Privacy Policy
Your privacy is a core design principle of this tool
Last updated: February 2025
What Data Is Processed
When you generate a report, the following data flows through the application:
| Data | How It's Used | Stored? |
|---|
| Wallet address | Sent to Etherscan & Beacon API to fetch your transactions | No — discarded after report generation |
| Validator index | Sent to Beacon API to resolve withdrawal address | No — discarded after report generation |
| Etherscan API key | Used to authenticate Etherscan API requests | No — never stored server-side |
| Generated report | Stored as a temporary file on the server until downloaded | Deleted immediately after download (max 10 min if not downloaded) |
| Price data | Cached locally for faster subsequent queries | Yes — only generic ETH prices, no user data |
Client-Side Storage
Your browser stores some settings locally for convenience:
- localStorage: Date range and currency preferences (no sensitive data)
- sessionStorage: Account names, addresses, and API keys — automatically cleared when you close the browser tab
No cookies are set. No data is sent to any analytics or advertising service.
Tip: Use your browser's private/incognito mode for an extra layer of privacy. All session data will be cleared automatically when you close the window.
Third-Party API Requests
To generate your report, the server makes API calls to the following services. These services will see your wallet address as part of the API request:
- Etherscan (etherscan.io) — receives your wallet address and API key to fetch transaction data. Subject to Etherscan's Terms.
- Beacon Chain API (publicnode.com) — receives validator index/pubkey to resolve withdrawal address. No API key required.
- CryptoCompare (cryptocompare.com) — receives only the currency pair (ETH/EUR etc.) and time range. No wallet data is sent.
Aggregate Usage Statistics
The application maintains a small set of aggregate counters to track overall usage. These are stored in a local stats.json file on the server:
- Page views — how many times the home page has been loaded
- Reports started — how many report generations were initiated
- Reports completed — how many reports finished successfully
These counters are simple numbers. No personal data is recorded — no IP addresses, no wallet addresses, no timestamps, no user agent strings. It is impossible to trace any counter increment back to an individual user.
These statistics are visible on the dashboard page.
Security Measures
The following security measures are implemented:
- Content Security Policy (CSP) — prevents loading of external scripts and resources
- No external dependencies — all CSS and JavaScript is self-contained, no CDN requests
- X-Frame-Options: DENY — prevents embedding in iframes
- Referrer-Policy: no-referrer — no referrer information is sent when navigating
- Permissions-Policy — disables interest cohort (FLoC) tracking
- API keys as password fields — your API keys are masked in the form
Self-Hosting
For maximum privacy, you can run this tool entirely on your own machine. The source code is open and available for review. When self-hosting:
- All API calls go directly from your machine to the data providers
- No data passes through any intermediary server
- You have full control over the price cache and all generated data
- No network requests are made except to Etherscan, CryptoCompare, and the Beacon Chain API