Privacy Policy
Privacy Hood is built to reveal as little about you as technically possible. This policy explains what we do — and, just as importantly, do not — collect when you use the protocol, the website, and the card product.
Our approach
Privacy is the product. Privacy Hood is a non-custodial privacy protocol on Robinhood Chain: there is no sign-up, no username, no password, and no email required to send funds or hold a balance. We designed the system so that we cannot see your transaction amounts, your counterparties, or your balances — and neither can anyone reading the public ledger.
This policy applies to the Privacy Hood website and hosted interface (the “Interface”) and the optional card product. It does not, and cannot, change how public blockchains work — see Section 05.
What we do not collect
- No accounts. We do not ask for or store your name, email, phone number, or government ID to use the core send/receive protocol.
- No custody. We never take custody of your funds or your private keys. Your wallet stays in your control at all times.
- No behavioral profiles. We do not build advertising profiles, sell personal data, or track you across other sites.
- No transaction surveillance. The shielded-pool design means transfer amounts and the sender ↔ recipient link are cryptographically hidden from us.
What we do process
Operating the Interface necessarily involves some limited, mostly transient data:
- Public wallet addresses. When you connect a wallet, the Interface reads your public address and on-chain balances to display them and to build transactions. This is public information already on the blockchain.
- Transaction metadata for routing. To route a private send, our relayer and backend temporarily handle the deposit, quote, and delivery details needed to complete the transfer. These are minimized and not linked to your identity.
- Network data. Like any website, our servers and infrastructure providers process IP addresses and standard request logs briefly, for security, rate-limiting, and abuse prevention. We do not use these to de-anonymize transfers.
- Card fulfillment data. If you buy a card, the minimum information required by the card issuer to provision it (for example, an amount and a delivery reference) is processed to complete and deliver the card. See Section 06.
Local storage on your device
Sensitive references that let you retrieve your transfers — such as claim tokens — are stored locally in your browser, on your device, and are not recoverable by us if lost. Clearing your browser storage can permanently disconnect you from a pending transfer or an issued card. We use only the storage and cookies necessary to run the Interface; we do not use third-party advertising cookies.
Public blockchains
Robinhood Chain is a public ledger. On-chain activity — including deposits into and withdrawals from the protocol — is permanent, public, and outside our control. Privacy Hood’s privacy layers (a ZK shielded pool, stealth addresses, and a pooled relayer network) are designed to break the links an observer could otherwise draw, but no privacy technology is perfect. Consider what you publish before you transact.
Third-party services
We rely on a small number of infrastructure providers to run the service:
- RPC and node providers to read and broadcast transactions on Robinhood Chain.
- Hosting and content-delivery providers for the website and API.
- A regulated card issuer that provisions virtual cards. We share only the minimum data needed to fulfill a card order, and their handling of that data is governed by their own terms and privacy policy.
We do not sell your data to any third party, and we do not share it except as needed to operate the service or as required by law.
Data retention
We keep operational data only as long as needed for the purpose it was collected — completing a transfer or card order, preventing abuse, and meeting legal obligations — and then delete or anonymize it. Because most of the protocol is non-custodial and on-chain, there is little off-chain personal data for us to retain in the first place.
Security
We apply industry-standard measures to protect the systems we operate. However, no method of transmission or storage is completely secure, and the non-custodial nature of the protocol means the security of your keys, your device, and your locally stored claim tokens is ultimately your responsibility.
Children
The service is not directed to anyone under 18, and we do not knowingly process data from children. If you believe a minor has used the service, contact us and we will act promptly.
Changes to this policy
We may update this policy as the protocol evolves. Material changes will be reflected by the “Last updated” date above and, where appropriate, announced through our channels. Continued use of the service after an update constitutes acceptance of the revised policy.