Privacy Policy

The data we handle depends on how you choose to use the platform. Below is a detailed breakdown of the categories involved.

Every piece of information we handle serves a specific operational purpose. We do not collect data speculatively or “just in case.” The purposes include:

Operating core platform features: account setup, login, wallet linking, token creation, and trade execution. Delivering transactional messages that you initiate or that are triggered by your actions, such as verification codes, password resets, and authentication prompts. Identifying and responding to security threats, unauthorized access attempts, and abusive behavior. Upholding the rules set out in our Terms of Service. Satisfying legal requirements, regulatory inquiries, and law enforcement requests where applicable. Strengthening the platform through analysis of aggregated, non-identifying usage trends.

We do not engage in advertising. We do not send promotional content. We do not build behavioral profiles. We do not monetize your data in any form. We do not track your movements across the internet.

The way we protect data is not an afterthought. It is embedded in every layer of the system from the ground up.

Passwords are processed through bcrypt with a high computational cost factor, transforming them into irreversible hashes before they ever touch a database. Even our own engineering team cannot recover or view a password once it has been set.

Private keys and seed phrases are encrypted entirely on your device before transmission. The encryption uses Argon2id, a memory-hard key derivation function designed to resist GPU and ASIC attacks, paired with AES-256-GCM authenticated encryption. The resulting ciphertext is what our servers store. We never see, handle, or have the ability to reconstruct the original data. Your Vault Key, which is the decryption password, exists only in your memory and temporarily in your browser during active use. It is never sent to our servers.

This design is known as zero-knowledge encryption. If our entire server infrastructure were compromised, the attacker would obtain only encrypted blobs that are computationally infeasible to decrypt without the Vault Key that only you possess.

Two-factor authentication secrets stored on our servers are further protected with AES-256-GCM encryption using server-managed keys. Session tokens have a fixed lifespan, are scoped to a single browser tab, and are revoked on the server when you sign out. Sensitive vault data is hosted on physically separate infrastructure with restricted network access and non-privileged database credentials.

No security system is infallible. We implement industry-leading practices, but we cannot provide an absolute guarantee against every conceivable threat. We strongly encourage you to enable two-factor authentication, choose a strong Vault Key, and maintain offline backups of your private keys in a secure location.

We take a fundamentally different approach to browser storage than most platforms. We do not deploy tracking cookies, advertising pixels, analytics scripts, or any technology designed to follow your behavior across the web. We do not integrate with Google Analytics, Meta Pixel, Hotjar, Mixpanel, or any equivalent service. We do not participate in data exchanges, advertising auctions, or retargeting networks.

Our platform uses sessionStorage to maintain your login state during an active session. This data is automatically erased the moment you close the tab. We use localStorage for two specific purposes: storing your encrypted wallet information and remembering your visual theme preference. Neither of these involves transmitting data to external parties.

Because we do not set cookies, browser-based cookie management tools and “Do Not Track” headers have no practical effect on our platform. There is nothing to block because there is nothing tracking you.

Your data is not a product. We do not sell it, license it, trade it, or make it available to third parties for their own commercial gain under any circumstances.

Every transaction processed through the Solana blockchain is recorded on a public, distributed ledger. This includes token creation events, trades, transfers, and fee distributions. These records are permanent, immutable, and visible to anyone with network access. We have no ability to alter, redact, or remove blockchain entries. This transparency is a core design principle of decentralized systems, not a limitation imposed by Teleport.spot.

Before conducting any on-chain activity, consider that your wallet address and every transaction linked to it will be publicly observable indefinitely.

Different types of data serve different purposes and are retained accordingly:

Account records, including your email and hashed credentials, persist for the lifetime of your account. Encrypted vault entries, including protected private keys and seed phrases, remain stored as long as the corresponding wallet is active in your account. Security audit logs that record the nature and timing of vault-related actions are preserved for up to five years to support forensic analysis and fraud investigation. Rate-limiting and abuse-prevention records, including IP-based access logs, may be held for up to twelve months. Transactional emails and temporary verification codes are discarded after delivery and expiration.

You may delete individual wallets and their encrypted vault data at any time from within the platform. For full account deletion, contact us through our official channels. We will honor such requests within a reasonable period, subject to any legal holds or compliance requirements that may apply.

On-chain data is permanent and cannot be deleted by any party.

Our servers are located in Europe. If you access the platform from a different region, your data may cross international boundaries during transmission and storage. By using the Services, you acknowledge and accept this. We apply consistent security and privacy standards to all data regardless of where it originates or where it is processed.

For users in the European Economic Area or the United Kingdom, we rely on recognized legal mechanisms, including standard contractual clauses, to govern international data transfers where required by applicable data protection regulations.

Depending on where you live, you may hold certain legal rights over your personal information. While the specifics vary by jurisdiction, these commonly include:

The right to know what data we hold about you. The right to request that inaccurate records be corrected. The right to ask that your data be deleted, where legally permissible. The right to limit or object to specific forms of data processing. The right to receive a copy of your data in a structured, portable format. The right to withdraw previously given consent. The right to file a complaint with a relevant supervisory body.

Exercising your rights will never result in discriminatory treatment. To submit a request, reach out to us via the channels listed at the bottom of this page. Identity verification may be required before we can act on certain requests.

The California Consumer Privacy Act (CCPA) grants California residents specific privacy entitlements. In the interest of transparency: we have not sold personal information in the preceding twelve months and have no intention of doing so. We do not share personal data for cross-context behavioral advertising. We have no knowledge of selling or sharing information belonging to individuals under sixteen.

California residents may exercise their rights to know, delete, correct, and opt out of the sale or sharing of personal information by contacting us through the channels provided below.

The Services are designed for adults. No part of our platform is directed at individuals under eighteen years of age. We do not knowingly solicit or retain data from minors. If we discover that information has been collected from someone under eighteen, we will act promptly to remove it. Parents or guardians who believe their child has submitted information to us should contact us immediately.

This document may be revised periodically to reflect changes in our operations, applicable regulations, or industry standards. When updates are made, the date at the top of this page will be adjusted accordingly. For material changes that affect how your data is collected, used, or disclosed, we will make reasonable efforts to notify you through the platform.

Continuing to use the Services after a revision takes effect signals your acceptance of the updated Policy. If the changes are not acceptable to you, we ask that you stop using the Services.

For questions, concerns, or formal requests related to this Privacy Policy or the handling of your data, please contact us through our verified channels on X (Twitter), Telegram, and Discord. Links to these channels are available in the platform sidebar.