Last updated: April 18, 2018
MyCrypto values your privacy and security and actively works to collect as little of your personal data and information as possible. Nonetheless, any company providing publicly available services on the internet will inevitably collect information about those who it interacts with or those who utilize its services (“Users”) through its normal business operations.
Due to the inherent transparency of some blockchains, transactions you broadcast via MyCrypto may be publicly accessible. This includes (but is not limited to) your public sending address, the public address of the receiver, the amount sent, and any other data you may chose to include. Information stored on a blockchain may be public, immutable, and not easily removed or deleted. Your transactions and addresses may reveal information about you and information can potentially be correlated now or in the future by any party who chooses to do so, including law enforcement. Please review how privacy and transparency on the blockchain works.
MyCrypto Collection of Information
MyCrypto’s products are designed to collect as little of your information as possible. MyCrypto does not have user accounts, and it collects very little identifying information in our systems. Private keys, encryption passwords, and all other information necessary to operate our products are owned, controlled, managed, and possessed by Users (unless they opt to utilize another service or product which would be completely outside of our control), and never touch our servers or systems. This section explains how MyCrypto collects information through its delivery of the Services.
MyCrypto Key Interface
MyCrypto.com’s wallet interface (including key-pair generator and unlocking functionality) never records nor transmit any of your private keys or encryption passwords. All information is entered and processed by your device, so MyCrypto, its employees, and its servers never have the opportunity to collect your private key, encryption password, or other related information.
If you choose to unlock your wallet via a third-party service, such as MetaMask, Ledger, TREZOR, or the Parity Signer you are subject to their terms and policies (below).
MyCrypto Nodes & APIs
Users have four node-provider options when using our services:
- Third-Party Provided Nodes - Users may select to use MyCrypto third services through third-party provided nodes. This causes a User’s interface to directly interact with the third-party provider’s systems and APIs without any interaction with our systems (beyond those that typical of all nodes processing a blockchain). MyCrypto is not aware of the privacy policies of all of these third-party providers; the ones we have found are listed below.
- “Auto” Node Selection - Users may also select the “Auto” setting, which would automatically broadcast to the most appropriate node(s) based on node-load and other factors, whether provided by MyCrypto or a third-party service. Information from users providing this option will be subject to one of the two above information collection policies depending on which node their transaction is processed through.
Users interested in extra security and privacy and/or do not wish their public address or non-personally identifiable information to be routed through MyCrypto-provided nodes, MyCrypto’s wallet services can be run offline to generate private keys and to send Ether or other cryptocurrency transactions.
Using your own node ensures transactional data never touches MyCrypto, nor any other entity’s nodes, and avoids any data collection as outlined in this sub-section.
The website and other MyCrypto server-side functions are hosted on a third-party website hosting partner and employs third-party security and functionality services. While MyCrypto and its third-party providers may collect limited information as is standard and appropriate to secure our Services and provide the best user experience, no content associated with such information is stored. For example, we do not store information in a way that can track a private key or public address to a specific IP address or username.
Email, Telephone, or Other Two-Way Communications
MyCrypto prides itself in its frequent contact with Users and the community. These two-way communications may occur via telephone, email, in-person, Slack, Telegram, reddit, text message, voicemail, Signal, Wickr, Facebook (and/or Messenger), Twitter, written letter, or any other method. Records of these conversations may be kept in written, recorded, or digital form, as permitted by law, in a manner that is reasonably necessary for MyCrypto to perform its business operations effectively. Emails will never be kept longer than one (1) year, though they may be deleted sooner for security or other purposes Other two-way communications will be stored consistent with this Policy. Nothing in this section should be construed as guaranteeing that communications records will be kept for any amount of time, if at all.
MyCrypto relies on social media as a primary means of communicating with its community and Users. We do not generally delete communications and other information shared on social media, though we reserve the right to do so for any reason without warning. We also do not generally save these communications offline, though we reserve the right to do so for any reason or no reason, and without warning.
- MyCrypto's Twitter
- MyCrypto's Facebook
- MyCrypto's Subreddit
- MyCrypto's Github
- MyCrypto's Medium
- MyCrypto's Instagram
- MyCrypto's Discord
- MyCrypto's LinkedIn
Storage of Information
MyCrypto follows responsible data storage methods and protocols consistent with blockchain and crypto-asset wallet industry standards. We use a network of computers, cloud-based servers, and other information technology to provide our Services and store your personal information. We protect your information using the latest technology and best practices for technical and administrative security. These best practices include firewalls, narrowly-tailored internal breach recognition and notification procedures, data encryption, and controlled employee and third-party access to our information databases.
