Privacy Policy
Last updated April 24, 2026
TL;DR
We don't collect email, name, address, KYC, or any personal identifier. We see your public wallet address (because Solana is public). We see basic request metadata in our logs and error reports. That's it.
1. What we collect
- Your public wallet address when you connect it. This is the same address visible to anyone on the Solana blockchain.
- On-chain activity for tokens launched via our interface (launches, buys, fees, draws, winners). This data is public on Solana; our indexer mirrors it into a Postgres instance for faster site reads.
- Images + metadata you uploadat launch. Stored on Cloudflare R2 with public read access so the image can load in every visitor's browser.
- Minimal request logs — IP address, user agent, timestamps. Used for rate limiting and debugging. Retained up to 30 days.
- Crash + error reports via Sentry. These may include a stack trace, the URL you were on, and anonymized browser details. No wallet private keys, seed phrases, or personally-identifying content is ever sent.
2. What we don't collect
- No email, phone, name, address, date of birth, ID document, or any KYC data.
- No cookies for ad tracking. No third-party advertising pixels.
- No wallet private keys, seed phrases, or signing material — these never leave your wallet.
3. How we use what we collect
- To render the interface (load balances, show your tickets).
- To run the hourly lottery keeper (reads public on-chain state).
- To rate-limit abusive requests (IP-based).
- To diagnose crashes via Sentry.
4. Third-party processors
- Vercel — hosting, edge CDN, request logs.
- Neon — managed Postgres for the indexer.
- Cloudflare R2 — storage for token images + metadata.
- Helius — Solana RPC provider.
- Pyth Network — SOL/USD price feed (Hermes endpoint).
- Sentry — error monitoring.
5. Blockchain data is public and permanent
Anything you do on-chain (launch a token, buy, sell, win a draw) is recorded on Solana and cannot be deleted by us or anyone. Your wallet address is the primary on-chain identifier and is visible to every blockchain explorer. Consider whether to use a fresh wallet if you need to separate activities.
6. Your rights
If you're in the EU/UK, California, or another jurisdiction that grants data-subject rights, you can ask us to export or delete whatever off-chain logs we hold that relate to you. Given the minimal data we retain, this is typically a short list. Reach out via the channels in our profile.
7. Security
All transport is HTTPS. Secrets (API keys, DB credentials) are stored in encrypted secret stores, never committed to source control. We use standard web security practices but can't guarantee against every threat.
8. Children
LuckyDucky is not directed at, and should not be used by, anyone under 18 (or the age of majority where you live).
9. Changes
We'll update this page when practices change materially. Version-dated at the top.