MyCrypto values your privacy and security, and actively works to collect as little of your personal data and information as possible. Nonetheless, any company providing publicly available services on the internet will inevitably collect information about those with whom it interacts or those who utilize its services ("Users") through its normal business operations.
The terms "us," "we," or "our" refer to MyCrypto.
Due to the inherent transparency of some blockchains, transactions you broadcast via MyCrypto may be publicly accessible. This includes, but is not limited to, your public sending address, the public address of the receiver, the amount sent, and any other data you may choose to include. Information stored on a blockchain may be public, immutable, and not easily removed or deleted. Your transactions and addresses may reveal information about you, and information can potentially be correlated now or in the future by any party who chooses to do so, including law enforcement. Please review how privacy and transparency on the blockchain works.
MyCrypto's products are designed to collect as little of your personal information as possible while effectively meeting user needs and efficiently running our business. MyCrypto does not sell any information or data that it does happen to gather to third parties, nor does it release such information except as stated in this policy. MyCrypto does not have user accounts, and it collects very little identifying information in its systems. Private keys, encryption passwords, and all other information necessary to operate our products are owned, controlled, managed, and possessed by Users (unless they opt to utilize another service or product which, would be completely outside of our control), and never touch our servers or systems. This section explains how MyCrypto collects information through its delivery of the Services.
MyCrypto.com's wallet interface (including key-pair generator and unlocking functionality) never record nor transmit any of your private keys or encryption passwords. All information is entered and processed by your device, so MyCrypto, its employees, and its servers never have the opportunity to collect your private key, encryption password, or other related information.
If you choose to unlock your wallet via a third-party service, such as MetaMask, Ledger, TREZOR, Wallet Connect, or the Parity Signer, you are subject to their terms and policies (below).
Users have a default "Auto" setting that is used to automatically interact with the most appropriate node(s) based on node-load and other factors, whether provided by MyCrypto or a third-party service. No personally identifiable information is shared in this process, though there may be certain device (e.g., IP Addresses) or publicly available blockchain information (e.g., public addresses, but not private keys) collected. Links to the privacy policies of third-party nodes who might process a transaction through the Auto setting are listed below.
For users interested in extra security and privacy, and/or who do not wish their public address or non-personally identifiable information to be routed through the provided node settings, MyCrypto's wallet services can be run offline to generate private keys and to sign transactions to later be broadcasted to nodes.
Using your own node ensures transactional data never comes in contact with MyCrypto, nor any other entity's nodes, and avoids any data collection as outlined in this sub-section. However, if your node has a malfunction that results in the interface not functioning as expected, MyCrypto’s Auto Node Selection will activate and information will then be subject to one of the two above information collection policies, depending on which node their transaction is processed through.
Some MyCrypto products have server-side functions that are hosted by a third-party provider and employ third-party security and functionality services. While MyCrypto and its third-party providers may collect limited information as is standard and appropriate to secure our Services and provide the best user experience, no personally identifiable information content associated with such information is stored. For example, we do not store information in a way that can track a private key, public address, or inputted transaction to a specific IP address or username.
Our main product offering (MyCrypto App) makes use of Segment as a data warehouse for anonymized analytics data. We collect the data grouped by the user using a randomly generated identification string. You can disable this and refresh your unique ID string whenever you like in your app settings (see "Product Analytics"). We route the data collection requests through our own instance of blockstack/stats.
Some other MyCrypto products collect minimal usage analytics on the client side in order to better understand how people are using the product. We use an open-source analytics platform called Matomo (previously Piwik), which we host on our own servers and have customized extensively to limit the information gathered. This ensures no third party, including Matomo, has access to your data. We protect your information using the latest technology and best practices for technical and administrative security. This data is not personally identifiable and is collected solely to improve our products.
Some examples of data we do collect:
- Date and time of the request
- Title of the page being viewed (Page Title)
- URL of the page being viewed (Page URL)
- URL of the page that was viewed prior to the current page (Referrer URL)
- Screen resolution being used
- Time in local user's timezone
- Files that were clicked and downloaded
- Links to an outside domain that were clicked
- Page generation time (the time it takes for webpages to be generated by the webserver and then downloaded by the user, also known as "page speed")
- Main Language of the browser being used
- What page a user was on when they clicked the "Help & Support" link
- What kind of device and/or browser was used
Some examples of data we do not collect:
- IP addresses
- Cryptocurrency addresses
- Cryptocurrency balances
- When or if a user previously visited the product
- Mouse movements, clicks, scrolls
- Geolocation with any specificity beyond the country and timezone.
