Hodlberg ]-[ Financial takes your privacy very seriously. Like, super-seriously. We designed the product with privacy in mind literally every step of the way.
In order to have real-time updates on balances, Hodlberg needs to know the underlying asset public address, which we store, unencrypted, in our database. We strongly encourage you to mint tokens to a never-before-used wallet, funded via Tornado Cash or a centralized exchange, in order to eliminate any audit trail by a token viewer.
All user-authorized third-party API access defaults to private-as-possible, giving you the control to allow access to all, or part, of your token's data. This access can be revoked or modified at any time by you.
Public tokens have their balances "fuzzed." That is, instead of showing the exact balance, down to the cent, we add a small random amount to "fuzz" the value. This prevents an entity from searching the blockchain for an exact balance match and determing an underlying asset address.
Authorized users, logging in to Hodlberg to view their token privately, will see non-fuzzed balances, accurate at the time of viewing.
Authorized users may turn off fuzzing for Authorized Third-Parties on a per-party, per-token basis.
Challenge Tokens are always fuzzed.
Hodlberg does not use analytics of any sort, though we do collect IP address and User Agent strings to help mitigate spam, griefing, monitor usage, and determine what kind of http client is most popular amongst our users.
hCaptcha is used when creating a new token, and hCaptcha may drop cookies or trackers of their own in your browser. Be aware.
Strict Content Security Policies (CSP) are in place to mitigate unauthorized manipulation of Hodlberg's front-end or our user's data.
Personally Identifiable Information
We do not collect your name, email address, or any other Personally Identifiable Information, except in the case of connecting a centralized exchange account, described below.
When connecting to a centralized exchange, like Coinbase, to use as token attestation data, we receive the email address associated with the account. This address is one-way hashed by Hodlberg and stored in our database. The only time the raw email address can be accessed is if you decide to remove the account from your Hodlberg token. We will use the provided email address to send a verification email, containing a confirmation link, prior to deletion from our database.
Third-Party API Accounts
Third-Party API accounts require a valid email address (stored in plaintext in our database), user-controlled password (hashed in our database), and Multi-Factor Authentication (via Google Authenticator or like).
Please contact us if you have any quesions or concerns.