Peer Privacy Policy
Last updated: April 15, 2026
This Privacy Policy (the “Policy”) describes how P2P Labs Inc. (“P2P Labs,” the “Company,” “we,” “us,” or “our”) collects, uses, and shares data in connection with the Peer web app (app.peer.xyz), the Peer marketing site (peer.xyz), our mobile apps, the Peer Chrome extension, and all of our other properties, products, and services (the “Services”). Your use of the Services is subject to this Policy as well as our Terms of Service. This Privacy Policy describes our policies and procedures on the collection, use, and disclosure of your information when you use the Services and tells you about your privacy rights and how the law protects you.
High Level Summary
- Peer consists of a set of smart contracts deployed on Layer 1 and Layer 2 chains, a web app at app.peer.xyz, a marketing site at peer.xyz, mobile apps, and a Chrome extension used for provider metadata capture and payment verification flows.
- We do not sell user data. We do not use user data for personalized advertising, retargeting, data brokerage, or creditworthiness decisions.
- We do not require users to provide personal details just to install the extension, install a mobile app, or access the basic Services.
- Some optional authentication features may require limited account information to be collected, such as an email address, linked wallet address, or phone number. If you choose phone-number-based authentication where available, your phone number may be collected and used to send a one-time verification code, verify your identity, maintain your authenticated session, and help secure your account.
- We enable user-initiated payment metadata capture, verification, and related funding flows through our apps and extension. Only data explicitly approved by the user is used for those flows, and the extension is designed to apply provider-specific metadata templates so that only the data needed to verify the selected payment is used.
- The extension does not persist saved extension state. Active metadata capture state is held in memory for the current user-initiated flow and is cleared when that flow ends, the provider tab closes, or the browser restarts.
- When you start user-initiated metadata capture, verification, registration, authentication, or support flows, limited data may be transmitted to the services needed to complete the requested feature.
- Any material changes to privacy will be reflected in an updated privacy policy and posted to peer.xyz.
Data We Collect
Privacy is central to everything we do at the Company. And we’ve enshrined transparency as one of our Company values. Accordingly, we aspire to be transparent about what data we do collect. We do not require users to create accounts or provide personal details such as first name, last name, street address, date of birth, or email address simply to access the basic Services. Certain features may support optional authentication where needed, which may involve limited account information such as an email address or phone number.
Outside user-initiated metadata capture, verification, registration, authentication, and support flows, the extension does not ask for or intentionally collect direct personal details such as your home address, date of birth, government ID, contacts, photo library, microphone audio, camera input, or precise location.
If we receive any communications and information you provide directly to us via email, customer support, social media, or another support channel (such as Twitter or Telegram), or when you participate in any surveys or questionnaires, that data may be persisted on our servers.
If you choose to authenticate with the Services, link an account, or use an authentication provider, we and our authentication providers may collect and process the information needed to create, maintain, and secure that authenticated account or session. This may include your email address, phone number where phone authentication is available and used, linked wallet address, authentication provider identifiers, verification status, and session-related metadata. If you authenticate using a phone number, that phone number may be used to send a one-time verification code, verify your identity, prevent fraud or abuse, and support account security and recovery.
If you specifically provide us with information such as payment verification payloads, metadata, or debug data, we may use that information for the purposes described when you provide it to us. We do not use that information for personalized advertising or sale.
If telemetry is enabled in the build you are using, we may collect error logs or debugging information to help identify and fix issues in payment verification or related product flows. For this, we may use third-party analytics tooling (e.g., PostHog). We only collect limited technical details needed for troubleshooting, such as extension version, runtime context, performance or verification status, non-sensitive error messages, or similar technical diagnostics. Telemetry is not used for advertising or sale.
If you use the Services as a seller, you may choose to provide publicly identifiable payment details (e.g., your Venmo handle, Cash App tag, or similar identifiers) so that buyers can send you payments. These identifiers may be stored on our servers to improve user experience. You may request that we remove this information at any time by contacting us at team@zkp2p.xyz.
Extension and App-Specific Data Practices
The following additional practices apply to the Peer Chrome extension and to app features that support payment metadata capture, verification, registration, authentication, or support and debug flows.
- The extension does not store proof history, approved connected website origins, extension settings, or flow state. It keeps active capture state in memory only for the current user-initiated flow.
- When you choose to use metadata capture, verification, or registration features, the extension or app may process payment or provider data you approve and authentication or session data where needed for the requested feature.
