Privacy Notice

JadeCove is designed to minimise the personal data it collects. There are no accounts, no logins, no email collection, and no profile.

What we collect

• Session cookie — an opaque, HTTP-only, signed identifier (HMAC-SHA256) used to scope your invoices to your browser. No identity is bound to it.
• Invoice data — USD amount, selected coin, sender wallet, recipient wallet, transaction type, optional tax state & ZIP. Stored encrypted at rest with AES-256-GCM.
• On-chain transaction hashes — public by definition. Linked to your invoice for verification.
• Security events — IP address and user-agent of requests that hit honeypot routes, fail admin authentication, or trip rate limits. Retained for up to 30 days for abuse mitigation, then automatically purged.

What we do NOT collect

• Names, emails, phone numbers, physical addresses, dates of birth
• Government IDs, KYC documents, biometric data
• Card details — we do not handle fiat or card payments
• Marketing, analytics, or behavioural-profiling cookies

Third-party services

• Coinbase CDP — MPC custody of the auto-forward wallet. Subject to Coinbase's privacy policy.
• Base mainnet RPC providers — for on-chain reads and transaction broadcasts. Public infrastructure.
• TaxJar (optional) — only the ZIP code you provide is sent for tax-rate lookup. No identity is attached.
• Cloudflare — CDN/edge layer. Standard connection metadata.

Your rights

Because we do not collect identifiers, individual data-subject requests are typically not applicable. You may clear your session cookie at any time, which detaches your browser from any previously created invoices.

Children

The Service is not directed at children under 13 (or under 16 in the EEA/UK). We do not knowingly collect data from such individuals.

Changes

This notice may be updated to reflect changes in the Service. Material changes will be reflected in the “Last updated” date above.