We do not utilize any tracking cookies. Any individualized (though anonymized) records collected by Matomo (as described above) are automatically purged after one year. We may retain anonymized, aggregated reports perpetually as part of our ongoing business operations and optimization.
You can learn about how Segment is a privacy-first data storage warehouse platform that enables companies, like MyCrypto, to respect users' privacy here.
MyCrypto prides itself in its frequent contact with Users and the community. These two-way communications may occur via telephone, email, in-person conversation, Slack, Telegram, Discord, reddit, text message, voicemail, Facebook (and/or Messenger), Twitter, written letter, or any other method. Records of these conversations may be kept in written, recorded, or digital form, as permitted by law, in a manner that is reasonably necessary for MyCrypto to perform its business operations effectively.
Emails sent to firstname.lastname@example.org are generally routinely deleted at least annually unless there is a justifiable basis for their longer retention (including, but not limited to, a business or legal purpose) as determined by our sole discretion, though they may be deleted sooner for security or other purposes. Other two-way communications will be stored consistent with this Policy. Nothing in this section should be construed as guaranteeing that communications records will be kept for any amount of time, if at all.
MyCrypto loves finding as many channels to communicate with its users and community as possible. We use Mailchimp to create and send the MyCrypto Newsletter. You can sign up for our Newsletter to keep up with our developments by submitting your email address to the sign-up form in the footer of MyCrypto.com, in the side bar menu of app.mycrypto.com, or via this page. Email addresses collected through our Newsletter submission form will only be used for the purpose of sharing relevant information about our products and services with subscribers. Email addresses will not be shared with nor sold to any third party. If you would like to unsubscribe from our Newsletter at any time, you can do so by clicking the "Unsubscribe" button that is found within the emails that are sent from MyCrypto or this page.
MyCrypto relies on social media as a primary means of communicating with its community and Users. We do not generally delete communications and other information shared on social media, though we reserve the right to do so for any reason without warning. We also do not generally save these communications offline, though we reserve the right to do so for any reason or no reason, and without warning.
MyCrypto's MailChimp (Newsletter)
EtherScamDB.info and CryptoScamDB.org were created to gather and analyze data that can be shared with various projects, law enforcement agencies, and related organizations to prevent and terminate phishing, theft, and scams, assist in identifying and potentially leading to the arrest of these scams’ operators, as well as generally protecting users in the cryptocurrency ecosystem.
EtherScamDB.info and CryptoScamDB.org are unique from other MyCrypto products in that they offer a "report" functionality. This allows any person to make a report (collectively these are the "Raw Reports") regarding items such as suspicious website URLs, suspicious cryptocurrency addresses, and scams being propagated via social media, or to report that their own cryptocurrencies have been stolen.
Depending on the circumstances, people using the "report" functionality may be prompted to provide:
- Their cryptocurrency public address
- The cryptocurrency public address they sent funds to
- Website(s) visited
- Suspicious website URLs
- Suspicious cryptocurrency public addresses
- Additional information the user wishes to share
These Raw Reports are sent and stored in a MyCrypto communications channel. These reports are generally not immediately deleted but marked as processed. We aim to destroy any reports containing sensitive or personal information as quickly as possible. However, there are instances when deletion may take longer than expected.
These reports may be kept in digital form, as permitted by law, and kept in a manner that is reasonably necessary for the CryptoScamDB team to perform its business operations effectively. The information gathered via the Raw Reports is used to create and maintain various databases of aggregate information (the "Aggregate Data").
The Raw Reports are normally not shared with, nor sold to any third party without the explicit written permission of the reporter. However, Raw Reports may be shared with a third party as is required under applicable laws or regulations, or as is deemed necessary by MyCrypto to best fulfill its goal of protecting the safety and security of Users across the cryptocurrency space.
The Aggregate Data, analyses of suspicious website URLs, and analyses of suspicious cryptocurrency public addresses are published to a public database that is accessible by anyone via:
or related forks of these repositories.
These website URLs and public addresses are sourced in part from the Raw Reports. MyCrypto takes reasonable measures to confirm the accuracy and validity of the reports, but does not accept responsibility nor liability for the information in these databases. Any person or entity accessing these reports should treat them as public information, and should take additional measures to confirm the information contained in the databases.
