1ShotAPI logo

1SHOT API, INC. PRIVACY POLICY

Effective Date: December 17, 2025

This Privacy Policy describes how 1Shot API, Inc. ("1ShotAPI", "we", "us", or "our") collects, uses, discloses, and retains personal information when you:

  • visit our websites, including https://www.1shotapi.com and any 1ShotPay-branded sites we operate (the "Sites");
  • use our developer dashboard, APIs, SDKs, webhooks, and related tools (the "1ShotAPI Service"); and/or
  • use 1ShotPay, including paylinks, QR codes, payment request pages, Gift Cards, yield features, and related user experiences and APIs (the "1ShotPay Service").

The 1ShotAPI Service and the 1ShotPay Service are together referred to as the "Services".

This Privacy Policy is incorporated by reference into, and should be read together with, our Terms of Service for 1ShotAPI and any supplemental terms that apply to 1ShotPay (collectively, the "Terms"). If there is a conflict between this Privacy Policy and the Terms regarding privacy, this Privacy Policy controls. Capitalized terms not defined here have the meanings given in the Terms.

1ShotAPI is a developer infrastructure company. We design the Services to process only the information reasonably necessary to operate a reliable onchain automation and payments platform. We do not sell personal information or share personal information with third parties for their independent marketing purposes.

If you have questions, contact us at [email protected].

1. Overview

1.1 Audience and Scope

  • 1ShotAPI is aimed at developers and businesses.
  • 1ShotPay is aimed at consumers and also may be used by merchants, creators, and other payees to request or receive payments.

Personal information is collected and used mainly for:

  • creating and managing accounts;
  • enabling payments, payment requests, Gift Cards, wallet features, and optional yield features;
  • running, maintaining, and securing the Services and related infrastructure;
  • preventing fraud and abuse; and
  • complying with legal obligations (including sanctions, export controls, tax/accounting recordkeeping, and lawful requests).

1.2 No Sale of Personal Information

We do not sell personal information. We also do not share personal information with third parties for their independent marketing purposes.

2. Information We Collect

The information we collect depends on whether you are using 1ShotAPI (developer product), 1ShotPay (consumer product), or both.

2.1 Account and Contact Information

When you create an account, request support, or contact us, you may provide:

  • name (optional) and/or username or handle;
  • email address;
  • phone number (optional, if enabled for 1ShotPay account recovery or security);
  • billing-related details (if you purchase a paid plan or pay fees); and
  • any information you include in communications with us (support requests, feedback, emails, or chats).

If password-based login is used, we store a hashed version of the password, not the plain text. When single sign-on is used, the identity provider may share basic profile information such as name and email.

You should not submit sensitive categories of data (such as health, race, religion, or political opinions) through the Services.

2.2 Identity, Verification, and Compliance Information (If Applicable)

We may collect limited information to comply with law, enforce our Terms, or mitigate fraud and abuse. Depending on the feature and jurisdiction, this may include:

  • sanctions screening results and related compliance flags;
  • fraud and risk signals (for example, device risk indicators); and
  • information required to respond to legal requests.

Important: 1ShotAPI does not necessarily conduct KYC for all users. Where identity verification is performed, it may be performed by third-party service providers under their own policies, and we may receive a confirmation or risk result rather than full documentation.

2.3 Technical and Usage Information

To run and secure the Services, we log certain technical information when you use the Sites, dashboard, or APIs. This may include:

  • IP address, browser or client type, and timestamps;
  • device identifiers and operating system information (where available);
  • pages viewed and actions taken in the Sites or apps;
  • which endpoints are called and with what result (for example, HTTP status codes);
  • API key or token identifiers (for example, key IDs, not full secret values);
  • error messages, crash reports, and performance metrics; and
  • approximate location (such as country or region) inferred from IP address.

Approximate location may be used for security, abuse detection, and compliance with sanctions/geofencing rules, not for precise location tracking.

