CHAINWHISPER
CHAINWHISPER

Privacy Policy

Last updated: 11/8/2025

1. Introduction

This Privacy Policy describes how Liberar LLC ("we," "our," or "us") collects, uses, and protects your information when you use ChainWhisper ("the Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect the following types of information:

  • Account Information: Email address, password (encrypted), and authentication tokens
  • Wallet Address: Public blockchain wallet addresses you connect to the Service
  • API Keys: Encrypted API keys for third-party LLM services (OpenAI, Claude, Grok, OpenRouter) - stored using bcrypt encryption in Supabase
  • Usage Data: Query history, timestamps, and interaction logs (optional, for analytics)
  • Session Data: Authentication tokens stored in browser localStorage

3. How We Store Your Data

3.1 Supabase Database

We use Supabase (a PostgreSQL database service) to store your encrypted data:

  • Email Address: Stored in plain text (required for authentication)
  • Password: Encrypted using Supabase Auth (bcrypt hashing)
  • API Keys: Encrypted using bcrypt encryption via Supabase RPC function `encrypt_api_key()` - one-way encryption, cannot be retrieved after saving
  • Wallet Address: Stored in plain text (public blockchain addresses are not sensitive)
  • Provider Preference: LLM provider selection (e.g., "escondido", "openai", "claude")

All data is protected by Supabase Row Level Security (RLS) policies, ensuring users can only access their own data. Data is stored in Supabase's secure cloud infrastructure.

3.2 Ollama (Self-Hosted LLM)

If you choose to use "Escondido" (self-hosted Ollama), your queries are processed on our Ubuntu server infrastructure:

  • Query Processing: Natural language queries are sent to Ollama running on Ubuntu servers
  • No Data Storage: Ollama processes queries in real-time and does not store your queries or responses
  • No Logging: We do not log or store the content of your queries when using Escondido
  • Model: Llama 3.1 8B q4 model runs locally on our infrastructure

Your queries are processed ephemerally - they are not stored, logged, or retained after processing.

4. What We Do NOT Collect

We are committed to privacy and do NOT collect:

  • Your private keys or seed phrases
  • Transaction details or blockchain activity (we only store wallet addresses)
  • Personal identification information beyond email address
  • Browsing history or activity outside the Service
  • Location data or device identifiers
  • Query content when using Escondido (self-hosted Ollama)

5. How We Use Your Information

We use the collected information for:

  • Providing and maintaining the Service
  • Authenticating your account and managing sessions
  • Processing natural language queries using your selected LLM provider
  • Storing your preferences (LLM provider, API keys)
  • Improving the Service (optional analytics, if enabled)

6. Data Security

We implement industry-standard security measures:

  • Encryption: API keys encrypted using bcrypt (one-way hashing)
  • Row Level Security: Supabase RLS ensures users can only access their own data
  • Secure Authentication: JWT tokens for session management
  • HTTPS: All data transmission encrypted via TLS/SSL
  • No Plain Text Storage: Sensitive data (passwords, API keys) never stored in plain text

7. Third-Party Services

We use the following third-party services:

  • Supabase: Database and authentication service (data stored in their secure cloud infrastructure)
  • OpenAI/Claude/Grok/OpenRouter: LLM providers (only if you provide API keys - queries sent directly from your browser to their APIs)
  • Ollama: Self-hosted LLM on our Ubuntu infrastructure (no data retention)
  • Vercel: Frontend hosting (may collect standard web analytics)

When you use third-party LLM providers (OpenAI, Claude, etc.), your queries are sent directly from your browser to their APIs. We do not intercept or store these queries.

8. Your Rights

You have the right to:

  • Access your personal data stored in Supabase
  • Delete your account and all associated data
  • Update your information (email, API keys, preferences)
  • Export your data (query history, if enabled)
  • Opt out of optional analytics

9. Data Retention

We retain your data as follows:

  • Account Data: Retained until you delete your account
  • Query History: Optional - retained if enabled, can be disabled at any time
  • API Keys: Retained until you update or delete them
  • Ollama Queries: Not retained - processed ephemerally, no storage

10. Children's Privacy

The Service is not intended for users under the age of 18. We do not knowingly collect personal information from children.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us:

Liberar LLC
Email: contact@chainwhisper.com