Privacy Policy
Last updated: June 22, 2026
This Privacy Policy is published for transparency and may be updated. It is not legal advice to you; using PYRE is at your own risk; consult your own legal and financial advisors. PYRE is unusually privacy-light: there are no accounts, no email, no passwords, and we never link your IP address to your wallet address.
See also the Trust & proof page and the Terms of Service.
1. What PYRE Is, For Privacy Purposes
PYRE (operated by the operators of PYRE; the “Service,” at feedthepyre.com) is a non-custodial Solana wallet-cleanup and meme-rebirth tool. You interact with PYRE solely by connecting a self-custodied Solana wallet. All transactions are constructed unsigned, decoded, shown to you, and signed locally inside YOUR wallet. PYRE never holds, stores, requests, or has access to your private keys, seed phrase, or funds, and never signs on your behalf.
PYRE does not operate accounts. There is no email address, username, password, or profile. Your wallet address is the only identifier we associate with your use of the Service, and that address is already public on the Solana blockchain. This makes PYRE unusually privacy-light: we collect no classic personal information, run no advertising or third-party trackers, and — as a load-bearing design rule enforced by schema (no IP column on the relevant tables) and a CI “two-ledger wall” — we never link your IP address to your wallet address.
A note on Spawn rounds.
PYRE also operates “Spawn” meme-token rounds. For privacy purposes, note that in the current version (“v0”) Spawn launches are operator-trusted (not fully trustless) and contributed funds may pass through an operator-controlled wallet — see the Terms of Service, Section 9, and feedthepyre.com/trust. This Privacy Policy concerns the data PYRE processes; the custody and trust model of Spawn rounds is governed by the Terms.
This policy describes what we do and do not collect, how we use it, the privacy techniques we apply, your rights, and the limits the public blockchain places on those rights. The controller’s formal legal entity, jurisdiction, privacy contact, and any required EU/UK representative will be specified here as PYRE formalizes.
2. Information We Collect (Itemized by Store)
PYRE has no accounts, logins, passwords, names, or email addresses. All data we hold lives in our own database (PostgreSQL) and is limited to the following, each item verified against our migrations and source:
- (a) Cleanup & Essence ledger. For each cleanup you sign: your wallet address (full base58), the transaction signature, the kind of action (close or burn), the rent returned to you and the 5% protocol fee (in lamports), the addresses of the token accounts closed, and which round your contribution belonged to. Each of these facts is also recorded permanently and publicly on the Solana blockchain by the network itself.
- (b) Spawn & distribution records. If a Spawn token is launched from a round you contributed to: the Spawn’s public mint, its metadata URI, its pump.fun URL, the launch transaction, and each contributor’s pro-rata share (your wallet plus a lamport/share amount).
- (c) Pyremancer game state — status-only. Derived ENTIRELY from your public on-chain burns: quest progress (a counter plus updated/claimed timestamps); a referral graph — one row per invited wallet, storing the invited wallet, the inviter’s wallet, the inviter’s share code, and created/qualified timestamps (this inviter↔invitee pairing is NEVER exposed by any read helper — public surfaces show only the inviter’s own qualified count); the highest level you have been shown; and a cosmetic Codex record (the Reborn) per distinct burned mint (wallet, mint, a server-derived cosmetic species label, the confirmed cleanup transaction signature for the first sighting, and a first-seen timestamp). Every wallet, mint, and transaction signature here is also public on-chain. These tables hold no IP and no user-agent, are walled off from all economic logic by a CI-enforced “two-ledger wall,” never touch funds, and are never used in any economic decision.
- (d) Web Push subscriptions — only if you opt in. The browser-provided push-endpoint URL, the two Web Push encryption keys your browser generates (p256dh and auth), the wallet you opted in with (used only to address notifications to you), and the time you subscribed. There is no IP column. See Section 9.
- (e) Anonymous product analytics. See Section 6.
- (f) Terms acceptance. When you affirmatively accept these Terms and this Privacy Policy via the in-app acceptance prompt, we record the wallet you accepted with, the version of the Terms you accepted, and the minute you accepted (coarsened — no finer timestamp). There is no IP column, and one row exists per wallet per Terms version.
We also note browser-local data that NEVER reaches our servers (Section 8): your local cleanup history, visual-effects preferences, and any optional custom RPC endpoint you enter all stay in your browser’s storage.