2.4 Onchain, Payments, and Wallet Data

As an onchain automation and payments platform, the Services process blockchain-related data, which may include:

  • public wallet addresses and smart contract addresses used with the Services;
  • network/chain identifiers and related configuration;
  • token/asset identifiers (for example, USDC and other supported Digital Assets);
  • transaction hashes, receipts, logs, and confirmation status;
  • payment request details (for example, Paylinks/QR codes and encoded parameters such as destination address, chain, asset, and amount);
  • metadata you provide (for example, labels, notes, memos, or descriptions); and
  • webhook payloads and event notifications.

Much of this information is publicly available onchain. We may index, display, or reference it for user experience, monitoring, safety, support, and compliance purposes. We cannot alter or delete public blockchain records.

2.5 1Shot-Managed Wallets, Smart Accounts, and Signing Material

Some Services may involve the creation and operation of smart accounts or other wallets that are orchestrated or managed through our infrastructure. To sign and broadcast transactions from those accounts, the system may generate and store private keys or equivalent signing material.

Such signing material is used only to provide and secure the Services, including executing transactions that you or your integrations initiate. It is treated as highly sensitive and protected with appropriate technical and organizational measures. Access is limited to systems and personnel that need it to operate or secure the Services.

You should not send private keys, seed phrases, or recovery phrases for your own self-custodial wallets to 1ShotAPI, and such information should never be pasted into tickets, chats, emails, or forms.

2.6 Passkeys and Authentication Data (Including for 1ShotPay)

1ShotPay may support creating and accessing wallets using passkeys (a passwordless authentication method that uses device-based security like Face ID, fingerprint, or PIN). Passkeys generally rely on cryptographic keys designed not to leave your device and may be synced via your operating system or cloud keychain provider.

We may process:

  • passkey credential identifiers and associated public keys;
  • authentication events and security logs; and
  • device and session information needed to operate passkey login.

We do not receive or store your passkey's private key.

2.7 Yield Feature Data (If You Opt In)

If you opt into yield features (for example, routing idle balances to Aave or similar protocols), we may process information needed to provide those features, such as:

  • which yield option(s) you enable and related preferences;
  • balances and transaction activity relevant to deposits/withdrawals;
  • protocol interaction data (for example, onchain transactions interacting with DeFi smart contracts); and
  • net yield rates displayed in the UI and related calculation metadata.

2.8 Cookies and Similar Technologies

The Sites and dashboard may use cookies or similar technologies to:

  • keep you signed in and maintain session state;
  • remember preferences; and
  • understand Service performance and reliability (for example, basic analytics and error monitoring).

Where required by law, we will obtain consent for non-essential cookies. You can usually control cookies through your browser settings.

3. How We Use Information

We use the information described above for the following purposes:

  • Operating the Services: creating accounts, authenticating access (including passkeys), enabling payments and payment requests, executing configured workflows and API calls, maintaining logs, and providing dashboards and user experiences.
  • Security and fraud prevention: protecting wallets and signing infrastructure, detecting suspicious activity, rate-limiting abusive traffic, enforcing technical and usage limits, and investigating security incidents.
  • Communications: sending verification messages, security alerts, product updates, billing notices, and responding to support requests.
  • Product improvement: diagnosing errors, monitoring reliability, understanding feature usage, and improving functionality and performance.
  • Legal compliance and enforcement: complying with applicable laws (including sanctions and export controls), responding to lawful requests, maintaining records for tax/accounting purposes, and enforcing our Terms.
  • Business operations: internal administration, audits, reporting, and corporate governance.

We do not use personal information to build behavioral advertising profiles and we do not sell personal information.

4. Legal Bases for Processing (EEA/UK)

For individuals in the European Economic Area ("EEA") or the United Kingdom, we process personal data on the following legal bases, as applicable:

  • Performance of a contract: to provide the Services and manage your account.
  • Legitimate interests: to operate a secure and reliable platform, prevent abuse and fraud, and improve the Services.
  • Compliance with legal obligations: such as sanctions, export controls, and recordkeeping.
  • Consent: where required (for example, certain marketing communications or non-essential cookies). You can withdraw consent at any time.

