1. Overview
0xRadar ("we", "us", or "our") operates the website 0xradar.app, the Chrome browser extension ("Extension"), and the API service available at api.0xradar.app. This Privacy Policy explains what data we collect, why we collect it, and how we handle it.
By using 0xRadar, you agree to the practices described in this policy. If you disagree with any part, please discontinue use of our services.
2. What We Do NOT Collect
We want to be explicit about what we never ask for and never have access to:
- Seed phrases / mnemonic words — never requested, never stored, never transmitted.
- Private keys — the Extension reads only public wallet addresses.
- Keystore files — never imported or uploaded.
- Exchange account credentials — we do not connect to centralized exchanges.
- Government-issued IDs — we do not require KYC for using the product.
3. Data We Collect
3.1 Data You Provide
- Wallet addresses — public blockchain addresses you add to track. These are public information on their respective blockchains.
- Telegram chat ID — if you enable alert notifications via our Telegram bot, we store your Telegram chat ID to deliver messages.
- Email address — only if you provide it for account recovery or transactional notifications (optional).
- API key — a programmatically generated key (
ck_...orrk_...) for authenticating API requests.
3.2 Data Collected Automatically
- Blockchain data — token balances, DeFi positions, health factors, and token metadata fetched from public RPC nodes (Alchemy, QuickNode, Helius, and public endpoints). This is public blockchain data.
- Usage analytics — anonymous, aggregated usage statistics via Plausible (self-hosted). We do not use Google Analytics or any third-party tracking cookies. No personally identifiable information is collected by our analytics.
- Error reports — automated error telemetry via Sentry, limited to technical stack traces and error context. No wallet addresses or personal data are included in error reports.
- Server logs — standard HTTP access logs (IP address, request path, response code, timestamp) retained for 30 days for security and debugging purposes.
3.3 Payment Data
0xRadar accepts cryptocurrency payments exclusively (BTC, ETH, SOL, BNB, KAS). We process payments through NOWPayments as our payment processor.
- On-chain transaction data — transaction hashes, sender addresses, and amounts are recorded to confirm payments and activate subscriptions. This data is already public on the respective blockchains.
- Payment quotes — exchange rate locks, deposit addresses, and payment status are stored temporarily (30 days) for reconciliation.
- We do not collect credit card numbers, bank account details, or any traditional financial information.
4. How We Use Data
We use collected data exclusively to:
- Provide and improve the 0xRadar service (portfolio tracking, alerts, risk scoring, sweep calculations).
- Deliver Telegram notifications and transactional emails you have opted into.
- Process and verify cryptocurrency payments.
- Authenticate API requests and enforce rate limits.
- Maintain service security, prevent abuse, and debug issues.
- Comply with legal obligations.
We never sell, rent, or share your personal data with third parties for marketing purposes.
5. Data Storage & Security
- Database — user data is stored in PostgreSQL hosted on Supabase (EU region), encrypted at rest and in transit.
- API keys — stored as SHA-256 hashes with per-user salts. The original key is shown only once at creation.
- Encryption — all communications use HTTPS (TLS 1.3) via Caddy reverse proxy with automatic Let's Encrypt certificates.
- Infrastructure — backend servers are hosted on Hetzner (Frankfurt, EU) with UFW firewall and fail2ban intrusion detection.
- Access control — production database access is restricted to the minimum necessary personnel via SSH key authentication.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data (email, API key hash) | Until account deletion |
| Wallet addresses | Until you remove them or delete account |
| Cached blockchain data | 5 minutes to 6 hours (TTL-based) |
| Payment records | 7 years (financial record-keeping) |
| Server access logs | 30 days |
| Sentry error events | 90 days |
7. Third-Party Services
0xRadar integrates with the following third-party services. Each has their own privacy policy:
- Alchemy — blockchain RPC provider. Privacy Policy
- NOWPayments — cryptocurrency payment processing. Privacy Policy
- RapidAPI — API distribution marketplace (B2B only). Privacy Policy
- Telegram (Bot API) — alert delivery. Privacy Policy
- Supabase — database hosting. Privacy Policy
- Sentry — error tracking. Privacy Policy
- CoinGecko — cryptocurrency price data. Privacy Policy
- GoPlus Security — token risk data fallback. Privacy Policy
8. Your Rights
You have the following rights regarding your data:
- Access — request a copy of all data we hold about you.
- Correction — request correction of inaccurate data.
- Deletion — request deletion of your account and associated data. Wallet addresses, API keys, cached data, and alert history will be permanently removed within 30 days. Payment records are retained for 7 years per financial regulations.
- Data portability — export your data in a machine-readable format.
- Objection — opt out of non-essential data processing.
To exercise any of these rights, contact us at privacy@0xradar.app. We will respond within 30 days.
9. Cookies
The 0xRadar website uses minimal cookies:
- Essential cookies — session authentication (if applicable). No third-party tracking cookies.
- Plausible analytics — privacy-first, cookie-less analytics. Plausible does not use cookies and complies with GDPR without a consent banner. See Plausible's privacy approach.
The Chrome Extension uses chrome.storage.sync and IndexedDB for local settings and cache. This data never leaves your browser unless you explicitly sync it.
10. International Data Transfers
0xRadar's primary infrastructure is located in the European Union (Hetzner Frankfurt, Supabase EU region). Some third-party services (Alchemy, Sentry) may process data in the United States. We rely on Standard Contractual Clauses and the EU-U.S. Data Privacy Framework where applicable.
11. Children's Privacy
0xRadar is not intended for use by individuals under the age of 18. We do not knowingly collect data from minors. If we learn that a user under 18 has provided personal information, we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy periodically. Significant changes will be communicated via:
- A notice on the 0xRadar website.
- An email notification (if you have provided your email).
- An updated "Last updated" date at the top of this page.
Continued use of 0xRadar after changes constitutes acceptance of the updated policy.
13. Contact
For privacy-related questions, data requests, or concerns:
- Email: privacy@0xradar.app
- Twitter: @0xradarapp
- GitHub: github.com/0xradarapp