1. Information We Collect
Cryptocurrency Data
- Cryptocurrency addresses you submit for analysis
- Token contract addresses and associated metadata
- Wallet addresses for holder analysis
- Token or wallet search queries, scan identifiers, and requested analysis settings
- Transaction patterns and blockchain data
Note: Most of this information is publicly available on the blockchain. While wallet addresses and transactions may be linked to individuals, we treat them as pseudonymous technical data.
Usage Information
- API calls and analysis requests
- Usage patterns and frequency
- Feature utilization statistics
- Performance metrics and response times
- Scan status, risk-score, cache, degradation, and post-scan polling events used for operations and debugging
Technical Data
- IP addresses and coarse network or location signals where available
- Browser type and version
- Device and operating system information
- Referrer URLs and access times
- Request, trace, and diagnostics identifiers used for reliability and abuse control
Third-Party Market Data (Macro Risk Engine)
To power our Market Intelligence features (MSI, EWI, MTW), we collect and process publicly available market data from third-party sources:
- Federal Reserve Economic Data (FRED): Interest rates, credit spreads, economic indicators
- Yahoo Finance: Equity indices, volatility measures, sector data
- Cryptocurrency Exchanges: Price data, trading volumes
Note: This market data is publicly available and does not include any personal information. We transform and analyze this data using proprietary methods to generate risk indicators. Raw source data is not exposed to users.
Blockchain and Token Data Providers
When you request token, wallet, liquidity, holder, search, or scenario analysis, we may send the submitted token mint, wallet address, pool address, transaction signature, token symbol, search term, or related public blockchain identifier to enabled blockchain, RPC, market-data, liquidity, and security-analysis providers so the Service can fetch current public data and generate the requested report.
These providers may include, where configured, Helius, QuickNode, public Solana RPC, Birdeye, GeckoTerminal, RugCheck, GoPlus, DexScreener, Jupiter, Raydium, Pump.fun, PumpSwap, LetsBonk, Moonshot, CoinGecko, CoinMarketCap, and similar data sources.
What We Do Not Collect:
- Private banking, brokerage, or custodial account records
- Private keys, seed phrases, or wallet passwords
- Personal identification documents
- Payment information at launch. If paid plans are introduced, payment data will be processed by trusted third-party providers.
- Account profile data at launch while optional authentication and paywall controls are disabled. If enabled later, identity and session data may be processed by authentication providers such as Clerk.
2. How We Use Information
Service Provision
- Provide cryptocurrency analysis and risk assessment
- Generate reports and visualizations
- Maintain and improve analysis accuracy
- Ensure service availability and performance
Algorithm and Feature Improvement
- Train and improve detection algorithms
- Identify new attack patterns and risks
- Enhance accuracy and reduce false positives
- Develop new security and risk analysis features
Data Retention
We retain submitted blockchain data, logs, and usage information only as long as necessary to provide the Service, improve detection models, secure the platform, and comply with legal obligations. Retention varies by data class, storage system, and operational need. Current examples include:
- First-party analytics events, request metadata, and performance telemetry, which may include token mints, wallet addresses, search terms, run IDs, risk/status labels, and trace identifiers when needed for service delivery or debugging: short operational retention, with some in-memory telemetry retained only briefly and some request or incident records retained longer for support, abuse investigation, or reliability review
- Raw signal details and similar operational artifacts: retained only as needed for analysis quality, security review, and service reliability
- Pseudonymous counterparty data in selected security workflows: minimized, anonymized, or deleted according to the retention job that applies to that workflow
- Decision, override, and audit-governance records: retained longer where required for review, model governance, security, compliance, or investigation
- Public market and macro source data used for validation, backtesting, and model governance: longer-lived retention
Certain data may be anonymized and stored for research, security, and training purposes, including pattern recognition, reliability improvements, and security hardening.
Tracking summary: our current engineering baseline is also reflected in the Operational Analytics Notice.
