Privacy Policy

We collect the minimum information needed to deliver food to you: your delivery address, contact info you choose to share, your wallet’s public key, your order history, and our internal records of the on-chain transfers tied to your orders. We do not sell your data. We share your address and contact info with the third-party delivery channel only so the courier can find you. We do not run advertising trackers.

When you use the Service, we collect:

• Wallet information: the public key of any Solana wallet you connect, and the on-chain transaction signatures that pay for orders.
• Account information: if you sign in via Privy, we receive an internal user ID and (if you provide it) an email address or phone number.
• Order information: the cart you build, delivery address, optional contact info, tip, and order status timestamps.
• Technical information: standard server logs including IP address, user-agent, and request timestamps, retained for security and abuse prevention.

• To place and fulfill your orders;
• To match incoming on-chain transfers to the order they pay for;
• To provide order tracking and customer support;
• To detect, prevent, and respond to fraud, abuse, and security incidents; and
• To comply with applicable legal obligations, including responses to lawful government requests.

• The third-party delivery channel (DoorDash, UberEats, Grubhub, or the restaurant): your delivery address, cart, optional contact info, and tip — the minimum needed for them to prepare the order and dispatch a courier.
• Service providers we rely on to operate the platform, including hosting (Vercel), database (Supabase), authentication (Privy), Solana RPC providers, and email providers. These providers act on our instructions under contracts that prohibit them from using your data for their own purposes.
• Law enforcement or regulators when we are legally required to disclose information, or when we believe in good faith that disclosure is necessary to prevent imminent harm.
• An acquirer or successor in the event of a merger, acquisition, or sale of substantially all of our assets, subject to the protections of this Policy.

We do not sell, rent, or trade your personal information.

Solana is a public blockchain. The wallet address you use to pay, the amount you transfer, and the time of transfer are publicly visible to anyone with a block explorer. We cannot make on-chain data private. If you want stronger privacy guarantees, use a fresh wallet for each order.

We retain order records (including delivery addresses) for as long as needed to provide the Service, resolve disputes, and comply with our legal obligations — typically up to seven years for tax and accounting purposes. Server logs are retained for up to 90 days. You may request deletion of your account-level data at any time (see Section 7).

We use industry-standard practices to protect your data: TLS in transit, encryption at rest for sensitive fields, scoped access for service providers, and audit logging on administrative actions. No system is perfectly secure; if you believe your account or wallet has been compromised, contact us immediately.

Depending on where you live, you may have the right to access, correct, delete, or export your personal data, and to object to or restrict certain processing. To exercise any of these rights, contact privacy@eatonchain.xyz. We will respond within 30 days.

California residents have additional rights under the CCPA/CPRA, including the right to know what categories of personal information we collect, to delete that information, and to opt out of any “sale” or “sharing” of personal information. We do not sell or share personal information as defined under those laws.

The Service is intended for adults. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided personal information, contact us and we will delete it.

The Service is operated from the United States. By using the Service, you understand that your data will be transferred to, processed in, and stored in the United States, which may have different data-protection laws than your jurisdiction.

We may update this Privacy Policy from time to time. Material changes will be flagged on this page with a new effective date. For substantial changes affecting your rights, we will provide additional notice (e.g., an email or in-app banner).

Questions, requests, or concerns? Email privacy@eatonchain.xyz. For general support, see our About page.