Wallet Sleuth is a read-only analytics and alerting tool for publicly available Solana blockchain data. We do not trade, swap, custody, hold, manage, transfer, or have access to your cryptocurrency, tokens, NFTs, wallets, or private keys. We do not — and have no plans to — offer brokerage, exchange, custody, asset management, or any service that moves or controls digital assets. The data we analyze (transactions, balances, prices) is already public on the Solana blockchain; we present it in a more useful way and notify you about it.
1. Who We Are
Wisteria Technologies LLC ("we," "us," or "our") operates Wallet Sleuth (the "Service"), available via web at walletsleuth.app and via our iOS and Android mobile applications. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service. If you do not agree with this policy, do not use the Service.
For users in the European Economic Area (EEA), the United Kingdom, and Switzerland, Wisteria Technologies LLC is the "data controller" of your personal information under the EU General Data Protection Regulation ("GDPR"), the UK GDPR, and the Swiss Federal Act on Data Protection. For users in the United States, this policy is also intended to satisfy applicable state privacy laws, including the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA").
2. Nature of the Service
Wallet Sleuth is a data analytics, monitoring, and alerting product. It is essential to understand what the Service is and what it is not, because this scope defines what data we handle and how.
2.1 What the Service does
Reads publicly available transaction data from the Solana blockchain
Detects transactions involving wallet addresses you choose to monitor
Categorizes activity (buy, sell, transfer) and estimates U.S. dollar value using public price data
Sends you notifications about that activity through the channels you configure (in-app, push, email, SMS)
Displays charts, historical context, and aggregated metrics derived from public on-chain data
2.2 What the Service does NOT do
No custody. We never hold, store, or have access to your cryptocurrency, tokens, NFTs, or any digital asset.
No private keys. We never ask for, receive, or store seed phrases, private keys, or any wallet credential. The Service does not require you to connect a wallet.
No trading or swaps. The Service cannot buy, sell, swap, bridge, stake, unstake, or otherwise transact on your behalf or anyone else's. There is no trade execution capability anywhere in the product.
No asset management. We do not manage portfolios, give investment advice, or act as a fiduciary.
No brokerage or exchange functionality. The Service is not a broker-dealer, money services business, exchange, or financial institution.
No transfers. The Service cannot initiate or sign transactions on the Solana network or any other blockchain.
Monitoring a wallet address inside the Service is purely informational. The wallet owner is unaffected and is not notified. We have no relationship with, and no control over, any address you choose to track.
3. Information We Collect
3.1 Information you provide
Account information: email address, display name, password (stored hashed by our authentication provider), and authentication identifiers from third-party sign-in (Sign in with Apple, Sign in with Google).
Contact information for alerts: additional phone numbers and email addresses you add as alert destinations.
Tracking configuration: Solana wallet addresses, token addresses, wallet nicknames, tags, alert rules and thresholds, and contact groups you create.
Payment information (paid plans only): processed by Stripe. We receive metadata about your subscription (plan, status, renewal) but we do not store full payment card numbers.
Support communications: if you contact us, we keep a record of that correspondence.
3.2 Information collected automatically
Usage data: pages viewed, features used, timestamps of activity, and an audit log of changes you make to tracking pages.
Device information (mobile app): device model, operating system version, app version, and push notification token.
Diagnostic data: crash reports and error logs to keep the Service reliable.
3.3 Public blockchain data
We retrieve and process publicly available Solana blockchain data — transactions, balances, token metadata, and prices — associated with the wallet addresses you choose to monitor. This information is already public on the blockchain; we do not own it, and tracking it inside Wallet Sleuth does not give us any control over the wallet, its assets, or its owner.
3.4 What we do NOT collect
We do not collect:
Private keys, seed phrases, mnemonics, or any wallet credential
Wallet signatures or wallet-connect sessions (the Service does not require wallet connection)
Photos, videos, audio, contacts, calendar, health, fitness, or biometric data
Precise or approximate device location
Browsing or search history outside the Service
4. How We Use Information
We use the information we collect to:
Provide, maintain, and improve the Service
Authenticate you and protect your account
Monitor the blockchain addresses you specify and detect events matching your alert rules
Deliver alerts to the channels you have configured (in-app, push notification, email, SMS)
Process subscription payments and manage paid features
Communicate with you about service updates, security notices, and support requests
Detect, investigate, and prevent abuse, fraud, and security incidents
Comply with legal obligations
We do not use your personal information to make automated investment decisions for you, because we do not make investment decisions at all. We do not engage in profiling that produces legal or similarly significant effects on you. We do not sell your personal information, and we do not share it for cross-context behavioral advertising as those terms are defined under California law.
5. Legal Bases for Processing (EEA, UK, Switzerland)
If you are in the EEA, the UK, or Switzerland, we process your personal information on one or more of the following legal bases:
Performance of a contract (GDPR Art. 6(1)(b)): creating and operating your account, delivering the Service, configuring and sending the alerts you request, and processing payments for paid plans.
Legitimate interests (GDPR Art. 6(1)(f)): securing the Service against fraud and abuse, debugging errors, understanding aggregate usage to improve the product, and protecting our rights. Where we rely on legitimate interests, we balance those interests against your rights and you may object as described in Section 10.
Consent (GDPR Art. 6(1)(a)): sending optional marketing communications (where applicable) and enabling push notifications on mobile. You can withdraw consent at any time without affecting processing already carried out.
Legal obligation (GDPR Art. 6(1)(c)): meeting requirements under applicable law, including tax, accounting, and lawful requests from authorities.
