HOP — Heart of Pepe
HOPHeart of Pepe

What we collect & why

Privacy

Last updated: April 26, 2026

What we store about you.

  • Account fields: username, email (if signing up with email), display name, optional avatar URL, password hash (bcrypt — never plaintext).
  • OAuth links: for X / Telegram, the provider username and a stable external ID. We keep the link history permanently for safety/audit, even if you unlink later.
  • Wallet: Ethereum address (public) + the encrypted private key. The encryption key never leaves the server.
  • Activity: sign-in events (success/failure, IP, user-agent), wallet audit events (created, balance refresh, reveal attempts).

What we don't do.

  • We don't sell your data.
  • We don't track you across the rest of the web.
  • We don't embed third-party advertising trackers.
  • We don't store voice chat audio. Voice is peer-to-peer; the realtime server only relays signaling.

Cookies.

We set one essential cookie for your sign-in session (Auth.js). No marketing or analytics cookies. If we add product analytics later, it'll be a privacy-friendly tool (e.g. Plausible) and we'll update this page.

Email.

We use Resend to send transactional emails (account verification). No marketing emails unless you explicitly opt in.

Your wallet, your keys.

The custodial wallet's private key can be revealed to you any time after a fresh password check. Once revealed, you can import it to MetaMask / Rainbow / any Ethereum wallet and use it independently of HOP. We strongly recommend doing this if you intend to hold significant funds.

Data retention.

Account data persists for the lifetime of the account. Audit logs are retained for security analysis. You can request account closure at any time; we'll redact PII (email, IP) but retain wallet history for accounting/regulatory reasons.

Where data lives.

Production data is stored in a managed Postgres database with at-rest encryption. The wallet encryption key is held in a separate secrets manager. The realtime server stores only ephemeral in-memory state.

Your rights.

If you're in the EU/UK/California, you have the right to access, correct, or delete your data. Email the team via the Telegram channel in the footer to request it.