Privacy Policy
Privacy Policy
Last updated: June 20, 2026
This Privacy Policy explains how Decaputin, available at decaputin.com, handles information when you access or use the Interface.
Decaputin is designed to minimize personal data collection.
The Interface does not use traditional user accounts, usernames, passwords, email-based login, newsletter signups, advertising trackers, Google Analytics, or non-essential tracking cookies.
Decaputin has a contact form that may ask for a name and email address so that Decaputin can receive and respond to messages.
What Decaputin Does Not Collect
Except where you voluntarily submit information through the contact form, Decaputin does not ask you to provide:
- your legal name;
- your email address;
- your postal address;
- your phone number;
- a password;
- a traditional user profile;
- payment card details;
- bank account details.
Decaputin does not provide fiat payments, card payments, bank payments, custodial wallets, or internal account recovery.
Contact Form
If you use the contact form, Decaputin may collect the information you choose to submit, such as:
- your name;
- your email address;
- your message;
- technical metadata related to the form submission, such as timestamp and anti-spam or security data.
This information is used only to receive, manage, and respond to your request, and to protect the contact form from spam, abuse, or technical misuse.
Do not submit sensitive personal information through the contact form.
Contact form submissions may be processed by Decaputin’s hosting or form-handling infrastructure providers.
Nostr Public Keys
Decaputin uses Nostr credentials for login, ownership, claims, listings, purchases, sales, and Sign Ownership actions.
The Interface may process and store your Nostr public key, such as an npub, and related public or project ownership records.
Decaputin does not request, collect, store, manage, or recover your Nostr private key, such as an nsec.
Your private key is handled by your chosen Nostr signer, browser extension, remote signer, wallet, or other compatible tool.
You are responsible for keeping your private keys secure.
Lightning Payments
Decaputin uses Lightning payments in sats.
When you claim or buy a Head, the Interface may process payment-related technical data, including:
- Lightning invoices;
- payment amounts in sats;
- payment hashes;
- preimages, where required for project verification;
- invoice status;
- payment timestamps;
- Head identifiers linked to the payment;
- buyer or claimant Nostr public keys;
- seller Lightning addresses for marketplace payouts.
Decaputin does not collect credit card numbers, bank details, or fiat payment information.
Lightning payments may involve third-party wallets, payment infrastructure, or service providers outside Decaputin’s control.
Heads, Ownership, and Public Records
When you generate, claim, buy, sell, list, or sign ownership of a Head, Decaputin may process project data such as:
- Head identifiers;
- image and metadata references;
- ownership status;
- Nostr public keys;
- claim status;
- listing status;
- sale status;
- price, value, and floor price data;
- payment hash and related verification data;
- timestamps;
- public or attempted Nostr events.
Some of this data may be displayed publicly on Decaputin or published, attempted to be published, indexed, copied, or stored through Nostr relays or other public infrastructure.
Nostr-related data may remain available outside Decaputin even if it is removed from the Interface.
Technical Data and Server Logs
Like most websites, Decaputin and its infrastructure providers may process technical data necessary to operate, secure, debug, and maintain the Interface.
This may include:
- IP address;
- browser and device information;
- request timestamps;
- pages or resources requested;
- error logs;
- security logs;
- basic session or anti-abuse signals.
This data is used for technical operation, security, debugging, abuse prevention, fraud prevention, and service reliability.
Cookies and Local Storage
Decaputin does not use advertising cookies, tracking cookies, Google Analytics cookies, or third-party marketing cookies.
The Interface may use strictly necessary technical cookies, local storage, or similar browser storage only where needed for core functionality, such as:
- keeping basket or session state;
- remembering a generated Head during the session claim window;
- supporting Nostr login state;
- preventing abuse;
- maintaining basic Interface functionality;
- supporting the contact form and protecting it from spam or misuse, where technically required.
These technologies are not used for advertising or cross-site tracking.
Because Decaputin currently uses only technical storage required for the service, Decaputin does not currently provide a cookie consent banner.
