Privacy Policy

Introduction

This privacy policy explains how the x402 Protocol Capturer Chrome extension ("the Extension") collects, uses, and protects your data. We are committed to protecting your privacy and being fully transparent about our data practices.

GDPR Compliance

This Extension is designed to comply with the European Union's General Data Protection Regulation (GDPR) and other applicable data protection laws. All data processing occurs locally on your device, and you maintain full control over your data.

What the Extension Does

The x402 Protocol Capturer is a browser extension that monitors HTTP traffic for HTTP 402 (Payment Required) responses following the x402 payment protocol. When a website sends a payment request using this protocol, the Extension captures and displays the payment details for your review.

Data We Collect

Payment Request Information

When the Extension detects an HTTP 402 response, it captures:

• URL of the payment request
• HTTP method (GET, POST, etc.)
• Timestamp of when the request was captured
• HTTP response headers from the 402 response
• Payment details including:
  • Itemized list of products/services (names, prices, quantities)
  • Total amount
  • Merchant's cryptocurrency wallet address
  • Network and token information
  • Payment expiration time (if applicable)
• Browser tab information (tab ID and source webpage URL)
• Request identifier (if provided by the payment server)

What We DON'T Collect

• Personal identification information
• Browsing history (except URLs that return 402 responses)
• Payment completion status or transaction hashes
• Financial account information
• Usage statistics or analytics
• Crash reports or telemetry
• Any data from non-payment-related web traffic

Where Your Data is Stored

All data is stored locally on your computer using Chrome's local storage API (`chrome.storage.local`).

• Data is stored only on your device
• Data is never synchronized to Chrome Sync or any cloud service
• Data is never transmitted to our servers or any third-party servers
• Data persists until you manually delete it or uninstall the Extension

Storage Location

Your captured payment requests are stored in Chrome's internal storage, typically located in:

• Windows: %LOCALAPPDATA%\Google\Chrome\User Data\Default\
• macOS: ~/Library/Application Support/Google/Chrome/Default/
• Linux: ~/.config/google-chrome/Default/

How We Use Your Data

The Extension uses collected data solely to:

1. Display payment requests in the Extension popup interface
2. Track payment history for your reference
3. Facilitate payment processing when you click "Pay Now" (requires MetaMask)

The Extension does NOT:

• Send data to external servers
• Share data with third parties
• Use data for advertising
• Track your behavior
• Generate analytics or statistics

Data Sharing and Third Parties

We do not share, sell, or transmit your data to anyone.

The Extension operates entirely offline regarding data storage. However, please note:

• When you initiate a payment (by clicking "Pay Now"), the Extension facilitates interaction with MetaMask (a third-party cryptocurrency wallet). This interaction happens directly between your browser and MetaMask—we do not intercept or store any wallet information or transaction details.
• Payment transactions are broadcast to the Ethereum blockchain (or other specified networks) as standard cryptocurrency transactions, which are public by design.

Your Rights and Data Control

Under GDPR and other privacy laws, you have the following rights:

Data Retention

• Payment requests remain stored until you manually delete them
• No automatic data cleanup or expiration is performed
• Uninstalling the Extension removes all stored data

Permissions Explained

The Extension requests the following Chrome permissions:

• `webRequest` – Required to detect HTTP 402 responses across all websites
• `storage` – Required to save payment requests locally on your device
• `scripting` – Required to inject payment processing scripts when you click "Pay Now"
• `activeTab` – Required to access information about the current tab
• `<all_urls>` – Required because payment requests can come from any website

These permissions are used only for the Extension's core functionality and are never used to collect unnecessary data.

Security

While we implement reasonable security measures, please be aware:

• Data stored in Chrome's local storage is not encrypted by default
• If someone gains access to your computer or Chrome profile, they may access stored payment data
• We recommend using device encryption and strong passwords to protect your computer

Children's Privacy

This Extension is not intended for use by children under 16 years of age. We do not knowingly collect data from children.

No Analytics or Tracking

We explicitly confirm:

• No Google Analytics or similar tracking tools
• No error tracking services (e.g., Sentry, Rollbar)
• No usage statistics collection
• No cookies or tracking pixels
• No fingerprinting or user identification

Changes to This Policy

We may update this privacy policy from time to time. The "Last Updated" date at the top indicates when changes were last made. Continued use of the Extension after changes constitutes acceptance of the updated policy.

Contact Information

If you have questions about this privacy policy or the Extension's data practices, please contact us at:

• Email: dennj@latinum.ai
• GitHub: https://github.com/orgs/Latinum-Agentic-Commerce

Legal Basis for Processing (GDPR)

Under GDPR Article 6(1), our legal basis for processing your data is:

• Consent (Article 6(1)(a)): By installing and using this Extension, you consent to the data collection described in this policy
• Legitimate Interest (Article 6(1)(f)): Processing is necessary for the legitimate interest of providing the Extension's core functionality

Data Controller

The data controller responsible for your personal data is:

Supervisory Authority

If you are located in the European Economic Area (EEA), you have the right to lodge a complaint with your local data protection supervisory authority.