the payer's Lightning wallet or node to the recipient's Lightning wallet, Lightning Address, LNURL-pay endpoint, or node. Hypawave does not hold, control, or custody principal Bitcoin payments.

Hypawave may receive separate service fees, topups, or activation fees for use of the Service. Those fee payments may be processed through third-party Lightning infrastructure.

2. Information We Collect

2.1 Account Information

When you create an account or use authenticated features, we may collect:

• Email address
• Authentication identifiers from our authentication provider
• Account creation date and login activity
• Dashboard settings and account preferences
• Linked identity records used to associate human accounts, API keys, and agent identities

We do not ask for your private wallet keys, seed phrases, or Lightning node private keys.

2.2 API Key and Agent Information

When you create or use API keys or agent credentials, we may collect:

• API key metadata, such as key name, prefix, environment, creation time, and revocation status
• API request metadata, including endpoint used, timestamp, status code, and rate-limit data
• Agent identity information, including public keys, signatures, signed payload hashes, timestamps, and nonces for accountless or keypair-based flows
• OpenAPI/API usage information needed to operate, debug, secure, and improve the Service

For security, raw API keys may be shown only once and should be stored by you securely. We may store hashed or partial key identifiers to authenticate requests and manage keys.

2.3 Payment and Lightning Information

To create, verify, and settle payment-gated flows, we may collect or process:

• Lightning Addresses, LNURL-pay URLs, node-related identifiers, and payment destinations
• BOLT11 invoices and invoice metadata
• Payment hashes
• Payment preimages submitted as settlement proof
• Amounts, currencies, exchange-rate metadata, fee metadata, and timestamps
• Settlement status, expiration status, retry state, and unlock state
• Payment attempt records used to bind a payment proof to a specific invoice, file, offer, API action, or agent workflow
• Topup, service fee, and activation fee records

Principal payments are sent directly from payer to recipient. Hypawave records payment metadata needed to verify settlement and unlock the requested resource, but Hypawave does not custody the principal payment.

2.4 File, Resource, and Delivery Information

If you use Hypawave to sell, store, deliver, or unlock files or other resources, we may collect:

• File names, file sizes, MIME types, upload timestamps, storage object identifiers, and invoice or offer associations
• Encrypted files and encrypted file metadata
• Decryption keys or key material needed to enable post-payment access
• Download URLs, access tokens, claim tokens, download counts, expiration times, and access logs
• Resource hashes, release status, and delivery audit records

Hypawave is designed so files can be encrypted before delivery and unlocked only after verified settlement. Depending on how you use the Service, Hypawave may store encrypted files, metadata, and key material needed to perform post-payment release. It is your responsibility not to upload unlawful, sensitive, or prohibited content.

2.5 Usage, Device, and Log Information

When you use the website, dashboard, APIs, or docs, we may automatically collect:

• IP address
• Browser type and version
• Device type and operating system
• Referring pages, pages viewed, and timestamps
• API endpoints requested and response status
• Error logs and diagnostic data
• Security logs, rate-limit logs, and abuse-prevention signals
• Cookie or session identifiers needed for authentication and security

We use this information to operate the Service, maintain security, debug errors, improve reliability, and understand usage patterns.

2.6 Communications

If you contact us, request support, or send feedback, we may collect:

• Name or contact details you provide
• Email address
• Message contents
• Related account, invoice, payment, or technical context needed to respond

3. Information We Do Not Collect

Hypawave does not intentionally collect:

• Wallet seed phrases
• Private wallet keys
• Private Lightning node keys
• Plaintext passwords from third-party authentication providers
• Government IDs, Social Security numbers, or tax IDs unless we later introduce features that legally require them
• Credit card numbers, unless a future third-party payment provider is added and separately disclosed
• Principal Bitcoin funds

You should never send us private keys, seed phrases, or sensitive credentials.

4. How We Use Information

We use collected information to:

• Provide, operate, and maintain the Service
• Create and manage accounts
• Authenticate users, API keys, and agent identities
• Create invoices, offers, activation requests, and payment-gated resources
• Verify Lightning settlement using payment hashes and preimages
• Unlock encrypted files, API access, data, or agent actions after settlement
• Process Hypawave service fees, topups, and activation fees
• Provide dashboards, receipts, audit logs, and payment status
• Prevent fraud, abuse, replay attacks, unauthorized access, and security incidents
• Debug technical issues and improve reliability
• Respond to customer support requests
• Enforce our Terms of Service and acceptable-use rules
• Comply with legal obligations

5. Non-Custodial Payment Model

This means:

• Buyers pay creators directly through Bitcoin Lightning.
• Creators provide their own Lightning Address, LNURL-pay endpoint, wallet, or node destination.
• Hypawave verifies settlement using cryptographic payment proof where applicable.
• Hypawave unlocks files, data, API access, or actions after settlement is verified.
• Hypawave does not hold or control principal funds.

You are responsible for securing your own wallets, nodes, private keys, API keys, and connected infrastructure. Hypawave is not responsible for loss of funds caused by compromised wallets, incorrect payment destinations, user error, unsupported wallets, or third-party wallet failures.

