Privacy policy

Welcome to OrangeCheck. We are committed to protecting your privacy and being transparent about our data practices. OrangeCheck is designed with privacy as a core principle: we are a non-custodial, client-side-first service that minimizes data collection and maximizes user control.

This Privacy Policy explains:

• >>What information we collect (and what we don't)
• >>How we use and protect your information
• >>Your rights and choices
• >>How to contact us with questions

By using OrangeCheck, you agree to the practices described in this Privacy Policy. This Privacy Policy does not create any warranty or liability on our part with respect to your data or Bitcoin. Liability is separately and comprehensively disclaimed in our Terms of Service.

• non-custodialwe never take custody of your bitcoin or private keys. all cryptographic operations happen in your wallet or browser.
• minimal collectiononly what is necessary to provide the service. no user profiles, no cross-web tracking.
• optional accountmost of the service works without any sign-in. the optional sign-in-with-bitcoin flow opens a session keyed to a btc address — no email, no password, revocable by signing out.
• transparencyplain-language policy. if you have questions, we're here to help.

• >>No custody of funds — we never hold your Bitcoin
• >>No private key access — we never see or store your private keys
• >>No account required for the core service — optional Sign in with Bitcoin is keyed to a public address, never an email or password
• >>No selling of data — we will never sell your personal information
• >>No advertising — we don't use your data for targeted advertising
• >>No cross-site tracking — we don't track you across other websites
• >>No blockchain writes — we don't broadcast transactions for you
• >>No third-party analytics trackers — privacy-preserving analytics only

information you provide

Bitcoin addresses and signatures. When you create an attestation, you provide a Bitcoin address and BIP-322 signature. These are processed client-side in your browser to generate a cryptographic proof. We may temporarily cache this data to generate and serve your badge. This information is public by design — attestations are meant to be shared.

Identity bindings (optional). You may bind identities (Nostr, GitHub, Twitter, DNS) to your attestation. These bindings are included in the signed message and are public. Identity verification happens off-protocol and does not involve OrangeCheck servers.

Nostr publishing (optional). You may publish your attestation to Nostr relays as a NIP-78 event. Published attestations live on decentralized relays, not OrangeCheck servers.

Contact information (optional). If you contact us for support, we collect your email and message content solely to respond. You can request deletion at any time.

Sign-in-with-Bitcoin session data (optional). If you use the optional signed-challenge login, we store a minimal account row keyed by your verified Bitcoin address plus session rows each with a random id, the source IP at issue time, a user-agent hash, and timestamps. No password, no email. Your browser holds an httpOnly + Secure + SameSite=Lax cookie. You can revoke by signing out; we delete your session row on request. Accounts with no sessions for 24 months are deleted automatically.

automatically collected

• ip addresssecurity, rate limiting, service delivery
• browser/devicecompatibility and ux optimization
• referring websiteunderstand how users find us
• pages visitedimprove the service

cookies & local storage

• >>Essential cookies — required for the service to function
• >>Preference cookies — store your theme preference (dark/light mode)
• >>Demo mode state — remembers if you're using demo mode
• >>No advertising or tracking cookies

analytics

We use Plausible Analytics — a privacy-preserving, GDPR-compliant service. No cookies, no personal data, no cross-site tracking. Aggregate statistics only.

service delivery

• >>Generate and verify cryptographic proofs (badges)
• >>Serve badge images and verification pages
• >>Provide technical support

security & fraud prevention

• >>Detect and prevent abuse, spam, and malicious activity
• >>Rate limiting to prevent denial-of-service attacks
• >>Monitor for security vulnerabilities

service improvement

• >>Analyze usage patterns to improve user experience
• >>Fix bugs and optimize performance
• >>Develop features based on user needs

we do not

• >>Targeted advertising
• >>Building user profiles for marketing
• >>Selling or renting to third parties
• >>Cross-site tracking

OrangeCheck offers optional browser wallet integration to streamline signing. This feature is opt-in and not required.

what wallet integration does

• >>Connects to your browser wallet extension (UniSat, Xverse, Leather, …)
• >>Reads your Bitcoin address to verify it matches what you entered
• >>Requests a signature for the canonical message
• >>All operations happen client-side in your browser

what we do not do

• >>We never take custody of your Bitcoin or private keys
• >>We never store your wallet connection state on our servers
• >>We never access wallet balances or tx history beyond public chain data
• >>We never initiate transactions or move funds
• >>We never share your wallet information with third parties

your alternatives

Use OrangeCheck without connecting a wallet — sign the canonical message in Sparrow, Electrum, Bitcoin Core, or any hardware wallet via PSBT, then paste the signature. Identical security and functionality.

