Short version: We collect the minimum data needed to run the application. We don't sell it. We don't share it with ad networks. Your wallet address is public on-chain. We can't make it private, and neither can anyone else.
1. Who we are
Yieldgeko operates the yieldgeko.com website and the Yieldgeko non-custodial yield routing application. References to “we”, “us”, or “our” in this policy refer to Yieldgeko.
2. What we collect
2a. Account and wallet data
When you connect a wallet or create an embedded wallet via Privy:
- Wallet address. Your Ethereum-compatible wallet address. This is a public blockchain identifier, visible to anyone on-chain regardless of Yieldgeko.
- Privy DID. A pseudonymous identifier assigned by Privy to link your session to your wallet without exposing your identity.
- Email address (optional). Only if you choose to link an email for login or notifications. Not required to use the application.
2b. Transaction and portfolio data
We record the following events when you interact with DeFi protocols through Yieldgeko:
- Deposit and withdrawal events (protocol name, chain, USDC amount, transaction hash)
- Snapshot data you explicitly choose to create and share
Transaction hashes and on-chain amounts are public blockchain data. We store them to power your portfolio history view and yield calculations.
2c. Usage and analytics data
We may collect anonymised, aggregated usage data (page views, feature usage) to improve the application. This data is not linked to individual wallet addresses or user identities.
2d. What we do not collect
- Private keys or seed phrases (we never have access to these)
- Government-issued identification
- IP addresses stored beyond standard server logs
- Third-party tracking cookies or ad pixels
3. How we use your data
We use the data we collect solely to:
- Authenticate you and persist your session across visits
- Display your portfolio history, balances, and yield calculations
- Send notifications about APY changes or position events (only if you opt in)
- Understand how the application is used in aggregate to guide product decisions
- Comply with applicable legal obligations
We do not use your data for advertising, profiling, or sale to third parties.
4. Third-party services
Yieldgeko uses the following third-party services that may process some of your data:
- Privy: wallet authentication and embedded wallet key management. Privy's privacy policy applies to data processed through their MPC infrastructure.
- Alchemy: Ethereum RPC provider used to query on-chain data. Alchemy receives your RPC requests, which may include your wallet address.
- Pimlico: ERC-4337 bundler and paymaster for gasless transactions. Pimlico processes transaction payloads on your behalf.
- Vercel: frontend hosting. Vercel processes standard server access logs.
- Railway: backend and database hosting. Your account data is stored in a Railway-hosted PostgreSQL database.
5. Data retention
We retain your data for as long as your account is active. Portfolio event records (deposits and withdrawals) are kept indefinitely as they reflect on-chain history. If you request deletion, we will remove your account data within 30 days, except where retention is required by law.
6. Your rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your account and associated data
- Object to or restrict certain processing
- Data portability (receive your data in a machine-readable format)
To exercise these rights, contact us via @yieldgeko on X.
7. On-chain data and privacy limits
Transactions executed through Yieldgeko are recorded on public blockchains. This data (wallet address, transaction amounts, and interacted contract addresses) is permanently public and cannot be deleted or made private by Yieldgeko or anyone else. If you need privacy at the chain level, consider the privacy implications before depositing.
8. Security
We use industry-standard practices to protect data stored on our servers: encrypted connections (TLS), environment-variable key management, least-privilege database access, and no storage of private keys. That said, no system is perfectly secure. We encourage you to treat your wallet credentials with the same care you would treat a bank password.
9. Changes to this policy
We may update this policy as the application evolves. Changes will be posted at this URL with an updated “Last updated” date. For significant changes, we'll announce them on our X account.
