Privacy Policy
Anonymity is the product. This policy describes the minimal data we collect, why we collect it, and how long we keep it.
What we collect
- Email address. Used for transactional email (receipts, password reset) and as your account identifier. You can use any email service, including disposable ones.
- Password hash. Stored using bcrypt via Supabase Auth. We never store, see, or log the plaintext password.
- Wallet ledger. Every deposit, purchase, refund, and adjustment. Required to operate the wallet.
- Order history. Service, country, phone number, status, and received SMS for each purchase you make. Required for you to receive the codes you paid for.
- IP and browser fingerprint at signup and during top-up flows. Held briefly for anti-fraud. See retention below.
What we do not collect
- Government ID, photo ID, or any KYC document.
- Real names, physical addresses, or phone numbers belonging to you.
- Behavioural analytics tied to identity. Aggregate analytics, if any, are decoupled from your account.
Cookies
We set first-party session cookies for authentication. We do not use third-party advertising cookies, cross-site trackers, or fingerprint analytics.
Third parties
- Supabase hosts our database and authentication.
- NOWPayments processes crypto deposits. Your wallet address and transaction hash are visible to them.
- Our upstream network provides the phone numbers. They see the verification request from the target service; they do not see your identity or our user mapping.
Retention
- Wallet ledger, order history, received SMS: kept for the life of your account.
- IP / fingerprint at signup and top-up: retained for 30 days, then deleted automatically.
- On account deletion: all personal data is purged within 14 days. Aggregate ledger sums are retained for accounting for 7 years.
Your rights
You can delete your account from Settings. We do not log the reason; the deletion is honoured regardless.
Contact
Privacy questions: privacy@veridigits.example (replace before launch).