Privacy Policy

1. Data Controller

Zivcore

Morgentalstrasse 11

8108 Dällikon

Switzerland

Contact: support@barryguard.ch

2. Data We Collect

We collect data in the following ways:

• Registration & Account: When you create an account we collect your email address and a hashed password. Optional profile fields may be filled in voluntarily.
• Browser Extension: The extension reads token addresses from the content of visited pages (e.g. pump.fun) in order to request risk assessments. It reads only token context data — no personal information, passwords or financial data of the user. Browsing history outside the supported platforms is never collected or transmitted.
• API Calls: Every API request logs the IP address, timestamp, requested token address, API key identifier and rate-limit counters server-side.
• Payment Processing: When a subscription is purchased, billing-related metadata (plan, payment status, Stripe customer ID) is stored. Full credit card details are handled exclusively by Stripe and are never stored by BarryGuard.
• Usage Metrics: Anonymised access and performance data may be collected via Vercel Analytics.

3. How We Use Your Data

Collected data is used exclusively for the following purposes:

• Providing and operating the BarryGuard service (token risk analysis, overlay)
• Authentication and account management
• Subscription and payment processing
• Rate limiting and abuse prevention
• Technical support and responding to requests
• Platform stability and security monitoring

We do not use your data for advertising, marketing profiling or for sale to third parties.

4. Data Storage

Account and usage data is stored in the Supabase database. Supabase operates infrastructure in the EU (AWS Frankfurt) and other regions in accordance with the Supabase privacy policy.

Billing data (subscription status, Stripe IDs) is also stored in the Supabase database. Full payment data remains exclusively with Stripe (USA, EU).

We retain personal data only for as long as is necessary for fulfilling the contract, complying with legal retention obligations or pursuing legitimate security interests. After account deletion, personal data is removed within 30 days, unless a legal retention obligation applies. Billing-related data is retained in accordance with applicable legal requirements.

5. Data Sharing

Your data is never sold. It is shared with third parties only in the following cases:

• Supabase (Ireland / USA): Authentication, database operations and data storage.
• Stripe (USA / EU): Payment processing and subscription management. Stripe processes payment data in accordance with PCI-DSS standards.
• Vercel (USA / EU): Website and API hosting. Vercel may process anonymised access logs and performance metrics.
• Helius (USA): Blockchain data infrastructure for Solana analysis. Only public blockchain addresses (token addresses) are queried — no personal data is involved.
• Legal obligations: Data may be disclosed in response to a governmental order or to protect legal rights, to the extent required by law.

All listed service providers are contractually bound to uphold appropriate data protection standards and process data solely within the scope of the services they are commissioned to provide.

6. Extension Local Storage (Chrome Storage)

The BarryGuard browser extension uses the Chrome Extension Storage API (chrome.storage.local) exclusively to store the following data locally in the browser:

• Authentication session token (to avoid repeated sign-in prompts)
• Cached token risk assessments (to reduce API calls)
• Extension settings (e.g. enabled/disabled)

This data only leaves the local browser to the extent technically necessary for API authentication and risk requests. It is not shared with any third parties.

7. International Data Transfers

Because we use service providers in the USA (Stripe, Vercel, Helius) and the EU (Supabase EU region), personal data may be transferred to countries outside Switzerland or the EEA. Transfers to the USA are carried out on the basis of Standard Contractual Clauses (SCCs) pursuant to Art. 46 GDPR and the corresponding provisions of the Swiss FADP, unless an adequacy decision is in place.

8. Children

BarryGuard is not directed at persons under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child under 16 has created an account, please contact us at support@barryguard.ch.

9. Your Rights

You have the right to:

• Access the personal data we hold about you
• Rectification of inaccurate data
• Erasure of your data (account deletion)
• Restriction of processing
• Data portability in a commonly used format
• Objection to certain forms of processing

Please direct your requests to: support@barryguard.ch

10. Security

BarryGuard employs technical and organisational measures to protect user data: encrypted transmission (HTTPS/TLS), secured database access, API authentication and rate limiting. That said, no internet service can guarantee absolute security. Please use a strong, unique password and keep your credentials confidential.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes, registered users will be notified by email. The date of the last update is shown at the top of this page. Continued use of BarryGuard after an update constitutes acceptance of the revised policy.