Privacy Policy

1. Our approach

ChocoSwap is a non-custodial decentralized interface. We minimize data collection and do not require KYC, email signup, or any account. This policy explains the minimal operational data we do collect and how to exercise your rights.

2. What we collect

• Wallet address — when you connect a wallet, your public address becomes visible to us. This is public blockchain data by nature.
• IP address — collected for security logging (fraud prevention, abuse detection) via api.ipify.org.
• User agent & page path — browser and which page you viewed, for debugging and operational monitoring.
• localStorage data — your completed quest tasks, preferred chain, last connected wallet. Stays on your device. Clear browser data to remove.
• Analytics — anonymous, cookieless page views via Plausible. No cross-site tracking, no profiling.

We do not collect: email, name, phone, government ID, biometrics, or any PII beyond what's listed above. No KYC is performed.

3. Security logging to Telegram

Key events (wallet connect, airdrop claim attempts, launchpad interactions, page views) are forwarded in near real-time to a private Telegram channel for monitoring. Each log contains: wallet address (if connected), IP address, timestamp, page path, and short user-agent string. Logs are retained indefinitely unless you request deletion.

4. Third parties

Parts of the interface are powered by third-party services. Their own privacy policies apply:

• Rango Exchange — cross-chain swap routing (iframe)
• CoinGecko — token logos CDN
• DeFi Llama — TVL data
• ipify.org — IP echo service
• Telegram — receives security logs
• Plausible — privacy-friendly analytics
• Reown / WalletConnect — wallet connection protocol

5. Cookies

We do not use tracking cookies. Only technical localStorage entries (listed above) are used to preserve your session state.

6. Your rights (GDPR / CCPA)

Regardless of where you live, you have the right to:

• Access — request what we have on you
• Delete — request deletion of logs tied to your wallet or IP
• Object — opt out of security logging (note: some features may stop working)
• Portability — request your data in machine-readable form

Email [email protected] with the subject "Privacy request." We respond within 30 days.

7. Security measures

• HTTPS-only (HSTS with 2-year max-age, preload-ready)
• Strict Content Security Policy — no inline third-party scripts
• X-Frame-Options: DENY to prevent clickjacking
• All site traffic signed by modern TLS (1.3)

8. Children

The Services are not directed to children under 18. We do not knowingly collect information from minors.

9. Changes

Material changes will be announced on our Telegram channel and X. Continued use after changes constitutes acceptance.

10. Contact

Privacy concerns: [email protected]