Privacy Policy

Version 0.9 (pre-launch). Last updated 2026-04-17. Effective on launch, 2026-04-21. Written to be readable under the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the CPRA (CCPA), and the Brazilian Lei Geral de Proteção de Dados (LGPD).

What we collect
What we do not collect
Why we collect it (legal basis)
Data retention
Third-party processors
Your rights
Cookies
International transfers
Children's privacy
Security measures
Breach notification
Contact our DPO

1. What we collect

We collect only what the Service needs to operate, bill, and stay safe. Specifically:

Account identifiers. Your email address, a chosen username, and a hashed password. If you sign in with a wallet, we store only your public address.
API keys. We issue and store API keys you generate. We store a secure hash and the last four characters for display. The plaintext is shown once on creation.
Call logs (metadata). For every metered Call we record a timestamp, the Module identifier, the endpoint, the response status, response size, latency, and the billed amount. These fields are needed to bill, to fight fraud, and to compute Creator revenue share.
IP addresses. We record the originating IP for every Call. IPs are retained in cleartext for up to 30 days for abuse detection and are truncated or cryptographically hashed after 30 days. Hashed IPs are retained in call logs alongside the truncated last octet (for IPv4) or the /48 prefix (for IPv6).
Payment transaction hashes. If you pay in USDC on Base or in PCP, we record the on-chain transaction hash, the sending address, and the amount. We do not store card numbers; card payments are tokenized through our payment processor.
Support correspondence. Emails and support-portal messages you send us, plus our replies.
Telemetry. Coarse dashboard-usage telemetry (page views, feature flags, error messages). No third-party analytics are embedded. Telemetry is first-party only.

2. What we do not collect

Unless you explicitly opt in or unless the Module you are invoking requires it:

We do not store request bodies for longer than 24 hours. By default, request bodies are streamed through our routers and discarded after the Call completes. A 24-hour buffer is retained only for Calls that error, and only for debugging.
We do not collect your legal name, date of birth, government-issued identification, or biometrics. If a regulated Module requires KYC, that KYC flow is performed by a licensed third-party partner under their own privacy policy, and only a pass/fail result is returned to us.
We do not embed third-party advertising pixels. We do not sell personal data. We do not share personal data for cross-context behavioral advertising. "Sale" and "share" are used here in the CCPA sense.
We do not run fingerprinting scripts. We do not attempt to re-identify users across sessions beyond first-party session cookies.

3. Why we collect it (legal basis)

We process personal data under the following GDPR Article 6 bases, and under analogous bases in CCPA and LGPD:

Contract. To create your account, meter your Calls, deliver the Service, and bill you.
Legitimate interest. To prevent fraud, to secure the network, to debug outages, and to compute aggregate product analytics. We balance this against your rights and will stop on objection where feasible.
Legal obligation. To comply with valid subpoenas, court orders, and sanctions-screening obligations.
Consent. For anything not covered above, we ask. You can withdraw consent at any time.

4. Data retention

Our default retention window for call logs, telemetry, and metering data is 90 days. IPs are truncated or hashed after 30 days, as described above. Billing records and tax-relevant documents are retained for 7 years as required by applicable tax law. Backups follow a 35-day rolling cycle and are encrypted at rest. On account deletion, identifiers are unlinked within 30 days and call logs are anonymized within 90 days; on-chain transaction hashes are, by the nature of public blockchains, permanent, and we cannot delete them.

5. Third-party processors

We rely on a small set of processors. We will publish a current sub-processor list at /subprocessors.html prior to launch and will update it with 30 days' notice of any material change. Broadly, the categories of processors we use are:

Cloud infrastructure provider for compute, storage, and networking.
Base RPC endpoint provider(s) for blockchain read and write operations.
Fiat onramp partner(s) for card-to-USDC and bank-to-USDC conversions, including the KYC flows they require. Those partners are independent controllers for the KYC data they collect.
Oracle upstream provider(s) for Module feeds.
Email delivery provider for transactional email.
Audit firm(s) for smart-contract review and financial audit .

We sign a data processing agreement with each processor. We do not sell personal data to any third party for any purpose.

6. Your rights

Subject to your local law, you have the right to access, correct, delete, export, and restrict processing of your personal data, and to object to processing based on legitimate interest. Specifically:

Access. Ask us what we have on you. We will respond within 30 days.
Correction. Ask us to fix an error.
Deletion. Ask us to delete your account and associated personal data, subject to the retention windows above.
Portability. Ask us to export your call logs, metering records, and settings in a machine-readable format (JSON).
Objection. Object to processing based on legitimate interest. We will stop where feasible.
CCPA do-not-sell / do-not-share. We do not sell or share personal data for cross-context behavioral advertising; any such request is already honored by default.
Automated decisions. We do not make legally significant decisions about you through purely automated means. Abuse-risk scoring may automatically rate-limit you; you can always request human review.

