← Back

Privacy Policy

Last updated: March 30, 2026

1. What we collect

We collect the minimum information necessary to operate the Platform:

  • Email address (for authentication and account recovery)
  • Password hash (never stored in plain text)
  • Solana wallet public address
  • Encrypted wallet seed (encrypted client-side, we cannot decrypt it)
  • Transaction records (for displaying history within the Platform)
  • Custom investment profiles and allocations

2. What we do NOT collect

  • Your seed phrase in plain text
  • Your wallet private key
  • IP address or geolocation data (beyond what is necessary for security)
  • Browsing history or tracking cookies

3. How we use your data

Your data is used exclusively to:

  • Authenticate you and protect your account
  • Display your portfolio, transaction history, and investment profiles
  • Send transactional emails (deposit confirmations, security alerts)
  • Improve the Platform (anonymized, aggregated analytics only)

4. Data storage

All data is stored in a PostgreSQL database hosted on Supabase with encryption at rest. Authentication is handled via Auth.js with secure HTTP-only session cookies. Your encrypted wallet seed is stored as an opaque blob that can only be decrypted with your password on your device.

5. Third-party services

The Platform integrates with third-party services that have their own privacy policies:

  • Supabase — Database hosting
  • Helius — Solana RPC and transaction indexing
  • Jupiter — DEX aggregation for token swaps
  • Resend — Transactional email delivery

We do not sell, share, or transfer your personal data to any third party for marketing or advertising purposes.

6. Blockchain transparency

All transactions on the Solana blockchain are public by nature. Your Solana wallet address and transaction history are visible on blockchain explorers. The Platform does not control or have the ability to make blockchain data private.

7. Your rights

You have the right to:

  • Access your personal data at any time through the Platform
  • Export your wallet seed phrase to use with any compatible wallet
  • Request deletion of your account and associated data
  • Withdraw your assets at any time without our permission

8. Security

We implement industry-standard security measures including encrypted database connections, HTTP-only session cookies, TOTP-based two-factor authentication, and client-side wallet encryption using AES-256-GCM with PBKDF2 key derivation (310,000 iterations).

9. Changes

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification.

10. Contact

For privacy-related inquiries, please contact us at contact@my-invest.app.