OrangeCheck

Beta

Privacy Policy

Effective Date: September 30, 2025
Last Updated: September 30, 2025

Introduction

Welcome to OrangeCheck. We are committed to protecting your privacy and being transparent about our data practices. OrangeCheck is designed with privacy as a core principle: we are a non-custodial, client-side-first service that minimizes data collection and maximizes user control.

This Privacy Policy explains:

  • What information we collect (and what we don't)
  • How we use and protect your information
  • Your rights and choices
  • How to contact us with questions

By using OrangeCheck, you agree to the practices described in this Privacy Policy.

Our Privacy Principles

1. Non-Custodial by Design

We never take custody of your Bitcoin or private keys. All cryptographic operations happen in your wallet or browser. We cannot access your funds.

2. Minimal Data Collection

We collect only what is necessary to provide the service. We do not build user profiles or track you across the web.

3. No Account Required

You can use OrangeCheck without creating an account, providing an email, or sharing personal information.

4. Transparency

This policy is written in plain language. If you have questions, we're here to help.

What We Don't Do

Before explaining what we collect, here's what we don't do:

  • No custody of funds - We never hold your Bitcoin
  • No private key access - We never see or store your private keys
  • No account creation required - Use the service anonymously
  • No selling of data - We will never sell your personal information
  • No advertising - We don't use your data for targeted advertising
  • No cross-site tracking - We don't track you across other websites
  • No blockchain writes - We don't broadcast transactions for you
  • No third-party analytics trackers - We use privacy-preserving analytics only

Information We Collect

1. Information You Provide

Bitcoin Addresses and Signatures

  • When you create an attestation, you provide a Bitcoin address and BIP-322 signature
  • These are processed client-side in your browser to generate a cryptographic proof
  • We may temporarily cache this data to generate and serve your badge
  • This information is public by design - attestations are meant to be shared

Identity Bindings (Optional)

  • You may optionally bind identities (Nostr, GitHub, Twitter, DNS) to your attestation
  • These bindings are included in the signed message and are public
  • Identity verification happens off-protocol and does not involve OrangeCheck servers
  • You control which identities to bind and verify

Nostr Publishing (Optional)

  • You may optionally publish your attestation to Nostr relays as a NIP-78 event
  • Published attestations are stored on decentralized Nostr relays, not OrangeCheck servers
  • We do not control or have custody of data published to Nostr
  • Published attestations are discoverable by anyone querying Nostr relays

Contact Information (Optional)

  • If you contact us for support, we collect your email address and message content
  • This is used solely to respond to your inquiry
  • You can request deletion at any time

2. Information Automatically Collected

Technical Information When you access OrangeCheck, we automatically collect:

  • IP address - Used for security, rate limiting, and service delivery
  • Browser type and version - Used to ensure compatibility
  • Device type - Used to optimize the user experience
  • Referring website - Used to understand how users find us
  • Pages visited and time spent - Used to improve the service

Cookies and Local Storage

  • Essential cookies - Required for the service to function (e.g., session management)
  • Preference cookies - Store your theme preference (dark/light mode)
  • Demo mode state - Remembers if you're using demo mode
  • We do not use advertising or tracking cookies

3. Analytics

We use Plausible Analytics, a privacy-preserving, GDPR-compliant analytics service that:

  • Does not use cookies
  • Does not collect personal data
  • Does not track users across websites
  • Provides aggregate statistics only
  • Is fully compliant with GDPR, CCPA, and PECR

You can learn more at plausible.io/privacy.

How We Use Information

We use the information we collect for the following purposes:

Service Delivery

  • Generate and verify cryptographic proofs (badges)
  • Serve badge images and verification pages
  • Provide technical support

Security and Fraud Prevention

  • Detect and prevent abuse, spam, and malicious activity
  • Rate limiting to prevent denial-of-service attacks
  • Monitor for security vulnerabilities

Service Improvement

  • Analyze usage patterns to improve user experience
  • Fix bugs and optimize performance
  • Develop new features based on user needs

Legal Compliance

  • Comply with applicable laws and regulations
  • Respond to legal requests and prevent harm
  • Enforce our Terms of Service

We do not use your information for:

  • Targeted advertising
  • Building user profiles for marketing
  • Selling or renting to third parties
  • Cross-site tracking

Wallet Integration (Optional)

OrangeCheck offers optional browser wallet integration to streamline the signing process. This feature is entirely opt-in and not required to use OrangeCheck.