3. Information We Do NOT Collect
We do not collect or store: your name, email address, phone number, or any government identifier; any password or login credential (there is no account); your private keys or seed phrase (signing happens entirely in your wallet — PYRE never has custody); advertising or cross-site tracking cookies; cross-site tracking pixels; data from any third-party advertising or analytics network; or any data we sell.
Critically, we do NOT link your IP address to your wallet address. On every endpoint that carries your wallet (cleanups, push opt-in, game state), the connection IP is not stored — the funnel and push records contain NO IP column by design, and the game tables likewise have no IP column. We also do not store a full user-agent on our analytics, and we publish no USD figures on any public surface.
Important precision: the full wallet base58 IS stored in our economic ledger and game tables. The shortening, timestamp-coarsening, and minimum-group floor described in Section 5 are DISPLAY transforms applied when data leaves our process for a public page — they are not a limit on what we store. Your wallet address itself is, by the nature of the Solana blockchain, public; PYRE does not and cannot make it private (see Section 4).
4. On-Chain Data Is Public and Permanent
PYRE operates on the Solana public blockchain, a decentralized ledger operated by third parties, not by PYRE. Any transaction you sign through PYRE — including each burn, each account closure, each cleanup fee, and each Essence contribution — is recorded publicly and permanently on Solana by the network itself. Anyone can view it. We cannot edit, hide, or delete on-chain data, and neither can you. (See the Terms, Sections 5 and 10, for the binding irreversibility and no-advice terms governing these on-chain actions.)
Your wallet address is a pseudonymous identifier: it does not contain your name, but the on-chain activity associated with it is public and may, in combination with other information, be linked to you by third parties. Connecting a wallet to any public dApp links that wallet’s public activity. Please consider this before connecting a wallet.
Burns are irreversible. When you burn a token through PYRE, it is permanently destroyed on-chain. This cannot be undone, reversed, or recovered by PYRE or anyone else.
5. Privacy-Protective Display Techniques
Although wallet addresses are public on-chain, our own public surfaces (such as the “fed the PYRE” feed, Spawn contributor lists, and leaderboards) deliberately reduce exposure. Before anything leaves our process for a public page, we apply these transforms, each verified in code:
- Shortened wallets: we display wallets only in an “ABCD…WXYZ” form (first four and last four characters; e.g. “9xQe…VFin”). The full base58 is used only as an internal lookup key and is not exposed on these surfaces.
- Minute-coarsened timestamps: displayed times are floored to the minute so a public event cannot be precisely time-matched to a single on-chain transaction.
- k ≥ 5 anonymity floor: we suppress any per-contributor breakdown that would involve fewer than five contributors, so an individual contribution is not singled out.
- No USD figures: we show no dollar amounts on public surfaces.
- Referral pairing withheld: the inviter↔invitee pairing in the referral graph is never published; public surfaces show only an inviter’s own qualified count.
These controls reduce exposure on OUR surfaces. They are pseudonymity measures, not guarantees of anonymity — the underlying wallet activity remains public on-chain regardless.
6. Analytics, Do-Not-Track, and Global Privacy Control
We measure how visitors move through the site (for example: landing → scan started → wallet connected → tokens selected → sign requested → receipt shown) using a first-party, server-side conversion counter. We do NOT use Google Analytics or any third-party analytics or advertising script.
For each session we store only: (1) a random session identifier generated in your browser and held in sessionStorage (described in Section 7) — it clears when you close the tab, is never derived from your wallet, and is never persistent or cross-session; (2) which funnel step you reached (a constrained, fixed list of steps); (3) the hostname (not the full URL) of the site that referred you, dropped entirely for same-origin referrers; (4) the path (not the query string) of your entry page; and (5) whether your device is mobile- or desktop-sized.
We never attach your wallet address, balances, token mints, transaction signatures, amounts, IP address, or full user-agent to these events. The analytics records are append-only.
If your browser sends a Do-Not-Track signal (DNT=1) or signals Global Privacy Control, PYRE sends NO analytics events at all for that session — the client disables tracking entirely. A related growth signal (whether a shareable receipt card was shown or its share button tapped) rides the same privacy guards — no wallet, no amount, no identifier, DNT/GPC honored. We may create and use aggregate, de-identified statistics derived from these events that cannot be linked to any wallet, for product, security, and reporting purposes.
