Zateway
TermsPrivacy

Risk Disclosure

Last updated: April 23, 2026 · Effective immediately

⚠️ Important: Cryptocurrency payments involve inherent risks that differ significantly from traditional payment methods. By using Zateway, you acknowledge and accept the risks described in this document. This disclosure does not constitute financial, legal, or investment advice. Consult qualified professionals for advice specific to your situation.

1. Blockchain Transaction Risks

1.1 Irreversibility: All payments processed through Zateway occur on public blockchain networks. Once a transaction is confirmed on-chain, it is permanent and irreversible. Neither Zateway, nor any blockchain validator, nor any third party can reverse, cancel, or modify a confirmed transaction. This is a fundamental characteristic of blockchain technology, not a limitation of Zateway.

1.2 Confirmation Delays: Payments are not instantaneous. After a customer sends a transaction, it must be included in a block and receive a sufficient number of subsequent block confirmations before Zateway marks the payment as confirmed. Typical confirmation times vary by network:
  • Solana: 1–2 seconds (finalized commitment)
  • Arbitrum: ~4 seconds (16 confirmations)
  • BNB Chain: ~45 seconds (15 confirmations)
  • Optimism: ~32 seconds (16 confirmations)
  • Base: ~1 minute (32 confirmations)
  • Polygon: ~2 minutes (64 confirmations)
During periods of network congestion, these times may increase significantly. Zateway does not control blockchain network performance.

1.3 Network Outages: Blockchain networks may experience temporary outages, degraded performance, or consensus failures. During such events, payment detection and confirmation may be delayed. Zateway monitors network health and implements automatic failover mechanisms, but cannot guarantee uninterrupted service when underlying blockchain infrastructure is impaired.

1.4 Chain Reorganizations:In rare cases, a blockchain may undergo a reorganization ("reorg") where previously confirmed blocks are replaced by an alternative chain. While Zateway uses conservative confirmation depths to minimize this risk, it cannot be entirely eliminated. High-value merchants should be aware that no confirmation count provides absolute mathematical certainty of finality on proof-of-stake networks.

2. Wrong Address Risk

Critical: Sending cryptocurrency to the wrong address results in permanent, unrecoverable loss of funds. There is no mechanism — technical, legal, or otherwise — to recover tokens sent to an incorrect address.
  • Merchants: You are solely responsible for providing correct wallet addresses in your Zateway account. Verify every character of your wallet address before saving it. Use the same wallet address format as the selected blockchain (EVM: 0x..., Solana: Base58).
  • Customers: Before sending payment, verify the recipient address displayed on the checkout page matches the merchant's published address. Zateway displays the full address and provides QR codes to minimize manual entry errors.
  • Cross-Chain Errors: Sending tokens on the wrong blockchain network (e.g., sending Polygon USDT to a BSC address) may result in permanent loss. Ensure you are connected to the correct network before confirming a transaction.

3. Stablecoin Risks

  • De-peg Risk: USDT (Tether) and USDC (USD Coin) are designed to maintain a 1:1 peg to the US Dollar. However, this peg is not guaranteed. Stablecoins have historically experienced temporary deviations from their peg due to market conditions, issuer solvency concerns, or regulatory actions. Zateway does not guarantee the value of any stablecoin.
  • Issuer Risk: Stablecoins are issued and backed by third-party companies (Tether Limited for USDT, Circle for USDC). These issuers may face regulatory action, insolvency, or operational failures that could affect the value or transferability of their tokens. Zateway has no control over or affiliation with these issuers.
  • Blacklisting: Both USDT and USDC smart contracts include administrative functions that allow the issuer to freeze or blacklist specific wallet addresses. If your wallet is blacklisted by a token issuer, you may be unable to send, receive, or transfer those tokens. Zateway cannot override token-level blacklists.
  • FX Rate Volatility: When creating payments denominated in fiat currencies (USD, EUR, GBP, INR), Zateway converts the amount to stablecoin equivalent at the current exchange rate. This rate is locked for the duration of the payment session (15 minutes). If a stablecoin de-pegs during this window, the merchant may receive more or less fiat-equivalent value than expected.

