Data boundary
by design.
P402 meters economics, not content. Prompt and response storage are off by default. Every privacy mode, subprocessor, contract, custody role, and security check is documented here. No sales call required.
Data boundary by design
P402 separates economic metadata from content. Prompt and response storage are off by default. You choose retention, redaction, privacy mode, and deployment model. The five modes below describe exactly what each tier persists and what it does not.
Metadata-onlyDefault+
- ▸request_id
- ▸tenant_id
- ▸api_key_id
- ▸department_id
- ▸employee_id
- ▸customer_id
- ▸feature_id
- ▸workflow_id
- ▸task_type
- ▸action_type
- ▸model
- ▸provider
- ▸input_tokens
- ▸output_tokens
- ▸cost_usd
- ▸latency_ms
- ▸cache_hit
- ▸budget_id
- ▸policy_id
- ▸governance_decision
- ▸deny_code
- ▸output_status
- ▸quality_score
- ▸evidence_status
- ✕prompt text
- ✕response text
- ✕files
- ✕documents
- ✕chat history
- ✕PHI
- ✕PII
- ✕secrets
- ✕source code
- ✓Meter
- ✓Monitor
- ✓Control
- ✓budget enforcement
- ✓department/employee/feature/customer margin
- ✓forecasting
- ✓basic optimization
- ✓evidence exports
- ·Semantic cache is off in P402 cloud for Metadata-only
- ·Limited prompt-level optimization
- ·Limited context-bloat analysis
- ·Limited duplicate-work detection
Fingerprint-only+
- ▸metadata above, plus:
- ▸HMAC prompt fingerprint (tenant-secret HMAC, not plain SHA-256)
- ▸HMAC response fingerprint
- ▸token shape
- ▸optional prompt length bands
- ▸optional document hash
- ✕raw prompt or response content
- ✕embeddings (treated as sensitive — opt-in only)
- ✓Duplicate request detection
- ✓Retry loop detection
- ✓Repeated task detection
- ✓Cache opportunity estimates
- ✓Same-input cost analysis
- ·Semantic cache is off in P402 cloud for Fingerprint-only
- ·No prompt-level rewrite suggestions
- ·No semantic similarity grouping unless embeddings explicitly enabled
Redacted trace+
- ▸redacted prompt sample
- ▸redacted response sample
- ▸trace summary
- ▸tool-call summary
- ▸retrieval summary
- ▸policy summary
- ✕unredacted PII, PHI, secrets, API keys, emails, phone numbers, addresses, or custom-regex-matched content (redacted client-side before send)
- ✓Context waste detection
- ✓Prompt compression recommendations
- ✓Retry-loop diagnosis
- ✓Tool-call waste analysis
- ✓Quality review
- ✓Better model selection by action
- ·Redaction is your responsibility before send
- ·Opt-in per tenant/project/key/workflow
- ·Semantic cache is off unless the tenant explicitly opts in
Private Gateway+
- ▸economic events
- ▸recommendation summaries
- ▸savings proofs
- ▸policy results
- ▸evidence hashes
- ▸aggregate analytics
- ✕raw prompts (planned to stay in customer VPC)
- ✕raw responses (planned to stay in customer VPC)
- ✕embeddings unless explicitly exported
- ✓Customer-controlled routing path
- ✓Deeper optimization scope
- ✓Tenant-scoped trace inspection
- ✓Tenant-scoped redaction
- ✓Tenant-scoped policy enforcement
- ✓Enterprise evidence export
- ·Enterprise deployment path; availability subject to agreement and deployment scope
- ·Operational responsibilities defined per engagement
- ·No P402-cloud semantic cache for Private Gateway
Full trace, opt-in+
- ▸prompt
- ▸response
- ▸tool calls
- ▸trace
- ▸retrieval context
- ▸output status
- ▸quality score
- ✕data the customer does not send
- ✓Deepest optimization
- ✓Full trace replay
- ✓Per-request quality review
- ·Never the default; must be explicitly enabled
- ·Short retention required
- ·Semantic cache is off unless the tenant explicitly opts in
- ·Project-level enablement (planned for enterprise deployment)
- ·Role-gated access (planned for enterprise deployment)
- ·Audit log of access (planned for enterprise deployment)
- ·Delete/export controls (planned for enterprise deployment, subject to agreement)
Privacy mode is recorded on every economic event and shown on every evidence bundle as privacy_mode, alongside prompt_stored and response_stored booleans. You can verify which mode applied to any specific call.