Lawful Basis
- Service delivery / contract: to provide scans, market intelligence, reports, and related product functionality you request
- Legitimate interests: to secure the platform, prevent abuse, diagnose incidents, improve reliability, and maintain operational analytics
- Legal obligations: to comply with applicable legal, regulatory, audit, or investigative requirements
- Consent where required: if we later introduce non-essential tracking or third-party analytics that require consent in your jurisdiction
3. Information Sharing and Disclosure
We Do Not Sell Personal Data
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
Information may be shared only in limited circumstances such as compliance with legal obligations, security investigations, or operational service providers bound by confidentiality.
Service Providers
We may use hosting, infrastructure, database, caching, logging, security, and market-data providers to operate the Service. These providers may process data on our behalf under contractual or operational controls appropriate to the service they provide.
- Infrastructure and application stack: self-hosted frontend, backend, nginx, MongoDB, and Redis services
- Market and blockchain data sources: for example FRED, Yahoo Finance, Binance, Helius, QuickNode, public Solana RPC, Birdeye, GeckoTerminal, RugCheck, GoPlus, DexScreener, Jupiter, Raydium, CoinGecko, CoinMarketCap, and selected launchpad or liquidity providers where enabled
- Operational alerting and error monitoring: for example Discord webhooks or Sentry when configured
At launch, Rug Cleaner uses first-party operational analytics and performance telemetry only. We do not represent Google Analytics, Plausible, PostHog, advertising tags, or cross-site marketing trackers as active unless and until this policy and our tracking disclosure are updated first.
4. Data Security
- Encrypted transport for production traffic
- Deployment-appropriate storage protections and strict access controls
- Security reviews, automated checks, and vulnerability monitoring
- Incident response procedures and monitoring
5. Retention and Tracking
We use first-party technical telemetry to operate, secure, and improve the Service. This includes request metadata, trace identifiers, usage events, token scan events, wallet analysis events, search and scan status events, risk/status labels, and web performance metrics. At launch, this remains first-party operational analytics and performance telemetry only, provided external analytics webhooks and analytics endpoints are not enabled in production. A short launch summary of our tracking posture is available in our Operational Analytics Notice.
| Category | Examples | Typical Retention |
|---|---|---|
| Submitted blockchain data | Wallet addresses, token mints, token addresses, search queries, run IDs, analysis settings and related public blockchain identifiers | As needed for service delivery, validation, and security review |
| Usage and request metadata | Route usage, trace IDs, request IDs, timestamps, IP/user-agent | Short operational retention; retained only as long as needed for support, abuse detection, and reliability |
| Operational analytics | Page views, feature usage, web vitals, service health, token scan events, wallet analysis events, post-scan status events, stress-lab telemetry, and associated trace IDs or public token/wallet identifiers | Aggregated or minimized wherever practical |
| Public market data | Macro series, price history, volatility and credit indicators | Longer-lived for validation, backtesting, and model governance |
| Account and authentication data, if enabled | Account identifiers, profile details, authentication sessions, and paywall status processed through authentication providers such as Clerk | Not collected at launch while authentication and paywall controls are disabled; retained according to provider and account-management needs if enabled later |
6. Your Rights and Choices
You have the following rights (subject to applicable law):
- Access: Request information about data we have collected
- Correction: Request correction of inaccurate information
- Deletion: Request deletion of your personal data
- Export: Request a copy of your data in a portable format
7. International Data Transfers
We may process and store information on servers located outside your country of residence. By using Rug Cleaner, you consent to the transfer of your information across borders, subject to applicable data protection laws.
8. Automated Analysis Disclaimer
Some outputs are generated by automated detection systems. These are probabilistic in nature and may be inaccurate. They should not be relied upon as guarantees of truth or safety and must always be supplemented by independent research.
9. Contact Us
For privacy-related questions, requests, or concerns, contact us at info@rugcleaner.io with the subject line Privacy Request. We may ask for reasonable verification information before acting on an access, correction, deletion, or export request.
We aim to respond to legitimate privacy requests within a reasonable timeframe and in accordance with applicable law.
Privacy Commitment
We are committed to protecting your privacy while providing valuable cryptocurrency analysis services. This policy reflects our current practices and may be updated as we enhance our services and comply with evolving privacy regulations.