Privacy Policy

Last updated: 2026-05-13

This Privacy Policy explains what data Whale Radar collects, how we use it, and the choices you have. Whale Radar is operated by the Whale Radar team. Contact us at hello@whale-radar.app with any questions.

1. What we collect

From you, when you sign up

  • Wallet address — used as your account identifier (Sign-In With Ethereum / EIP-4361). Public on-chain data.
  • SIWE signature — proves you control the wallet. Stored only long enough to verify; not retained after session issuance.
  • Email (optional) — if you provide it for billing or account recovery.
  • Telegram handle and chat ID — when you link your Telegram, so we can deliver alerts.
  • Watched addresses, labels, mute states, quiet-hours preferences — your configuration of the Service.

Automatically, when you use the Service

  • Standard server logs — IP address, user-agent, request paths, response codes, timestamps. Retained for security and debugging up to 30 days.
  • Error telemetry — stack traces and runtime context captured via Sentry. We strip personal fields (email, Telegram handle, signature, SIWE message) before transport. Wallet addresses may appear in error context (public data).

What we never collect

  • Private keys, seed phrases, or transaction-signing capability. The Service is read-only; no part of the flow requires or accepts these.
  • Off-chain financial information beyond billing details handled by our payment processor.

2. How we use your data

  • To operate the Service: watch the addresses you specify, generate AI summaries of on-chain activity, deliver alerts to your Telegram.
  • To bill you and manage your subscription (Pro plan).
  • To respond to support requests.
  • To monitor and improve the Service: server logs, aggregated usage metrics, error telemetry.

3. Third parties

We share data with these processors strictly to operate the Service:

  • Polar (polar.sh) — handles payment processing. We share your wallet address as an external customer ID; Polar collects payment details directly from you.
  • Anthropic (anthropic.com) — generates AI summaries. We send decoded on-chain event data; no personal account information is included in prompts.
  • CoinGecko — USD price lookups. No user data sent.
  • Sentry — error telemetry. We strip personal fields before send.
  • Telegram — alert delivery. Subject to Telegram's privacy policy.
  • Cloud infrastructure (Railway, Vercel, Neon, Upstash) — hosting, database, and queue providers. Industry-standard SOC 2 commitments.

4. Cookies and local storage

We set an httpOnly session cookie after SIWE login (JWT, HS256, 6-hour sliding expiry). RainbowKit / wagmi use browser localStorage to remember your wallet connector choice. We do not use third-party tracking cookies or behavioural analytics on the Service at launch.

5. Data retention

  • Account data: retained while your account exists.
  • Alert summaries and delivery logs: retained for 90 days.
  • Server logs: retained up to 30 days.
  • Billing records: retained as required by tax law (typically 7 years).

6. Your rights

You can request access to, correction of, or deletion of your personal data by contacting us at hello@whale-radar.app. To delete your account, email us from the address associated with your account or include a signed message from your wallet address.

7. Security

We follow industry-standard practices to protect your data — TLS in transit, encryption at rest on hosted databases, principle-of-least-privilege access. No system is fully secure; if you believe your account has been compromised, contact us immediately.

8. Children

The Service is not directed to anyone under 18. We do not knowingly collect data from minors.

9. Changes to this policy

We may update this Privacy Policy. Material changes will be communicated via the Service or by email. The "Last updated" date at the top of this page reflects the current version.

10. Contact

Questions, data requests, or concerns? Email hello@whale-radar.app.