Privacy Policy

SatLane is non custodial Bitcoin payment processing software. We collect the minimum data needed to run the service and refuse to collect data we do not need. We do not see Bitcoin private keys. We do not see buyer payment instruments (Bitcoin is a peer to peer protocol; the buyer wallet broadcasts the transaction directly to the network). We do not sell or rent data.

• Account email and password hash (argon2id). We never store passwords in plaintext.
• Time based one time password (TOTP) secret, encrypted at rest with the platform encryption key.
• Extended public keys (xpubs) the vendor registers, encrypted at rest. xpubs let SatLane derive fresh addresses for each invoice; they do not grant the ability to spend funds.
• Webhook endpoint URLs and shared secrets (secrets encrypted at rest).
• API key hashes (only the hash; the raw key is shown to the vendor once at creation and never persisted in clear text).
• Invoice metadata: amount, fiat currency display, expiry, status, derived address, on chain transaction id, vendor supplied order reference, optional buyer email.
• API request logs for the most recent seven days. Used for debugging and abuse investigation. Request and response bodies are truncated.
• Audit log of admin actions, retained as long as the account exists.
• IP address and user agent on auth events (login, 2FA), to support security review and to flag suspicious access.

• Bitcoin private keys or seed phrases. Vendors keep these in their own wallet software; SatLane is never told them.
• Buyer payment instruments. There is no card number or bank account to collect in a Bitcoin payment; the buyer wallet signs and broadcasts the transaction itself.
• KYC documents. We do not verify vendor or buyer identities.
• Marketing trackers, analytics that follow users across sites, or third party advertising tags on the dashboard. The marketing site uses no third party analytics scripts; we rely on server log aggregates only.

The hosted checkout page at pay.satlane.com shows an invoice to a buyer. The buyer is not asked to create an account. We do not log the buyer IP address against the invoice unless the vendor explicitly enables that for fraud review (default off). If the vendor passes a buyer email when creating the invoice, we store it in the invoice record so we can send a payment receipt. Otherwise nothing about the buyer is collected.

• To operate the platform and deliver the service.
• To send transactional email (account verification, 2FA recovery, payment notifications, fee invoices, security alerts). We use Resend as our email provider; see their privacy notice.
• To investigate abuse and security incidents.
• To comply with legal obligations, including responding to valid law enforcement requests as required by applicable law.

Vendor data is stored in a PostgreSQL database on infrastructure we operate. Sensitive fields (xpubs, TOTP secrets, webhook secrets, API key hashes, encrypted secret access keys) are encrypted at rest with a key held in the API process environment. Daily encrypted snapshots are pushed to an off site object storage bucket and encrypted before upload using an age recipient key whose private half is kept offline.

• API request logs: 7 days.
• Webhook delivery records: 30 days after the final delivery attempt.
• Account data, invoices, audit log: for as long as the account is active, then 12 months after closure so we can respond to disputes and meet recordkeeping obligations.
• Backups: rotated per the configured retention window (default 30 days).

We do not sell data. We share data only with the subprocessors we need to run the service (currently: our cloud host, our email provider, our backup storage provider), and only the minimum each one needs. We will disclose data when legally compelled, and where permitted we will notify the affected vendor first.

You may request a copy of the personal data we hold about your vendor account, request corrections, or request deletion. To exercise these rights, email support@satlane.com. We will respond within 30 days. Note that we cannot delete on chain Bitcoin transactions; those are part of the public blockchain, not our records.

We use TLS for all traffic. Sensitive fields are encrypted at rest. Admin endpoints require email plus password plus TOTP plus IP allowlist. We run automated daily backups, with weekly restore drills in the first month after launch and monthly after that.

If you believe you have found a security vulnerability, please email support@satlane.com with the details. We treat coordinated disclosure with respect and will work with you on a fix timeline.

SatLane is not directed at children under 18 and we do not knowingly collect data from them.

We may update this policy. Material changes will be announced by email and dashboard banner at least 30 days before they take effect. The current version is always at this URL.

Privacy questions: support@satlane.com. Terms of service: /legal/terms.