- Some user-initiated features require limited data to be sent to our verification, authentication, analytics, or support providers so the requested action can be completed. We do not use that data for personalized advertising or sale.
- If you use optional phone-number-based authentication where available, the phone number and related authentication metadata may be processed by us and our authentication provider solely to deliver login codes, verify identity, maintain the authenticated session, protect account security, and prevent fraud or abuse.
- The extension injects content scripts on HTTPS pages so supported provider pages and Peer pages can interact with the extension during user-initiated metadata capture and verification flows. Third-party websites cannot use the extension outside those supported flows.
- We do not sell browsing history or use browsing activity for advertising. Page and request data are accessed only to capture provider metadata and complete the user-initiated verification flow.
- You can end a provider verification flow by closing the provider tab or browser. Active in-memory extension capture state is cleared when the flow completes, the provider tab closes, or the browser restarts. Support or debug data is sent only if you choose to provide it.
How We Use Data
We use the data we collect in accordance with your instructions, including any applicable terms in our Terms of Service, and as required by law. We may also use data for the following purposes:
- Providing the Services. We use the data we collect to provide, maintain, customize and improve our Services and features of our Services.
- Payment metadata capture, verification, and registration. We use extension-collected payment or provider metadata and verification payloads only to verify the selected payment, validate the requested registration or verification, and complete the related order flow.
- Customer support. We may use information to provide customer support for and answer inquiries about the Services.
- Authentication and account security. We may use your email address, phone number where phone authentication is available and used, linked wallet address, and related authentication metadata to authenticate you, send one-time passcodes, maintain your authenticated session, protect your account, detect and prevent fraud or abuse, and support account recovery and security.
- Safety and security. We may use data to protect against, investigate, and stop fraudulent, unauthorized, or illegal activity. We may also use it to address security risks, solve potential security issues such as bugs, enforce our agreements, and protect our users and Company.
- Legal compliance. We may use the information we collect as needed or requested by regulators, government entities, and law enforcement to comply with applicable laws and regulations.
- Aggregated data and technical diagnostics. We may use some of the information we collect or access to compile aggregated data that helps us learn more about how users use the Services and where we can improve your experience, and to improve reliability and troubleshooting.
How We Share Data
We may share or disclose the data we collect:
- With service providers. We may share your information with our service providers and vendors to assist us in providing, delivering, and improving the Services. Depending on the feature, this may include verification, authentication, analytics, support, and technical infrastructure providers, such as Peer / P2P Labs operated services, Privy, PostHog, Alchemy, Infura, and Cloudflare. For example, if you use optional authentication, we may share your email address, phone number where phone authentication is available and used, linked wallet address, and related authentication metadata with the provider handling authentication so it can send login codes, verify your identity, maintain your account, and secure authenticated sessions.
- To comply with our legal obligations. We may share your data in the course of litigation, regulatory proceedings, compliance measures, and when compelled by subpoena, court order, or other legal procedure. We may also share data when we believe it is necessary to prevent harm to our users, our Company, or others, and to enforce our agreements and policies, including our Terms of Service.
- Safety and Security. We may share data to protect against, investigate, and stop fraudulent, unauthorized, or illegal activity. We may also use it to address security risks, solve potential security issues such as bugs, enforce our agreements, and protect our users, Company, and ecosystem.
- Business changes. We may transfer or share data to another entity in the event of a merger, acquisition, bankruptcy, dissolution, reorganization, asset or stock sale, or other business transaction.
- With your consent. We may share your information any other time you provide us with your consent to do so.
- We do not share your information with any third parties for any marketing purposes whatsoever.
Chrome Web Store Limited Use Statement
Our use of user data is limited to providing and improving the user-facing features described in this Privacy Policy. We do not use or transfer user data for personalized advertising, sale, or data brokerage. Our use of user data complies with the Chrome Web Store User Data Policy, including the Limited Use requirements.
Third Party Cookies
On peer.xyz and other web or app surfaces where applicable, we may use services provided by Google and other third parties that use tracking technology such as cookies, deviceID, and localStorage, to collect information about your use of the Services and our interactions with you. You can opt out of having your online activity and device data collected through these third-party services, including by:
- Blocking cookies in your browser by following the instructions in your browser settings. For more information about cookies, including how to see the cookies on your device, manage them, and delete them, visit www.allaboutcookies.org.
- Blocking or limiting the use of your advertising ID on your mobile device through the device settings.
