Last updated: 10 May 2026.
1. Who we are
Zyrox.io and app.zyrox.io are operated by Zyrox Technologies (“Zyrox”, “we”, “our”). This Privacy Policy explains what data we collect, why, and how we handle it.
2. What we collect
From visitors to zyrox.io: standard server logs (IP address, user agent, requested URL, referrer, timestamp), and analytics events (page views, link clicks). We use cookies for analytics and to remember preferences.
From merchants who sign up at app.zyrox.io: email address, business name, public wallet addresses, and the data needed to provision API keys, webhook endpoints, and dashboard access.
From customers paying through Zyrox-powered checkouts: public wallet addresses, transaction hashes, and the on-chain payment data required for the merchant’s billing system to credit the customer.
We do not collect, store, or have access to private keys. We do not custody funds.
3. Why we collect
Operate the service, authenticate merchants, deliver webhooks, prevent fraud, comply with law, and improve our product.
4. Sharing
We share data only with: (a) infrastructure providers strictly necessary to run the service (hosting, email delivery, analytics) under contractual data protection terms; (b) law enforcement or regulators when legally required; (c) parties to a corporate transaction (merger, acquisition) under appropriate confidentiality.
We do not sell personal data.
5. Cookies
We use first-party cookies for site functionality and analytics. You can disable cookies in your browser; some site features may not work as intended.
6. Retention
Server logs: 90 days. Merchant account data: for the life of the account plus 12 months. Transaction metadata: for the life of the account plus 7 years where required by financial-record laws.
7. Your rights
If you are in the EU, UK, California, or another jurisdiction granting you data rights, you may request access, correction, deletion, or portability of your data. Contact contact page.
8. Security
We use TLS in transit, encrypt sensitive data at rest, and follow standard operational security practices. Despite this, no system is perfectly secure. Merchants are responsible for the security of their own wallets and API keys.
9. Children
The service is not directed to children under 18 and we do not knowingly collect data from them.
10. International transfers
Data may be processed in jurisdictions other than yours. Where required, we use standard contractual clauses or equivalent safeguards.
11. Changes
We may update this policy. The “Last updated” date above will reflect changes. Material changes will be communicated to merchants via email.
12. Contact
Privacy questions: contact page.