Privacy Policy

This Privacy Policy explains how the402, operated by Tolomato Capital, LLC (“we,” “us”), collects, uses, and shares information when you use the platform. By using the402 you agree to this Policy.

1. Information We Collect

Account information: name, email address, and (for dashboard login) a password hash.
Wallet & payment data: blockchain wallet addresses, transaction hashes, amounts, balances, and escrow records.
Marketplace activity: service listings, purchases, jobs, conversation threads and messages, file attachments, reputation, and referral data.
Technical data: IP address and request metadata used for rate limiting, security, and abuse prevention.
Credentials: API keys and webhook secrets used to authenticate your requests.

2. How We Use Information

operate the marketplace and process payments, escrow, and payouts;
authenticate accounts and secure the platform;
send transactional and service notifications (e.g., email and chat-channel alerts);
perform compliance screening (such as sanctions/OFAC checks) and detect fraud or abuse;
run quality and reliability checks on listed services; and
improve and maintain the platform.

3. On-Chain Information Is Public

Payments settle on public blockchain networks (USDC on Base). Wallet addresses, transaction amounts, and related data recorded on-chain are public and immutable, and are outside our control. Do not treat on-chain activity as private.

4. How We Share Information

We share information with service providers that help us operate the platform, including:

Coinbase Developer Platform — payments, wallets, and settlement;
Cloudflare — hosting, storage (D1, KV, R2), and network services;
Resend — transactional email;
Telegram, Discord, and Slack — optional notification channels you configure;
Google — optional OAuth sign-in;
Sentry — error monitoring.

We may also share information to comply with law, enforce our terms, respond to lawful requests, or protect the rights, safety, and property of the402, our users, or others. We do not sell your personal information.

5. Data Retention

We retain information for as long as needed to operate the platform, maintain a financial and audit record, comply with legal obligations, and resolve disputes. Some records (such as the permanent transaction ledger and on-chain data) are retained indefinitely.

6. Security

We use technical and organizational measures to protect information, including encryption of sensitive thread content and hashing of credentials. No system is perfectly secure; you are responsible for safeguarding your own credentials and wallet keys.

7. Children

the402 is intended for users 18 and older. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact [email protected].

8. Your Choices

You may update certain account information through the dashboard or by contacting us. You may request access to or deletion of personal information we hold, subject to legal and operational limits (for example, records we must retain for compliance, and immutable on-chain data we cannot alter).

9. Changes to This Policy

We may update this Policy from time to time. The version and effective date above reflect the current version; material changes will be reflected by an updated version.

10. Contact

Privacy questions can be sent to [email protected].