• badge datapermanent and publicly shareable. you control what addresses you use and what you share. data published to nostr cannot be deleted by orangecheck.
• technical logsserver logs retained 90 days for security and debugging, then auto-deleted.
• session rowssignin sessions live for up to 30 days (cookie max-age) or until revoked. idle accounts with no session activity for 24 months are deleted automatically.
• support emailsretained as long as necessary; deletion on request (hello@ochk.io).

technical safeguards

• >>HTTPS encryption for all data in transit
• >>Secure hosting with regular security updates
• >>Rate limiting and DDoS protection
• >>Regular security audits and monitoring

your responsibility

• >>Protect your wallet, private keys, seed phrases, and recovery information
• >>Use secure devices and networks; keep your operating system and wallet software current
• >>Never share your keys, seed phrases, or recovery information with anyone — including us
• >>Assume any data you publish to Nostr or bind into an attestation is public and permanent

No guarantee. No method of transmission, storage, or cryptographic operation is 100% secure. We use reasonable measures, but we do not warrant the security of your data and we are not liable for any unauthorized access, loss, theft, alteration, or destruction of your data, keys, or Bitcoin. See our Terms of Service for the complete disclaimer and limitation of liability.

data-breach notification

If we become aware of unauthorized access to personal data we hold (primarily: support-email contents and session rows), we will notify affected users and any competent supervisory authority as required by applicable law — including, where applicable, within 72 hours as required by Article 33 of the UK & EU GDPR. Note that attestations, Nostr events, and on-chain data are public by design and are not considered “data we hold” for breach-notification purposes.

• access & portabilityrequest a copy of your personal information in machine-readable format
• correctionrequest correction of inaccurate or incomplete information
• deletionrequest deletion of personal information. badge data is public by design.
• objectionobject to or restrict processing in certain circumstances
• withdraw consentwithdraw consent where consent is the legal basis
• opt-out analyticsblock plausible with browser extensions or privacy tools

To exercise your rights, email hello@ochk.io.

• vercelhosting + content delivery. technical information only.
• mempool.space / esplorabitcoin blockchain data. public info only.
• nostr relaysdecentralized event storage (opt-in). attestations public by design.
• plausibleprivacy-preserving analytics. aggregate, non-personal stats.

OrangeCheck is operated from the United States. If you access the service from outside the US, your information may be transferred to, stored, and processed in the US or other countries where our service providers operate.

For users in the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place for international data transfers.

california (ccpa / cpra)

• >>Right to know about categories of personal information collected
• >>Right to delete your personal information
• >>Right to correct inaccurate personal information
• >>Right to opt-out of sale or sharing — we do not sell or share personal information
• >>Right to limit use of sensitive personal information — we do not collect sensitive PI as defined by the CPRA
• >>Right to non-discrimination for exercising your rights

europe (gdpr) & united kingdom (uk gdpr)

• legal basisconsent (contact form), contract performance (sign-in sessions), legitimate interests (security, rate-limiting, service improvement), legal obligations (record-keeping)
• your rightsaccess, rectification, erasure, restriction of processing, data portability, objection, and (where processing is based on consent) withdrawal
• data protection contacthello@ochk.io for data-protection inquiries
• supervisory authorityright to lodge a complaint with your local eu/eea data-protection authority, or the uk ico for uk users
• eu/uk representativeif required, we will designate an article 27 representative and list the details here

other jurisdictions

If you reside in a jurisdiction with a comprehensive privacy law — including but not limited to Brazil (LGPD), Canada (PIPEDA / Law 25), Australia (Privacy Act), Japan (APPI), South Korea (PIPA), Switzerland (FADP), or any U.S. state with a comprehensive privacy law — you may have the equivalent rights of access, correction, deletion, portability, and objection. Email hello@ochk.io and we will honour applicable rights under the law of your residence.

OrangeCheck is not intended for children under 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have, email hello@ochk.io immediately.

• >>We will update the "Last Updated" date above
• >>For material changes, we will provide prominent notice on the website
• >>Continued use after changes constitutes acceptance