Last updated: May 13, 2019
MyCrypto values your privacy and security and actively works to collect as little of your personal data and information as possible. Nonetheless, any company providing publicly available services on the internet will inevitably collect information about those who it interacts with or those who utilize its services ("Users") through its normal business operations.
The terms "us," "we," or "our" refer to MyCrypto.
Due to the inherent transparency of some blockchains, transactions you broadcast via MyCrypto may be publicly accessible. This includes, but is not limited to, your public sending address, the public address of the receiver, the amount sent, and any other data you may choose to include. Information stored on a blockchain may be public, immutable, and not easily removed or deleted. Your transactions and addresses may reveal information about you and information can potentially be correlated now or in the future by any party who chooses to do so, including law enforcement. Please review how privacy and transparency on the blockchain works.
MyCrypto Collection of Information
MyCrypto's products are designed to collect as little of your personal information as possible while effectively meeting user needs and efficiently running our business. MyCrypto does not sell any information or data that it does happen to gather to third party, nor does it release such information except as stated in this policy. MyCrypto does not have user accounts, and it collects very little identifying information in our systems. Private keys, encryption passwords, and all other information necessary to operate our products are owned, controlled, managed, and possessed by Users (unless they opt to utilize another service or product which would be completely outside of our control), and never touch our servers or systems. This section explains how MyCrypto collects information through its delivery of the Services.
MyCrypto Key Interface
MyCrypto.com's wallet interface (including key-pair generator and unlocking functionality) never records nor transmit any of your private keys or encryption passwords. All information is entered and processed by your device, so MyCrypto, its employees, and its servers never have the opportunity to collect your private key, encryption password, or other related information.
If you choose to unlock your wallet via a third-party service, such as MetaMask, Ledger, TREZOR, or the Parity Signer you are subject to their terms and policies (below).
MyCrypto Nodes & APIs
Users have default node-provider options when using our services:
- Third-Party Provided Nodes - Users may select to use MyCrypto third services through third-party provided nodes. This causes a User's interface to directly interact with the third-party provider's systems and APIs without any interaction with our systems (beyond those that typical of all nodes processing a blockchain). MyCrypto is not aware of the privacy policies of all of these third-party providers; the ones we have found are listed below.
- "Auto" Node Selection - The "Auto" setting is available to automatically interact with the most appropriate node(s) based on node-load and other factors, whether provided by MyCrypto or a third-party service. Information from users selecting this option will be subject to one of the two above information collection policies depending on which node their transaction is processed through.
Users interested in extra security and privacy and/or do not wish their public address or non-personally identifiable information to be routed through the provided node settings, MyCrypto's wallet services can be run offline to generate private keys and to send Ether or other cryptocurrency transactions.
Using your own node ensures transactional data never comes in contact with MyCrypto, nor any other entity's nodes, and avoids any data collection as outlined in this sub-section.
Some MyCrypto products have server-side functions that are hosted by a third-party provider and employ third-party security and functionality services. While MyCrypto and its third-party providers may collect limited information as is standard and appropriate to secure our Services and provide the best user experience, no personally identifiable information content associated with such information is stored. For example, we do not store information in a way that can track a private key, public address, or inputted transaction to a specific IP address or username.
Some MyCrypto products collect minimal usage analytics on the client-side in order to better understand how people are using the product. We use an open-source analytics platform called Matomo (previously Piwik), which we host on our own servers and have customized extensively to limit the information gathered. This ensures no third-party, including Matomo, has access to your data. We protect your information using the latest technology and best practices for technical and administrative security. This data is not personally identifiable and is collected solely to improve our products.
Some examples of data we do collect:
- Date and time of the request
- Title of the page being viewed (Page Title)
- URL of the page being viewed (Page URL)
- URL of the page that was viewed prior to the current page (Referrer URL)
- Screen resolution being used
- Time in local user's timezone
- Files that were clicked and downloaded
- Links to an outside domain that were clicked
- Pages generation time (the time it takes for webpages to be generated by the webserver and then downloaded by the user, also known as "page speed")
- Main Language of the browser being used
- What page a user was on when they clicked the "Help & Support" link
Some examples of data we do not collect:
- IP addresses
- Cryptocurrency addresses
- Cryptocurrency balances
- When or if a user previously visited the product
- Mouse movements, clicks, scrolls
We do not utilize any tracking cookies. All visits and actions raw data are automatically deleted after 90 days. Only monthly and yearly aggregate reports are kept after 90 days.
