Privacy Policy

Wallet addresses. When you authenticate via Sign-In with Ethereum (SIWE / EIP-4361), we store the public wallet address you used. We never receive or store your private keys, seed phrase, or wallet credentials.

Telegram identifiers. If you choose to sign in through Telegram, we store the numeric Telegram user ID and public username provided by Telegram's authentication flow. We do not receive your phone number, chat history, or contacts.

Profile information. You may optionally set a display name and upload an avatar image. Both are stored on our servers to render your donation page.

Donation link configuration. For each link you create, we store the label, accepted networks and tokens, and minimum donation amount you configured.

On-chain donation records. We index public blockchain events settling to addresses linked to your account to display aggregated totals and recent transaction history. All of this data is already public on the relevant blockchain. Specifically, we store: donor wallet address, recipient wallet address, amount, token, network, timestamp, transaction hash, and settlement status.

Technical and operational data. When you load the Service, our infrastructure providers receive standard HTTP metadata such as your IP address, user agent, and referrer. We use this transiently for abuse prevention, rate limiting, and error diagnosis. We also collect anonymised product analytics events (see Section 4).

• We do not conduct Know-Your-Customer (KYC) checks and do not ask for government identification, physical address, or date of birth.
• We do not build advertising profiles, sell personal data, or share data with data brokers.
• We do not store private keys, seed phrases, wallet passwords, or long-term wallet balance history. Balances are fetched live when needed to render the UI and are not cached.
• We do not access device sensors, contacts, or browser data outside the tab you are actively using.

We use the information described above to:

• Operate the Service — authenticate you, render donation pages, and calculate aggregated donation totals.
• Keep the Service secure and reliable — rate-limit abusive traffic, detect fraud, and debug errors.
• Understand product usage in aggregate — anonymised analytics events help us prioritise features and identify issues.
• Communicate with you — account-related notices, security alerts, and material changes to these policies.
• Comply with binding legal obligations — see Section 6.

We share data with the following providers only to the extent necessary to deliver the Service. Each operates under its own privacy policy.

• Reown (WalletConnect) — wallet connection relay; receives wallet addresses and connection sessions.
• LI.FI — cross-chain bridge aggregator; receives donor address, recipient address, token, amount, and chain.
• Ankr — blockchain balance queries; receives wallet address and chain identifiers (live query, not stored by us long-term).
• Alchemy — RPC / blockchain read provider; receives blockchain queries (read-only).
• PostHog — product analytics; receives anonymised event telemetry (view, click, donate_started) keyed to an internal user ID — no wallet address, no PII.
• Telegram Bot API — authentication and notifications; receives Telegram user ID and username.
• Cloudflare — CDN and DDoS protection; receives HTTP requests and IP addresses (used for security only).
• Railway / Neon — hosting and database; receive all data described in Section 1.
• Public blockchains — settlement layer; all on-chain transactions are permanently public by design.

We do not share personal data with any third party for advertising or marketing purposes.

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data on the following legal bases under GDPR Article 6:

• Contract performance (Art. 6(1)(b)) — processing your wallet address, Telegram ID, profile information, and donation link configuration is necessary to provide the Service you have requested.
• Legitimate interests (Art. 6(1)(f)) — we process technical and operational data (IP address, user agent, anonymised analytics) to keep the Service secure, prevent abuse, and improve the product. Our interest in operating a reliable service is not overridden by your interests where we process only minimal, anonymised data for these purposes.
• Legal obligation (Art. 6(1)(c)) — we may process and retain data to comply with applicable legal or regulatory requirements.

Outside of the service providers listed in Section 4, we will only disclose user information:

• In response to a valid legal request (subpoena, court order, or equivalent) from a jurisdiction whose authority we are required to recognise.
• Where disclosure is necessary to prevent imminent harm, fraud, or a serious violation of applicable law.
• In connection with a merger, acquisition, or sale of substantially all of our assets, in which case we will notify affected users in advance.

Where legally possible, we will notify the affected user before complying with a law enforcement request.

We use only first-party cookies and local-storage entries. We do not use advertising cookies or third-party tracking cookies.

• Session cookie — keeps you signed in. Expires at end of session.
• CSRF token — protects authentication routes. Expires at end of session.
• Theme / language — remembers your UI preferences. Persistent local storage.
• Wallet connector state — remembers your last connected wallet. Persistent local storage.

PostHog analytics is proxied through our domain. It does not set third-party cookies. Sessions are identified using an anonymous internal ID, not your wallet address or any other personally identifiable information.

We retain your data for as long as your account is active. You may delete your account at any time from the Settings page or via the API endpoint DELETE /api/me. After deletion:

• Profile data, donation link configuration, and session data are removed from active databases within 30 days.
• Backup copies are purged within 90 days.
• Indexed on-chain donation records stored in our database are deleted on the same schedule.

On-chain transactions are permanently recorded by blockchain networks and cannot be deleted from those networks by anyone, including us. Deleting your account removes our copy of that data but does not affect the public blockchain record.

Depending on your jurisdiction, you may have the right to access, correct, export, restrict, or delete your personal data, to object to processing, or to withdraw consent. You can exercise most of these rights directly in the Settings page. For anything else, see the Support page and we will respond within 30 days.

If you are in the EEA or UK, you may also lodge a complaint with your local data protection authority (for example your national DPA, or the ICO in the UK).

The Service is delivered from infrastructure located in the European Union and the United States depending on provider. Where personal data is transferred from the EEA or UK to a country not deemed adequate by the European Commission, we rely on EU Standard Contractual Clauses (SCCs) under GDPR Article 46(2)(c), or equivalent transfer mechanisms recognised under applicable law. A copy of the applicable safeguards is available on request.

The Service is not directed at children below the age of digital consent in their jurisdiction (commonly 13–16 years). If you believe a minor has provided us with personal data, contact us via the Support page and we will delete it promptly.

We take reasonable and appropriate technical and organisational measures to protect stored information, including transport encryption (HTTPS/TLS), encrypted-at-rest database storage, least-privilege access controls, and routine security reviews. No system can be guaranteed to be completely secure. We encourage you to use a hardware wallet, unique passwords for any linked accounts, and to never share your seed phrase with anyone.

We may update this Privacy Policy from time to time. Material changes will be announced in the Service or on this page with a revised "Last updated" date. Continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

Questions about this Policy or our handling of your data? See the Support page for contact details.