We use what little data and information collected by our Services to provide more enjoyable and efficient user experience. Any of this data and information will be destroyed/deleted after a reasonable period of time (if not sooner). We reserve all rights to determine “reasonability” at our sole discretion, as is consistent with the rest of this Policy and/or is required by law.
Given the small amount of information that we do collect and our best data storage and security practices, it is relatively unlikely that a data breach may occur against MyCrypto that would affect User personally identifiable information. Nonetheless, the realities of operating a service online dictate that a nonzero-chance exists of such a breach. In the case of such an event, we will use our official Twitter and subreddit and other social media as a formal means of notifying the community (as we do not have user accounts and associated email addresses). We also use these channels to notify the community of any other prominent security issues in the Ethereum and crypto ecosystems at large (regardless if they directly relate to MyCrypto). Thus, we highly recommend you follow those resources and check them frequently for up-to-date information.
Use of Information
MyCrypto never sells any of its collected information to third-parties. MyCrypto may, from time to time, share information with third-party vendors in order to efficiently and effectively provide its Services. MyCrypto makes no guarantee and takes no responsibility as to those entities’ privacy and data utilization practices. We reserve all rights to determine which data is necessary to share with third-party vendors to effectively and efficiently provide our Services at our sole discretion. MyCrypto intends to publicly disclose third-parties with whom it has formed relations without compromising security, violating the terms of any legally binding agreement required to procure such services, or in any other way that may compromise our Services’ safety, usability, or efficiency.
MyCrypto’s Services utilize anonymous information through small data files known as “cookies,” which are stored in a User’s local browser. This allows for a browser to act in favorable ways based on previous activity. For example, they may be used to ensure our Services are presented in your preferred language, ensure your browser points to your preferred node, to ensure you have completed certain onboarding steps, or for other enhanced performance features not contemplated by this Policy.
We specifically utilize localStorage for the storage of these pieces of data and as such this information is only stored in a User’s browser, not on our servers, and may be deleted by a user at any time by clearing his or her browser’s cache. Unlike traditional cookies, these pieces of data are not sent to the server with each request.
The following is a list of some of those third parties who may obtain User information (and under what conditions) as well as links to their relevant information practices documents. MyCrypto shall make reasonable efforts to keep this list as up-to-date as possible:
Users may use other third-party services while visiting MyCrypto’s services to connect to, access, or otherwise interact with the blockchain(s):
Parity (used for UI Signer)
- Parity Technologies Limited's Legal Documentation
Affiliate Marketing and Service Partnerships
- ShapeShift AG's Terms of Service (includes Privacy and Transparency Statement)
Alternate Node Providers
- Etherscan.io's Terms of Service
- CryptoCompare (used for pricing API)
Blockscale (used as an alternate node provider and for the Gas Price API)
The above list only includes third-party providers whose information practices we could obtain after reasonable research and solicitation. Please be aware that the use of any non-listed third-party services (such as alternate node providers) are at the User’s own discretion, are never selected as the default for use of MyCrypto’s Services, and (like any other third-party services) MyCrypto will not be liable for any use or harm caused by the use of those products as permitted by law.
Notwithstanding the above, some third-party relationships (including, but not limited to, webhosting or DDoS prevention services) may require confidential relationships and data disclosure practices due to emergent security or other practical concerns, and therefore are not listed in this Policy. MyCrypto reserves the right to determine whether confidentiality is necessary, and, if so, how to operate in such circumstances at its own discretion. Nonetheless, no such relationship will involve knowingly disclosing personally identifiable information for marketing purposes or in any other way inconsistent with this Policy.
Law Enforcement Purposes
If required by a subpoena or court order, MyCrypto will share personal information to law enforcement agencies in order to comply with legal requirements. MyCrypto will make reasonable efforts to notify any subjects of such informational disclosure as is permitted by law. MyCrypto may disclose your personal information to the appropriate legal authorities should we deem it necessary to prevent and/or report physical harm, violations of our Terms of Service, and/or illegal activities. This includes complying with regulations to prevent money laundering and terrorist activities.