Privacy Policy

We collect different types of information depending on how you interact with the Service.

Wallet addresses. When you sign in with a crypto wallet using Sign-In with Ethereum (SIWE), we store the public address you authenticated with. We never see or receive your private keys, seed phrase, or wallet passwords.

Telegram identifiers. If you choose to sign in through Telegram, we store the numeric user ID and public username that Telegram's authentication flow provides. We do not receive your phone number, your chat history, or your contacts.

Profile information. You may optionally set a display name and upload a profile image. Both are stored on our servers so we can render your donation pages and account screen.

Donation link configuration. For every donation link you create, we store the label you chose, the networks and tokens you accept, and the minimum amount you configured.

On-chain donation records. We index public blockchain events that settle to addresses bound to your account so we can show aggregated donation totals and a list of recent transactions. All of this data is already public on the relevant blockchain.

Technical data. When you load the Service, our infrastructure providers receive standard HTTP metadata such as your IP address, user agent, and referrer. We use this data transiently for abuse prevention, rate limiting, and error diagnosis.

Cookies and local storage. We use a small number of first-party cookies and browser storage entries listed in Section 6.

We deliberately avoid collecting anything that is not strictly necessary:

• We do not run Know-Your-Customer (KYC) checks and do not ask you for government identification, physical address, or date of birth.
• We do not use third-party behavioural analytics, ad-network trackers, or session-replay tools.
• We do not build advertising profiles, sell data, or share data with data brokers.
• We do not access device sensors, contacts, or any information outside the browser tab you give us.

We use the information described above to:

• Operate the Service, including authenticating you, rendering donation pages, and calculating aggregate totals.
• Keep the Service secure and reliable — for example, rate-limiting abusive traffic and debugging errors.
• Communicate with you about your account, security incidents, and material changes to these terms.
• Comply with binding legal obligations (see Section 5).

We rely on a short list of third parties to deliver the Service. Their own privacy notices apply whenever you interact with them.

• Public blockchains (Ethereum mainnet, Arbitrum, Base, Optimism, Polygon) and their RPC providers. All activity on these networks is public by design.
• WalletConnect and supported wallet providers, for sign-in and transaction signing.
• Telegram, for the optional Telegram login flow and for bot-based notifications.
• Infrastructure providers such as our hosting platform (Railway), our Postgres database, and the email provider we use to respond to support requests.

We do not share personal data with any third party for advertising or marketing purposes.

Outside of the service providers listed in Section 4, we will only disclose user information when we receive a valid legal request (for example a subpoena or court order) from a jurisdiction whose authority we are required to recognise, or when disclosure is necessary to prevent imminent harm, fraud, or a violation of applicable law. Where legally possible, we will notify the affected user before complying.

We use only first-party cookies and local-storage entries. We do not use advertising cookies or third-party analytics cookies.

• Session cookie — keeps you signed in between page loads. Expires when your session does.
• CSRF token — blocks cross-site request forgery on authentication routes.
• Theme and language — remember your light/dark preference and interface language.
• Wallet connector state (local storage) — remembers which wallet you connected with so reconnects are instant.

We keep account data for as long as your account exists. You can delete your account at any time from the Settings page. After deletion, we remove your profile fields, donation link configuration, and associated records from our active databases within 30 days and from backups within 90 days.

On-chain transactions are recorded by blockchain networks and cannot be deleted from those networks by anyone — including us.

Depending on your jurisdiction, you may have the right to access, correct, export, restrict, or delete your personal data, object to processing, or withdraw consent. You can exercise most of these rights directly in the Settings page. For anything else, contact us through the Support page and we will respond within 30 days.

You may also lodge a complaint with a data-protection authority in your country of residence.

The Service is delivered from infrastructure located outside your country of residence. Where data is transferred across borders, we rely on standard contractual clauses or equivalent safeguards permitted under applicable law.

The Service is not directed at, and we do not knowingly collect information from, children below the age of digital consent in their jurisdiction (commonly 13 to 16). If you believe a minor has provided us with personal data, contact us and we will delete it.

We take reasonable and appropriate measures to protect the information we store, including transport encryption (HTTPS/TLS), encrypted-at-rest storage, least-privilege access, and routine security reviews. No system is perfect — we encourage you to use a hardware wallet, unique passwords for any linked services, and to never share your seed phrase with anyone.

We may update this Privacy Policy from time to time. Material changes will be announced in the Service or on this page with a revised "Last updated" date. Continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

If you have questions about this Policy or our handling of your data, see the Support page for contact details.