- Using privacy plug-ins or browsers. Certain browsers and browser extensions can be configured to block third-party cookies and trackers.
- Using the platform opt-out provided by Google at https://adssettings.google.com. You can learn more about how Google uses your information by reviewing Google’s privacy policy at https://policies.google.com/privacy.
- Using advertising industry opt-out tools on each device or browser where you use the Services, available at http://optout.aboutads.info and http://optout.networkadvertising.org.
Third-Party Links and Sites
We may integrate technologies operated or controlled by other parties into parts of the Services. For example, the Services may include links that hyperlink to websites, platforms, and other services not operated or controlled by us. Please note that when you interact with these other parties, including when you leave the Site, those parties may independently collect information about you and solicit information from you. You can learn more about how those parties collect and use your data by consulting their privacy policies and other terms.
Security
We implement and maintain reasonable administrative, physical, and technical security safeguards to help protect data from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of information about you. You are responsible for all of your activity on the Services, including the security of your blockchain network addresses, cryptocurrency wallets, and their cryptographic keys.
Age Requirements
The Services are intended for a general audience and are not directed at children. We do not knowingly receive personal information (as defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) from children. If you believe we have received personal information about a child under the age of 18, please contact us at team@zkp2p.xyz.
Additional Notice to California Residents (“CCPA Notice”)
The California Consumer Privacy Act of 2018 (“CCPA”) requires certain businesses to provide a CCPA Notice to California residents to explain how we collect, use, and share their personal information, and the rights and choices we offer California residents regarding our handling of their information.
Privacy Practices. We do not “sell” personal information as defined under the CCPA. Please review the “How We Share Data” section above for further details about the categories of parties with whom we share information.
Privacy Rights. The CCPA gives individuals the right to request information about how we have collected, used, and shared your personal information. It also gives you the right to request a copy of any information we may maintain about you. You may also ask us to delete any personal information that we may have received about you. Please note that the CCPA limits these rights, for example, by prohibiting us from providing certain sensitive information in response to access requests and limiting the circumstances under which we must comply with a deletion request. We will respond to requests for information, access, and deletion only to the extent we are able to associate, with a reasonable effort, the information we maintain with the identifying details you provide in your request. If we deny the request, we will communicate the decision to you. You are entitled to exercise the rights described above free from discrimination. Submitting a Request. You can submit a request for information, access, or deletion to team@zkp2p.xyz.
Identity Verification. The CCPA requires us to collect and verify the identity of any individual submitting a request to access or delete personal information before providing a substantive response.
Authorized Agents. California residents can designate an “authorized agent” to submit requests on their behalf. We will require the authorized agent to have a written authorization confirming their authority.
Disclosures for European Union Data Subjects. We process personal data for the purposes described in the section titled “How We Use Data” above. Our bases for processing your data include: (i) you have given consent to the process to us or our service providers for one or more specific purposes; (ii) processing is necessary for the performance of a contract with you; (iii) processing is necessary for compliance with a legal obligation; and/or (iv) processing is necessary for the purposes of the legitimate interests pursued by us or a third party, and your interests and fundamental rights and freedoms do not override those interests.
Your rights under the General Data Protection Regulations (“GDPR”) include the right to (i) request access and obtain a copy of your personal data, (ii) request rectification or erasure of your personal data, (iii) object to or restrict the processing of your personal data; and (iv) request portability of your personal data. Additionally, you may withdraw your consent to our collection at any time. Nevertheless, we cannot edit or delete information that is stored on a particular blockchain. Information such as your transaction data, blockchain wallet address, and assets held by your address that may be related to the data we collect is beyond our control. To exercise any of your rights under the GDPR, please contact us at team@zkp2p.xyz. We may require additional information from you to process your request. Please note that we may retain information as necessary to fulfill the purpose for which it was collected and may continue to do so even after a data subject request in accordance with our legitimate interests, including to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.
If you are located in the European Economic Area, your data may be processed in the United States or other jurisdictions where our service providers operate. We rely on appropriate safeguards, including standard contractual clauses where applicable, for such transfers. For data protection inquiries, contact us at team@zkp2p.xyz.
Changes to This Policy
If we make material changes to this Policy, we will notify you via the Services. Nevertheless, your continued use of the Services reflects your periodic review of this Policy and other Company terms, and indicates your consent to them.
Contact Us
If you have any questions about this Policy or how we collect, use, or share your information, please contact us at team@zkp2p.xyz.