Semantic cache is off unless the tenant opts in and the active privacy mode is Redacted-trace or Full-trace. It is off in P402 cloud for Metadata-only, Fingerprint-only, and Private Gateway, and off when the tenant has not enabled it. Missing tenant configuration and configuration lookup errors fail closed.
Who else touches your data
These are the third parties P402 may share data with, what each is used for, and which privacy modes route data to them. We notify customers of material changes to this list.
Retention, encryption, audit status
- Economic metadata: 30 days default, configurable per tenant.
- Trace / prompt logs (when opt-in is active): 30 days default, configurable down to 7.
- Evidence bundles and transaction receipts: retained per tenant policy, configurable, and documented during onboarding.
- Tenant-level data deletion: available on request. SLA documented during onboarding.
- In transit: TLS 1.2+ on all endpoints; HSTS enforced on p402.io.
- At rest: AES-256 via managed Postgres (Neon) storage encryption.
- API keys: SHA-256 stored; raw key returned exactly once.
- Wallet signatures: EIP-712 typed data; no private key custody by P402.
- Smart contract audit: P402Settlement, SubscriptionFacilitator — third-party audit not yet engaged. Source verifiable on Basescan. Status will be published here when audit is commissioned.
- SOC 2: not yet completed. Enterprise compliance roadmap available during procurement review.
- HIPAA / BAA: BAA path planned for enterprise deployment. Not available on hosted routing today. Public demos use synthetic data only.
- Security disclosure: security@p402.io. Acknowledgement timing documented during onboarding.
This section is intentionally honest. P402 is pre-SOC-2 and pre-third-party-audit. Buyers requiring those before deployment can engage on the Private Gateway path (enterprise deployment, subject to agreement) to scope data exposure to aggregates while those certifications are pursued.
Deployed contracts
All contracts are deployed on Base Mainnet (Chain ID: 8453). Verify independently on Basescan.
ERC-20 asset used for all settlements. Circle-issued. Audited.
Receives USDC from settled payments. Platform fee destination.
Marketplace settlement contract. Applies 1% platform fee on settlement.
Handles recurring subscription billing via EIP-2612 permit. Month 1 sets allowance; months 2+ draw without new signatures.
On-chain agent identity registration and DID resolution.
On-chain agent reputation scoring. Read by routing engine for trust-weighted decisions.
{
name: 'USD Coin',
version: '2',
chainId: 8453,
verifyingContract: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913'
}Used to produce the EIP-712 domain separator for TransferWithAuthorization signatures. Verify against the USDC contract on Basescan.
Who controls what
P402 never holds user funds. The facilitator executes signed authorizations — it does not custody assets.
Signs EIP-3009 authorization. Controls validAfter, validBefore, nonce, and value. User never submits a transaction — the facilitator does.
User sets authorization bounds. Once signed, the facilitator can execute within those bounds before validBefore.
Hot wallet that executes transferWithAuthorization on USDC. Pays gas on behalf of the user. Does not hold user funds.
If compromised, could execute valid but not-yet-settled authorizations. Mitigated by short validBefore windows and replay protection.
Receives settled USDC. Read-only from protocol perspective — only receives, does not send.
Separate from facilitator wallet. Compromise of facilitator does not affect treasury funds.
Defines paymentRequirements (amount, payTo, asset, resource URL). Calls verify then settle via P402 facilitator API.
Must validate verify response before serving content. Failure to check valid: true results in serving without confirmed payment.
Checks before settlement
Every settlement attempt passes all six checks. Any failure returns an ApiError with a code and requestId — no partial state.
Every EIP-3009 nonce is recorded in PostgreSQL and Redis before settlement executes. Reuse of any nonce returns REPLAY_DETECTED immediately — no second settlement occurs.
validBefore must be in the future at settlement time. Expired authorizations are rejected server-side before any chain interaction.
The value field in the authorization must equal maxAmountRequired from the payment requirements. Mismatches are rejected.
Settlements are rejected if Base network gas exceeds a configured limit (default 50 gwei). This prevents facilitator drain during fee spikes.
$0.01 USDC minimum per settlement. Sub-floor amounts are rejected before any signing occurs.