Users should be aware that the information they provide, such as their public address, websites visited, or other details may be personally identifiable. While we aim to prevent and/or immediately destroy any irrelevant or sensitive personal information, it is at the User's sole discretion to provide this information. Note that MyCrypto is not liable for any information submitted by the User, and the User submits such information at her or his own risk.
If at any time you wish to have your Raw Report destroyed, please send a request to email@example.com. The MyCrypto team will endeavor to destroy it in a timely manner.
MyCrypto follows responsible data storage methods and protocols consistent with blockchain and crypto-asset wallet industry standards. We use a network of computers, cloud-based servers, and other information technology to provide our Services and store your personal information. We protect your information using the latest technology and best practices for technical and administrative security. These best practices include firewalls, narrowly-tailored internal breach recognition and notification procedures, data encryption, and controlled employee and third-party access to our information databases.
We use what little data and information is collected by our Services to provide a more enjoyable and efficient user experience. Any of this data and information will be destroyed/deleted after a reasonable period of time, as determined at our sole discretion and as is consistent with the rest of this Policy, all applicable law.
Given the small amount of information that we do collect and our best data storage and security practices, it is relatively unlikely that a data breach may occur against MyCrypto that would affect personally identifiable User information. Nonetheless, the realities of operating a service online dictate that a nonzero-chance exists of such a breach. In the case of such an event, we will use our official Twitter, subreddit, and other social media as formal means of notifying the community (as we do not have user accounts and associated email addresses). We also use these channels to notify the community of any other prominent security issues in the Ethereum and crypto ecosystems at large (regardless if they directly relate to MyCrypto). Thus, we highly recommend you follow those resources and check them frequently for up-to-date information.
MyCrypto never sells any of its collected information to third parties. MyCrypto may, from time to time, share information with third-party vendors in order to efficiently and effectively provide its Services. MyCrypto makes no guarantee and takes no responsibility as to those entities' privacy and data utilization practices. We reserve all rights to determine which data is necessary to share with third-party vendors to effectively and efficiently provide our Services at our sole discretion. MyCrypto intends to publicly disclose third parties with whom it has formed relations without compromising security, violating the terms of any legally binding agreement required to procure such services, or in any other way that may compromise our Services' safety, usability, or efficiency.
MyCrypto's Services utilize anonymous information through small data files known as "cookies," which are stored in a User's local browser. This allows for a browser to act in favorable ways based on previous activity. For example, they may be used to ensure our Services are presented in your preferred language, ensure your browser points to your preferred node, to ensure you have completed certain onboarding steps, or for other enhanced performance features not contemplated by this Policy.
We specifically utilize localStorage for the storage of these pieces of data and, as such, this information is only stored in a User's browser, not on our servers, and may be deleted by a user at any time by clearing his or her browser's cache. Unlike traditional cookies, these pieces of data are not sent to the server with each request. Additionally, we do not utilize "tracking cookies."
The following is a list of some of those third parties who may obtain User information, as well as links to their relevant information practices documents. MyCrypto shall make reasonable efforts to keep this list as up-to-date as possible:
Users may use other third-party services while visiting MyCrypto's services to connect to, access, or otherwise interact with the blockchain(s):
- Parity (used for UI Signer): Parity Technologies Limited's Legal Documentation
- WalletConnect: WalletConnect's Technical Documentation
- ShapeShift: ShapeShift AG's Terms of Service (includes Privacy and Transparency Statement)
- Etherscan.io: Etherscan.io's Terms of Service
The above list only includes third-party providers whose information practices we could obtain after reasonable research and solicitation. Please be aware that the use of any non-listed third-party services (such as alternate node providers, even via the "AUTO" selection) is at the User's risk own discretion, and (like any other third-party services) MyCrypto will not be liable to Users for any use or harm caused by the use of those products as permitted by law.
If required by a subpoena or court order, MyCrypto will share personal information with law enforcement agencies in order to comply with legal requirements. MyCrypto will make reasonable efforts to notify any subjects of such informational disclosure as is permitted by law. MyCrypto may disclose your personal information to the appropriate legal authorities should we deem it necessary to prevent and/or report physical harm, violations of our Terms of Service, and/or illegal activities. This includes complying with regulations to prevent money laundering and terrorist activities.