1. Information We Collect
We collect different types of information depending on how you interact with the Platform:
1.1 Blockchain Data (Permanent)
- Wallet addresses — Your Base64-encoded SPKI public key serves as your wallet address. This is recorded permanently on the DataChain.
- Transaction records — All trades, transfers, token deployments, stablecoin minting/burning, staking positions, and fee payments are recorded immutably in mined blocks.
- Token balances — Current balances per wallet address per token are tracked in the state database.
- Order book entries — Active limit orders including price, quantity, and wallet address.
- Referral codes — Unique referral identifiers linked to your wallet's public key.
1.2 Server-Side Data (PostgreSQL)
- Public keys — Stored in the
public_keystable for ECDSA signature verification. - Price alerts — Alert configurations including target price, token, expiry, and optionally a Telegram chat ID.
- Deployment drafts — In-progress token deployment data auto-saved every 30 seconds. Auto-cleaned after 90 days.
- Withdrawal addresses — Pre-registered external wallet addresses with label, network, currency, and approval status.
- Feature activations — Records of paid feature unlocks (browser mining, staking) linked to wallet addresses.
- Mining statistics — Hash counts and block records for the mining leaderboard.
- Broadcast notifications — Creator-sent notifications, auto-expired after 10 days.
- API keys —
sk_live_game integration keys linked to token creators. - NowPayments records —
payment_idreferences for crypto deposit tracking.
1.3 Client-Side Data (Your Browser)
- IndexedDB — Your private key (as a non-extractable CryptoKey), wallet address, and raw SPKI data. This data never leaves your device.
- localStorage — Theme preference (
delchain_theme), selected asset, last active tab, notification read states, and legacy wallet data (auto-migrated to IndexedDB). - sessionStorage — Temporary UI state that does not persist between sessions.
1.4 Automatically Collected Data (Infrastructure)
- IP addresses — Collected by Cloudflare for DDoS protection, WAF, and bot filtering. We do not directly log IP addresses on our backend servers.
- HTTP headers — User-Agent, Accept-Language, and Referer headers are processed by Cloudflare and may be logged for security purposes.
- WebSocket connections — Connection timestamps and reconnection patterns for real-time data delivery.
2. Information We Do NOT Collect
- Private keys — We never have access to your private key. It is generated and stored exclusively on your device.
- Seed phrases — Your 12-word mnemonic is generated client-side and shown to you once. We do not store, transmit, or have access to it.
- Personal identity — We do not collect names, email addresses (except optional Telegram chat IDs for alerts), phone numbers, government IDs, or any personally identifiable information (PII). KYC has been permanently removed from the Platform.
- Cookies — The Platform does not set tracking cookies. Cloudflare may set security-related cookies (e.g.,
__cf_bm) for bot detection. - Analytics/Tracking — We do not use Google Analytics, Facebook Pixel, or any third-party behavioral tracking on the crypto terminals.
3. How We Use Your Information
- Transaction processing — Wallet addresses and signed transactions are processed to execute trades, transfers, and deployments.
- Signature verification — Public keys are used to verify ECDSA signatures on every authenticated API call.
- Price alerts — Telegram chat IDs (if provided) are used to send price alert notifications via the Telegram Bot API.
- Security — Rate limiting, replay attack prevention, and CORS enforcement use request metadata to protect the Platform.
- Network status — Mempool utilization data is used to calculate dynamic trading fees.
- Notifications — Broadcast notifications inform users about token deletions, system updates, and creator announcements.
4. Third-Party Services
The Platform integrates with the following third-party services, each with their own privacy policies:
- Cloudflare — DDoS protection, WAF, CDN, SSL/TLS. May process IP addresses and HTTP headers. Cloudflare Privacy Policy
- PayPal — USD deposit and withdrawal processing. PayPal collects and processes your PayPal account information according to their terms. PayPal Privacy Policy
- NowPayments — Multi-chain crypto deposit and withdrawal gateway. Processes external wallet addresses and transaction data. NowPayments Privacy Policy
- Railway — Backend hosting and PostgreSQL database. All server-side data is stored on Railway infrastructure. Railway Privacy Policy
- Vercel — Frontend hosting and deployment. Serves static HTML/CSS/JS files. Vercel Privacy Policy
- Telegram Bot API — Used exclusively for price alert delivery when a user provides their Telegram chat ID.
- Google Firebase / AdSense — Used ONLY by the Scientific Nexus Gaming Hub (ScGames.html, games.html, Review.html). Firebase handles authentication and Firestore data for the gaming platform. AdSense may set cookies on gaming pages. These services do NOT apply to the crypto terminals.
5. Data Retention
- Blockchain data — Permanently retained. Cannot be deleted due to the immutable nature of the DataChain.
- Deployment drafts — Auto-deleted after 90 days of inactivity.
- Broadcast notifications — Auto-expired and deleted after 10 days.
- Price alerts — Retained until triggered, expired, or manually deleted.
- API keys — Retained until revoked by the token creator.
- Mining statistics — Retained indefinitely for leaderboard functionality.
- Client-side data — Retained until you clear your browser data or uninstall the wallet.
6. Data Security
We implement multiple layers of security to protect data:
- ECDSA P-256 digital signatures on all sensitive API calls.
- Replay attack prevention via duplicate signature detection.
- Cloudflare WAF, DDoS mitigation, and bot filtering.
- Helmet.js HTTP security headers on the backend.
- Rate limiting (50 tx/min, 200 reads/min, 30 mining/min).
- CORS strict origin enforcement.
- HMAC-SHA512 webhook verification for NowPayments IPN callbacks.
- JWT + API key double authentication for NowPayments Mass Payout.
- Input validation and sanitization on all user-submitted data.
- Non-extractable CryptoKey storage for wallet private keys.
7. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access — You can view your blockchain data (wallet address, balances, transactions) through the DataChain Explorer and terminal dashboards at any time.
- Deletion — Client-side data (wallet, preferences) can be deleted by clearing browser data. Server-side data linked to your wallet address includes immutable blockchain records that cannot be deleted. Non-blockchain server data (drafts, alerts, API keys) can be implicitly deleted by abandoning the wallet.
- Portability — Your wallet can be exported as an encrypted JSON backup and imported on any compatible device.
- Correction — Token metadata (description, logo, tiers) can be updated by the token creator through DelChain Creator Settings.
8. Children's Privacy
The Platform is not intended for use by individuals under 18 years of age. We do not knowingly collect information from minors. If you believe a minor has used the Platform, please contact us so we can take appropriate action.
9. International Data Transfers
The Platform's backend is hosted on Railway infrastructure, which may process data in various geographic locations. Cloudflare's CDN distributes frontend content globally. By using the Platform, you consent to the transfer of your data to servers located outside your country of residence. The Platform does not target or restrict access based on geographic location (except where prohibited by sanctions).
10. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect the most recent revision. Continued use of the Platform after changes are posted constitutes acceptance of the revised policy. Material changes may be communicated via broadcast notifications.
11. Contact
For privacy-related questions or data requests, please contact the Scientific Nexus team via the project's GitHub repository or through the Platform's official communication channels.