// Legal

Privacy Policy

Last updated: 27 May 2026

1. What we collect

We collect the minimum needed to run the product:

  • Coin you create — name, ticker, supply, theme, description, optional creator wallet address, AI-generated logo and whitepaper text.
  • Email — only if you sign up for the early-holder airdrop list.
  • Hashed IP address — first 16 hex chars of SHA-256(your IP), used only to dedupe likes, tip intents, and creator records. We do not store your raw IP.
  • Public wallet address — if you link a Phantom / MetaMask wallet. Publicly displayed on your coin page if you set it as the tip recipient.
  • Payment info — handled entirely by Stripe. We see the last 4 digits of your card and country only, never the full number.
  • Aggregated, non-identifying analytics — page views, coin views, likes, tip counts.

2. What we don't collect

  • We do not store your raw IP address.
  • We do not see, store, or transmit your wallet private keys.
  • We do not read browsing history, location, microphone, camera, or contacts.
  • We do not sell, rent, or share your personal data with advertisers.
  • We do not use third-party advertising trackers or "fingerprinting" pixels.

3. Cookies and local storage

We use localStorage (not cookies) for a few non-tracking purposes:

  • Your paper-trading wallet ID and compliance checklist progress.
  • Whether you've connected Phantom / MetaMask before (so we can auto-reconnect on revisit).
  • Which coins you've liked (so the heart stays filled in your browser).

None of this is sent to third parties. You can clear it any time via your browser settings.

4. Third parties we use

These vendors process data on our behalf:

  • Stripe — payments. See stripe.com/privacy.
  • Helius — Solana RPC for reading wallet balances and verifying tip transactions.
  • Kraken — public market data only (no PII).
  • Emergent (Claude, Gemini Nano Banana) — AI generation for logos and whitepapers. Your coin's name, ticker, and theme are sent to the model; not your personal data.
  • MongoDB Atlas / Railway / Vercel — hosting and database.

5. How long we keep data

  • Published coin pages — kept indefinitely while live. Once a coin is part of public web history, the marketing page is part of that record.
  • Draft coins — auto-purged after 30 days of inactivity.
  • Payment records — kept for 7 years to comply with tax and anti-fraud regulations (US, EU, UK).
  • Email airdrop list — until you unsubscribe (a one-click link in every email).
  • Hashed IPs — kept until the related coin / like / tip is deleted.

6. Your rights

Depending on your jurisdiction (GDPR, CCPA, UK GDPR, LGPD), you have the right to:

  • Access a copy of your personal data we hold.
  • Correct inaccurate data.
  • Delete a draft coin (yourself) or a published coin (by emailing us).
  • Unsubscribe from any email list with one click.
  • Object to processing or request restriction.

Email privacy@solspur.com from the address you signed up with. We respond within 30 days (usually within 48 hours).

7. Children's privacy

SolSpur is not directed to children under 13 (or 16 in the EU). We do not knowingly collect personal data from minors. If you believe a minor has provided data to us, email us and we'll delete it.

8. Security

We use TLS encryption in transit, encrypted MongoDB connections, server-side payment processing (we never see card numbers), GDPR-style IP hashing, and unique-index protections to prevent duplicate signups or like-fraud. We're a small team and not a billion-dollar bank — please don't store anything on SolSpur that you couldn't tolerate becoming public.

9. International transfers

Our hosting providers (Vercel, Railway, MongoDB Atlas) operate globally. By using SolSpur from outside the United States, you consent to your data being processed in the US and other countries where these vendors operate. All vendors are GDPR-aligned with appropriate Standard Contractual Clauses.

10. Changes to this policy

We'll bump the "last updated" date below and announce material changes on the homepage. Continued use after 7 days constitutes acceptance.

Made with Emergent