chest.sh
Documentation
OverviewSkill / MCP authorsAPI providersRunbooksReferencenpm packagesGlossaryPrivacy PolicyTerms of Service

Legal

Privacy Policy

How Chest Gate collects, uses, and shares information when you visit chest.sh, the dashboard, the hosted facilitator, or any other service operated by us.

Last updated April 25, 2026

1. Who we are

This Privacy Policy describes the privacy practices of Chest Gate (“Chest,” “we,” us,” or “our”) in connection with the chest.sh website, the Chest Gate dashboard, the hosted facilitator at gate.chest.sh, the Chest CLI, the open-source proxy, our developer documentation, and any related services (collectively, the “Service”).

This Policy applies to the Service. It does not apply to third-party websites, products, or services we do not operate, even if they integrate with the Service.

2. Scope and your acceptance

By accessing or using the Service, you acknowledge that you have read, understood, and agreed to the collection, processing, transfer, and disclosure of information described in this Policy. If you do not agree, do not use the Service.

3. Information we collect

We collect information in three ways: (a) information you give us; (b) information collected automatically when you use the Service; and (c) information we receive from third parties.

3.1 Information you provide

  • Account information. When you sign in we collect an email address, social-login identifier, or wallet address through our authentication provider, Privy. You may also choose to provide a display name, handle, payout wallet address, contact information, billing details, and profile content.
  • Deployment configuration. When you deploy a gate or configure a referrer, we collect the upstream URL, pricing, the referrer commission rate, webhook endpoints, slug, and any custom metadata you submit.
  • Communications. If you email us, open a support ticket, or contact us through any channel, we collect the contents of those communications.
  • Survey, beta, and feedback responses. If you participate in a survey, beta, interview, or community event, we collect what you submit.

3.2 Information collected automatically

  • Usage data. Pages viewed, links clicked, requests made through the dashboard, search queries inside the docs, error conditions, feature interactions, referring URL, and similar telemetry.
  • Device and connection data. IP address (which we use to derive coarse location at city or region granularity), browser type and version, operating system, device identifiers, language preference, and time-zone offset.
  • Cookies, local storage, and similar technologies. We use first-party cookies and browser storage to keep you signed in, remember preferences such as theme, and detect abuse. Some third-party services we rely on may set their own cookies as described in Section 6.
  • Service operation data. Logs of API requests routed through the hosted facilitator, including timestamps, response codes, latency, request size, error class, and the public wallet addresses appearing in attribution headers. Request and response bodies are not stored beyond what is necessary to operate, debug, and secure the Service.

3.3 On-chain information

Settlement events, distribute instructions, vault balances, fee constants, and the wallet addresses of merchants, referrers, and the protocol are written to and read from the Solana blockchain. We do not control this data, cannot delete it, and link it to your account only insofar as you have associated a wallet with your account.

3.4 Information from third parties

We may receive information about you from authentication providers (such as Privy and any social provider you authenticate through), wallet providers, blockchain RPC providers, fraud-prevention vendors, analytics providers, and partners you have explicitly authorized to share information with us.

4. How we use information

We use the information we collect to:

  • provide, operate, maintain, and improve the Service, including deploying gates, routing paid requests, computing splits, settling on-chain, and rendering dashboards;
  • process payments and earnings, reconcile on-chain settlement, and detect failed or anomalous transactions;
  • communicate with you about the Service, including security alerts, payout notifications, billing notices, product updates, and responses to your inquiries;
  • monitor, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms of Service or applicable law;
  • comply with legal obligations, respond to lawful government or regulatory requests, enforce contracts, and protect rights, safety, and property;
  • conduct research, analytics, and aggregated reporting in a form that does not identify you personally.

If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with a comparable framework, we process personal data on the following legal bases:

  • Performance of a contract. Processing necessary to deliver the Service you have requested.
  • Legitimate interests. Operating, securing, and improving the Service; preventing fraud and abuse; analytics; and direct communication about features you use.
  • Consent. Where required for non-essential cookies, marketing emails, or other processing for which we ask for your permission. You may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Legal obligation. Where processing is required to comply with applicable law.