You can learn about how dedicated Matomo is to creating an open-source analytics platform that enables companies, like MyCrypto, to respect users' privacy here, here, and here.
MyCrypto Email, Telephone, or Other Two-Way Communications
MyCrypto prides itself in its frequent contact with Users and the community. These two-way communications may occur via telephone, email, in-person, Slack, Telegram, Discord, reddit, text message, voicemail, Signal, Wickr, Facebook (and/or Messenger), Twitter, written letter, or any other method. Records of these conversations may be kept in written, recorded, or digital form, as permitted by law, in a manner that is reasonably necessary for MyCrypto to perform its business operations effectively.
Emails sent to firstname.lastname@example.org are automatically destroyed after one year, though they may be deleted sooner for security or other purposes. Other two-way communications will be stored consistent with this Policy. Nothing in this section should be construed as guaranteeing that communications records will be kept for any amount of time, if at all.
MyCrypto loves finding as many channels to communicate with its users and community. We use Mailchimp to create and send the MyCrypto Newsletter. You can sign up for our Newsletter to keep up with our developments by submitting your email address to the sign-up form in the footer of MyCrypto.com, or via this page. Email addresses collected through our Newsletter submission form will only be used for the purpose of sharing relevant information about our products and services with subscribers. Email addresses will not be shared with nor sold to any third-party. If you would like to unsubscribe from our Newsletter at any time, you can do so by clicking the "Unsubscribe" button that is found within the emails that are sent from MyCrypto or via this page.
MyCrypto relies on social media as a primary means of communicating with its community and Users. We do not generally delete communications and other information shared on social media, though we reserve the right to do so for any reason without warning. We also do not generally save these communications offline, though we reserve the right to do so for any reason or no reason, and without warning.
- MyCrypto's Twitter and MoneroVision's Twitter and CryptoScamDB's Twitter
- MyCrypto's Facebook and MoneroVision's Facebook and CryptoScamDB's Facebook
MyCrypto's MailChimp (Newsletter)
EtherScamDB / CryptoScamDB
EtherScamDB.info and CryptoScamDB.org were created to gather and analyze data that can be shared with various projects, law enforcement agencies, and related organizations to prevent and terminate phishing, theft, and scams, assist in identifying and potentially leading to the arrest of these scams’ operators, as well as generally protecting users in the cryptocurrency ecosystem.
EtherScamDB.info and CryptoScamDB.org are unique from other MyCrypto products in that they offer a "report" functionality. This allows any person to make a report (collectively these are the "Raw Reports") regarding items such as suspicious website URLs, suspicious cryptocurrency addresses, and scams being propagated via social media, or to report that their own cryptocurrencies have been stolen.
Depending on the circumstances, people using the "report" functionality may be prompted to provide:
- Their cryptocurrency public address
- The cryptocurrency public address they sent funds to
- Website(s) visited
- Suspicious website URLs
- Suspicious cryptocurrency public addresses
- Additional information the user wishes to share
These Raw Reports are sent and stored in a MyCrypto communications channel, and some of the data is mirrored to a MongoDB server hosted by mLab. These reports are generally not immediately deleted but marked as processed. We aim to destroy any reports containing sensitive or personal information as soon as possible. However, there are instances when deletion may take longer than expected.
These reports may be kept in digital form, as permitted by law, and kept in a manner that is reasonably necessary for the CryptoScamDB team to perform its business operations effectively. The information gathered via the Raw Reports is used to create and maintain various databases of aggregate information (the "Aggregate Data").
The Raw Reports are normally not shared with, nor sold to any third party without the explicit written permission of the reporter. However, Raw Reports may be shared with a third party as is required under applicable laws or regulations, or as is deemed necessary by MyCrypto to best fulfill its goal of protecting the safety and security of Users across the cryptocurrency space.
The Aggregate Data, analyses of suspicious website URLs, and analyses of suspicious cryptocurrency public addresses are published to a public database that is accessible by anyone via:
or related forks of these repositories.
