Privacy Policy

Arcade is a non-custodial, public-blockchain interface. We collect the minimum information necessary to operate the Service and never sell or rent your personal data to third parties.

Wallet addresses. When you connect a wallet, we read its public address. This is the only on-chain identifier we use. No personal data is derived from it.

Twitter @handle (OAuth). If you initiate the Twitter claim flow, we read your public Twitter username via the official Twitter API to verify it matches the @handle attributed to a token slot. We do not access your tweets, direct messages, email, follower list, or any other Twitter data.

Server logs. Our hosting provider (Vercel) records standard HTTP logs (timestamp, IP, requested URL, user agent) for up to 30 days. We use these to debug and prevent abuse. We do not enrich or sell these logs.

No cookies, no analytics, no fingerprinting. We do not use Google Analytics, Facebook Pixel, or any third-party tracker. The only cookies we set are short-lived (10 min) HTTP-only cookies for the OAuth state nonce.

• Wallet addresses are passed to smart contracts to execute the transactions you authorize
• Twitter @handle is compared with on-chain slot metadata to verify a claim; the comparison happens server-side and the result is signed via EIP-712
• Server logs are reviewed only in case of debugging or abuse investigation

All actions you take through the Service (token launches, swaps, recipient updates, comments, claims) are recorded on the Arc public blockchain. Once on-chain, this data is permanent and viewable by anyone via any block explorer. We have no ability to delete it.

We use the following third parties strictly for operational purposes:

• Vercel for hosting and serverless functions
• Twitter (X) Developer API for OAuth verification when you initiate a Twitter claim
• Arc RPC providers for reading and submitting transactions to the Arc blockchain
• WalletConnect when you choose a WalletConnect-compatible wallet

We do not sell, rent, or trade your data to any third party for marketing or advertising purposes.

You may stop using the Service at any time by disconnecting your wallet. You can revoke the Arcade app's access to your Twitter account at any time via twitter.com/settings/connected_apps.

For residents of jurisdictions with applicable data protection laws (e.g. GDPR in the EU, CCPA in California), you may request access to, correction of, or deletion of any non-public information we hold about you. Reach out via the contact methods linked in the footer.

The Service is not directed to individuals under the age of majority in their jurisdiction. We do not knowingly collect data from minors.

We follow industry-standard practices to protect server infrastructure and credentials. However, the Service is provided on an "as is" basis and no system is perfectly secure. You are responsible for keeping your wallet and Twitter credentials safe.

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the current version. Significant changes will be communicated via the Service.

For privacy-related questions or requests, reach out via the community channels linked from the footer.