Privacy Policy

1. Data We Collect

We collect only the data necessary to operate the bolthub platform:

• •Email address: collected during sign-up for account identification and billing communications
• •Wallet credentials: your Bitcoin Lightning wallet connection details (e.g., LND, LNbits, NWC, or Phoenixd), encrypted at rest using industry-standard encryption
• •Usage metrics: request counts and billing cycle data for each of your gateway endpoints
• •Invoice records: Lightning invoices created through the gateway for billing and audit purposes
• •API Hub metadata: project and endpoint titles, descriptions, tags, and documentation links when you choose to publish in the public API Hub
• •IP addresses: used transiently for rate limiting and abuse prevention; not stored persistently

2. Non-Custodial Note

We do not hold, custody, or have direct access to your wallet balance or transaction history. Your wallet credentials are encrypted and used for two purposes: (1) generating Lightning invoices on your behalf when clients pay for API access, and (2) paying your weekly platform billing invoices if you have enabled auto-pay. We do not initiate any payments from your wallet beyond auto-pay of your own platform fees, and you can disable auto-pay at any time from your dashboard.

3. Data Retention

• •Billing records: retained for 2 years for accounting and dispute resolution
• •Audit logs: retained for 1 year for security and debugging purposes
• •Session data: auto-expires based on your authentication session lifetime
• •IP addresses: not stored persistently; used only in-memory for rate limiting
• •Upon account deletion, personal data is removed within 30 days; anonymized aggregate data may be retained for analytics

4. AI Agent and Service Usage

• •Our platform supports APIs that sell both data and service/compute execution to human users and autonomous AI agents
• •Requests from AI agents are treated as normal API traffic for billing, abuse prevention, and operational security
• •If you publish in the public API Hub, your metadata may be consumed by agent marketplaces and tooling for discovery

5. Third-Party Services

We use the following categories of third-party services to operate the platform:

• •Cloud database and authentication provider
• •Frontend hosting and CDN
• •API and gateway hosting infrastructure
• •Lightning wallet relays: configured by each user; relay choice is under your control

We do not sell, rent, or share your data with any third parties for marketing, advertising, or analytics purposes. Third-party services are used solely to provide and secure the platform.

6. No Tracking

• •No analytics cookies
• •No third-party trackers
• •No advertising scripts
• •No fingerprinting or cross-site tracking

We believe in privacy by default. We do not track your behavior on our site or across the web. Session cookies are used solely for authentication.

7. International Data Transfers

bolthub infrastructure may be distributed across multiple regions. By using the service, you consent to the transfer and processing of your data in the jurisdictions where our infrastructure operates. We apply the same security and privacy protections regardless of data location.

8. Your Rights

Depending on your jurisdiction, you may have rights under data protection laws including the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), the GDPR (EU/EEA), or the CCPA (California). These may include:

• •Data export: request a full export of your data by emailing contact@bolthub.ai
• •Account deletion: delete your account from the settings page or by emailing contact@bolthub.ai
• •Right to know: you may request a summary of all data we store about you at any time
• •Right to rectification: you may request correction of inaccurate personal data
• •Right to object: you may object to certain types of data processing
• •Right to complain: Australian residents may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if they believe their privacy has been breached

We will respond to data rights requests within 30 days. Contact contact@bolthub.ai with any request.

9. Security Measures

• •Industry-standard encryption at rest for sensitive credentials
• •All traffic encrypted in transit via HTTPS/TLS
• •Database-level access controls enforced on all tables
• •Minimal data collection: we only store what we need to operate the service
• •Regular security reviews of our platform and infrastructure

10. Data Breach Notification

In the unlikely event of a data breach affecting your personal data, we will notify affected users via email within 72 hours of becoming aware of the breach, in accordance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth) and equivalent international requirements. The notification will describe the nature of the breach, the data affected, and the steps we are taking to address it.

11. Changes to This Policy

We may update this privacy policy from time to time. For material changes, we will provide notice via the email address associated with your account at least 30 days before the changes take effect. The "Effective date" at the top of this page indicates when the policy was last updated.

12. Contact

If you have questions about this privacy policy or your data, contact us at contact@bolthub.ai.