7. Cookies and Local Storage
PYRE does not use advertising or cross-site tracking cookies, and uses no cookie to identify you across sites. We use only first-party browser storage that is strictly necessary or that you control:
- a single random analytics session ID in sessionStorage, cleared when the tab closes and disabled entirely under DNT/GPC (this is the canonical session identifier described in Section 6);
- localStorage preferences that never leave your browser, such as your local cleanup history, your visual-effects settings, and any optional custom RPC endpoint you choose to enter; and
- standard wallet-adapter connection state, which your wallet may use to remember your connection.
You can clear all of this at any time by clearing your browser storage.
8. Browser-Local Data That Never Reaches Us
Some data stays entirely on your device and is never transmitted to PYRE’s servers: your local cleanup history, your visual-effects (FX) preferences, and any optional custom Solana RPC URL you enter. This information lives only in your browser’s local storage. We do not receive it, store it, or process it. Clearing your browser storage removes it.
9. Web Push Notifications (Opt-In Only)
PYRE sends no email, SMS, newsletters, or marketing messages — we have no email address or phone number for you. The only proactive notification channel is opt-in browser Web Push, which you must affirmatively enable.
We send a push notification only if you (1) press the in-app “Notify me” control while your wallet is connected and (2) grant your browser’s native notification-permission prompt. If you opt in, your browser creates a push subscription that we store: the browser-provided push-endpoint URL, the encryption keys (p256dh and auth) required to encrypt a message to that endpoint, and the wallet you opted in with so we can address updates to you. We deliberately do NOT store any IP address with a push subscription.
Notifications fire only for a small set of event-driven moments tied to activity you initiated: when a Spawn from a round you contributed to graduates, when a round you contributed to fails and your refund becomes available, and when a new round opens. The visible notification contains only generic text — it never includes your wallet address, a token mint, or any amount — so the alert shown on your device reveals nothing deanonymizing.
Your browser’s push service (operated by your browser or operating-system vendor) necessarily receives the endpoint and the encrypted payload in order to deliver the notification; that service is a third party governed by its own terms (see Section 11). The payload is encrypted to your subscription’s keys, so the push service relays but cannot read its contents.
You can revoke at any time, three ways: use the in-app unsubscribe control (which deletes your subscription), revoke notification permission in your browser or operating-system settings, or do nothing — if your browser reports a subscription as expired or gone, our worker automatically and permanently deletes it. Subscriptions are tied to the specific browser you opted in from and are not synced across devices; opt in separately on each browser you want notified.
10. How We Use Data and Legal Basis
We use the data described above to: operate the wallet scan and build the transactions you ask to sign; record cleanup receipts and the on-chain protocol fee as Essence; operate Spawn rounds, refunds, and pro-rata distribution; derive your status-only Pyremancer game state (ranks, XP, quests, referrals, Codex) from your public on-chain burns; deliver opt-in push notifications; measure aggregate, privacy-preserving product usage; create de-identified statistics; and keep the Service secure and prevent abuse.
Where the GDPR or UK GDPR applies, we rely on: performance of the service you request (Art. 6(1)(b)) to scan your wallet, build transactions, record receipts, and run rounds and refunds; our legitimate interests (Art. 6(1)(f)) to keep the Service secure, prevent abuse, maintain the public Essence ledger and the status features derived from public on-chain activity, and measure usage with privacy-preserving first-party analytics; and your consent (Art. 6(1)(a)) where required, such as for opt-in push notifications. Where required, we honor a genuine objection/suppression path so you may opt out of public display while we keep the economic ledger needed to operate rounds honestly.
11. Data Sharing and Third Parties
PYRE does not sell your personal data, uses no advertising networks, and does not share your data for cross-context behavioral advertising. To function, the Service necessarily interacts with independent third parties that PYRE does not control:
- the Solana network and our Solana RPC provider(s), to read your wallet and broadcast the transactions you sign;
- pump.fun, where Spawn tokens are launched and traded;
- an IPFS pinning provider (e.g. Pinata), where Spawn metadata/art is pinned;
- AI generation providers used to create Spawn art and copy from burn-derived context. We do not send your wallet address or any account credential in the generation request; the generation context is derived from the burned tokens and may include public on-chain token/account addresses; and
- your browser vendor’s push service, which delivers opt-in notifications (Section 9).
Interacting with the public blockchain, with pump.fun, and with IPFS is inherently public and is governed by those networks’ and platforms’ own terms and privacy practices, not PYRE’s. These providers process data only to provide their service to us. The disclosures at feedthepyre.com/trust further describe the Spawn-round trust model.
