Privacy Policy

1. Introduction

This Privacy Policy describes how Merit Systems ("we," "us," or "our") handles information when you use EnrichX402 ("Service"). By using the Service or making any request to our endpoints—whether as a human user or an automated agent—you acknowledge and accept this Privacy Policy.

2. Information We Collect

The Service operates without user accounts. We collect:

• Wallet Addresses: Your blockchain wallet address is recorded as part of the x402 payment process.
• Transaction Data: Payment amounts, transaction hashes, and timestamps are recorded on the Base blockchain (publicly visible).
• Request Parameters: Query data you submit to API endpoints is processed to fulfill your request.
• Technical Data: IP addresses and request metadata may be logged for security and operational purposes.

3. How We Use Information

We use collected information to:

• Process and fulfill API requests
• Verify and settle payments via the x402 protocol
• Cache responses to improve performance (temporary storage)
• Monitor service health and prevent abuse
• Generate aggregated, anonymized usage statistics

4. Third-Party Data Sharing

To fulfill API requests, we transmit your request data to upstream providers:

• Apollo (people and company data)
• Exa (web search)
• Firecrawl (web scraping)
• Google Maps (location data)
• Grok/X.ai (social media data)
• Clado (LinkedIn enrichment)

These providers have their own privacy policies governing how they handle data. We do not control their data practices.

5. Blockchain Transparency

All payments occur on the Base blockchain. Transaction records—including wallet addresses, amounts, and timestamps—are publicly visible, permanent, and immutable. This is inherent to blockchain technology and cannot be modified or deleted.

6. Data Retention

• Request Content: Not persistently stored. Request payloads are processed and discarded.
• Cached Responses: Temporarily cached with automatic expiration (TTL-based). Cache duration varies by endpoint.
• Blockchain Data: Permanently stored on-chain (outside our control).
• Operational Logs: Retained for a limited period for security and debugging purposes.

7. No Traditional Account Data

We do not collect traditional personal information such as names, email addresses, phone numbers, or passwords. The Service operates on a permissionless, pay-per-request model where your wallet address serves as your identifier.

8. Cookies and Tracking

The Service website may use minimal cookies for basic functionality. Our API endpoints do not use cookies or tracking pixels. We do not engage in cross-site tracking or sell data to advertisers.

9. Security

We implement reasonable security measures including HTTPS encryption for all communications. Request and response payloads are not logged. However, no system is completely secure, and we cannot guarantee absolute security.

10. Your Choices

• Field Exclusion: Many endpoints support an "excludeFields" parameter allowing you to omit specific data fields from responses.
• Wallet Privacy: You may use different wallet addresses for different requests if desired.
• Non-Use: If you disagree with this policy, do not use the Service.

11. Children's Privacy

The Service is not directed to individuals under 18. We do not knowingly collect information from children.

12. Changes to This Policy

We may update this Privacy Policy at any time. Changes are effective immediately upon posting. The "Effective Date" at the top indicates the latest revision. Continued use of the Service constitutes acceptance of the updated policy.