Privacy Policy

SmartSec is committed to protecting your privacy. This policy explains what data we collect and how we handle it.

Data We Collect

Minimal by Design. We collect only what's necessary to provide the service:

• Wallet Address: Your Solana public key when you connect your wallet (required for x402 payments on Pro tier)
• Payment Records: x402 payment signatures for service usage verification
• Request Metadata: Timestamp, contract size (line count) for rate limiting

Data We Do NOT Collect

• Email addresses or personal contact information
• Names or identity documents
• IP addresses for tracking purposes
• Cookies for advertising or analytics
• Browser fingerprints
• Your contract source code - processed in memory and immediately discarded

How Data Is Used

• Security Analysis: Contracts are analyzed in memory only - never written to disk
• Payment Verification: x402 signatures are verified on-chain via Solana
• Rate Limiting: Basic request counts to prevent abuse (Basic tier: 1 scan/day)
• Audit Reports: Temporarily available for download (1 hour) then auto-deleted

Third-Party Services

• Solana Blockchain: Payment transactions are public on the Solana network
• Helius: RPC provider for Solana payment verification
• Anthropic: Pro tier uses Claude API for AI analysis (contract code sent for analysis)
• Block Explorers: Etherscan, BSCScan, etc. for fetching verified contract source
• Cloudflare: CDN and DDoS protection (may log IP addresses per their policy)

Data Retention

• Contract Source: Never stored - processed in memory and immediately discarded
• Audit Reports: Temporarily cached for 1 hour, then automatically deleted
• Server Logs: Request logs retained for 7 days maximum
• Usage Counters: Daily rate limit counters reset every 24 hours

Your Rights

• Your contracts are never stored - nothing to delete
• You control your wallet and can choose not to use the service
• No account to delete - we don't store personal profiles

Security

• All connections use HTTPS/TLS encryption
• No passwords stored - wallet-based authentication only
• No sensitive data stored on our servers
• Contracts processed in isolated memory, never persisted

Changes

We may update this policy. Changes will be posted on this page with an updated date.

Contact

For privacy concerns, reach out via the project's public channels.