Privacy Policy

2.1 Account Data

When you sign in using Google OAuth or email-based authentication, we collect:

• Name and email address — provided by Google or entered directly. Used to identify your account and communicate with you.
• Profile picture — provided by Google (if available). Displayed in your dashboard.

Lawful basis: Consent (you choose to sign in) and performance of contract (we need this to provide the service).

2.2 Usage and Transaction Data

We collect the following when you use the Platform:

• API call metadata: Endpoint ID, protocol name, timestamp, response status code, latency, and token count (where applicable). Used for routing, billing, and platform health monitoring.
• Transaction records: Credit purchases, x402 payment transaction hashes, amounts, sender/receiver wallet addresses, epoch settlement records, and withdrawal history. Used for billing, earnings calculation, and audit.
• Supplier key metadata: Protocol, label, status (active/inactive/rate-limited), calls served count, and key health scores. The key material itself is encrypted at rest.

What we do NOT collect: We do not log, store, inspect, or process the content of API request bodies or response bodies. Your prompts, completions, and any data exchanged with the upstream API pass through our proxy layer in transit and are not retained.

Lawful basis: Performance of contract and legitimate interest (platform health, fraud prevention).

2.3 Wallet Addresses

If you connect a wallet or provide a Solana or Base address for x402 payments or USDC withdrawals, we store that wallet address. Wallet addresses are public blockchain identifiers and are also visible on-chain.

We do not generate wallets on your behalf, and we do not store private keys or mnemonic phrases.

Lawful basis: Performance of contract (processing payments and withdrawals).

2.4 Technical and Device Data

When you access the Platform, we automatically collect:

• IP address — used for security, abuse prevention, and approximate geolocation (country level) for analytics.
• Browser type, operating system, device type — used for troubleshooting and Platform optimisation.
• Referral source and pages visited — used for analytics.

Lawful basis: Legitimate interest (security, platform improvement).

2.5 Communication Data

If you contact us via email or in-app support, we retain the content of those communications and any associated metadata for the purpose of responding to your inquiry and maintaining support records.

Lawful basis: Legitimate interest (customer support).

4.1 Infrastructure Providers

We use third-party infrastructure providers to host and operate the Platform. These providers process data on our behalf under appropriate contractual safeguards:

• Fly.io — backend API hosting
• Vercel — frontend hosting
• DigitalOcean — PostgreSQL database
• Stripe — fiat payment processing
• Google — OAuth authentication

4.2 Blockchain Networks

When you make or receive x402 payments, transaction data (wallet addresses, amounts, timestamps) is broadcast to public blockchain networks (Solana, Base). This data is permanently recorded on-chain and visible to anyone. This is inherent to blockchain technology and is outside our control once a transaction is submitted.

4.3 Upstream API Providers

When the Platform routes a call through a supplier’s key, the upstream API provider receives the request as if it came from the supplier’s account. The upstream provider’s own privacy policy and data practices apply to that interaction. JellyNet does not control what upstream providers log or retain.

4.4 Legal Requirements

We may disclose personal data if required by law, regulation, legal process, or enforceable governmental request. We will notify you of such disclosure where permitted by law.

4.5 Business Transfers

In the event of a merger, acquisition, or asset sale, your personal data may be transferred to the acquiring entity. We will notify you before your data is transferred and becomes subject to a different privacy policy.

7.1 Rights Under India's DPDPA (2023)

If you are located in India or your data is processed in India, you have the right to:

• Access: Request confirmation of whether we process your personal data and obtain a summary of it.
• Correction: Request correction of inaccurate or incomplete personal data.
• Erasure: Request deletion of your personal data, subject to legal retention requirements.
• Grievance redressal: Lodge a grievance with our Grievance Officer (see Section 11).
• Nomination: Nominate another individual to exercise your rights in case of your death or incapacity.

7.2 Rights Under GDPR (EEA/UK Users)

If you are located in the European Economic Area or United Kingdom, you additionally have the right to:

• Data portability: Receive your personal data in a structured, commonly used, machine-readable format.
• Restriction: Request that we restrict processing of your personal data in certain circumstances.
• Objection: Object to processing based on legitimate interest.
• Withdraw consent: Where processing is based on consent, withdraw that consent at any time.
• Lodge a complaint: File a complaint with your local data protection authority.

7.3 Cross-Border Data Transfers

JellyNet’s infrastructure is distributed across multiple regions. Your data may be transferred to and processed in countries outside your country of residence, including India, the United States, and other jurisdictions where our infrastructure providers operate. We ensure such transfers are subject to appropriate safeguards, including contractual protections with our service providers.

7.4 Exercising Your Rights

To exercise any of the rights described above, contact us at admin@jellynet.net. We will respond within 30 days. We may request verification of your identity before processing your request.