12. International Data Transfers
PYRE operates on the internet and relies on infrastructure and service providers (hosting, Solana RPC providers, IPFS pinning, AI generation, and browser push services) that may process data in countries other than yours. Where required, we rely on appropriate safeguards for such transfers; the specific provider locations and transfer mechanism will be specified here as PYRE formalizes.
13. Data Retention and Deletion
Ledger and game records are retained to operate rounds, compute pro-rata Spawn distributions, display public history, and maintain the status-only game state. Funnel analytics rows are append-only and are not tied to you (they contain no wallet and no IP). Push subscriptions are deleted on explicit unsubscribe and are automatically pruned when your browser reports them as expired or gone. Concrete retention periods for each store will be specified here as PYRE formalizes.
Important limit on deletion. Because the underlying facts — your wallet address, your burns, your fees, and your distributions — are public and permanent on Solana, deleting our off-chain database copy would not remove them from the blockchain, which PYRE does not control and cannot alter or erase. In addition, some ledger entries must be retained to operate refunds and the pro-rata Spawn distribution honestly. On request, after verifying control of the relevant wallet (see Section 14), we will delete the off-chain game and push data we associate with your wallet and, where feasible, off-chain receipt copies, subject to limited retention needed for security, fraud-prevention, dispute resolution, and legal compliance.
14. Your Rights (and How to Exercise Them Without an Account)
Depending on where you live, you may have rights to access, correct, delete, restrict, or object to our processing of your personal data, to data portability, and (in California and similar U.S. states) to know what we process, to delete it, to correct it, and to opt out of any sale or sharing. PYRE does NOT sell your personal data and does not share it for cross-context behavioral advertising; where applicable, our honoring of Global Privacy Control serves as the recognized opt-out signal.
These rights apply to the data we hold OFF-CHAIN. They cannot extend to the public Solana blockchain, which PYRE does not control and cannot alter or erase (see Sections 4 and 13).
Because we have no account system, we may ask you to prove control of the relevant wallet — for example, by signing a message with it — before acting on a request about wallet-associated data. We will handle such requests in a way that does not create any new IP↔wallet correlation. EEA/UK users may also have the right to lodge a complaint with their local data-protection supervisory authority.
15. Automated Decision-Making and Profiling
PYRE’s token classifier and the Pyremancer game’s XP/rank derivations are automated, but they are not solely-automated decisions that produce legal or similarly significant effects on you. The classifier only helps you identify token accounts that “appear eligible” for cleanup and assembles the transactions; you alone decide what to close, burn, or sign (see the Terms, Sections 5 and 10). Game status is cosmetic, derived from your public on-chain burns, and never affects funds, fees, Essence allocation, refunds, or token distribution.
16. Security and Breach Notification
PYRE is non-custodial by design — we never hold your private keys, so they cannot be breached on our systems. Our broader posture includes keeping the connection IP separate from your wallet (no IP↔wallet linking, enforced by schema and the two-ledger CI wall), applying the display minimization described in Section 5 to public surfaces, and standard operational safeguards for our off-chain database. No method of transmission or storage is fully secure, and we do not promise that the Service is free of vulnerabilities.
Breach notification. If a security incident affecting personal data we hold occurs, we will assess and respond as required by applicable law. Because we have no email or account for you, any user-facing notice we provide will be by prominent on-site posting, together with any notification to regulators or affected parties that the law requires.
17. Children
PYRE is not directed to, and is not intended for, anyone under the Minimum Age set in the Terms of Service (Section 17) — being 18, or the age of majority where you live if higher. This is the single operative age for both documents. We do not knowingly process personal data from children, and we collect no email, name, or contact information that a children’s-data regime would typically implicate. If you believe a child has used PYRE, contact us and we will delete any off-chain data we can identify.
18. Changes to This Policy & Contact
PYRE may update this Privacy Policy from time to time. The current version is posted on the Service with a “Last updated” date. Because the Service has no accounts and collects no email or contact information, we provide notice of changes by posting the updated policy on the Service; you are responsible for reviewing it for updates.
For privacy questions or to make a data-subject request, contact us through the channel published on the Service. The controller’s formal contact details, and any EU/UK Article 27 representative or relevant supervisory authority, will be specified here as PYRE formalizes. EEA/UK users may also have the right to lodge a complaint with their local data-protection supervisory authority.
Related: Terms of Service · Trust & proof