6. Third-Party Services We Use
We rely on the following third-party providers to deliver the Service. Each operates under its own privacy policy and receives only the information needed to perform its function:
Google Firebase — user authentication, database (Firestore), push notification delivery
Helius — Solana transaction parsing and real-time webhook delivery
Alchemy — Solana RPC endpoints and token price data
Resend — transactional email delivery
Twilio — SMS delivery
Stripe — credit-card payment processing for paid plans
None of these providers are given access to any cryptocurrency or wallet credential — because we do not have any to share.
7. Information Sharing and Disclosure
We do not sell your personal information. We share information only in these limited circumstances:
With service providers who help us operate the Service (see Section 6)
With members of your tracking pages. If you invite collaborators to a tracking page, they can see the wallet addresses, nicknames, tags, alert rules, and activity that belong to that tracking page. They cannot see your account email, password, or your other tracking pages.
For legal reasons, when required by law, subpoena, court order, or other lawful request, and only to the extent legally compelled
To enforce our rights or protect against fraud, abuse, or security threats to the Service or its users
In connection with a business transfer (merger, acquisition, or sale of assets), with appropriate notice and continued protection of your information
8. Data Retention
We retain personal information only for as long as needed for the purposes described in this policy. Typical retention periods:
Account information: while your account is active, and for up to 90 days after deletion to allow account recovery and to remove data from backups.
Tracking configuration (wallets, alerts, nicknames): while your account is active; deleted with your account.
Transaction history and alert logs: while needed to provide the Service, and up to 24 months thereafter for service improvement, security, and dispute resolution.
Audit logs: retained for the lifetime of the relevant tracking page to support accountability.
Payment and billing records: retained for the period required by applicable tax and accounting law (typically 7 years in the U.S. and EU member states).
Diagnostic and crash data: typically retained no longer than 12 months.
When the applicable retention period ends, we delete or anonymize the information so that it can no longer be associated with you.
9. Security
We use industry-standard technical and organizational measures to protect your information, including encryption in transit (HTTPS/TLS), credential hashing via our authentication provider, and least-privilege access controls for internal systems. No system is perfectly secure; you are responsible for keeping your account credentials confidential. If you suspect unauthorized use of your account, contact us immediately.
10. Your Rights and Choices
All users can delete their account at any time from within the Service. To exercise any of the rights below, contact us at the email address in Section 15. We will respond within the time frame required by applicable law (generally within 30 days under GDPR and 45 days under the CCPA). We will not discriminate against you for exercising your rights.
10.1 If you are in the EEA, the UK, or Switzerland (GDPR / UK GDPR)
You have the right to:
Access the personal information we hold about you and receive a copy
Rectify inaccurate or incomplete information
Erase your personal information ("right to be forgotten")
Restrict processing in certain circumstances
Object to processing based on our legitimate interests, including profiling
Data portability — receive your data in a structured, commonly used, machine-readable format
Withdraw consent at any time where processing is based on consent (without affecting prior processing)
Lodge a complaint with your local data protection authority. In the EEA, you can find your supervisory authority at edpb.europa.eu; in the UK, contact the Information Commissioner's Office at ico.org.uk; in Switzerland, the Federal Data Protection and Information Commissioner at edoeb.admin.ch.
10.2 If you are in California (CCPA / CPRA)
You have the right to:
Know what personal information we collect, use, and disclose about you
Access a copy of the personal information we hold about you
Correct inaccurate personal information
Delete personal information we have collected from you (subject to limited exceptions)
Opt out of the sale or sharing of personal information for cross-context behavioral advertising — we do not sell or share your personal information, so there is nothing to opt out of
Limit the use of sensitive personal information — we do not use sensitive personal information for purposes that would trigger this right
Non-discrimination for exercising any of your rights
10.3 If you are elsewhere in the United States or in another jurisdiction
We extend the core rights of access, correction, deletion, and portability to all users worldwide regardless of where you live, subject to applicable law. Where local law provides additional rights, we will honor them.
10.4 How to exercise your rights
Send your request to admin@wisteriatechnologies.com from the email address associated with your account. We may need to verify your identity before fulfilling the request. An authorized agent may submit a request on your behalf with appropriate proof of authority.
11. Notifications and Marketing
With your permission, we send push notifications, emails, and SMS messages for the alerts you have configured. You can change channels for any alert in the Service. You can disable push notifications in your device settings, and you can unsubscribe from non-essential email at any time using the link in the email. We may still send you transactional and security-related messages (password resets, billing receipts, security notices) regardless of marketing preferences. We do not currently send marketing email unless you explicitly opt in.
12. Children's Privacy
The Service is not directed to children. We do not knowingly collect personal information from anyone under 13 in the United States or under 16 in the European Economic Area, the United Kingdom, and Switzerland (the minimum age may be higher in some EU member states, in which case the local minimum applies). If you believe a child has provided information to us, please contact us so we can delete it.
13. International Data Transfers
We are based in the United States. Several of our service providers also operate primarily in the United States, while others may process data in additional countries. If you access the Service from the European Economic Area, the United Kingdom, or Switzerland, your personal information will be transferred to and processed in the United States and potentially other jurisdictions outside the EEA, UK, or Switzerland. These countries may have data-protection laws that differ from those in your home jurisdiction.
When we transfer personal information out of the EEA, the UK, or Switzerland, we rely on appropriate safeguards as required by applicable law, including the European Commission's Standard Contractual Clauses (and the UK's International Data Transfer Addendum where applicable). We may also rely on derogations under Article 49 of the GDPR where permitted — for example, when the transfer is necessary for the performance of a contract you have with us. You may request a copy of the safeguards we use by contacting us at the address in Section 15.
14. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or via an in-app notice prior to the changes taking effect. The "Effective Date" at the top of this policy indicates when it was last revised. Continued use of the Service after the changes take effect constitutes acceptance of the updated policy.
15. Contact Us
For questions about this Privacy Policy, to exercise your privacy rights, or to report a security concern, contact us at admin@wisteriatechnologies.com.