← Back to Home

Privacy Policy

Last Updated: October 2025

1. Introduction

Yapt ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you use our stablecoin yield tracking service.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect:

  • Username: A unique identifier you choose during registration
  • WebAuthn credentials: Public key cryptographic credentials for passwordless authentication (stored securely, no passwords)

2.2 Wallet and Portfolio Data

  • Ethereum wallet addresses: Public blockchain addresses you choose to track
  • Position data: Information about the DeFi positions discovered from public blockchain data
  • Historical snapshots: Time-series data of the position values and yields

2.3 Notification Settings (Optional)

  • ntfy.sh topic: A randomly generated topic identifier for push notifications (if you enable notifications)
  • Notification preferences: Your alert thresholds and preferences

2.4 Technical Data

  • Session cookie: A secure, HTTP-only cookie used to maintain your login session (essential for the service to function)
  • Server logs: Standard server logs including IP addresses, timestamps, and requested URLs (retained for security and debugging purposes)

3. How We Use Your Information

We use your information solely to provide and improve our service:

  • Authentication: To verify your identity and maintain secure sessions
  • Portfolio tracking: To discover and monitor DeFi positions and calculate yields
  • Notifications: To send alerts when conditions you've configured are met (optional feature)
  • Service improvement: To fix bugs, improve performance, and add features

We do not:

  • Sell your data to third parties
  • Use your data for advertising
  • Share your data except as required by law
  • Track you across other websites

4. Cookies and Tracking

Session Cookie: We use a single, essential session cookie to keep you logged in. This cookie is:

  • HTTP-only (not accessible to JavaScript)
  • Secure (transmitted only over HTTPS in production)
  • Session-scoped with a 30-day expiry
  • Required for the service to function

We do not use analytics cookies, advertising cookies, or third-party tracking scripts.

5. Data Storage and Security

Your data is stored securely:

  • Encryption: All connections use HTTPS/TLS encryption
  • Database: Data is stored in a PostgreSQL database with access controls
  • Authentication: We use WebAuthn (passkeys) for strong, phishing-resistant authentication

While we implement industry-standard security measures, no system is 100% secure. Use strong authentication methods (multiple security keys or biometric devices).

6. Third-Party Services

We interact with the following third-party services:

  • Ethereum RPC providers: We query blockchain data through RPC endpoints (e.g., Infura, Alchemy) to discover your positions. These providers may see the wallet addresses you track.
  • CoinGecko: We fetch stablecoin prices from CoinGecko's public API (no personal data shared)
  • ntfy.sh (optional): If you enable notifications, alerts are sent via ntfy.sh using your generated topic identifier. See ntfy.sh privacy policy.

We do not share your username, account information, or any data beyond what's necessary for these services to function.

7. Your Rights (GDPR)

If you're in the European Union, you have the following rights under GDPR:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your account and data (contact us or use the account deletion feature if available)
  • Portability: Export your data in a machine-readable format
  • Objection: Object to processing of your data
  • Restriction: Request restriction of processing

To exercise these rights, contact us at the email address in the Contact section below.

8. Data Retention

  • Account data: Retained for as long as your account is active
  • Position data: Retained for as long as you track a wallet
  • Session cookies: Expire after 30 days or when you log out
  • Server logs: Retained for up to 90 days for security and debugging

When you delete your account, all associated data is permanently deleted from our database.

9. Children's Privacy

Yapt is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact

For questions, concerns, or to exercise your privacy rights, please contact us:

X: X