← walletscanner

Privacy Policy

Last updated: [DATE — set at launch]

DRAFT — NOT YET IN EFFECT. Prepared as a working draft; not yet reviewed by an attorney. Bracketed items are placeholders. The advertising section takes effect only when advertising is enabled.

1. The short version

walletscanner is designed to work without accounts and without knowing who you are. We don't ask for your name or email to use the site. Address lookups are processed to answer your query. When you submit a scam report, we store the report's content and a one-way hashed fingerprint used only to limit abuse — not your raw IP address. Our web server keeps standard, short-lived connection logs. If we later show ads, the advertising provider (Google AdSense) will use cookies, and this policy explains your choices.

2. What we collect and why

Address lookups. The wallet address you search is used to answer the query and may be cached with its result (the address and public chain data only) to speed up repeat lookups. Lookups are not linked to an identity.

Scam reports. If you submit a report, we store what you provide: the wallet address, scam category, optional description, optional website/app, and optional transaction hash. Do not include personal information about yourself or others in report text; we may redact personal data we notice. Published reports are public.

Abuse-prevention fingerprint. When you submit a report, we compute a one-way hash from your IP address, browser user-agent, and a salt that rotates daily. We store the hash, not the inputs. It is used solely to enforce rate limits (e.g., limiting reports per day) and cannot reasonably be reversed to identify you. Because the salt rotates daily, fingerprints are not linkable across days.

Server logs. Our hosting stack (Caddy web server) keeps standard access logs, which may include IP addresses, for security and debugging. Logs are retained for no more than [30] days and are not used for profiling.

Bot protection. Report submission is protected by Cloudflare Turnstile, which processes technical signals from your browser to distinguish humans from bots, subject to Cloudflare's privacy policy. We receive only a pass/fail token.

What we do NOT collect: names, emails, accounts, precise location, analytics profiles, or cross-site tracking by us. We set no cookies of our own.

3. Wallet addresses and personal data

A wallet address is pseudonymous, but in some circumstances it can be linked to an identifiable person and may then constitute personal data under laws such as the GDPR. We process wallet addresses in reports on the basis of legitimate interest — operating a fraud-awareness resource that helps the public avoid scams. If a published report identifiably relates to you and you believe it is inaccurate or unlawful, use the dispute function or contact us (Section 7); we review erasure and correction requests case by case, balancing them against the public-interest purpose of the service.

4. Advertising (effective only when ads are enabled)

We plan to fund the service with Google AdSense. When enabled: Google and its partners will use cookies and similar technologies to serve ads, including, where applicable, personalized ads based on prior visits to this and other sites. You can opt out of personalized advertising at Google Ads Settings, and learn how Google uses data at policies.google.com/technologies/partner-sites. Where required (e.g., EEA/UK), a consent banner will request your permission before advertising cookies are set, and non-personalized ads will be shown absent consent. We do not sell personal information; third-party ad cookies are described here and controllable via the links above and your browser settings.

5. Sharing

We do not sell or rent any data. We share data only: (a) as published on the site itself (public reports and lookup results); (b) with service providers that host and protect the site (e.g., our hosting provider, Cloudflare) under their own policies; (c) if required by law, subpoena, or to protect against fraud or abuse of the service; and (d) with the advertising partners described in Section 4, once ads are enabled.

6. Retention and security

Published reports are retained indefinitely as part of the public dataset unless removed through moderation or dispute. Abuse fingerprints age out of relevance daily by design. Cached lookup results expire within [24 hours to 30 days]. Server logs are retained no more than [30] days. Data is stored on servers in the United States with access limited to the operator; transmission is encrypted (HTTPS).

7. Your rights and contact

Depending on your jurisdiction (e.g., GDPR, UK GDPR, CCPA/CPRA), you may have rights to access, correct, delete, or object to processing of your personal data. Because we hold almost no identity-linked data, exercising these rights usually concerns report content. Contact: [CONTACT EMAIL]. Operator: TJS Solutions LLC, a Wyoming limited liability company. California residents: we do not "sell" or "share" personal information as defined by the CPRA. [ATTORNEY REVIEW: confirm CPRA characterization once AdSense is live — personalized advertising may constitute "sharing" requiring an opt-out link.]

8. Children

The service is not directed to children under 13 (or the higher age required in your jurisdiction), and we do not knowingly collect personal information from children.

9. Changes

We may update this policy; the date above reflects the current version. Material changes will be noted on this page.