Legal

Privacy Policy

Last updated: April 18, 2026

Walsmith runs a non-custodial Solana tooling service. This page explains exactly what we collect, what we do not collect, and who we share it with. The short version: we do not store private keys, we log only the operational data we need to run the service, and we do not sell or rent your information.

1. Information we do not collect

• Private keys. On the browser tier, keys are generated inside your tab and never transmitted. On the server-assisted flow, keys are encrypted at rest and decrypted only at the moment of delivery to you. We never keep plaintext private keys.
• Real names, addresses, phone numbers. We do not require them to use the service.
• Payment card details. We take payment in Solana. We never see a credit-card number.

2. Information we do collect

• Wallet addresses and transaction signatures for payments sent to our deposit addresses. This is how we know to deliver what you paid for.
• Telegram user ID and username if you interact with @walsmithbot or @WalSmithAlertsbot. Used to route messages back to you.
• Requested vanity pattern, quantity, and tier. We keep a record of orders so you can recover delivery if delivery fails.
• Standard server logs: IP address, user agent, request timestamp, HTTP status. Kept for up to 14 days for abuse / rate-limit purposes, then rotated out.
• API key hashes for developer customers (hashed with SHA-256; we never store the plaintext key after creation).

3. How we use the information

• Deliver the product you paid for.
• Detect and block abusive patterns (mass brute-force requests, payment replay attempts, discount-code farming).
• Respond to customer support requests.
• Fulfill legal obligations if compelled by a valid subpoena or court order.

We do not profile you, build advertising audiences, or sell any information to third parties. We do not have a marketing pixel on this site.

4. Third parties we rely on

• Helius: we use Helius RPC and webhooks to read the Solana blockchain. Helius sees wallet addresses we query; they do not see private keys.
• Telegram: messages through our bot go through Telegram's infrastructure under their own privacy policy.
• CoinGecko: SOL/USD price reads, anonymous.
• Hetzner (server host): infrastructure provider; sees standard HTTP logs.
• Let's Encrypt: issues the TLS certificate for walsmith.fun.
• ImprovMX: forwards email sent to walsmith.fun addresses to our inbox.

5. Cookies and tracking

We do not set cookies on walsmith.fun, and we do not run analytics or advertising scripts. The browser tier usessessionStorageonly to remember your current scanner session across page refreshes; it never leaves your device.

6. Data retention

• Order and payment records: kept indefinitely for audit and support.
• Raw HTTP logs: rotated out after 14 days.
• Inventory of unsold vanity wallets: encrypted at rest with NaCl SecretBox; deleted when sold.
• Unused deposit wallets after payment expiry: purged by a daily cron.

7. Your rights

Email contact@walsmith.fun to request deletion of your order history or to ask what we hold about you. We aim to reply within 7 days.

8. Security disclosure

Responsible disclosure of vulnerabilities is appreciated: security@walsmith.fun or via GitHub security advisories on github.com/technomozart/WalSmith.

9. Changes to this policy

We may update this policy to reflect new features or legal requirements. Material changes will be announced on the landing page or in the Telegram bot at least 14 days before taking effect.