LemonCake Dify Plugin — Privacy Policy

The plugin is a thin HTTP client that calls the LemonCake API (https://api.lemoncake.xyz by default) using the Buyer JWT that the plugin user supplies during setup. It exposes four tools: issue_pay_token, check_balance, revoke_token, and list_charges.

The plugin itself does not maintain a database, does not write to disk, and does not call any third-party service other than the LemonCake API endpoint configured in its credentials.

The plugin does not read Dify conversation content, user messages, file uploads, or any other tool outputs. It only sends the exact parameters enumerated above.

• Pay Token metadata (id, expiry, limit, status)
• Buyer profile summary (id, balance, KYA tier, daily limit)
• Charge records (serviceId, amountUsdc, timestamp, sandbox flag)

• Buyer JWT— stored in Dify’s encrypted credential store (owned by the Dify instance operator). The plugin never writes it anywhere else.
• Charges, tokens, audit logs — stored by LemonCake in a managed Postgres database (ap-northeast-1 by default). Retention: 2 years for audit logs, 7 years for charge records (Japanese electronic bookkeeping law), or until the buyer account is closed.
• Request logs at api.lemoncake.xyz — 30-day rolling retention. Contains path, status, buyer ID; does not contain Pay Token secrets or Dify conversation content.

• Railway — infrastructure host for the LemonCake API.
• Polygon network — settlement layer for USDC/JPYC transfers. On-chain data is public by design.
• freee / QuickBooks / Xero / Zoho / Sage / NetSuite— only called if the buyer has explicitly connected their own accounting account via LemonCake’s OAuth flow. Never called from this plugin directly.

The plugin does not send data to any analytics, advertising, or tracking third party.

• Request a copy of all tokens and charges tied to a Buyer ID.
• Revoke any or all Pay Tokens immediately via revoke_token or the dashboard.
• Delete a Buyer account, which permanently removes tokens, charges, and audit logs after a 30-day grace window.

All requests: contact@aievid.com.

• TLS 1.2+ enforced for every request.
• Buyer JWTs are HMAC-SHA256 (HS256) signed on LemonCake’s side; migration to Ed25519 asymmetric keys is planned for v0.1.0.
• The upstream LemonCake API enforces rate limits, idempotency keys, and atomic revoke for race-safe kill-switch operation.
• Source code of the plugin is public under /integrations/dify/lemoncake for independent review.

Material changes are published at this URL and surfaced in the plugin’s README. The Last updated date at the top is authoritative.

• Email: contact@aievid.com
• Issues: github.com/evidai/lemon-cake/issues