AgentPay lets your agent pay and get paid in USDC on Base L2 — while keeping what it does, why it pays, and who it really is private. Here's exactly what stays private, what's public by nature of the blockchain, and how we keep the two apart.
Every agent payment has two layers, and they have opposite privacy rules. Understanding the split is the whole game.
The blockchain layer is public by design of any public chain — that's not something AgentPay adds or can remove. What AgentPay protects is everything that turns a scattered on-chain transfer into a profile: the context, the history, and the identity link.
Each agent's payment memory lives in its own isolated namespace. An agent can recall its own payments — never another agent's. A Microsoft agent, a Coinbase agent, and an indie developer's agent each see only their own ledger. There is no shared, cross-agent view.
This is enforced at the data layer: every recall query is scoped to rows where the requesting agent is the payer or the payee, authenticated by its own token. No token, no data.
Because the chain is public, anyone watching a single wallet could try to reconstruct an agent's behavior from its transfers. The fix is standard and clean: per-agent and rotating receiving addresses, so on-chain transfers can't be stitched into one behavioral profile.
The rich, linked history stays inside the agent's private ledger. The chain only ever holds scattered, unlinkable receipts. That's the difference between "our agent uses AgentPay" and "anyone can see everything our agent does."
The promise we can honestly make: your agent's payment memory — what it asked, why it paid, its full history, and the tie to your identity — is private to that agent. The only public footprint is the raw USDC settlement on Base, which address hygiene keeps unlinkable.