Privacy Policy
Last updated: 27 May 2026
1. What we collect
We collect the minimum needed to run the product:
- Coin you create — name, ticker, supply, theme, description, optional creator wallet address, AI-generated logo and whitepaper text.
- Email — only if you sign up for the early-holder airdrop list.
- Hashed IP address — first 16 hex chars of SHA-256(your IP), used only to dedupe likes, tip intents, and creator records. We do not store your raw IP.
- Public wallet address — if you link a Phantom / MetaMask wallet. Publicly displayed on your coin page if you set it as the tip recipient.
- Payment info — handled entirely by Stripe. We see the last 4 digits of your card and country only, never the full number.
- Aggregated, non-identifying analytics — page views, coin views, likes, tip counts.
2. What we don't collect
- We do not store your raw IP address.
- We do not see, store, or transmit your wallet private keys.
- We do not read browsing history, location, microphone, camera, or contacts.
- We do not sell, rent, or share your personal data with advertisers.
- We do not use third-party advertising trackers or "fingerprinting" pixels.
4. Third parties we use
These vendors process data on our behalf:
- Stripe — payments. See stripe.com/privacy.
- Helius — Solana RPC for reading wallet balances and verifying tip transactions.
- Kraken — public market data only (no PII).
- Emergent (Claude, Gemini Nano Banana) — AI generation for logos and whitepapers. Your coin's name, ticker, and theme are sent to the model; not your personal data.
- MongoDB Atlas / Railway / Vercel — hosting and database.
5. How long we keep data
- Published coin pages — kept indefinitely while live. Once a coin is part of public web history, the marketing page is part of that record.
- Draft coins — auto-purged after 30 days of inactivity.
- Payment records — kept for 7 years to comply with tax and anti-fraud regulations (US, EU, UK).
- Email airdrop list — until you unsubscribe (a one-click link in every email).
- Hashed IPs — kept until the related coin / like / tip is deleted.
6. Your rights
Depending on your jurisdiction (GDPR, CCPA, UK GDPR, LGPD), you have the right to:
- Access a copy of your personal data we hold.
- Correct inaccurate data.
- Delete a draft coin (yourself) or a published coin (by emailing us).
- Unsubscribe from any email list with one click.
- Object to processing or request restriction.
Email privacy@solspur.com from the address you signed up with. We respond within 30 days (usually within 48 hours).
7. Children's privacy
SolSpur is not directed to children under 13 (or 16 in the EU). We do not knowingly collect personal data from minors. If you believe a minor has provided data to us, email us and we'll delete it.
8. Security
We use TLS encryption in transit, encrypted MongoDB connections, server-side payment processing (we never see card numbers), GDPR-style IP hashing, and unique-index protections to prevent duplicate signups or like-fraud. We're a small team and not a billion-dollar bank — please don't store anything on SolSpur that you couldn't tolerate becoming public.
9. International transfers
Our hosting providers (Vercel, Railway, MongoDB Atlas) operate globally. By using SolSpur from outside the United States, you consent to your data being processed in the US and other countries where these vendors operate. All vendors are GDPR-aligned with appropriate Standard Contractual Clauses.
10. Changes to this policy
We'll bump the "last updated" date below and announce material changes on the homepage. Continued use after 7 days constitutes acceptance.