Billing webhooks use await req.text() before JSON parsing to preserve the raw body required for Stripe signature verification. Signatures are validated via stripe.webhooks.constructEvent before any state changes.
What happens on each call
EIP-3009 TransferWithAuthorization. Gas-free for the user.
Checks amount, sig, nonce, expiry, gas price. Returns valid: true or error code.
Facilitator calls transferWithAuthorization on USDC. Nonce recorded.
Base Mainnet confirms. Tx hash returned with payer metadata.
Receipt ID tied to settled tx. Reusable for repeat access.
Evidence bundles
Every transaction produces a structured evidence bundle. Export it from the dashboard or via API for risk review, compliance, or dispute resolution.
requestId — unique per callpayer address + payTo addressasset contract + amount + chainIdtxHash — on-chain referencereceiptId, mandateId, policyIddeny code (if rejected)timestamps (initiated, settled, expired)trace events summaryaudit findings summaryGET /api/v1/analytics/evidence-bundle
Authorization: Bearer $P402_API_KEY
# Query by request ID:
?requestId=req_01HX...
# Or by date range:
?from=2025-01-01&to=2025-01-31
# Response:
{
"requestId": "req_01HX...",
"payer": "0x...",
"txHash": "0xabc...",
"receiptId": "rcpt_...",
"denyCode": null,
"timestamps": { ... },
"auditFindings": [ ... ]
}Also available from the Transactions page and Audit page in the dashboard. Bulk export supported via date range.
Common questions
Does P402 see our prompts?+
Not by default. The default privacy mode is Metadata-only: P402 receives token counts, costs, owner attribution, model, latency, and policy results, and does not store prompt or response content. Prompt content reaches P402 cloud only if you explicitly enable Redacted-trace or Full-trace mode. Private Gateway is the enterprise deployment path for customer-controlled routing, where prompt content stays within the customer-controlled boundary defined by the engagement; availability is subject to enterprise agreement and deployment scope.
Does the Sentinel (Gemini) inspect every prompt?+
No. The Sentinel runs cost-anomaly detection on aggregate spend metadata (cost_usd, timestamps, model, tenant) — not on prompt content. Prompt-level jailbreak inspection is an opt-in capability available only when you select a privacy mode that sends content. In Metadata-only mode, no prompt or response content is sent to Google.
What does each evidence bundle record about privacy?+
Every evidence bundle records privacy_mode (the mode that applied to this call), prompt_stored (boolean), and response_stored (boolean). You can audit any specific request to verify which mode was active and whether any content was retained.
How long is data retained?+
Economic metadata: 30 days default, configurable per tenant. Trace/prompt logs (only when opt-in modes are active): 30 days default, configurable down to 7. Evidence bundles and transaction receipts are retained per tenant policy, configurable, and documented during onboarding. Tenant-level data deletion is available on request. SLA documented during onboarding.
Is the settlement contract third-party audited?+
Not yet. P402Settlement and SubscriptionFacilitator source is verifiable on Basescan. A third-party audit has not yet been engaged; status will be published on this page when commissioned. Customers requiring a completed audit before deployment can engage on the Private Gateway path (enterprise deployment, subject to agreement) or wait for audit completion.
Is there a BAA / HIPAA path?+
BAA path planned for enterprise deployment. Not available on hosted routing today. Public demos use synthetic data only.
Does P402 hold user funds at any point?+
No. The facilitator wallet executes transferWithAuthorization on the USDC contract. Funds move directly from the user's wallet to the treasury or resource server. The facilitator is never in the custody chain.
What happens if a settlement fails mid-flight?+
All billing events use INSERT ... ON CONFLICT to prevent duplicate charges. If the chain call fails after nonce recording, the nonce is consumed — the user must re-sign with a fresh nonce. No double charge can occur.
How are API keys stored?+
Raw API keys (p402_live_...) are returned exactly once at creation. Only the SHA-256 hash is stored. P402 cannot recover a lost key — the user must generate a new one.
Can we verify the contracts ourselves?+
Yes. All contract addresses are listed above with direct Basescan links. Source code is verifiable on-chain. Chain ID 8453 (Base Mainnet).
What is the platform fee?+
1% of each settled payment, taken at settlement time by the P402Settlement contract. See /pricing for plan-level fees and limits.
Where do I report a security issue?+
Email security@p402.io. Include reproduction steps, affected endpoint, and requestId if available. Acknowledgement timing documented during onboarding.