Privacy Policy

Last Updated: January 14, 2026

1. Who We Are

Canary is operated by Boobies Interactive LLC ("we", "us", "our"). We provide a decentralized messaging protocol, token gifting system, NFT buyback marketplace, and node reward network built on Solana.

2. What Information We Collect

2.1 Blockchain Data (Public)

• Wallet Addresses: Your Solana wallet public key for transactions, gifts, buybacks, and rewards
• Transaction Signatures: On-chain transaction hashes for verification
• NFT Mint Addresses: Public addresses of NFTs involved in buyback offers
• Token Amounts: Publicly visible token transfer amounts

Note: All blockchain data is publicly accessible on the Solana network. We do not control this data.

2.2 Service-Specific Data

• Gifts: Password hashes (bcrypt, never plaintext), gift messages, expiration times, claim status
• Buybacks: Offer parameters (buy price, repurchase price, duration), escrow status
• Partner Drops: Partner name, email (for application review only), Twitter/Discord handles (optional), drop descriptions
• Nodes: Device ID, node performance metrics (uptime, latency, bandwidth), geographic region (for routing optimization)
• Messages: Encrypted routing hints, push notification tokens (FCM), message delivery metadata (no message content)

2.3 Technical Data

• API Usage: Request timestamps, rate limiting counters, error logs (no personal data)
• Performance Metrics: Server health, database query times, relay wallet balances
• Security Logs: Failed authentication attempts, suspicious activity patterns

2.4 What We Don't Collect

• ❌ Your private keys (never share these with anyone)
• ❌ Message content (end-to-end encrypted)
• ❌ Browsing history or tracking cookies
• ❌ Personal identification documents
• ❌ Financial information beyond public blockchain data
• ❌ Location data beyond geographic region for node routing

3. How We Use Your Information

3.1 Service Operations

• Process token gifts with password protection
• Facilitate NFT buyback offers and escrow
• Review and approve partner drop applications
• Calculate and distribute node rewards
• Route encrypted messages between users
• Send push notifications for new messages

3.2 Security & Fraud Prevention

• Rate limiting to prevent abuse (10 gifts/hour, 1 partner application/day per email)
• Monitor for suspicious transaction patterns
• Verify transaction signatures to prevent fraud
• Detect and prevent Sybil attacks on node network

3.3 Service Improvement

• Analyze aggregate usage patterns (no individual tracking)
• Optimize node routing and performance
• Debug errors and improve reliability
• Measure API response times

4. Data Sharing & Third Parties

4.1 Service Providers

• Supabase/Railway: Database and hosting (encrypted connections, compliance certified)
• QuickNode/Helius: Solana RPC endpoints (public blockchain access)
• Resend: Email delivery for partner drop communications (partner emails only)
• Firebase Cloud Messaging: Push notifications (device tokens, no message content)

4.2 Legal Requirements

We may disclose information if required by law, court order, or government request. We will resist overly broad requests and notify users when legally permitted.

4.3 Public Blockchain

Transaction data (wallet addresses, amounts, signatures) is publicly visible on Solana. This is inherent to blockchain technology and outside our control.

5. Data Security

5.1 Encryption

• In Transit: TLS 1.3 for all API communications
• At Rest: Database encryption, bcrypt password hashing (10 salt rounds)
• Messages: End-to-end encryption (we cannot read message content)

5.2 Access Controls

• Limited employee access to production systems
• Environment variables secured on Railway (never in code)
• Private keys stored in secure enclaves
• Regular security audits and monitoring

5.3 Data Retention

• Gifts: Automatically expired after 90 days, purged after 1 year
• Buybacks: Retained for 2 years after completion for dispute resolution
• Partner Drops: Applications retained indefinitely for compliance
• Nodes: Performance data retained for 6 months
• Messages: Routing hints expire after 24-48 hours, metadata purged after 30 days
• Logs: Error logs retained for 90 days, aggregate metrics indefinitely

6. Your Rights

6.1 Access & Deletion

You can request access to or deletion of your data by contacting us. Note:

• Blockchain data cannot be deleted (it's public and immutable)
• Active gifts/buybacks/drops cannot be deleted (contractual obligations)
• We may retain data required for legal compliance

6.2 Data Portability

You can export your data via our API endpoints. Wallet addresses and transaction history are already public on Solana explorers.

6.3 Opt-Out

• Push Notifications: Unregister device tokens via app settings
• Partner Emails: We only email partners who apply for drops
• Node Participation: Stop running your node to cease data collection

7. International Users

Canary is operated from the United States. By using our services, you consent to data processing in the US. We comply with applicable international data protection laws including GDPR principles:

• Lawful Basis: Legitimate interest (service operation) and consent (node participation)
• Data Minimization: We collect only what's necessary
• Transparency: This policy explains all data practices
• User Rights: Access, deletion, and portability as described above

8. Children's Privacy

Canary is not intended for users under 13 years old (16 in EEA). We do not knowingly collect data from children. If you believe a child has provided us with personal information, contact us immediately for deletion.

9. Changes to This Policy

We may update this policy to reflect service changes or legal requirements. Material changes will be announced via:

• In-app notifications
• Website banner (www.node.canarymessenger.com)
• Updated "Last Modified" date at the top of this page

Continued use after changes constitutes acceptance of the updated policy.

10. Contact Us

For privacy questions, data requests, or concerns:

• Email: privacy@canarymessenger.com
• Company: Boobies Interactive LLC
• Discord: Join our community

We will respond to valid requests within 30 days.

← Back to Home