Privacy Policy

Claimr (“we”, “our”, “us”) operates claimr.app and the Claimr Chrome extension. This policy explains what information we collect, why we collect it, and how we handle it. We believe in being direct about this, so we have written it in plain language.

The short version: we collect the minimum required to operate the service. We do not sell your data, we do not use it for advertising, and we do not share it beyond the service providers needed to keep things running.

Information We Collect

Information you provide

• ·X account identity: When you sign in to withdraw, we receive your X (Twitter) account ID and username via OAuth through Privy. We do not receive your password, direct messages, email address, or any non-public account data.
• ·Withdrawal destination: When you initiate a withdrawal, you provide a Solana wallet address for us to send funds to. This address is stored in our database linked to your X account ID as part of the withdrawal record.
• ·Support communications: If you contact us, we retain that correspondence to resolve your issue.

Information collected automatically

• ·Server logs: Standard web server logs are generated when you access claimr.app or when the extension calls our API. These include IP address, request timestamp, and endpoint accessed. Logs are rotated regularly and are not used for profiling.
• ·Handle lookups: When you or the extension queries a Twitter handle, that handle is passed to our API. We do not log lookup requests in a way that is tied to your identity.

On-chain and public blockchain data

• ·Claimr reads publicly available Solana blockchain data including vault balances, transaction signatures, and wallet addresses. This data is already public by the nature of how blockchains work. We do not create it — we surface it.

How We Use Your Information

• ·Verifying that you own the X account associated with a vault before processing a withdrawal
• ·Building, signing, and submitting Solana withdrawal transactions on your behalf
• ·Maintaining an accurate withdrawal history and vault statistics
• ·Displaying vault data on profile pages and in the Chrome extension
• ·Detecting and preventing abuse, fraud, or misuse of the service
• ·Complying with applicable laws and legal obligations

We do not use your information for advertising, profiling, or any purpose unrelated to operating Claimr.

How We Share Your Information

We do not sell, rent, or trade your information. We share it only in the following limited circumstances:

• ·Service providers: We use third-party services — listed below — that process data on our behalf to operate the platform. These providers are contractually bound to use your data only for the services they provide to us.
• ·Legal requirements: We may disclose information if required to do so by law, court order, or governmental authority, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
• ·Business transfers: If Claimr is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before any such transfer takes effect and before your information becomes subject to a different privacy policy.
• ·With your consent: In any other case, we will ask before sharing.

Chrome Extension

The Claimr Chrome extension runs only on X (Twitter) profile pages. Here is exactly what it does and does not do:

• ·Reads the current page URL to extract the X handle (for example, x.com/elonmusk → elonmusk). The handle is a public username already visible in the browser address bar.
• ·Sends that handle to the Claimr API to retrieve vault balance data. No authentication token or personal identifier is included in this request.
• ·Caches API responses in memory for 30–60 seconds to reduce redundant requests. This cache exists only in memory and is cleared when the tab is closed. Nothing is written to disk.
• ·Does not access Phantom, Solflare, Backpack, or any other browser wallet. It has no ability to request transaction signing or read wallet balances.
• ·Does not read page content beyond detecting the username element. It does not track your browsing history, monitor your activity on X, or inject ads.
• ·Contains no remote code. All extension JavaScript is bundled in the installed package. API calls fetch JSON data only — no executable code is loaded from external sources at runtime.

Cookies and Local Storage

We do not use tracking cookies or advertising cookies. Our use of browser storage is limited to the following:

• ·Session state: Privy stores an authentication token in your browser when you sign in. This token is used to verify your session on subsequent requests and is cleared when you sign out.
• ·UI preference: We store a single key (claimr_ext_modal) to remember if you have dismissed the extension prompt. No personal data is stored in this key.

We do not use third-party analytics SDKs, advertising pixels, or any tracking technology that follows you across the web.

Blockchain and On-Chain Data

Transactions executed through Claimr — including withdrawals — are recorded permanently on the Solana blockchain. Because blockchain records are immutable by design, we cannot delete or modify on-chain transaction data after it has been confirmed. This is inherent to how public blockchains work and is outside our control.

Wallet addresses and transaction amounts are publicly visible on-chain to anyone. If you withdraw to a wallet address that can be linked to your identity, that connection is public regardless of anything we do. We recommend using a wallet address you are comfortable making public.

Data Security

We use industry-standard measures to protect the information we hold. Authentication is handled through Privy, which uses hardware security modules (HSMs) and trusted execution environments (TEEs) to manage sensitive keys. Database access is restricted and encrypted in transit.

No method of electronic storage or transmission is perfectly secure. While we take reasonable precautions, we cannot guarantee absolute security. If we become aware of a breach that affects your data, we will notify you as required by applicable law.

Data Retention

• ·Withdrawal records: Retained indefinitely. These are part of the protocol’s on-chain and off-chain history and are needed to maintain accurate vault statistics.
• ·Server logs: Rotated on a regular cycle. Not retained beyond standard operational needs.
• ·API caches: Short-lived (minutes to hours) and discarded automatically. Never persisted to long-term storage.
• ·Support correspondence: Retained for as long as reasonably necessary to resolve your issue.

Your Rights

Depending on where you live, you may have certain rights regarding the personal information we hold about you. These include:

• ·Access: Request a copy of the personal information we hold about you.
• ·Correction: Request that inaccurate information be corrected.
• ·Deletion: Request that we delete personal information we hold about you, subject to our legal obligations and the limitations of blockchain immutability described above.
• ·Portability: Request a copy of your data in a structured, machine-readable format.
• ·Objection: Object to certain types of processing, including direct marketing.

Residents of California, Colorado, Virginia, and other U.S. states with applicable privacy laws have the rights described above under the CCPA and similar state statutes. We do not sell personal information and do not use it for targeted advertising.

Residents of the European Union, UK, and EEA have rights under the GDPR. Our legal basis for processing personal data is performance of a contract (executing withdrawals you request) and legitimate interests (operating and securing the service). You may lodge a complaint with your local Data Protection Authority if you believe we have processed your data unlawfully.

To exercise any of these rights, contact us at support@claimr.app.

Children’s Privacy

Claimr is not directed at children under the age of 13 and we do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

Third-Party Services

Claimr relies on the following third-party providers to operate. Each has their own privacy policy that governs how they handle data:

• ·Privy — authentication and server-side key management. Handles the X OAuth flow and issues session tokens.
• ·Helius — Solana RPC infrastructure. Used to read on-chain balances and submit transactions.
• ·Upstash — Redis caching layer. Used to cache Twitter API responses and enforce rate limiting.
• ·Supabase — PostgreSQL database hosting. Used to store withdrawal records and vault statistics.

We do not sell, rent, or share your data with any third party for advertising or marketing purposes.

Changes to This Policy

If we make material changes to this policy, we will update the date at the top of this page. For significant changes, we will make reasonable efforts to notify you — for example, by posting a notice on the site. Your continued use of Claimr after a change takes effect constitutes your acceptance of the revised policy.