6. How we share information

We do not sell personal information. We share information only as described below.

  • Service providers (subprocessors). We share information with vendors that perform services on our behalf, subject to confidentiality and data-protection commitments. These include, without limitation, infrastructure and hosting providers, authentication providers (Privy), Solana RPC and indexing providers, transactional email providers, customer support tools, error-monitoring tools, and analytics providers.
  • Solana network. Wallet addresses, amounts, and transaction metadata are written to the public Solana blockchain where they are visible to anyone.
  • Other users of the Service. Public information you choose to publish (such as a referrer profile, handle, or wallet address shown in the registry) is visible to other users.
  • Legal and safety. We may disclose information when we believe in good faith that disclosure is necessary to comply with applicable law, a regulatory request, a subpoena, a court order, or other legal process; to enforce our Terms; to protect our rights, property, or safety, or the rights, property, or safety of our users or the public; or to investigate fraud or security issues.
  • Business transfers. If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of assets, or similar transaction, information may be transferred as part of that transaction. We will notify you and require any successor to honor this Policy.
  • With your direction. We share information when you direct us to do so, including by connecting integrations.

7. International data transfers

We may transfer, store, and process information in countries other than the one in which you reside, including the United States and countries in which our service providers operate. These jurisdictions may have data-protection laws that differ from those in your jurisdiction. Where required, we use lawful transfer mechanisms such as standard contractual clauses.

8. Data retention

We retain personal information for as long as necessary to provide the Service, comply with our legal obligations (including tax, audit, and accounting), resolve disputes, and enforce our agreements. Retention periods vary by data type and are determined based on the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data, and applicable legal requirements. On-chain data is permanent and outside our control.

9. Your rights and choices

Depending on where you live, you may have rights with respect to personal information we hold about you, including the right to access, correct, port, restrict, object to, or request deletion of that information. You may also have the right to withdraw consent and to lodge a complaint with a supervisory authority.

To exercise any of these rights, contact us at chest.sh/contact. We will respond within the timeframe required by applicable law. We may need to verify your identity before acting on a request and may decline the request to the extent permitted by law (for example, where the request would conflict with on-chain immutability or with our obligation to retain records).

9.1 Australian residents

We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) where applicable. You may request access to or correction of personal information we hold about you, and you may complain about how we handle your personal information by contacting us through chest.sh/contact. We will respond to your complaint within a reasonable time. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au. We will notify affected individuals and the OAIC of any eligible data breach in accordance with the Notifiable Data Breaches scheme.

9.2 California residents

If you are a California resident, you have the rights described above and additional rights under the California Consumer Privacy Act (as amended by the CPRA), including the right to know what categories of personal information we collect, the right to delete, the right to correct inaccurate information, and the right to opt out of the sale or sharing of personal information. We do not sell personal information and do not knowingly share personal information for cross-context behavioral advertising.

9.3 Marketing communications

You can opt out of marketing emails at any time by following the unsubscribe link in any such email. Operational communications (security alerts, payout notifications, terms updates) cannot be opted out of while you maintain an account.

10. Security

We use administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These include encryption in transit, restricted access to production systems, audit logging, and regular review of access controls. No method of transmission or storage is completely secure, and we cannot guarantee the absolute security of your information.

11. Self-custody and wallet security

Chest Gate operates on a self-custody model. You control the private keys that authorize transactions on your behalf, and we never have custody of, or the ability to spend, the cryptocurrency held in your wallet. You are solely responsible for safeguarding your private keys, recovery phrases, and any device or account that can authorize transactions.

12. Children

The Service is not directed to children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, contact us and we will take steps to delete it.

The Service may contain links to, or integrate with, third-party websites or services that we do not operate. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third party before you provide them with information.

14. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will provide notice through the Service or by another appropriate means. The “Last updated” date at the top of this page indicates when the Policy was most recently revised. Your continued use of the Service after the effective date of an updated Policy constitutes your acceptance of the revised Policy.

15. Contact

Questions, requests, or complaints about this Policy or our privacy practices can be sent to chest.sh/contact.