Privacy Policy

Last updated: 2026-03-26

1. Data We Collect

When you use this relay, we collect and store the following:

Nostr events: Public key, event content, tags, timestamps, and cryptographic signatures. These are public by design in the Nostr protocol.
Account information: If you create an account, we store your API key, an auto-generated Nostr keypair, and your account balance.
Payment records: Payment hashes and timestamps for replay protection and transaction records.
IP addresses: We may log IP addresses for the purposes of spam prevention and abuse mitigation.

2. How We Use Your Data

Nostr events are stored and relayed to subscribers as part of normal relay operation.
Payment records are used for transaction verification and replay protection.
IP address data is used solely for rate limiting, spam prevention, and abuse mitigation.

3. Third Parties

Payment processing is handled through external payment infrastructure (Lightning Network, Tempo blockchain, Stripe, or other providers). Invoice and transaction data is shared with the relevant payment provider as necessary to process transactions. We do not sell or share your data with any other third parties.

4. Data Retention

Nostr events are stored for as long as the relay operates or until removed at our discretion. Payment records are retained for as long as needed for operational purposes. IP address logs are retained as needed for spam and abuse prevention.

5. Nostr Protocol and Public Data

The Nostr protocol is designed around public key cryptography. Events published to this relay are public by nature and may be copied, cached, or re-distributed by any connected client or relay. We cannot control the spread of data once it has been relayed. Do not publish information through Nostr that you wish to keep private.

6. Security

All incoming events are verified using BIP-340 Schnorr signature verification. Payments are secured via HMAC-SHA256 challenge binding. We take reasonable measures to protect stored data, but no system is perfectly secure.

7. Your Rights

You may request deletion of your account and associated data by contacting the relay operator. Note that Nostr events that have already been relayed to other clients or relays cannot be recalled.

8. Changes

We may update this privacy policy at any time. Continued use of the relay after changes constitutes acceptance of the updated policy.

9. Contact

For privacy-related questions, contact us at botlab.dev/contact.