What Wallet Integration Does

  • Connects to your browser wallet extension (UniSat, Xverse, Leather, etc.)
  • Reads your Bitcoin address to verify it matches the address you entered
  • Requests a signature for the canonical message
  • All operations happen client-side in your browser

What We Do NOT Do

  • We never take custody of your Bitcoin or private keys
  • We never store your wallet connection state on our servers
  • We never access your wallet balance or transaction history beyond what's publicly visible on the blockchain
  • We never initiate transactions or move funds
  • We never share your wallet information with third parties

Your Alternatives

You can always use OrangeCheck without connecting a wallet by:

  • Signing the message in your preferred wallet application (Sparrow, Electrum, Bitcoin Core, etc.)
  • Manually pasting the signature into OrangeCheck
  • This method provides identical security and functionality

Wallet Permissions

When you connect a wallet, you grant temporary permission to:

  • Read your active Bitcoin address
  • Request message signatures (which you must approve each time)

You can disconnect your wallet at any time, and the connection only persists for your current browser session.

Data Retention

We retain data only as long as necessary:

Badge Data

  • Badges are designed to be permanent and publicly shareable
  • Once generated, badge data may be cached indefinitely for performance
  • You control what addresses you use and what you share

Technical Logs

  • Server logs are retained for 90 days for security and debugging
  • After 90 days, logs are automatically deleted
  • Aggregate analytics data is retained indefinitely (no personal data)

Support Communications

  • Retained as long as necessary to address your inquiry
  • You can request deletion at any time by emailing hello@ochk.io

Data Security

We implement industry-standard security measures to protect your data:

Technical Safeguards

  • HTTPS encryption for all data in transit
  • Secure hosting infrastructure with regular security updates
  • Rate limiting and DDoS protection
  • Regular security audits and monitoring

Organizational Safeguards

  • Access to data is limited to authorized personnel only
  • Security training for team members
  • Incident response procedures

Your Responsibility

  • Protect your wallet and private keys
  • Use secure devices and networks
  • Keep your wallet software up to date
  • Never share your private keys with anyone

Important: No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

Access and Portability

  • Request a copy of the personal information we hold about you
  • Receive your data in a structured, machine-readable format

Correction

  • Request correction of inaccurate or incomplete information

Deletion

  • Request deletion of your personal information
  • Note: Badge data is public by design and cannot be deleted from the blockchain

Objection and Restriction

  • Object to processing of your personal information
  • Request restriction of processing in certain circumstances

Withdraw Consent

  • Withdraw consent for data processing where consent is the legal basis
  • Note: This may limit your ability to use certain features

Opt-Out of Analytics

  • You can block Plausible Analytics using browser extensions or privacy tools
  • This will not affect your ability to use OrangeCheck

To exercise your rights, email us at hello@ochk.io with your request.

Third-Party Services

OrangeCheck integrates with the following third-party services:

Hosting and Infrastructure

Blockchain Data

  • Mempool.space / Esplora API - Bitcoin blockchain data
  • Data processed: Bitcoin addresses (public information)
  • Privacy policy: mempool.space/about

Nostr Network

  • Nostr Relays - Decentralized event storage (if you choose to publish)
  • Data processed: Attestation envelopes, identity bindings (public by design)
  • Note: Nostr is a decentralized protocol; we do not control relay operators

Analytics

  • Plausible Analytics - Privacy-preserving analytics
  • Data processed: Aggregate, non-personal usage statistics
  • Privacy policy: plausible.io/privacy

We carefully select third-party services that respect user privacy and comply with applicable data protection laws.

International Data Transfers

OrangeCheck is operated from the United States. If you access our service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

By using OrangeCheck, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection laws.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure appropriate safeguards are in place for international data transfers.

Children's Privacy

OrangeCheck is not intended for children under 13 years of age (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children.

If you believe we have collected information from a child, please contact us immediately at hello@ochk.io, and we will take steps to delete such information.

California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request information about the categories and specific pieces of personal information we collect
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the sale of personal information (Note: We do not sell personal information)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, email hello@ochk.io.

European Privacy Rights

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

  • Legal Basis: We process data based on consent, contract performance, legal obligations, and legitimate interests
  • Data Protection Officer: Contact hello@ochk.io for data protection inquiries
  • Supervisory Authority: You have the right to lodge a complaint with your local data protection authority

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make changes:

  • We will update the "Last Updated" date at the top of this policy
  • For material changes, we will provide prominent notice on our website
  • Continued use of OrangeCheck after changes constitutes acceptance

We encourage you to review this Privacy Policy periodically.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Email: hello@ochk.io
GitHub: github.com/orangecheck

We will respond to your inquiry within 30 days.

Summary: OrangeCheck is designed for privacy. We collect minimal data, use privacy-preserving analytics, never take custody of your funds, and give you control over your information. If you have questions, we're here to help.