Privacy Policy

Last updated: February 16, 2026

This Privacy Policy describes how Case Distribution AI, Inc. doing business as Pylon AI ("Pylon," "we," "us," or "our") handles information when you use our APIs, website, and related services (the "Services").

1. Our Privacy-First Design

Pylon is built to be privacy-friendly by default:

• No accounts required. We don't collect names, emails, or personal information to use our APIs.
• No API keys. Authentication is handled via x402 payment — your wallet address is the only identifier.
• Stateless APIs. We do not store the content you submit (URLs, PDFs, images, HTML, etc.). Inputs are processed in memory and discarded after the response is returned.

2. Information We Collect

Automatically collected:

• Blockchain transaction data: Wallet addresses and payment amounts from x402 transactions. This data is already public on the Base blockchain.
• Server logs: IP addresses, request timestamps, API endpoints called, response codes, and request sizes. Logs are retained for up to 30 days for debugging and abuse prevention, then deleted.
• Website analytics: Standard web server logs (pages visited, referrer, browser type). We do not use third-party tracking cookies or analytics services.

We do NOT collect:

• Names, emails, phone numbers, or other personal identifiers
• The content of your API requests (URLs screenshotted, PDFs parsed, etc.) beyond what's needed to process the request
• Cookies for tracking or advertising purposes

3. How We Use Information

• Process and fulfill API requests
• Verify x402 payments
• Monitor for abuse, rate limiting, and security threats
• Debug errors and improve service reliability
• Generate aggregate, anonymized usage statistics

4. Information Sharing

We do not sell, rent, or share your information with third parties, except:

• x402 Facilitator: Payment verification is handled by the x402 facilitator service (x402.org), which sees transaction data that is already public on-chain.
• Infrastructure providers: Our servers run on Fly.io. Standard infrastructure provider data processing applies.
• Legal requirements: We may disclose information if required by law, subpoena, or court order.

5. Data Retention

• API request content: Not retained. Processed in memory and discarded.
• Server logs: Up to 30 days.
• Payment records: On-chain and permanent by nature of blockchain.

6. Security

We use industry-standard measures to protect our infrastructure, including HTTPS/TLS encryption for all API traffic, security headers, and regular monitoring. However, no system is 100% secure.

7. Children's Privacy

Our Services are not directed to children under 13. We do not knowingly collect information from children.

8. International Users

Our servers are located in the United States. By using the Services, you consent to the transfer and processing of data in the US.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date.

10. Contact

Questions? Reach us at @pylonx402 on Twitter or via GitHub.