5. How We Share Information

We may share information in limited circumstances:

5.1 Service Providers

We use third-party providers for functions such as hosting, infrastructure, analytics, error tracking, email delivery, customer support tooling, and payment processing. These providers are permitted to use personal information only to provide services to 1ShotAPI and are contractually required to protect it.

5.2 Third-Party Integrations and Links

If you choose to use third-party integrations (for example, workflow tools, wallet providers, onramps/offramps, or DeFi protocols), your interactions with those services are governed by their terms and policies. We may transmit limited information as needed to enable your requested integration (for example, routing a request, displaying an onramp, or constructing a transaction for signing).

5.3 Business Transactions

If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction. Any successor will be asked to honor this Privacy Policy or a substantially similar one.

5.4 Legal and Safety

We may disclose information if required by law or valid legal process, or if reasonably necessary to enforce legal rights, respond to claims, investigate fraud, or protect the safety of users or the public.

We do not share personal information with third parties for their independent advertising or profiling.

6. International Transfers

The Services are operated from the United States and may be supported by infrastructure in other countries. When personal data is transferred from regions with specific data-transfer rules (such as the EEA or UK) to countries that may not have equivalent protection, we use appropriate safeguards where required (for example, standard contractual clauses and additional technical measures).

7. Retention

We retain information only as long as reasonably necessary for the purposes described in this Privacy Policy, including:

  • for as long as an account is active and for a reasonable period afterward for dispute resolution, auditing, and security;
  • for periods required by law for tax, accounting, or regulatory reasons; and
  • as long as reasonably necessary to investigate and prevent abuse, fraud, or attacks.

When information is no longer needed, we delete or anonymize it where reasonably possible. Onchain data itself cannot be deleted from public blockchains.

8. Security

We maintain reasonable technical and organizational measures to protect information processed by the Services, including encryption in transit, access controls, and monitoring of critical systems.

No system is perfectly secure. You are responsible for using strong, unique passwords (if applicable), protecting your API keys and device access, safeguarding your passkeys and wallet credentials, and rotating credentials promptly if compromise is suspected.

9. Children

The Services are not intended for children under 18. We do not knowingly collect personal information from individuals known to be under 18. If we learn we have collected such information, we will take reasonable steps to delete it. Concerns can be raised at [email protected].

10. Your Rights and Choices

Depending on where you live, you may have rights regarding your personal information, including the right to:

  • access the information held about you;
  • request correction of inaccurate information;
  • request deletion in certain circumstances;
  • restrict or object to certain processing; and
  • receive a copy of your data in a portable format, where applicable.

Requests can be sent to [email protected]. We may need to verify your identity before fulfilling a request. We may retain certain information as required by law or where there is a compelling legitimate interest (for example, security and fraud prevention).

Individuals in the EEA/UK also have the right to lodge a complaint with their local data protection authority.

10.1 U.S. State Privacy Disclosures (If Applicable)

If you are a resident of a U.S. state with a comprehensive privacy law (for example, California, Colorado, Connecticut, Utah, Virginia, and others), you may have additional rights, including the right to appeal certain decisions. To exercise your rights, contact [email protected].

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

11. Do Not Track

There is no widely accepted standard for responding to "Do Not Track" signals. The Sites do not currently respond to Do Not Track signals. If standards emerge and we adopt them, we may update this Privacy Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Effective Date" at the top reflects the latest revision. Where changes are material, we may provide additional notice (for example, by email or a notice in the dashboard or app).

Your continued use of the Services after an updated version takes effect will be treated as acceptance of the updated Privacy Policy.

13. Contact

Questions, concerns, or requests regarding this Privacy Policy can be sent to:

Email: [email protected]

Postal address:
1Shot API, Inc.
2108 N ST # 4922
Sacramento, CA 95816