Proof of Transfer
Back to Claims

Privacy Policy

Last updated: March 16, 2026

1. Overview

Proof of Transfer is designed to be privacy-preserving. We never store the wallet addresses of provers or verifiers. This policy explains what data we do process and why.

2. What We Store

  • Claims — claim messages, constraints, token and counterparty addresses, merkle roots. All user-provided and publicly visible.
  • Proofs — ZK proof bytes, public inputs, and nullifiers. Nullifiers are pseudonymous identifiers derived from your wallet signature — they are designed to be computationally infeasible to reverse to a wallet address.
  • Verifications — verification results (pass/fail) and verifier nullifiers.
  • Transfers — copies of publicly available blockchain transfer data (sender, recipient, amounts, transaction hashes) fetched from block explorer APIs.

3. What We Do Not Store

  • Prover or verifier wallet addresses — never sent to or stored on the server. Note: transfer records contain sender and recipient addresses from public blockchain data, and claims include a counterparty address — these are already publicly available on-chain.
  • EIP-712 signatures — processed entirely in your browser
  • Email addresses, names, or account credentials — no accounts exist

4. Cookies

We use functional cookies only (wallet connection state via wagmi) to maintain your wallet session across page loads. No analytics or tracking cookies are used.

5. IP Addresses

IP addresses are used in-memory for rate limiting to prevent abuse. They are not persisted to any database or log file.

6. Third-Party Services

The Service relies on external services that may process your data:

  • Reown (WalletConnect) — wallet connection. Subject to Reown's privacy policy
  • Etherscan / block explorer APIs — fetching public transfer data

7. Data Retention

Claims, proofs, and verifications are stored indefinitely as they are part of the public record of the Service. Transfer data is retained as long as the associated claim exists. There is currently no self-service deletion mechanism — contact us if you need data removed.

8. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete your data. Since we do not store wallet addresses or personal accounts, most data in our system is either public blockchain data or pseudonymous (nullifiers). Contact us to exercise your rights.

9. Contact

For privacy-related questions, open an issue on our GitHub repository.

10. Changes

We may update this policy at any time. Changes will be reflected by updating the "Last updated" date above.