privacy

This page explains what data endropy collects, why, and how to delete it.

what we collect

Anonymous users: IP address (for rate limiting), browser fingerprint (via Cloudflare Turnstile, for abuse prevention), and the contract addresses you scan.

Signed-in users: everything above, plus your email address (for sign-in), an optional display name, your saved scans, and your watchlist entries.

what we don't collect

We don't use tracking cookies. We don't run analytics scripts. We don't sell data to anyone. We don't tie your scan activity to your identity unless you're signed in.

sub-processors

• Cloudflare — hosting, DNS, DDoS protection, Turnstile challenges.
• Resend — sending sign-in emails.
• Alchemy and Etherscan — we query these for on-chain data when you scan a contract. We don't send them your identity; they only see anonymous requests from our API.

retention

Anonymous rate-limit records expire within 24 hours. Scan cache entries expire after one hour. User accounts, saved scans, and watchlist entries are kept until you delete them or ask us to delete your account.

your rights

Email hello@endropy.xyz to request account deletion or a copy of your data. We respond within 14 days.

changes

If we change this policy, the date below updates. Major changes will be announced on the homepage.

Last updated: 2026-04-24