Privacy Policy

Last Updated: January 19, 2026 | On-Chain Block #18,239,201

At EthBay, we believe in radical transparency and user sovereignty. This Privacy Policy explains how we handle your data in our decentralized NFT marketplace built on Ethereum Layer 2.

1. Decentralization & Non-Custodial Architecture

EthBay is a non-custodial interface to the Ethereum blockchain. This means:

  • We never store your private keys, seed phrases, or wallet passwords
  • We cannot access, freeze, or control your funds or NFT assets
  • Your wallet is your identity — we don't require email, phone, or KYC
  • All transactions are executed directly on-chain via your wallet (MetaMask, WalletConnect, etc.)

You are in full control. If you lose your private keys, we cannot recover your account.

2. Data We Collect

2.1 On-Chain Data (Public)

We index publicly available blockchain data to provide marketplace functionality:

  • Your wallet address (e.g., 0x71...3A92)
  • Transaction history (buys, sells, transfers)
  • NFT ownership and collection data
  • Smart contract interactions

Note: This data is already public on the Ethereum blockchain. Anyone can view it using block explorers like Etherscan.

2.2 Optional Profile Data

You may optionally add to your profile:

  • Display name or username
  • Bio and social media links
  • Profile picture (stored on IPFS)

2.3 Technical Data

To improve performance and security, we collect:

  • IP address (anonymized after 24 hours)
  • Browser type and device information
  • Page views and click analytics (via privacy-focused Plausible Analytics)

3. How We Use Your Data

  • Display your NFT collection and transaction history
  • Enable marketplace features (search, filters, recommendations)
  • Detect and prevent fraud or wash trading
  • Improve platform performance and user experience
  • Comply with legal obligations (e.g., OFAC sanctions screening)

4. Data Sharing & Third Parties

We do not sell your data. We may share data with:

  • Blockchain Infrastructure: Alchemy, Infura (for RPC nodes)
  • IPFS Storage: Pinata, NFT.Storage (for metadata hosting)
  • Analytics: Plausible (privacy-focused, GDPR-compliant)
  • Legal Authorities: Only if required by law (e.g., court order)

5. Cookies & Tracking

We use minimal cookies for essential functionality (e.g., remembering your wallet connection). We do not use third-party advertising cookies or trackers like Google Analytics.

6. Your Rights (GDPR & CCPA)

You have the right to:

  • Access: Request a copy of your data
  • Deletion: Request deletion of off-chain profile data (on-chain data is immutable)
  • Portability: Export your data in JSON format
  • Opt-Out: Disable analytics cookies

Contact our DAO governance forum to exercise these rights.

7. Security Measures

  • All connections use HTTPS/TLS encryption
  • Smart contracts audited by CertiK and Trail of Bits
  • Multi-signature treasury controlled by DAO
  • Regular security penetration testing

8. Children's Privacy

EthBay is not intended for users under 18 years old. We do not knowingly collect data from minors.

9. Changes to This Policy

We may update this policy via DAO governance vote. Material changes will be announced on our Discord and recorded on-chain. Continued use of EthBay constitutes acceptance of the updated policy.

Contact & Governance

For privacy-related questions or data requests:

  • DAO Forum: forum.ethbay.co
  • Discord: discord.gg/ethbay
  • Smart Contract: 0x...EthBayDAO (Ethereum Mainnet)