If Decaputin later adds analytics, advertising, marketing cookies, third-party tracking, or other non-essential technologies, this Policy will be updated and any required consent mechanism will be added.
Third-Party Infrastructure
Decaputin may rely on third-party or public infrastructure to operate the Interface, including:
- hosting and deployment providers;
- form-handling providers;
- database and storage providers;
- image/CDN providers;
- Lightning payment infrastructure;
- Nostr relays;
- Nostr signers, browser extensions, or remote signing tools chosen by the user.
These services may process technical data according to their own policies and technical design.
Decaputin does not control Nostr relays, Lightning wallets, browser extensions, remote signers, or other tools chosen by the user.
Why Data Is Processed
Decaputin processes data only as reasonably necessary to:
- operate the Interface;
- generate and display Heads;
- process claims and purchases;
- process marketplace listings and sales;
- verify Lightning payments;
- support Sign Ownership and Nostr event publication;
- maintain ownership and project records;
- receive and respond to contact form messages;
- prevent abuse, fraud, spam, and technical misuse;
- debug and improve reliability;
- comply with applicable legal obligations.
Legal Bases
Where applicable data protection law requires a legal basis, Decaputin may rely on:
- performance of a contract, where processing is necessary to provide the Interface, claims, purchases, listings, sales, and related features;
- legitimate interests, including operating, securing, debugging, and improving the Interface, preventing abuse, and responding to contact requests;
- legal obligations, where retention or disclosure is required by applicable law;
- consent, where you voluntarily submit information through the contact form or if Decaputin later introduces optional features that require consent.
Data Retention
Decaputin keeps data only for as long as reasonably necessary for the purposes described in this Policy, including:
- operating the Project;
- maintaining ownership and payment records;
- security and anti-abuse controls;
- technical debugging;
- responding to contact requests;
- dispute handling;
- legal compliance.
Contact form messages may be retained for as long as reasonably necessary to respond to the request and maintain appropriate records, unless longer retention is required for legal, security, or dispute purposes.
Some public Nostr events, relay data, or third-party public records may persist independently of Decaputin and may not be removable by Decaputin.
Data Sharing
Decaputin may share or make data available where necessary to:
- operate hosting, form-handling, database, storage, CDN, and infrastructure services;
- process Lightning payments and verify payment status;
- publish or attempt to publish Nostr events;
- receive and manage contact form submissions;
- prevent abuse, fraud, spam, or technical attacks;
- comply with applicable law or lawful requests;
- protect the Project, users, infrastructure, or legal rights.
Decaputin does not sell personal data for advertising purposes.
International Processing
Decaputin, its infrastructure providers, Nostr relays, Lightning payment infrastructure, and user-selected tools may process data in different countries.
By using a public and experimental protocol-based Interface, you understand that data may be processed, copied, relayed, or stored across multiple jurisdictions.
Your Rights
Depending on applicable law, you may have rights to access, correct, delete, restrict, object to, or receive a copy of certain personal data.
You may contact Decaputin at the address below to make a privacy request.
Please note that Decaputin may not be able to modify or delete data that:
- is stored on public Nostr relays or third-party systems outside Decaputin’s control;
- is necessary to maintain ownership, payment, sale, or claim integrity;
- must be retained for legal, security, anti-abuse, or dispute purposes;
- is technically required to preserve Project records.
Security
Decaputin uses reasonable technical and organizational measures appropriate to the nature of the Interface.
However, no online system, wallet, relay, signer, browser extension, payment network, public protocol, or contact form is completely secure.
You use Decaputin, Nostr, Lightning, and related tools at your own risk.
Children
Decaputin is not intended for children.
You must not use Decaputin if you are not legally allowed to use the Interface, make Lightning payments, or enter into these Terms under the laws applicable to you.
Changes to This Policy
Decaputin may update this Privacy Policy from time to time.
Updated versions will be posted on the Interface with a revised “Last updated” date.
Your continued use of Decaputin after an updated Privacy Policy is posted means that you accept the updated Policy.
Contact
For privacy questions or requests, contact: