Privacy Policy
TL;DR: We collect minimal data to operate the RPC gateway. We don't sell your data. Activity logs are deleted after 30 days. You own your data.
1. What We Collect
| Data | Purpose | Retention |
|---|---|---|
| IP address | Rate limiting, abuse prevention | 30 days |
| Wallet address | Authentication, key binding | Until account deletion |
| API key | Access control, usage tracking | Until account deletion |
| RPC method + timestamp | Usage analytics, billing | 30 days |
| Response latency | Performance monitoring | 30 days |
2. What We Do NOT Collect
- Email addresses or personal names
- Transaction contents or private keys
- Browser fingerprints or tracking cookies
- Data from third-party analytics (no Google Analytics, no Meta Pixel)
3. How We Use Your Data
- Rate limiting: IP addresses enforce per-IP limits for unauthenticated requests
- Usage tracking: Method calls are logged to calculate daily limits and show analytics in your dashboard
- Abuse prevention: Patterns are monitored to detect and block malicious activity
- Service improvement: Aggregated, anonymized data helps optimize caching and routing
4. Data Retention
Activity data (IP, request logs, latency) is automatically deleted after 30 days. We do not retain historical request logs beyond this window.
Account data (wallet address, API key, tier) persists until you request deletion or the key is deactivated.
5. Data Sharing
We do NOT sell, trade, or share your data with third parties.
Exceptions:
- When required by law (court order, legal process)
- To prevent fraud or security threats to the service
6. IP Address Handling
IP addresses are used solely for rate limiting. They are not correlated with wallet addresses or other identifiers to build user profiles. After the 30-day retention window, IP data is permanently deleted.
7. Cookies
We use localStorage (not cookies) to store your API key and wallet address in the browser for dashboard access. No third-party cookies or tracking scripts are used.
8. Your Rights
- Access: View your usage data via the dashboard
- Deletion: Request full deletion of your API key and associated data
- Portability: Export your usage history via the API
9. Security
All connections are encrypted via TLS. API keys are generated with cryptographic randomness. Wallet authentication uses EIP-191 message signing — no passwords stored.
10. Changes
We may update this policy. Significant changes will be announced on our X/Twitter account. Continued use of the service after changes constitutes acceptance.
11. Contact
Questions about privacy? Reach us on X/Twitter @RPC_LitVM.