dmpay.eth

Privacy Policy

Last updated: March 2026

1. Introduction

DMpay.eth ("DMpay", "we", "us", or "our") operates the decentralised application at app.dmpay.me. This Privacy Policy explains how we collect, use, and protect information when you use our Service.

DMpay is a non-custodial, decentralised protocol. We do not custody funds, control private keys, or store messages. Most interactions occur directly on the Ethereum blockchain or via the XMTP protocol.

2. Information We Collect

a) Information you provide directly

  • X (Twitter) OAuth data: When you connect your X account, we receive your X handle, display name, and profile picture URL via OAuth. This data is stored locally in your browser (localStorage) and on our backend solely to associate your X identity with your Ethereum address for the profile page.
  • Ethereum wallet address: When you connect your wallet, your public Ethereum address is used to interact with the smart contracts. Wallet addresses are public on the blockchain.
  • USDC price setting: The price you set for receiving DMs is stored on-chain in the DMPayRegistry smart contract and is publicly readable.

b) Information collected automatically

  • Blockchain data: All transactions (profile registrations, payments, ENS subdomain assignments) are recorded on the public Ethereum blockchain and are permanently accessible to anyone.
  • IPFS content: Profile pages pinned to IPFS are publicly accessible by their content hash.
  • Server logs: Our backend may collect standard server logs including IP addresses, request timestamps, and endpoints accessed, for security and debugging purposes.

3. Messages and XMTP

Direct messages sent via DMpay use the XMTP protocol, which provides end-to-end encryption. DMpay does not have access to the content of your messages. Messages are stored in the XMTP network, not on DMpay servers. XMTP's own privacy policy governs message storage and handling.

4. How We Use Your Information

  • To associate your X identity with your Ethereum wallet for profile display
  • To generate and pin your personalised profile page to IPFS
  • To assign an ENS subdomain under dmpay.eth to your account
  • To facilitate payments via the DMPayMessaging smart contract
  • To maintain security and prevent abuse of the Service

5. Data Sharing

We do not sell your personal data. We may share information with:

  • IPFS / Pinata: Your profile page HTML is pinned to IPFS via Pinata for decentralised hosting.
  • Ethereum network: All on-chain interactions are public by the nature of the blockchain.
  • X Corp: OAuth authentication is handled by X. We receive only the data X provides via the OAuth flow.
  • Legal requirements: We may disclose information if required by law or to protect the rights and safety of our users.

6. Cookies and Local Storage

We use browser localStorage to store:

  • Your X profile data (handle, display name, profile picture URL)
  • Your wallet connection state
  • Your DM price setting (temporarily during registration)

This data remains on your device and is cleared when you disconnect your wallet. We do not use tracking cookies or third-party analytics cookies.

7. Data Retention

On-chain data (wallet addresses, prices, ENS records, payment history) is permanent and immutable on the Ethereum blockchain — we cannot delete it. IPFS content pinned to your profile persists as long as it is pinned. Server logs are retained for up to 90 days. localStorage data is retained until you disconnect your wallet or clear your browser storage.

8. Your Rights

Depending on your jurisdiction you may have rights to access, correct, or delete personal data we hold off-chain. You can disconnect your X account at any time by disconnecting your wallet (which clears localStorage). For on-chain data, deletion is not technically possible due to the immutable nature of public blockchains. To exercise off-chain data rights, contact us at legal@dmpay.me.

9. Security

We implement reasonable technical measures to protect off-chain data. However, no system is perfectly secure. You are responsible for securing your own Ethereum private keys and wallet. DMpay cannot recover lost wallets or private keys.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has used the Service, contact us at legal@dmpay.me.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be reflected by an updated "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions or requests, contact us at legal@dmpay.me or open an issue at our GitHub repository.