Privacy Policy.
Overview
Blue Escrow processes the minimum data needed to render a usable frontend and provide a coherent reading view over the on-chain Escrow contract. The split between on-chain and off-chain matters: on-chain data is permanent and public; off-chain data is purgeable on request and never authoritative for money.
Wallet Signatures
Authentication uses Sign-In with Ethereum (SIWE). The backend issues a one-time nonce, your wallet signs a structured login message containing that nonce, and the backend exchanges the signature for a short-lived JWT session token. The signature proves wallet control; it is not a transaction and does not move funds.
The signature payload itself is not retained after verification. We retain only the resulting session token, your wallet address (as a stable identifier), and a server-side record of when each session was issued.
Off-chain Metadata
Optional profile data — display name, avatar URL, short bio — is stored off-chain in a PostgreSQL database accessed via Prisma. None of this is required to use the protocol; you can leave every field empty and still create, fund, and settle deals.
| Field | Source | Storage |
|---|---|---|
| Wallet addressRequired | SIWE login | Database row + every on-chain action |
| Session tokenRequired | SIWE exchange | Database (rotated/expired) |
| Display nameOptional | Profile form | Database row |
| Avatar URLOptional | Profile form | Database row (URL only) |
| BioOptional | Profile form | Database row |
| Deal filesOptional | Upload during a deal | Backend filesystem (MVP); IPFS planned |
On-chain Data
Every state change in the Escrow contract emits a public event and persists in the Arbitrum ledger. This includes your wallet address, the addresses of every counterparty in a deal, the deal amount, the protocol fee charged, the dispute history, and the on-chain reputation score derived from your role in concluded deals.
On-chain data is permanent and globally readable. Anyone can query it directly via a node or block explorer without using this frontend. We cannot delete it on your behalf, and a deletion request from you does not remove it from the ledger.
Indexed Events
The backend runs an event indexer that mirrors a subset of contract events into the off-chain database — strictly to accelerate reads (showing your inbox, listing middleman reputations). The indexer is read-only: nothing it writes can override on-chain state, and if the mirror disagrees with the contract, the contract wins.
If you ask us to remove your off-chain metadata, the indexed mirror is also cleared. The on-chain events remain — only our local convenience copy is purged.
Third Parties
To render the frontend and read the chain, the protocol relies on third parties whose privacy practices we cannot warrant: wallet providers (MetaMask, Rainbow, WalletConnect — your choice), RPC providers (Alchemy, Quicknode, the default Arbitrum endpoints), and the underlying Arbitrum and Ethereum networks.
We do not embed analytics, ad networks, session replay, fingerprinting libraries, or social-share trackers. The only outbound calls from a normal page view are to our own API, the wallet you have connected, and the RPC endpoint your wallet routes through.
Data Retention
Off-chain profile metadata is retained for as long as the wallet remains active. Inactive wallets (no SIWE login or contract interaction for twenty-four months) have their off-chain profile pruned during the next scheduled maintenance window.
A deletion request from you triggers immediate purge of your off-chain metadata and a teardown of the indexed mirror entries the indexer holds for your address. The contract's on-chain history of any deal you participated in continues to exist on the ledger.
GDPR Rights
Where the General Data Protection Regulation applies, you have the rights listed below. Each right is exercised against off-chain data only; on-chain data is outside our control by design.
- Access — request a copy of the off-chain data we hold about your wallet.
- Rectification — correct inaccurate profile metadata.
- Erasure — purge off-chain metadata and indexer mirror entries.
- Restriction — pause processing of your profile while we resolve a dispute.
- Portability — receive your profile in a machine-readable format.
- Objection — opt out of any non-essential processing.
- Complaint — lodge a complaint with your supervisory authority.
Children
The protocol is not directed to children under 18. We do not knowingly collect data from anyone we believe to be under 18; if you become aware that a child has used the protocol, contact us so we can purge the relevant off-chain records.
International Transfers
The off-chain backend may be hosted in jurisdictions outside your country of residence. Where required by law, we rely on Standard Contractual Clauses (SCCs) or equivalent mechanisms to provide an adequate level of protection for personal data transferred abroad. The on-chain data, by design, is replicated globally across Arbitrum nodes worldwide.
Contact (DPO)
Privacy requests — access, rectification, erasure, complaints — can be sent to the Data Protection contact below. We acknowledge receipt within seven business days where the request contains enough information to identify your wallet and the action requested.
[email protected]
PGP fingerprint: 0000 0000 0000 0000 0000 0000 0000 0000