6. Blockchain and Lightning Privacy Considerations

Bitcoin and Lightning payment systems may involve public or semi-public information. Depending on the payment method, wallet, node, invoice, or service provider used:

• Payment metadata may be visible to wallet providers, node operators, routing nodes, Lightning service providers, or recipients.
• On-chain Bitcoin transactions, if used, are public and permanent.
• Lightning invoices may include amounts, descriptions, payment hashes, expiry times, and recipient-related information.
• Payment hashes and preimages used for settlement proof may be stored by Hypawave to verify and audit unlocks.
• Wallet identifiers and payment destinations may be linkable to other activity depending on how you use them.

Hypawave cannot delete or alter information recorded on public blockchains or retained by independent wallet, node, or Lightning infrastructure providers.

7. How We Share Information

We do not sell your personal information.

We may share information in the following situations:

7.1 Service Providers

We may share information with vendors that help us operate the Service, such as:

• Authentication providers
• Database and hosting providers
• File storage providers
• Email and support providers
• Analytics and error-monitoring providers
• Lightning infrastructure providers used for Hypawave fees, topups, or activation fees
• Price-feed or exchange-rate providers
• Security, logging, and infrastructure providers

These providers may process information only as needed to provide services to us, subject to their own terms and privacy practices.

7.2 Payment Participants

Information necessary to complete or verify a payment may be shared with or visible to payment participants, including:

• Payers
• Creators or recipients
• Wallet providers
• Lightning nodes or LNURL services
• Payment infrastructure providers
• Agents or applications acting on behalf of a user

7.3 Legal and Safety Reasons

We may disclose information if we believe disclosure is necessary to:

• Comply with law, regulation, subpoena, court order, or legal process
• Respond to lawful requests from public authorities
• Enforce our Terms of Service
• Investigate fraud, abuse, or security incidents
• Protect the rights, property, or safety of Hypawave, users, or others

7.4 Business Transfers

If Hypawave is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction.

8. Cookies and Similar Technologies

We may use cookies, local storage, and similar technologies to:

• Keep you signed in
• Maintain session security
• Remember preferences
• Prevent fraud and abuse
• Understand site and product usage
• Improve performance and reliability

You can control cookies through your browser settings. Disabling cookies may affect the functionality of the Service.

9. Data Retention

We retain information for as long as reasonably necessary to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and preserve financial or settlement records.

Retention periods may vary by data type:

• Account data: retained while your account is active and for a reasonable period after deletion
• API key metadata: retained for security and audit purposes
• Payment and settlement records: retained as needed for accounting, fraud prevention, dispute handling, and auditability
• File/resource metadata: retained while associated invoices, offers, or delivery workflows remain active, unless deleted according to product settings
• Logs: retained for a limited period unless needed for security, debugging, compliance, or abuse prevention
• Blockchain or third-party Lightning records: may be permanent or controlled by third parties

Some information, such as payment hashes, preimages, receipts, and settlement records, may need to be retained to prove that a paid unlock or delivery occurred.

10. Security

We use administrative, technical, and organizational measures designed to protect information, including:

• HTTPS/TLS encryption in transit
• Access controls and authorization checks
• API authentication and key management
• CSRF protections for applicable browser routes
• Rate limiting and abuse monitoring
• Logging and security monitoring
• Separation of service-role operations where applicable
• Encrypted storage or encrypted objects where supported by the underlying service

No system is perfectly secure. We cannot guarantee that unauthorized access, loss, misuse, or alteration will never occur. You are responsible for safeguarding your account credentials, API keys, wallets, nodes, private keys, and devices.

11. Your Choices and Rights

Depending on where you live, you may have rights to:

• Access personal information we hold about you
• Correct inaccurate information
• Delete certain information
• Export or receive a copy of certain information
• Object to or restrict certain processing
• Opt out of certain marketing communications
• Withdraw consent where processing is based on consent

These rights may be limited where information must be retained for security, legal compliance, settlement proof, accounting, fraud prevention, or other legitimate reasons.

To exercise rights, contact us at .

12. California Privacy Rights

If you are a California resident, you may have rights under California privacy laws, including the right to know, access, correct, delete, opt out of certain uses of personal information, and non-discrimination for exercising privacy rights.

Hypawave does not sell personal information. If we later engage in activities considered "sharing" or "selling" under applicable California law, we will update this policy and provide required choices.

13. EEA, UK, and International Users

Hypawave is intended for users globally. If you access the Service from outside the United States, your information may be transferred to, stored in, or processed in the United States or other countries where we or our service providers operate.

If you are in the EEA, UK, or another jurisdiction with data protection laws, our legal bases for processing may include:

• Performance of a contract
• Legitimate interests, such as securing and improving the Service
• Compliance with legal obligations
• Consent, where required

You may have the right to lodge a complaint with your local data protection authority.

14. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect personal information from children under 18. If you believe a child has provided personal information, contact us and we will take appropriate steps to delete it.

15. Third-Party Links and Integrations

The Service may link to third-party websites, wallets, APIs, documentation, Lightning services, or applications. We are not responsible for the privacy practices of third parties. Review their policies before using them.

16. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date above. If changes are material, we may provide additional notice, such as posting a notice on the website or sending an email.

17. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us at:

This Privacy Policy describes Hypawave's current product and data practices. It should be reviewed by counsel before being relied on as legal advice.