Privacy Policy

Our Privacy Philosophy

VoidPay is built on a fundamental principle: we can't lose, leak, or sell your data because we never have it. This isn't just a policy choice — it's an architectural decision baked into the core of our application.

How Our Zero-Backend Architecture Works

When you create an invoice, all the data is compressed and encoded directly into the URL's hash fragment (the part after the # symbol).

Here's the key: hash fragments are never sent to web servers. This is a fundamental property of how URLs work in web browsers (defined in RFC 3986). When you open an invoice link, your browser keeps the hash fragment local and only sends the base URL to our server.

What We Don't Collect

• Invoice data — amounts, descriptions, line items, dates
• Wallet addresses — sender or recipient
• Personal information — names, emails, company details
• Payment information — transaction hashes, payment status
• User accounts — we have no registration or authentication
• Sensitive financial analytics — we never track invoice amounts, wallet addresses, recipient names, or payment details. See "Product Analytics" section below for what we do collect
• Cookies for tracking — we use no cookies whatsoever

Local Storage (Your Data, Your Device)

VoidPay uses your browser's LocalStorage to save invoice drafts and history. This data:

• Never leaves your device — stored locally in your browser
• Is fully under your control — you can clear it anytime via browser settings
• Is exportable — you can export your history as JSON for backup or migration
• Is importable — restore your data on any device

Social Preview (Optional Trade-off)

When you share an invoice link on social media, platforms like Twitter or Telegram request a preview image. To generate this preview, you can optionally include minimal metadata in the URL query string:

The ?og= parameter contains only: invoice ID, amount, currency, network, and sender name. This is the only invoice data the application reads, and only if you choose to include it. The full invoice details remain private in the hash fragment.

Vercel hosts the application and captures full request URLs (including any ?og=... query string) in standard access logs per their retention policy. The invoice hash fragment is never transmitted (RFC 3986) and stays out of all server-side logs. The ?og= token, however, exposes invoice ID, amount, currency, network, and sender name to infrastructure log retention if included. To avoid this exposure entirely, share the bare invoice link — the social preview will be omitted.

This feature is opt-in. Links without the ?og= parameter will show a generic VoidPay preview instead of invoice-specific details.

Third-Party Services

VoidPay interacts with the following external services:

Product Analytics

VoidPay uses a self-hosted Umami instance (hosted on our own infrastructure at m.voidpay.xyz) for privacy-preserving product analytics. Here is how it works:

• Cookie-free — no cookies, no session identifiers, no fingerprinting
• No financial data — we never track invoice amounts, wallet addresses, recipient names, notes, or transaction hashes
• Hash fragments excluded — URL hash fragments (which contain full invoice data) are explicitly excluded from tracking
• Aggregate metrics only — we collect network name, token symbol, wallet type, referrer domain, and UI interaction types — all aggregate, never linked to identity
• Opt-out available — click the eye icon in the footer to disable all analytics tracking. Your preference is saved in localStorage
• Self-hosted — analytics data is stored on our own infrastructure, never shared with third parties or sold

Abuse Prevention (Privacy-Preserving Design)

Should we ever deploy an abuse-prevention blocklist to protect users from phishing and scam invoices, it would be implemented in a privacy-preserving way. No such blocklist is currently live. The design guarantees for any future mechanism would be:

• SHA-256 hashes only — Any blocklist would contain only hashes of malicious URL fragments — never raw invoice data
• Irreversible by design — Hashes would be irreversible — invoice data could not be recovered from them
• Client-side checking — Your invoice URL would never be sent to our servers for validation
• Public on GitHub — Any such blocklist would be published publicly for transparency and community review

Open Source Transparency

VoidPay is open source under the MIT License. Every claim in this privacy policy can be verified by reviewing our code. You can also self-host VoidPay if you prefer complete control.

Data Retention

Since we don't collect user data, there's nothing to retain or delete. Your browser's LocalStorage data persists until you clear it. Invoice URLs remain functional indefinitely — they are self-contained and don't depend on any server-side storage.

Children's Privacy

VoidPay is not directed to children under 18. Cryptocurrency transactions require legal capacity to enter into contracts. We do not knowingly provide services to minors.

Changes to This Policy

If we change this policy, we'll update the "Last updated" date at the top of this page and commit the changes to our public GitHub repository. Since there's no account system, we cannot send you notifications — we recommend checking this page periodically.

Contact

Questions about privacy? We're happy to explain our architecture in more detail:

• Open an issue on GitHub
• @voidpay_xyz on Twitter