Skip to main content
BarryGuard
BarryGuard
Menu
Install extension (opens in new tab)
Privacy

Privacy Policy

This page describes how BarryGuard collects, processes, stores and shares user data — for the website, browser extension and API. Last updated: April 2026.

BarryGuard emblem

1. Data Controller

Zivcore

Morgentalstrasse 11

8108 Dällikon

Switzerland

Contact: support@barryguard.ch

2. Data We Collect

We collect data in the following ways:

  • Registration & Account: When you create an account we collect your email address and a hashed password. Optional profile fields may be filled in voluntarily.
  • Browser Extension: The extension reads token addresses from the content of visited pages (e.g. pump.fun, app.uniswap.org, etherscan.io) in order to request risk assessments. It reads only token context data — no personal information, passwords or financial data of the user. Browsing history outside the supported platforms is never collected or transmitted. Supported platforms span multiple chains: Solana, Ethereum, BNB Chain, and Base.
  • Extension technical integrity (optional): When enabled, the extension may send anonymized technical events to BarryGuard (e.g. platform identifier, event type, extension version, optional normalized path template) so we can detect when third-party sites change layout and overlays stop working. These signals do not include full browsing history or wallet secrets. Raw events are retained for 90 days and then deleted.
  • API Calls: Every API request logs the IP address, timestamp, requested token address, request source (website or extension), API key identifier and rate-limit counters server-side.
  • Payment Processing: When a subscription is purchased, billing-related metadata (plan, payment status, Stripe customer ID) is stored. Full credit card details are handled exclusively by Stripe and are never stored by BarryGuard.
  • Trial Subscription: BarryGuard offers a one-time 30-day free trial for the Rescue Pass monthly plan. A valid payment method is required at signup and is collected by Stripe. If the trial is not cancelled before it ends, the subscription automatically converts to a paid plan and the stored payment method is charged.
  • Crypto Payments: When paying with cryptocurrency (SOL or USDC), BarryGuard stores the receiving wallet address, sender wallet addresses derived from the on-chain transaction, and transaction signatures. The encrypted private key of the one-time receiving wallet is stored indefinitely in our database. This is a deliberate safety measure: if a payment is sent late, in the wrong amount, or after the intent has expired, we retain the ability to detect and recover it manually via our support process. Without the key, funds sent to a BarryGuard-generated wallet could become unrecoverable. The keys are stored encrypted using AES-GCM and are never used for any purpose other than payment recovery and fund sweeping to the treasury wallet.
  • Promotional Listings: When a user creates a promotional listing, BarryGuard stores campaign data (promoted token address, campaign status, start and end times), view tracking data (page views, slot placement, click counts) and credit purchase records (package, amount, payment method, timestamp). No personal financial data beyond what is already described for Stripe and crypto payments is collected for promo purchases.
  • Anonymous Session Cookie: To enforce per-session rate limits and prevent quota abuse without requiring an account, BarryGuard sets an httpOnly, cryptographically signed session cookie (bg_anon_session) for unauthenticated visitors. This cookie does not contain any personal data — it is a random HMAC-signed value used solely to identify an anonymous usage session. It expires after 30 days. Once you sign in to a BarryGuard account, the anonymous quota is replaced by your account's own rate limit and this cookie is no longer used for quota tracking.
  • Usage Metrics: Anonymised access and performance data may be collected via Vercel Analytics.

3. How We Use Your Data

Collected data is used exclusively for the following purposes:

  • Providing and operating the BarryGuard service (token risk analysis, overlay)
  • Authentication and account management
  • Subscription and payment processing
  • Managing promotional listings and tracking campaign performance
  • Rate limiting and abuse prevention
  • Technical support and responding to requests
  • Platform stability and security monitoring
  • Improving browser extension overlay reliability (when anonymized integrity signals are enabled)

We do not use your data for advertising, marketing profiling or for sale to third parties.

4. Data Storage

Account and usage data is stored in the Supabase database. Supabase operates infrastructure in the EU (AWS Frankfurt) and other regions in accordance with the Supabase privacy policy.

Billing data (subscription status, Stripe IDs) is also stored in the Supabase database. Full payment data remains exclusively with Stripe (USA, EU).

