Privacy Policy

Last updated: June 25, 2026

This Privacy Policy describes how Yeetful Inc. (“Yeetful,” “we”) handles information when you use the Yeetful website, dashboard, SDK, and APIs (the “Service”). By using the Service you agree to this policy. It works alongside our Terms of Service.

1. Information we collect

Wallet & on-chain data. Your public wallet address, the Sign-In With Ethereum signatures you produce, and the on-chain payment records (amounts, counterparties, transaction hashes) generated when your agent pays for calls. Blockchain data is public and permanent by design.

Sign-in & account data.When you sign in or create an embedded wallet, authentication is handled by Coinbase Developer Platform (“CDP”). Depending on the method, we or CDP receive: your email address (email sign-in), or basic profile details from Google or Xsingle sign-on (such as your name, email, and a provider account identifier). We never receive your Google, X, or wallet password, and the embedded wallet’s private keys are held in CDP’s secure infrastructure, not by us.

Usage & ledger data. Chats and messages you create, API key metadata (we store only a hash of each secret, never the secret itself), spend grants and approvals, organizations and members, and receipts for settled and refused calls.

Technical data. Server and request logs, a secure httpOnly session cookie for signed-in sessions, and aggregate, privacy-preserving analytics about site usage.

2. Single sign-on (Google, X) and email

Social sign-in (“SSO”) and email sign-in are provided through Coinbase CDP’s embedded-wallet authentication. When you choose “Continue with Google” or “Continue with X,” you authenticate with that provider, which returns a limited set of profile information (typically email, name, and an account identifier) used to create or sign you into your Yeetful embedded wallet. We use this only to authenticate you, create your account, and contact you about the Service. We do not post to your social accounts or access your contacts. Your use of Google or X is also governed by their own privacy policies, and your use of the embedded wallet by Coinbase’s privacy policy. You can use a self-custodied wallet instead if you prefer not to use SSO or email.

3. How we use information

• provide, operate, and secure the Service and your account;
• enforce spend controls and produce receipts and ledgers;
• route calls to third-party services you select or that the engine selects;
• prevent fraud, abuse, and security incidents, and comply with law;
• understand usage in aggregate and improve the Service;
• send you transactional or service-related messages.

4. How information is shared

We share information only as needed to run the Service:

• Service providers / processors — including Coinbase CDP (authentication, embedded wallets), our database and hosting providers, email delivery, inference/data providers, and analytics. They process data on our behalf under their terms.
• Third-party MCP services — when your agent or the routing engine calls a service, the request you send is transmitted to that service, which handles it under its own policies.
• Public blockchain — payment transactions are written to a public ledger and are visible to anyone and effectively permanent.
• Legal & safety — when required by law or to protect rights, safety, and the integrity of the Service.
• Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this policy.

We do not sell your personal information.

5. On-chain data is public and permanent

Wallet addresses and transactions on the Base network are public and cannot be deleted or altered by us or anyone else. The public activity surface shows network payments in an anonymized, aggregate form (wallets truncated, refusals shown only in aggregate), but the underlying chain data remains public. Consider this before transacting.

6. Cookies and sessions

We use a strictly-necessary, httpOnly session cookie to keep you signed in after a Sign-In With Ethereum signature, and privacy-preserving analytics. We do not use third-party advertising cookies.

7. Data retention

We keep information for as long as your account is active or as needed to provide the Service, then for the period required to meet legal, security, and accounting obligations. On-chain records cannot be deleted.

8. Your choices and rights

Depending on where you live, you may have rights to access, correct, export, or delete personal information, or to object to or restrict certain processing. You can disconnect your wallet, revoke API keys, delete chats, and request deletion of account data by contacting us. We will honor applicable requests, except where data must be retained by law or exists immutably on-chain.

9. Security

We use reasonable technical and organizational measures to protect information (for example, storing only hashes of API key secrets and keeping sessions in httpOnly cookies). No method of transmission or storage is perfectly secure, and you are responsible for safeguarding your wallet and credentials.

10. Children

The Service is not directed to, and may not be used by, anyone under 18. We do not knowingly collect information from children.

11. International users

We and our providers may process information in countries other than yours, which may have different data-protection laws. Where required, we rely on appropriate safeguards for such transfers.

12. Changes

We may update this policy; we will revise the date above and, for material changes, provide additional notice where appropriate.

13. Contact

Privacy questions or requests: [privacy@yeetful.com].