Privacy policy

• non-custodialwe never take custody of your Bitcoin or keys; cryptographic operations happen in your wallet or browser
• minimal collectiononly what is necessary to provide the Service; no user profiles, no cross-web tracking
• optional accountmost of the Service needs no sign-in; the optional Sign in with Bitcoin flow is keyed to a public address — no email, no password
• transparencyplain-language policy; ask us anything at hello@ochk.io

• >>No custody of funds and no access to private keys
• >>No account required for the core service
• >>No selling or renting of personal information, ever
• >>No targeted advertising and no cross-site tracking
• >>No third-party analytics trackers — privacy-preserving analytics only

information you provide

Bitcoin addresses and signatures are processed client-side to generate a cryptographic proof; this data is public by design. Identity bindings you add are included in the signed message and are public. Contact information is collected only if you email us for support, solely to respond. Sign-in sessions store a minimal account row keyed by your verified Bitcoin address plus session rows with a random id, source IP, a user-agent hash, and timestamps — no password, no email.

automatically collected

• ip addresssecurity, rate limiting, service delivery
• browser/devicecompatibility and UX optimization
• pages visitedaggregate, to improve the Service

cookies & analytics

Essential cookies are required for the Service to function; a preference cookie stores your theme. We use Plausible Analytics — cookie-free, no personal data, aggregate statistics only. No advertising or tracking cookies.

• >>Generate and verify cryptographic proofs and serve verification pages
• >>Detect and prevent abuse, spam, and denial-of-service attacks
• >>Fix bugs, optimize performance, and improve the Service
• >>Provide technical support

• public artifactspermanent and publicly shareable; data published to Nostr cannot be deleted by OrangeCheck
• technical logsserver logs retained 90 days for security and debugging, then auto-deleted
• session rowslive up to 30 days (cookie max-age) or until revoked; idle accounts with no session activity for 24 months are deleted automatically
• support emailsretained as long as necessary; deleted on request

• >>HTTPS encryption for all data in transit
• >>Secure hosting with regular security updates
• >>Rate limiting and abuse monitoring

No method of transmission or storage is 100% secure. We use reasonable measures but do not warrant the security of your data and are not liable for unauthorized access, loss, or theft — see the Terms of Service. If we become aware of a breach of personal data we hold, we will notify affected users and any competent supervisory authority as required by applicable law, including the 72-hour window under Article 33 of the UK & EU GDPR.

• access & portabilityrequest a copy of your personal information in a machine-readable format
• correctionrequest correction of inaccurate or incomplete information
• deletionrequest deletion of personal information we hold (data published to public networks cannot be deleted by us — see retention)
• objectionobject to or restrict processing in certain circumstances
• withdraw consentwithdraw consent where consent is the legal basis for processing

To exercise any right, email hello@ochk.io. We respond within 30 days.

OrangeCheck is operated from the United States. If you access OrangeCheck from elsewhere, your information may be transferred to, stored, and processed in the US or other countries where our service providers operate. For users in the EEA, UK, or Switzerland, we rely on appropriate safeguards for international transfers.

california (ccpa / cpra)

• >>Right to know the categories of personal information collected
• >>Right to delete and to correct your personal information
• >>Right to opt out of sale or sharing — we do not sell or share personal information
• >>Right to limit use of sensitive personal information — we do not collect sensitive PI as defined by the CPRA
• >>Right to non-discrimination for exercising your rights

europe (gdpr) & united kingdom (uk gdpr)

• legal basisconsent, contract performance, legitimate interests (security, abuse prevention, service improvement), and legal obligations
• your rightsaccess, rectification, erasure, restriction, portability, objection, and withdrawal of consent
• supervisory authorityright to lodge a complaint with your local EU/EEA data-protection authority, or the UK ICO
• eu/uk representativeif and when required, we will designate an Article 27 representative and publish the details here

other jurisdictions

If you reside in a jurisdiction with a comprehensive privacy law — including Brazil (LGPD), Canada (PIPEDA / Law 25), Australia, Japan (APPI), South Korea (PIPA), Switzerland (FADP), or any U.S. state privacy law — you have the equivalent rights of access, correction, deletion, portability, and objection. Email hello@ochk.io and we will honour applicable rights under the law of your residence.

OrangeCheck is not intended for children under 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have, email hello@ochk.io immediately and we will delete it.

• >>We will update the "last updated" date above
• >>For material changes, we will provide prominent notice on the website
• >>Continued use after changes constitutes acceptance