CipherPayCipherPay
DOCSFAQ

Privacy Policy

Last updated: March 17, 2026

01 // Who we are

CipherPay is a product of Atmosphere Labs. We build open-source payment infrastructure for Zcash (ZEC). Our service enables merchants to accept shielded Zcash payments through hosted checkout pages, APIs, and e-commerce integrations (Shopify, WooCommerce).

02 // Data we collect

From merchants: Email address, API keys, and store configuration (e.g., Shopify domain, webhook URLs). This is the minimum required to operate the service.

From customers (buyers): We do not collect or store any personal information from customers who pay through CipherPay. No names, no email addresses, no physical addresses, no phone numbers, no IP addresses.

Payment data: We store invoice amounts, currency, Zcash payment addresses, and transaction status. Zcash shielded transactions are private by design β€” we cannot see the sender's address or the transaction amount on-chain when shielded pools are used.

Analytics: We do not use third-party analytics, tracking pixels, or cookies on checkout pages.

03 // Shopify integration

Our Shopify app requests read_orders and write_orders permissions to create payment invoices and mark orders as paid. We read order amounts and product names to generate invoices. We do not read or store customer personal information from Shopify orders.

Payment session data (order ID, amount, invoice reference) is stored temporarily with a 24-hour expiration. Shop configuration (access token, API keys) is stored securely in encrypted Redis and deleted when the app is uninstalled.

04 // Data sharing

We do not sell, rent, or share data with third parties. Period.

Invoice data is processed through the Zcash blockchain, which is a public network. However, shielded transactions do not reveal sender, receiver, or amount information publicly.

05 // Data retention

Payment sessions expire automatically after 24 hours. Merchant account data is retained while the account is active and deleted upon request or app uninstallation. We comply with Shopify's mandatory data deletion webhooks.

06 // Security

All API communication uses TLS encryption. Webhook signatures are verified using HMAC-SHA256. Access tokens and API keys are stored in encrypted Redis with access controls. We never log secrets, seeds, or private keys.

07 // Your rights

You can request access to, correction of, or deletion of your data at any time by contacting us. Merchants can delete all stored data by uninstalling the CipherPay app from their platform.

08 // Contact

For privacy questions or data requests: privacy@cipherpay.app

Privacy Policy β€” CipherPay