401jk← Home

Privacy Policy

Last updated April 27, 2026

This describes what data 401jk.app collects, why, and what we do with it. We try to keep collection to the minimum needed to make the product work.

What we collect

  • Account. The email address or phone number you sign in with (handled and stored by Privy, our auth provider). Your Solana public wallet address.
  • Transactions. The on-chain trades you make through the app: signature, input/output amounts, USD value at execution, fee. We use this to render your History and your year-end tax report.
  • Usage analytics. Page views, funnel events (signup, first buy, second buy, plan created), and referral source (UTM parameters, gclid, referrer host) so we can see which channels are sending real users. Stored in our own database via the open-source @bestillpass/analytics package — not Google Analytics, not Mixpanel.
  • Device basics. IP address (used for the OFAC-jurisdiction block at the edge and for rate limiting), browser user agent, country code from Cloudflare.
  • Push subscription. If you enable Payday notifications, the push subscription endpoint your browser generates. Used only to deliver notifications you asked for.

What we don't collect

  • We never see your card or bank details. Funding is handled end-to-end by Privy + MoonPay; cash-out by MoonPay or Coinbase.
  • We never see your wallet private key. It's held by Privy and accessible only to you (export from Settings).
  • No third-party advertising trackers. No Google Analytics.

Where data goes

  • Privy (auth + embedded wallets) — their policy.
  • Helius (Solana RPC) — your wallet address is visible in routine balance/transaction lookups.
  • Jupiter(swap routing) — your wallet address and the amounts you're trading.
  • MoonPay / Coinbase(on-ramp / cash-out) — KYC and bank details flow directly to them; we don't see them.
  • Sentry(error monitoring) — anonymized stack traces. Tunneled through our own domain so ad blockers don't break it.
  • Cloudflare (CDN + WAF) — sees your IP for edge routing and bot protection.

How long we keep it

  • Account + transaction history: as long as your account is active. You can delete your account by emailing support — that removes your row from our DB. Your on-chain history stays on Solana; we can't erase that.
  • Analytics events and page views: 24 months, then aggregated.
  • Server logs: 30 days.

Your rights

Depending on where you live (EU, UK, California), you can ask us to: show you what we have on you, correct it, delete it, or export it in a portable format. Email [email protected] and we'll respond within 30 days.

Cookies

We set first-party cookies to keep you signed in (Privy session) and to remember the marketing source that brought you here so we can credit it correctly. We do not set third-party advertising cookies.

Children

The Service is not for anyone under 18. If we discover a minor has signed up, we'll delete the account.

Changes

Material changes get posted here with a new “Last updated” date.

Contact

Privacy questions or data requests: [email protected].