These website URLs and public addresses are sourced in part from the Raw Reports. MyCrypto takes reasonable measures to confirm the accuracy and validity of the reports, but does not accept responsibility nor liability for the information in these databases. Any person or entity accessing these reports should treat them as public information, and should take additional measures to confirm the information contained in the databases.
Users should be aware that providing information such as their public address, websites visited, or other details may be personally identifiable. While we aim to prevent and/or immediately destroy any irrelevant or sensitive personal information, it is at the User's sole discretion to provide this information. Note that MyCrypto is not liable for any information submitted by the User, and the User submits such information at her or his own risk.
If at any time you wish to have your Raw Report destroyed, please send a request to email@example.com. The MyCrypto team will endeavor to destroyed in a timely manner.
Storage of Information
MyCrypto follows responsible data storage methods and protocols consistent with blockchain and crypto-asset wallet industry standards. We use a network of computers, cloud-based servers, and other information technology to provide our Services and store your personal information. We protect your information using the latest technology and best practices for technical and administrative security. These best practices include firewalls, narrowly-tailored internal breach recognition and notification procedures, data encryption, and controlled employee and third-party access to our information databases.
We use what little data and information collected by our Services to provide more enjoyable and efficient user experience. Any of this data and information will be destroyed/deleted after a reasonable period of time (if not sooner). We reserve all rights to determine "reasonability" at our sole discretion, as is consistent with the rest of this Policy and/or is required by law.
Given the small amount of information that we do collect and our best data storage and security practices, it is relatively unlikely that a data breach may occur against MyCrypto that would affect User personally identifiable information. Nonetheless, the realities of operating a service online dictate that a nonzero-chance exists of such a breach. In the case of such an event, we will use our official Twitter, subreddit, and other social media as a formal means of notifying the community (as we do not have user accounts and associated email addresses). We also use these channels to notify the community of any other prominent security issues in the Ethereum and crypto ecosystems at large (regardless if they directly relate to MyCrypto). Thus, we highly recommend you follow those resources and check them frequently for up-to-date information.
Use of Information
MyCrypto never sells any of its collected information to third-parties. MyCrypto may, from time to time, share information with third-party vendors in order to efficiently and effectively provide its Services. MyCrypto makes no guarantee and takes no responsibility as to those entities' privacy and data utilization practices. We reserve all rights to determine which data is necessary to share with third-party vendors to effectively and efficiently provide our Services at our sole discretion. MyCrypto intends to publicly disclose third-parties with whom it has formed relations without compromising security, violating the terms of any legally binding agreement required to procure such services, or in any other way that may compromise our Services' safety, usability, or efficiency.
MyCrypto's Services utilize anonymous information through small data files known as "cookies," which are stored in a User's local browser. This allows for a browser to act in favorable ways based on previous activity. For example, they may be used to ensure our Services are presented in your preferred language, ensure your browser points to your preferred node, to ensure you have completed certain onboarding steps, or for other enhanced performance features not contemplated by this Policy.
We specifically utilize localStorage for the storage of these pieces of data and as such this information is only stored in a User's browser, not on our servers, and may be deleted by a user at any time by clearing his or her browser's cache. Unlike traditional cookies, these pieces of data are not sent to the server with each request. Additionally, we do not utilize "tracking cookies".
The following is a list of some of those third parties who may obtain User information as well as links to their relevant information practices documents. MyCrypto shall make reasonable efforts to keep this list as up-to-date as possible:
Users may use other third-party services while visiting MyCrypto's services to connect to, access, or otherwise interact with the blockchain(s):
Affiliate Marketing and Service Partnerships
Alternate Node Providers
The above list only includes third-party providers whose information practices we could obtain after reasonable research and solicitation. Please be aware that the use of any non-listed third-party services (such as alternate node providers, even via the "AUTO" selection) are at the User's risk own discretion, and (like any other third-party services) MyCrypto will not be liable to Users for any use or harm caused by the use of those products as permitted by law.
Law Enforcement Purposes
If required by a subpoena or court order, MyCrypto will share personal information to law enforcement agencies in order to comply with legal requirements. MyCrypto will make reasonable efforts to notify any subjects of such informational disclosure as is permitted by law. MyCrypto may disclose your personal information to the appropriate legal authorities should we deem it necessary to prevent and/or report physical harm, violations of our Terms of Service, and/or illegal activities. This includes complying with regulations to prevent money laundering and terrorist activities.