Privacy Policy

Last updated: March 5, 2026

1. What We Collect

LivinCard collects the minimum data necessary to operate the service:

API key — a randomly generated identifier for your account (no email, name, or personal info)
Transaction history — date, merchant, amount, and status of purchases
Deposit records — USDT deposit amounts, network, and transaction hashes
Balance ledger — an append-only record of all balance movements

2. What We Do NOT Collect

No names, email addresses, or phone numbers
No IP address logging or device fingerprinting
No KYC or identity documents
No cookies or browser tracking on the documentation site

3. Card Data Handling

Prepaid card details (card number, CVV) are encrypted at rest using AES-256-GCM. Card details are never included in any API response, tool output, or log entry. They are only decrypted momentarily during server-side checkout automation and are never transmitted to users, AI agents, or third parties other than the merchant's payment processor.

4. AI Agent Interactions

When you use LivinCard through an AI assistant (Cursor, Claude, Gemini, ChatGPT), your messages to the AI are processed by the respective LLM provider (Anthropic, Google, OpenAI). LivinCard does not see or store your chat messages. Only structured tool calls (create account, check balance, make purchase) reach the LivinCard server.

5. Data Storage

All data is stored in a SQLite database on our server infrastructure (AWS EC2). The database is not shared with any third party. Card data is encrypted; all other data is stored in plaintext.

6. Data Retention

Account data and transaction history are retained for the lifetime of the account. There is currently no account deletion mechanism — contact us if you need your data removed.

7. Third-Party Services

LivinCard integrates with the following third-party services for deposit monitoring only:

Codex.io — EVM chain webhook notifications for deposit detection
Infura — EVM chain RPC backup for deposit polling
TRONGrid — TRON network polling for TRC-20 deposit detection

These services only receive blockchain addresses (public data) for monitoring purposes. No user data is shared.

8. Security

Card data: AES-256-GCM encryption at rest
Transport: HTTPS (TLS 1.2+) for all connections
API keys: 192-bit entropy, cryptographically random
Admin access: password-protected, separate from user API

9. Changes

We may update this policy as the service evolves. The "Last updated" date at the top reflects the most recent revision.

10. Contact

For privacy questions, visit livincard.xyz.