Privacy
Policy.

NPC.fi is an open-source project. The hosted service atnpcfi.xyzis operated by the project maintainers. There is no legal entity, no investors, no employees. For privacy questions or takedown requests: hi@npcfi.xyz.

• ×Your real name
• ×Your email address
• ×Your phone number
• ×Government-issued ID, passport, driver's license
• ×Biometric data (fingerprints, face scans, iris)
• ×Your physical address
• ×Your bank account, card number, or SSN/tax ID
• ×Your IP address beyond what is needed to serve a single request and rate-limit abuse — not stored
• ×Tracking cookies for ads or cross-site profiling
• ×Browser fingerprints

• Your wallet address. This is the only identifier we use. It is a public on-chain address; it is not linked to your name unless you publicly link it yourself elsewhere.
• Answers you submit and behavioral signals you opt-in to share. Personally identifying tokens (names, emails, cities, phone numbers, handles) are stripped client-side before any data is sent. The remaining anonymized signal is stored and made queryable to buyers.
• Wallet signatures. Off-chain message signatures (EIP-191) are used to prove an answer came from a given wallet. These signatures do not cost gas and never authorize any token transfer. They are stored alongside the answer they signed.
• On-chain payment receipts. When a buyer pays in USDC for a query, the transaction hash and amount are recorded. Buyer wallet addresses are public on the Base blockchain.
• Operational logs. Standard server logs (HTTP request, status, timing) are retained for a maximum of 14 days for debugging and abuse detection, then deleted.

If you connect Google Calendar, Spotify, or GitHub, the OAuth handshake happens in your browser. We request the narrowest read scopes possible. Tokens are stored encrypted server-side. Identifiers (names, emails, repository names, friend graphs, playlist names) are stripped before storage. You can revoke access at any time from your dashboard, or directly from Google / Spotify / GitHub.

When enabled, NPC.fi uses Cloudflare Turnstile to filter automated traffic. Turnstile is a privacy-preserving alternative to reCAPTCHA: it does not fingerprint users and does not feed an advertising graph. See Cloudflare's privacy policy.

Buyers receive only k-anonymized cohort-level data. No buyer ever receives raw answers tied to a wallet. Aggregations require a minimum cohort size (50 contributors by default) before they can be queried.

We do not sell, rent, or share personal information with advertisers or data brokers — there is no personal information to sell.

On-chain data (transactions, claims, settlements) is permanent and cannot be deleted by us. Off-chain data (your answers, signals, OAuth tokens) can be deleted on request by signing a message from your wallet. Email hi@npcfi.xyz.

NPC.fi is not intended for and may not be used by anyone under 18. We do not knowingly collect data from minors.

If we change this policy materially, the “last updated” date at the top will change and a notice will be posted on the site. Continued use after a change indicates acceptance of the updated terms.

Questions, complaints, deletion requests, abuse reports: hi@npcfi.xyz.