Privacy Policy

Last updated: 2026-04-22

Driftwatch is non-custodial and designed to collect the minimum data needed to deliver position alerts. We never collect your private keys, we never ask for personal identification, and we never sell data to anyone.

What we store

Your Telegram user ID — so we can DM you alerts.
Solana wallet addresses you submit — public on-chain identifiers, used to look up your positions.
Alert preferences — your configured ranges, thresholds, and notification settings.
Rebalance transaction history — signatures of transactions Driftwatch has helped you sign, for support and audit purposes.
Referral relationships — which user referred which other user (Telegram IDs only).

All of the above is stored in a local SQLite database on our server. It is not shared with any third party.

What we do NOT store

Private keys or seed phrases — we have no way to receive or store these. You sign every transaction in your own wallet.
Email addresses, phone numbers, or real names.
IP addresses, user agents, or browser fingerprints on disk. Incoming request IPs are held only in an in-memory counter used to rate-limit abusive clients and are discarded when the service restarts.
Cookies or advertising identifiers. Driftwatch does not use third-party analytics or ad trackers.

Third-party services

To operate, Driftwatch sends requests to:

Solana RPC providers (Syndica, Helius, Chainstack) — to read on-chain account data. These providers see the wallet addresses being queried but not who owns them.
Telegram — to deliver bot messages. Telegram's own privacy policy governs data in transit.
Phantom / Solana wallets — when you sign a transaction. Driftwatch does not observe your signing activity beyond receiving the public transaction signature after submission.

Rebalance signing page

When you click a rebalance link, the signing page at driftwatch.xyz/sign/<id> receives: your wallet public key (so we can build the transaction for you), the position address you are rebalancing, and the tick range you selected. No private information is transmitted.

Data retention

Active user records: kept while your account is active.
Transaction signatures: kept indefinitely (they are already public on-chain).
Rate-limit counters: in-memory only, discarded on service restart.

Deletion

Send /delete to @driftwatchbot and confirm. This immediately purges your Telegram ID, watched wallet addresses, bot-managed wallets, settings, and referral records from our database. On-chain transaction history cannot be deleted because it lives on Solana, not on our server.

Security

All traffic uses HTTPS (TLS 1.2+).
Server is on a dedicated VPS with SSH-key-only access.
No admin panel exposes user wallets or alert history externally.

Changes to this policy

If we change this policy we will update the date at the top and notify active users in Telegram. Continued use of the bot after a change constitutes acceptance.

Bottom line. We store your Telegram ID and the wallet addresses you tell us to watch. We never touch your keys or tokens. We do not sell, rent, or share your data. Ask us to delete it any time.

Contact

Questions: @driftwatchbot on Telegram.