Privacy Policy
Last updated
This Privacy Policy explains how the operator of Thor Exchange (“Thor Exchange”, “we”, “us”) handles information in connection with the website at thorexchange.xyz and its subdomains (the “Interface”). The Interface is a non-custodial front-end to autonomous, immutable smart contracts. It is built to work with minimal data: there are no accounts, no sign-up, and no KYC.
1. What we do NOT collect
We designed the Interface around data minimization. We do not:
- require or maintain user accounts, usernames, or passwords;
- collect your name, email address, phone number, postal address, or government identifiers, unless you voluntarily provide them (for example, by emailing us);
- perform identity verification (KYC) or collect KYC documents;
- ever collect, request, or store your private keys, seed phrases, or wallet credentials;
- sell or rent personal data to anyone;
- use personal data for advertising, ad targeting, cross-context behavioral profiling, or building marketing profiles.
2. Public blockchain data
The Interface helps you interact with a public blockchain (Robinhood Chain, chain ID 4663). Your wallet address, balances, transactions, token creations, and trades are recorded on that blockchain. This data is inherently public, is generated by the decentralized network rather than collected by us, and is outside our control.
On-chain data is permanent and immutable. We cannot modify, delete, or erase it, and no data-deletion or “right to be forgotten” request can be satisfied against the blockchain itself. Anyone can inspect on-chain activity, and third parties may be able to associate a wallet address with a real-world identity using their own analysis. Consider this before transacting.
3. Data stored on your own device
To make the Interface work and remember your preferences, we store a small amount of data locally in your browser (via localStorage and sessionStorage). This data stays on your device, is not an account, and can be cleared by you at any time through your browser or the “Cookie settings” control. It includes cookie-consent choices, wallet-connection state, recently used searches in the command palette, and similar UI preferences. See our Cookie Policy for the full inventory.
4. Data our servers and processors handle
The Interface performs some server-side functions on our behalf, and these involve limited, transient processing:
- Hosting and request logs. Our hosting provider (Vercel) receives standard technical request metadata when you load the Interface, such as your IP address, user-agent, referrer, and timestamps. This is used to serve the site, maintain security, and diagnose problems, and is typically retained only transiently. We do not link this metadata to your wallet address.
- GraphQL proxy. To read indexed on-chain data, the Interface may route read-only GraphQL queries through our server to an indexer. These queries concern public blockchain data.
- Image uploads. When you create a launchpad token, the image you choose is uploaded through our server and pinned to IPFS and/or Vercel Blob storage. Uploaded token images become public and are effectively permanent; once distributed to IPFS they may be replicated by others and cannot reliably be deleted. Do not upload anything private, sensitive, or infringing.
5. Analytics and error reporting (opt-in, off by default)
Analytics and error reporting are opt-in and default to OFF. They are currently not connected to any provider and collect nothing unless and until you affirmatively enable them in the cookie banner and we later wire a provider. If enabled, privacy-respecting analytics would record only aggregate usage, and error reporting would capture only technical crash details (such as stack traces, browser version, and URL path). Neither would ever capture your private keys or transaction secrets. You can change your choice at any time via “Cookie settings” in the footer. See the Cookie Policy.
6. Service providers and third parties
We rely on a small number of third parties. Each acts under its own terms and privacy practices, and your interaction with some of them (such as your wallet and RPC provider) is directly between you and them:
- Vercel — website hosting, edge functions, request logs, and Blob storage for images.
- Public RPC endpoints — your wallet and the Interface broadcast transactions and read chain state through RPC providers, which can see your IP address and transaction data.
- WalletConnect — if you connect using WalletConnect, it relays connection and signing requests between your wallet and the Interface.
- Pinata / IPFS — pinning and distribution of user-uploaded token images, which are public.
- Blockscout — block-explorer links that open public on-chain data in a third-party explorer.
- Analytics / error-reporting provider — only if you opt in and only once a provider is wired.
7. How we use information
- to provide, operate, secure, and maintain the Interface;
- to display public on-chain data you request;
- to host and serve token images you upload;
- to detect, prevent, and respond to fraud, abuse, and security issues;
- to comply with legal obligations and enforce our Terms of Service;
- if you opt in, to understand aggregate usage and to diagnose crashes.
We do not sell personal data, do not share it for cross-context behavioral advertising, and do not use it for automated profiling that produces legal or similarly significant effects.
8. Legal bases (GDPR / UK GDPR)
Where the EU or UK General Data Protection Regulation applies, we rely on the following legal bases: legitimate interests (to operate, secure, and improve the Interface and prevent abuse), where not overridden by your rights; consent (for opt-in analytics and error reporting, which you may withdraw at any time); and legal obligation (to comply with applicable law). Note that we are not the controller of the public blockchain and cannot act on on-chain data.
9. Your rights
Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or object to the processing of personal data we hold, to data portability, and to withdraw consent. Because we hold very little server-side personal data and no accounts, these rights apply only to data that actually exists in our systems (for example, transient logs or an email you sent us). They do not, and cannot, apply to data recorded on the public blockchain or content already distributed to IPFS, which we are unable to alter or delete. To make a request, contact the team via Telegram (link available on our official channels). You may also have the right to lodge a complaint with your local data-protection authority.
California (CCPA/CPRA). If you are a California resident, we do not sell or share personal information as those terms are defined under the CCPA/CPRA, and we do not use sensitive personal information for inferring characteristics. You may exercise applicable rights (to know, delete, correct, and to non-discrimination) via the same contact address.
10. Data retention and security
We retain server-side data only as long as needed for the purposes described here or as required by law; transient hosting logs are generally short-lived. We use reasonable technical and organizational measures to protect data, but no method of transmission or storage is completely secure, and public on-chain data and IPFS content cannot be protected or withdrawn.
11. Children
The Interface is not directed to, and may not be used by, anyone under 18 years of age. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will take appropriate steps.
12. International transfers
We operate globally and our providers may process data in the United States, the European Union, and elsewhere. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for international transfers. By using the Interface, you understand your information may be processed in countries with different data-protection laws than your own.
13. Changes to this Policy
We may update this Policy from time to time. We will update the “Last updated” date above and, for material changes, may provide additional notice through the Interface. Your continued use after changes take effect constitutes acceptance.
14. Contact
Privacy questions and requests may be directed to the team via Telegram (link available on our official channels).