To exercise any right, email dpo@metercall.ai. We may ask you to verify control of the account.

7. Cookies

We set at most two first-party cookies: one session cookie to keep you signed in, and one consent cookie to remember your cookie-banner choice. We do not set any third-party cookie. We do not embed any third-party analytics. See our Cookie Policy for detail.

8. International transfers

MeterCall is a global service. Your personal data may be processed in jurisdictions other than your own, including the United States, the European Economic Area, and (for Base blockchain data) globally replicated RPC infrastructure. Where we transfer personal data out of the EEA, United Kingdom, or Switzerland to a jurisdiction that is not covered by an adequacy decision, we rely on the current European Commission Standard Contractual Clauses (SCCs) , supplemented with technical measures (encryption in transit, encryption at rest, strict role-based access). Equivalent mechanisms apply to transfers from other jurisdictions as required by their laws.

9. Children's privacy

The Service is not directed to children under 16, and we do not knowingly collect personal data from anyone under 16. If you believe a minor has created an account, email dpo@metercall.ai and we will delete the account promptly on verification. In jurisdictions with a higher digital-consent age, the higher age applies.

10. Security measures

We implement the following technical and organizational measures:

TLS 1.3 in flight for all user-facing traffic and for inter-service traffic where feasible.
Encryption at rest for databases, object storage, and backups, using provider-managed keys with rotation.
Role-based access control and principle of least privilege. Production access is limited to a small number of on-call engineers.
Secrets are held in a managed secret-store, not in source control.
Audit logging of production data access.

We have not yet undergone a SOC 2 Type II, ISO 27001, HIPAA, or PCI-DSS audit. We do not claim any of these certifications. An audit schedule will be published post-launch . We describe our security posture honestly because saying otherwise would be fraud.

11. Breach notification

In the event of a personal-data breach likely to result in risk to your rights and freedoms, we will notify the relevant Data Protection Authority within 72 hours of becoming aware, as required by GDPR Article 33, and we will notify affected users without undue delay where the breach is likely to result in a high risk to them, as required by GDPR Article 34. We follow equivalent timelines under CCPA, LGPD, and other applicable laws. Breach notices will include the nature of the incident, the categories and approximate number of records affected, the likely consequences, the measures taken, and a point of contact.

11a. State-specific disclosures

California (CCPA/CPRA). In the last 12 months we have collected the categories of personal information described in Section 1: identifiers (email, wallet address, hashed API keys), internet activity (call logs, telemetry, IP addresses), commercial information (billing records, transaction hashes), and inferences drawn from this information (abuse-risk scores). We have not sold or shared personal information for cross-context behavioral advertising in the last 12 months and we have no plans to do so. California residents have the rights described in Section 6, plus the right to limit the use of sensitive personal information — we do not collect categories that qualify as sensitive under the CPRA, so there is nothing to limit at this time. Authorized-agent requests are accepted at dpo@metercall.ai with a copy of the authorization. We do not discriminate against users who exercise their CCPA rights.

Virginia, Colorado, Connecticut, Utah, and similar U.S. state laws. Residents of those states have analogous rights. We process personal data as a controller for account and billing data and as a processor for data a Creator routes through us. Requests go to the same DPO mailbox.

Brazil (LGPD). We process personal data under the LGPD Article 7 legal bases that correspond to the GDPR Article 6 bases described in Section 3. Our LGPD data-protection officer can be reached at dpo@metercall.ai. You may also complain to the Autoridade Nacional de Proteção de Dados.

United Kingdom (UK GDPR / Data Protection Act 2018). Our UK representative will be listed at /subprocessors.html before any UK-targeted launch activity . Complaints may also go to the Information Commissioner's Office.

European Economic Area (GDPR). Our EU representative will be listed at /subprocessors.html before any EU-targeted launch activity . You may complain to your local supervisory authority; the lead supervisory authority will be determined by the location of our main establishment once the corporate vehicle is finalized.

11b. Changes to this policy

We will update this policy from time to time to reflect changes in the Service, in our processors, or in applicable law. Material changes will be announced by email and by a banner in the dashboard at least 14 days before they take effect, except where a shorter period is required by law. The "Last updated" date at the top of this page will always reflect the most recent substantive edit.

12. Contact our DPO

MeterCall is operated by Yoshi (pseudonymous). Our acting Data Protection Officer can be reached at dpo@metercall.ai. Our EU representative and UK representative will be listed here prior to any material EU/UK-targeted marketing campaign . Service of process in the Cayman Islands: . Complaints may also be directed to your local Data Protection Authority; we would rather hear from you first.