Legal
Privacy Policy
Last updated: 4 March 2026
1. Who We Are
ARACHNE (“we”, “us”, “our”) is a blockchain transaction analysis service that allows registered users to trace Ethereum wallet activity and visualise transaction networks. Our platform is operated by the ARACHNE team and is accessible at the domain associated with this service.
Questions about this policy may be directed to us at privacy@arachne.app.
2. Data We Collect
We collect the minimum data necessary to provide our service:
- Account Information — Your email address and display name, provided at registration. Your email is used for authentication and service communications only.
- Login Events — Each time you sign in we record a timestamp, a one-way SHA-256 hashed and salted version of your IP address (the raw IP is never stored), a derived country code, and your browser user-agent string. This data supports security auditing and abuse prevention.
- Subscription & Billing — Stripe processes all payments. We store only the Stripe customer ID, subscription ID, subscription tier, and billing status. Full card details are never transmitted to or stored by us.
- Usage Counters — A monthly count of trace requests is maintained against your account to enforce plan limits. We do not persistently store the Ethereum addresses you trace, the graph results, or any transaction data retrieved from the blockchain. Each trace session is stateless and discarded after you close the page.
- Avatar — If you choose to upload a profile image it is stored in our cloud storage bucket. Upload is optional.
3. Blockchain Data
Ethereum transaction data retrieved during a trace is sourced from the Etherscan public API and reflects data that is permanently and publicly recorded on the Ethereum blockchain. We do not create, modify, or control this data. We act solely as a display and analysis layer on top of publicly available information. No personally identifiable information is inferred or attributed to on-chain addresses by us.
4. How We Use Your Data
- ▸To authenticate you and maintain your session.
- ▸To enforce subscription tier limits and track monthly usage.
- ▸To detect and prevent fraudulent or abusive behaviour using login event records.
- ▸To send transactional emails (e.g. account confirmation, deletion confirmations) via Resend.
- ▸To process subscription payments and manage billing via Stripe.
- ▸To respond to support enquiries.
We do not use your data for advertising, profiling, or any purpose beyond operating and improving the service.
5. Third-Party Services
The following third parties process data on our behalf:
| Provider | Purpose |
|---|---|
| Supabase | Authentication, database, and file storage |
| Stripe | Payment processing and subscription management |
| Resend | Transactional email delivery |
| Etherscan | Public Ethereum blockchain data retrieval (no personal data sent) |
| Vercel | Application hosting and edge delivery |
Each provider operates under their own privacy policy and data processing agreements. We do not sell or share your data with any other third parties.
6. Data Retention
- ▸Account data is retained for as long as your account is active.
- ▸Login event records are retained for up to 12 months for security purposes.
- ▸Trace session data is not persisted and is discarded at the end of each request.
- ▸On account deletion, all personal data is purged within 30 days. Stripe retains billing records as required by applicable law.
7. Cookies & Local Storage
We use session cookies issued by Supabase solely to maintain your authenticated state. No advertising, tracking, or analytics cookies are set. No data is sold to advertisers.
8. Your Rights
Depending on your jurisdiction you may have rights including:
- ▸Access — request a copy of the personal data we hold about you.
- ▸Correction — request correction of inaccurate data.
- ▸Deletion — delete your account at any time from your profile page. All data is purged within 30 days.
- ▸Portability — request a machine-readable export of your account data.
- ▸Objection — object to processing where we rely on legitimate interests.
To exercise any right, email privacy@arachne.app. We will respond within 30 days.
9. Security
IP addresses are hashed with SHA-256 and a server-side secret salt before storage; the raw IP is never persisted. Passwords are managed entirely by Supabase using industry-standard bcrypt hashing. We enforce HTTPS across all endpoints. Etherscan API keys are stored server-side only and are never exposed to the client.
10. Children
ARACHNE is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children.
11. Changes to This Policy
We may update this policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. Continued use of the service after any changes constitutes acceptance of the updated policy.
12. Contact
For privacy-related enquiries, please contact us at privacy@arachne.app.