We retain personal data only for as long as is necessary for fulfilling the contract, complying with legal retention obligations or pursuing legitimate security interests. After account deletion, personal data is removed within 30 days, unless a legal retention obligation applies. Billing-related data is retained in accordance with applicable legal requirements.

Accounts whose email address has never been confirmed are automatically deleted after 30 days. This applies only to unconfirmed accounts, not to confirmed users.

The anonymous session cookie (bg_anon_session) expires automatically after 30 days and is not linked to any account or personal identifier.

5. Data Sharing

Your data is never sold. It is shared with third parties only in the following cases:

For server-side calls to external data providers (RPC infrastructure, price data, metadata, blockchain APIs, pair resolution for supported aggregators), only public blockchain addresses or pair identifiers are transmitted. The user's IP address is not forwarded to these providers because BarryGuard performs these requests on its own backend. An exception applies to client-side integrations (Stripe Checkout, Solana Wallet Adapter), where the browser communicates directly with the third-party provider; in those cases the respective provider's privacy policy applies.

  • Supabase (Ireland / USA): Authentication, database operations and data storage.
  • Stripe (USA / EU): Payment processing and subscription management. Stripe processes payment data in accordance with PCI-DSS standards. During Stripe Checkout the user's browser connects directly to Stripe; Stripe's own privacy policy governs the data collected in that flow, including the user's IP address.
  • Vercel (USA / EU): Website and API hosting. Vercel may process anonymised access logs and performance metrics. Vercel Analytics is loaded only when the user has given explicit cookie consent.
  • Solana Wallet Adapter (client-side): During crypto checkout the user interacts directly with their own wallet software (e.g. Phantom, Solflare). BarryGuard never receives or stores the user's private keys at any point.
  • Helius (USA): Blockchain RPC and DAS infrastructure for Solana analysis. Only public blockchain addresses are queried — no personal data, no IP forwarding.
  • Alchemy (USA): EVM RPC infrastructure for Ethereum, BNB Chain, and Base analysis. Only public blockchain addresses are queried — no personal data, no IP forwarding.
  • Chainstack (USA): EVM and Solana RPC infrastructure. Only public blockchain addresses are queried — no personal data, no IP forwarding.
  • dRPC (USA): EVM RPC infrastructure for Ethereum, BNB Chain, and Base. Only public blockchain addresses are queried — no personal data, no IP forwarding.
  • Shyft (USA): Solana RPC infrastructure. Only public blockchain addresses are queried — no personal data, no IP forwarding.
  • CoinGecko (USA): Token metadata enrichment, price fallback data, and logo retrieval. Only public token contract addresses are queried — no personal data, no IP forwarding.
  • DexScreener (USA): Price and liquidity pool data for token analysis plus server-side pair resolution for supported DexScreener pages. Only public token contract addresses or pair identifiers are queried — no personal data, no IP forwarding.
  • DexTools (EU / Spain): Server-side pair resolution for supported DexTools pages so BarryGuard can map public pair identifiers to public token addresses before requesting the risk analysis. No personal data is transmitted — no IP forwarding, no user identifiers.
  • Moralis (USA): EVM holder count data. Only public token contract addresses are queried — no personal data, no IP forwarding.
  • Etherscan V2 (USA): EVM deployer lookup and contract verification. Only public token contract addresses are queried — no personal data, no IP forwarding.
  • Sourcify (decentralised): EVM smart contract verification fallback. Only public contract addresses are queried — no personal data, no IP forwarding.
  • Jupiter (USA): SOL price data used for crypto checkout pricing. Only currency pair queries are made — no personal data, no IP forwarding.
  • Pump.fun (USA): Solana token enrichment data. Only public token addresses are queried — no personal data, no IP forwarding.
  • Raydium (decentralised / USA): Solana liquidity pool and LP data. Only public token addresses are queried — no personal data, no IP forwarding.
  • Meteora (decentralised / USA): Solana liquidity pool data. Only public token addresses are queried — no personal data, no IP forwarding.
  • Orca (USA): Solana pool data. Only public token addresses are queried — no personal data, no IP forwarding.
  • X / Twitter (USA): Automated posting of token risk warnings. Only public on-chain token data and risk assessments are shared — no personal user data is transmitted to X.
  • frankfurter.app (EU): Exchange rate API used for USD/CHF conversion in crypto payment pricing. No personal data is transmitted — only currency pair queries.
  • CoinMarketCap (USA): Public token metadata enrichment for EVM tokens (Ethereum, BNB Chain, Base) and — since 2026-04-20 — aggregated holder counts for Solana tokens. Only the public token contract/mint address is queried to resolve the CoinMarketCap currency slug used in outbound reference links and to retrieve holder-count aggregates. No personal data is transmitted — no IP forwarding, no user identifiers.
  • Legal obligations: Data may be disclosed in response to a governmental order or to protect legal rights, to the extent required by law.

