claimr

Privacy Policy

Last updated: February 2026

Overview

Claimr (“we”, “our”) operates claimr.app and the Claimr Chrome extension. This policy explains what data we collect, why, and how it is handled. We keep this minimal by design.

Chrome Extension

The Claimr Chrome extension runs on X (Twitter) profile pages. It does the following:

  • ·Reads the current page URL to extract the X handle (e.g. x.com/elonmuskelonmusk). This is public information visible in the browser address bar.
  • ·Sends that handle to the Claimr API (claimr.app/api/wallet/lookup) to retrieve the associated vault balance. No account is required and no authentication token is sent.
  • ·Caches results in memory for 30–60 seconds to reduce API calls. This cache is cleared when the browser tab is closed and is never written to disk.
  • ·Does not access your Phantom wallet, Solflare, or any other browser wallet extension. It has no ability to request transaction signing or read wallet balances.
  • ·Does not track browsing history, inject ads, or collect any personal information.

Website (claimr.app)

  • ·Wallet lookups: When you search for an X handle, that handle is sent to our API to retrieve on-chain vault data. We do not log or store handle lookups tied to your identity.
  • ·Authentication: Withdrawals require signing in with X via Privy. Privy handles the OAuth flow and issues an authentication token. We receive your X account ID and username to verify ownership of a vault. We do not receive your X password or private messages. Privy’s privacy policy applies to the authentication process.
  • ·Withdrawals: When you withdraw, we record the transaction signature and amount on-chain and in our database, linked to your X account ID. This is necessary to maintain an accurate withdrawal history.
  • ·Local storage: We store a single key (claimr_ext_modal) in your browser’s local storage to remember if you have dismissed the extension prompt. No personal data is stored.

Data We Do Not Collect

  • ·Browsing history
  • ·Wallet private keys or seed phrases
  • ·Cookies for tracking or advertising
  • ·Financial account information beyond on-chain data that is already public
  • ·Device identifiers or location data

Third Parties

We use the following third-party services to operate Claimr:

  • ·Privy — authentication and oracle key management
  • ·Helius — Solana RPC node
  • ·Upstash — Redis caching for Twitter API responses

We do not sell, rent, or share your data with any third party for advertising or marketing purposes.

Data Retention

Withdrawal records are retained indefinitely as they are part of the on-chain history. API response caches are short-lived (minutes to hours). We do not retain logs of handle lookups beyond standard server access logs which are rotated regularly.

Changes

If we make material changes to this policy we will update the date at the top of this page. Continued use of Claimr after changes constitutes acceptance.

Contact

Questions about this policy can be sent to support@claimr.app.