โ—Ž legal ยท privacy policy

privacy policy

tl;dr โ€” we collect the minimum we need to run the service: your NEAR account id or X username if you signed in, your posts, your trades, and standard request logs. we do not sell your data. you can export your trading wallet seed and delete your account any time. the long version is below.

effective ยท January 15, 2026 ยท last updated ยท January 15, 2026

1. who this applies to

This Privacy Policy describes how Readers Cook ("we," "us," "our") collects, uses, shares, and protects information when you use readerscook.xyz, our Telegram bot, and related services (together, the "Service").

By using the Service you agree to the practices described here. For the legal contract that governs your use of the Service, see our Terms of Service.

2. information we collect

We collect the following categories of information:

a) information you provide directly

  • NEAR account ID โ€” the public account id of the wallet you use to sign in (e.g., alice.near).
  • X (Twitter) profile data โ€” if you sign in with X or link your X handle, we receive your public X username, display name, and profile picture URL from X via OAuth 2.0. We do not receive your X password.
  • Profile information โ€” display name, bio, avatar emoji, preset trade amounts, and rewards-payout NEAR account you optionally set in Settings.
  • User content โ€” posts, replies, likes, follows, and community claims you author.
  • Telegram identifiers โ€” if you link a Telegram group to the bot, we receive the chat ID, group title, and the identifiers of admins who interact with the bot.

b) information generated by your use of the Service

  • Trading wallet โ€” when you first sign in we generate a fresh NEAR implicit account on your behalf. We store the implicit account id, the public key, and an encrypted copy of the seed phrase (AES-GCM, key under our control). You can export and revoke this at any time.
  • Trade records โ€” for each swap you route through the Service we store the token contract, side (buy/sell), input and output amounts, slippage, timestamp, and the transaction hash.
  • Referral graph โ€” the NEAR account that referred you (if any), pinned at first sign-in.
  • Session cookies โ€” a single HMAC-signed session cookie (rc_session) for sign-in state, and short-lived one-shot cookies for OAuth flows.
  • Request logs โ€” standard server logs including IP address, user-agent, timestamp, and the path requested, retained for up to 30 days for security and debugging.

c) information from public sources

  • We pull public on-chain data (token metadata, prices, holder counts, transaction history) from the NEAR blockchain and from third-party indexers including NEARBlocks and FastNEAR.
  • We pull public token-market data (e.g., NEAR/USD price) from CoinGecko and similar oracles.
  • When you link an X handle to the Service, we may fetch public posts from that handle to display in feeds and to send to your linked Telegram group, as you authorize.

3. how we use information

We use the information described above to:

  • operate, maintain, and improve the Service;
  • authenticate you, prevent fraud and abuse, and enforce our Terms of Service;
  • route swaps you initiate to public on-chain liquidity venues and record those trades against your account so we can show your bag, history, and referral earnings;
  • calculate and distribute referral payouts to the NEAR accounts configured by upstream referrers;
  • display you (handle, avatar, posts, public trade activity) in the social feed, leaderboards, and community pages of the Service;
  • communicate with you about service updates, security, and (if you opt in) product news;
  • comply with legal obligations and respond to lawful requests.

5. how we share information

We do not sell your personal information. We share it only in the following circumstances:

  • Service providers โ€” companies that host or operate infrastructure for us, including Vercel (hosting + edge), Supabase (database), Cloudflare R2 (object storage), and a NEAR RPC provider (e.g., FastNEAR). These providers are bound by contractual confidentiality obligations and may only process data on our instructions.
  • On-chain venues โ€” when you initiate a swap, the transaction is sent to the NEAR network and is publicly visible on-chain by design. Your trading-wallet implicit account id and the transaction details are permanently recorded on the public blockchain.
  • X (Twitter) and Telegram โ€” when you authorize OAuth or install the bot, those platforms process your interactions under their own privacy policies.
  • Legal โ€” to comply with a valid legal process, enforce our Terms, protect the rights, property, or safety of users or the public, or investigate fraud or security issues.
  • Business transfers โ€” in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality obligations.

6. data received from X (Twitter)

If you authorize the Service with X via OAuth 2.0, we receive only the public profile fields scoped by the permissions you grant โ€” currently your username, display name, profile picture URL, and the X user id. We do not receive or store your X password, your email on file with X, or any private messages.

We store the X username on your Readers Cook user record and use it to render your identity throughout the Service. We do not re-share data sourced from X with other third parties beyond what is necessary to render it inside the Service (e.g., serving the profile picture via our CDN).

You can revoke our X access at any time from twitter.com โ†’ Settings โ†’ Apps and sessions โ†’ Connected apps. After revoking, we stop receiving updates from X; previously received fields remain on your user record until you delete your Readers Cook account.

7. cookies and similar technologies

We use a small, fixed set of cookies:

  • rc_session โ€” HMAC-signed session token, HttpOnly + Secure + SameSite=Lax, 7-day lifetime. Required for sign-in.
  • x_oauth_*, x_login_* โ€” short-lived (10 minute) PKCE flow cookies that allow us to complete X OAuth round-trips safely.
  • rc_ref โ€” optional cookie storing the referrer who introduced you, set when you arrive via a referral link and consumed at first sign-in.

We do not use third-party advertising cookies, cross-site tracking pixels, or behavioral profiling cookies.

8. retention

We retain personal information for as long as your account is active and for a reasonable period after to comply with legal obligations, resolve disputes, and enforce our agreements. Request logs are retained for up to 30 days unless required longer for security investigations.

On-chain data, including swap transactions originated by your Trading Wallet, is permanent on the NEAR blockchain and cannot be deleted by us or by you. This is a property of public blockchains.

9. your rights

Depending on where you live, you may have the following rights with respect to your personal data:

  • Access โ€” request a copy of the information we hold about you.
  • Correction โ€” request that we correct inaccurate information.
  • Deletion โ€” request that we delete your account and the personal data associated with it. On-chain records cannot be deleted.
  • Portability โ€” request a machine-readable export of your data.
  • Objection / restriction โ€” object to or restrict certain processing.
  • Withdraw consent โ€” withdraw consent for any processing based on consent.
  • Lodge a complaint โ€” with your local data protection authority.

To exercise any of these rights, email us at hello@readerscook.xyz. We will respond within 30 days, subject to verification of your identity.

You can also export your Trading Wallet seed phrase yourself from Settings โ†’ Trading wallet at any time, and you can stop using the Service at any time.

10. security

We use commercially reasonable administrative, technical, and physical safeguards to protect personal data, including HTTPS in transit, authenticated symmetric encryption (AES-GCM) for Trading Wallet seed phrases at rest, HMAC-signed session cookies, principle-of-least-privilege database access, and secret rotation on suspected compromise.

No method of transmission or storage is 100% secure. You are responsible for safeguarding your sign-in materials and any exported seed phrases.

11. international transfers

Our service providers are located in the United States and the European Union. By using the Service you consent to your information being transferred to and processed in those jurisdictions, which may have data-protection laws different from those in your jurisdiction. Where required, we rely on appropriate safeguards such as standard contractual clauses.

12. children

The Service is not directed to children under 18. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, please contact us at hello@readerscook.xyz and we will delete it.

13. changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "last updated" date at the top of this page. Material changes will be communicated through the Service.

14. contact us

For questions about this Privacy Policy or to exercise your rights, email us at hello@readerscook.xyz.

see also ยท terms of service ยท docs