4. Payment Mode Risks

Zateway supports two payment modes, each with different security characteristics:

4.1 Router Mode (Recommended):
  • Payments are routed through the ZatewayRouter smart contract, which cryptographically binds each payment to a specific session.
  • The fee split (99% merchant / 1% treasury) is enforced atomically on-chain.
  • This mode provides the strongest security guarantees, including on-chain fee verification and reorg protection.
4.2 Direct Transfer Mode (Advanced):
  • Customers send tokens directly to the merchant's wallet, bypassing the router contract.
  • Payment matching relies on amount-matching heuristics, which carry a higher risk of misattribution.
  • Platform fees are calculated off-chain and tracked for billing purposes but are not enforced on-chain.
  • Risk: Without cryptographic session binding, there is a small probability of payment collision — where an unrelated transfer of the same amount could be incorrectly matched to a session. Use the senderAddress parameter to mitigate this risk.

5. Smart Contract Risks

  • The ZatewayRouter smart contract has been designed and tested but has not been formally audited by a third-party security firm. While we employ industry best practices (immutable fee rates, reentrancy guards, input validation), no smart contract can be guaranteed to be free of vulnerabilities.
  • Zateway interacts with third-party token contracts (USDT, USDC) that are outside our control. Bugs or changes in these contracts could affect payment processing.
  • Users interact with the ZatewayRouter contract at their own risk. In the event of a smart contract vulnerability, Zateway's liability is limited as described in our Terms of Service.

6. Webhook & Notification Risks

  • Best-Effort Delivery: Webhook notifications are delivered on a best-effort basis. If your endpoint is unreachable, returns a non-2xx response, or times out (10-second limit), Zateway retries up to 5 times with exponential backoff over approximately 1 hour.
  • Delivery Failures: After 5 failed attempts, the webhook enters a 1-hour cooldown period. During this time, new events are queued but not delivered. Webhooks are not permanently disabled — delivery resumes automatically after cooldown.
  • No Guaranteed Delivery: While Zateway implements an outbox pattern and persistent queues to maximize reliability, webhook delivery is inherently subject to network failures, DNS issues, and endpoint availability. Merchants should implement polling (GET /api/v1/payments) as a secondary verification mechanism.
  • Duplicate Deliveries: Webhooks may be delivered more than once. Your webhook handler must be idempotent — processing the same event multiple times must produce the same result.

7. Regulatory & Compliance Risks

  • Evolving Regulation: Cryptocurrency regulation varies by jurisdiction and is rapidly evolving. It is your responsibility to ensure your use of Zateway complies with all applicable laws in your jurisdiction, including anti-money laundering (AML), know-your-customer (KYC), tax reporting, and consumer protection laws.
  • Restricted Regions: Zateway is not available in Cuba, Iran, North Korea, Syria, Russia, and the Crimea, Donetsk, and Luhansk regions of Ukraine, or any other jurisdiction subject to comprehensive sanctions. Access from these regions is blocked via IP geolocation.
  • Tax Liability: You are solely responsible for determining and fulfilling any tax obligations arising from cryptocurrency payments received through Zateway. We recommend consulting a tax professional familiar with cryptocurrency regulations in your jurisdiction.
  • License Requirements: In some jurisdictions, accepting cryptocurrency payments may require specific licenses or registrations. Zateway provides technology infrastructure only and does not provide legal advice on licensing requirements.

8. Operational Risks

  • Session Expiry: Payment sessions expire after 15 minutes. If a customer fails to complete payment within this window, the session is marked as expired. Late payments (received after expiry) are detected and matched when possible, but this process is not guaranteed.
  • API Key Security: Compromised API keys can be used to create unauthorized payment sessions. You are responsible for securing your API keys and rotating them immediately if a breach is suspected.
  • Third-Party Dependencies: Zateway relies on third-party infrastructure including RPC node providers (Alchemy, Helius), database hosting (Neon.tech), caching (Upstash Redis), and email delivery (Resend). Outages or degraded performance from these providers may affect Zateway's service availability.
  • Service Availability: Zateway aims for maximum uptime but does not guarantee uninterrupted service. Scheduled and unscheduled maintenance may result in temporary service interruptions.

9. Limitation of Liability

Zateway is a non-custodial technology provider. We do not hold, control, or have access to your funds at any point during the payment process. TO THE MAXIMUM EXTENT PERMITTED BY LAW:
  • Zateway is not liable for any losses arising from the risks described in this document.
  • Zateway is not liable for losses caused by blockchain network behavior, smart contract vulnerabilities, stablecoin de-pegging, regulatory actions, or user error.
  • By using Zateway, you acknowledge that you have read, understood, and accepted all risks described herein.

10. Contact

For risk-related questions or to report a security concern: