Privacy Policy

ZerithPay ("we", "our", "us") operates a payment infrastructure platform currently in private beta. This policy explains what personal data we collect, how we use it, and your rights over it.

By using our platform, API, or website you agree to the practices described here. If you do not agree, please do not use our services.

Account data: When you register, we collect your name, email address, and hashed password. We also generate a unique merchant ID and API key for your account.

Payment data: Transaction amounts, currencies, card metadata (last 4 digits, brand, country), authorization codes, risk scores, and settlement records are stored in association with your merchant account.

Technical data: IP addresses, browser user-agent strings, and request timestamps may be logged for security and rate-limiting purposes.

Wallet addresses: If you provide an EVM wallet address for settlement, it is stored in our settlement ledger and associated with your payout records.

• Authenticate you and protect your account
• Process and record payment transactions
• Enforce rate limits and detect fraudulent activity
• Send transactional communications (authentication codes, settlement confirmations)
• Comply with applicable financial regulations
• Improve our platform and debug issues

During the beta period, data is stored in-memory and not persisted to a database between server restarts. This means payment and session data may be lost on deployments. We are actively building a persistent storage layer for production.

Passwords are hashed using bcrypt with 12 rounds and are never stored in plaintext. API keys are cryptographically random 48-character strings. Sessions are signed JWTs with a 7-day expiry, stored in HTTP-only cookies.

All traffic is encrypted with TLS 1.3. We do not store full card numbers.

We do not sell your personal data. We may share data with:

• Meld.io — when you use crypto on-ramp or off-ramp features, transaction metadata is passed to Meld's API to create a widget session
• Law enforcement — if required by law or to protect against fraud or legal liability

You may request access to, correction of, or deletion of your personal data at any time by emailing [email protected]. We will respond within 30 days.

If you are in the European Economic Area, you also have the right to data portability and to lodge a complaint with your local supervisory authority.

We use a single essential cookie: zerith_session, which stores your signed JWT session token. This cookie is HTTP-only (not accessible to JavaScript), same-site lax, and expires after 7 days. We do not use tracking or advertising cookies.

See our Cookie Policy for more detail.

We may update this policy as our service evolves. Material changes will be communicated by email to registered users or by a prominent notice on our website. The "Last updated" date at the top reflects the most recent revision.

Questions about this policy? Email [email protected] or use the contact form at zerithpay.com/contact.