All listed service providers are contractually bound to uphold appropriate data protection standards and process data solely within the scope of the services they are commissioned to provide.

6. Extension Local Storage (Chrome Storage)

The BarryGuard browser extension uses the Chrome Extension Storage API (chrome.storage.local) exclusively to store the following data locally in the browser:

  • Authentication session token (to avoid repeated sign-in prompts)
  • Cached token risk assessments (to reduce API calls)
  • Extension settings (e.g. enabled/disabled)

This data only leaves the local browser to the extent technically necessary for API authentication and risk requests. It is not shared with any third parties.

7. Automated Social Media Posting

BarryGuard may automatically publish warnings about high-risk tokens on the social media platform X (formerly Twitter). These automated posts contain exclusively public blockchain data:

  • Token address, name and symbol (public on-chain data)
  • Risk score and top risk reasons as determined by the scoring engine
  • A link to the public token analysis page on barryguard.com

No personal user data is included in these posts. The posts do not identify who scanned a token, when it was scanned or from which account. Only publicly available on-chain token information and the BarryGuard risk assessment are shared.

8. Transactional Emails

BarryGuard sends transactional emails required for operating the service. These include account confirmation, password reset, subscription notifications, and service-related alerts.

Rescue Pass and Pro subscribers may opt in to Watchlist Risk Alert emails via their account settings. When enabled, BarryGuard sends an email notification if a token on the subscriber's watchlist moves to a worse risk level. This feature is off by default and can be disabled at any time in the account settings.

  • Purpose: To notify the subscriber of a deteriorating risk assessment for a token they have saved to their watchlist.
  • Legal basis: Explicit opt-in by the subscriber via account settings.
  • Frequency: At most once per token per 24-hour period.
  • Content: Token name, symbol, risk score, and new risk level. No account-specific personal data is included beyond the subscriber's email address as the recipient.
  • Opt-out: Subscribers can disable Watchlist Risk Alert emails at any time in their account settings.

Transactional emails are delivered via Brevo (Sendinblue SAS, Paris, France). The recipient's email address is transmitted to Brevo solely for the purpose of delivery. No personal data is shared with third parties for marketing or profiling purposes in connection with transactional emails.

9. International Data Transfers

Because we use service providers in the USA (Stripe, Vercel, Helius, Alchemy, Chainstack, dRPC, Shyft, CoinGecko, DexScreener, Moralis, CoinMarketCap) and the EU (Supabase EU region, Brevo, DexTools in Spain), personal data may be transferred to countries outside Switzerland or the EEA. Transfers to the USA are carried out on the basis of Standard Contractual Clauses (SCCs) pursuant to Art. 46 GDPR and the corresponding provisions of the Swiss FADP, unless an adequacy decision is in place.

10. Children

BarryGuard is not directed at persons under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child under 16 has created an account, please contact us at support@barryguard.ch.

11. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Rectification of inaccurate data
  • Erasure of your data (account deletion)
  • Restriction of processing
  • Data portability in a commonly used format
  • Objection to certain forms of processing

Please direct your requests to: support@barryguard.ch

12. Security

BarryGuard employs technical and organisational measures to protect user data: encrypted transmission (HTTPS/TLS), secured database access, API authentication and rate limiting. That said, no internet service can guarantee absolute security. Please use a strong, unique password and keep your credentials confidential.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes, registered users will be notified by email. The date of the last update is shown at the top of this page. Continued use of BarryGuard after an update constitutes acceptance of the revised policy.