PRIVACY POLICY
1. Who we are
RugScanner Pro ("we", "us", "the extension") is a Chrome browser extension that analyzes Solana token holder distributions on trade.padre.gg to help users detect rug pull patterns. This policy explains what data we collect, how we use it, how we share it, and what we don't do with it.
If you have questions about this policy, contact us at support@rugscannerpro.com.
2. What we collect
Account information
When you create an account, we collect:
- Your email address
- A password (stored as a salted hash — never in plain text)
Accounts are managed through Supabase, our authentication provider.
Subscription information
If you subscribe to the paid tier, payment is processed by Stripe. We never see or store your credit card details — Stripe handles all payment data directly. We only receive and store your subscription status (active, canceled, past due) so we know whether to grant unlimited scans.
Scan data
When you run a scan, the extension reads the publicly visible holder list displayed on the trade.padre.gg tab you have open — specifically wallet addresses, balance figures, and ranking data as shown on that page. This data is sent to our backend server for analysis.
From the backend, wallet addresses and token contract addresses are forwarded to Helius to retrieve additional on-chain data (such as funder wallet history) needed for rug pull detection. If you are on the AI tier, anonymized holder distribution data is also sent to Anthropic to generate a plain-language risk verdict.
We do not store a history of the tokens you scan. We do not log which contract addresses you have personally looked at. We track your total scan count only to enforce the 5-scan free tier limit.
Local storage
The extension stores the following data locally in your browser using Chrome's storage API:
- Your authentication session token, so you stay signed in between sessions
- Your subscription status, cached locally to avoid a network request on every page load
- Your remaining free scan count, cached locally to enforce the free tier without a backend round-trip on every scan
No scan history, token addresses, or wallet addresses are stored locally.
Technical information
Standard server logs (IP address, request timestamps, error traces) are generated by our hosting provider (Railway) for security, abuse prevention, and debugging. These are retained for a short period and are not used to build a profile of your activity.
3. What we don't collect
- Your Solana wallet address or private keys — we never ask for either
- Your trades, positions, or portfolio on trade.padre.gg or anywhere else
- Your browsing history or activity on any website other than trade.padre.gg
- Your credit card or banking details
- A persistent log of which tokens you have personally scanned
4. How we use what we collect
We use the limited data we collect for a narrow set of purposes:
- Running your account and signing you in
- Processing your subscription and enforcing your plan's scan limits
- Performing rug pull analysis on the token holder data you request a scan for
- Sending transactional email (account confirmations, password resets, billing notices) via Resend
- Keeping the service running, debugging issues, and preventing abuse
We do not use your data for advertising, and we do not sell or rent it to anyone.
5. How we share your data
We share the minimum data necessary with each third-party provider. The table below describes exactly what is shared with whom and why.
| Provider | Data shared | Purpose | Privacy policy |
|---|---|---|---|
| Supabase | Email address, hashed password, subscription status | Authentication and account storage | supabase.com/privacy |
| Stripe | Payment details (handled entirely by Stripe — we never see your card number) | Subscription billing | stripe.com/privacy |
| Helius | Solana token contract addresses and wallet addresses from the scanned holder list | Retrieving on-chain data (funder history, transaction records) for rug pull analysis | helius.dev/privacy-policy |
| Anthropic | Anonymized holder distribution data and risk flag summary for the scanned token (AI tier only) | Generating a plain-language AI risk verdict | anthropic.com/privacy |
| Resend | Your email address | Transactional email delivery (confirmations, password resets, billing notices) | resend.com/privacy |
| Railway | Server logs (IP address, request timestamps, error traces) | Backend hosting and infrastructure | railway.app/legal/privacy |
We do not share your data with any other party unless required by law.
6. Browser permissions the extension uses
RugScanner Pro requests the following Chrome extension permissions. Each is required for a specific, documented purpose:
- activeTab — Required to read the visible holder list on the trade.padre.gg tab you are currently viewing. When you click Scan, the extension accesses the DOM of that specific tab to extract the publicly displayed wallet addresses and balances needed for rug pull analysis. No other tabs are accessed.
- scripting — Required to inject the content script that reads the holder list from trade.padre.gg. The script parses visible holder data (rank, wallet address, balance, funder information) so the extension can analyze it for rug pull patterns. Scripting is only used on trade.padre.gg.
- storage — Required to persist your authentication session and subscription status locally so you don't have to sign in on every scan. Your remaining free scan count is also cached locally to enforce the 5-scan free tier without a network request before each scan. No scan history or token addresses are stored.
- sidePanel — Required because the extension's entire user interface lives in the Chrome side panel. You open the side panel next to your trade.padre.gg window to see scan results, risk scores, flags, and verdicts without leaving your trading workflow.
- tabs — Required to detect when you navigate between tokens on trade.padre.gg so the extension can update the side panel to reflect the token you are currently viewing. The extension reads only the URL of active trade.padre.gg tabs to extract the Solana contract address. No other tab information is accessed.
- Host permission: trade.padre.gg — The extension is granted access to trade.padre.gg because that is the only site it operates on. It reads the holder list from the page's DOM to perform rug pull analysis. The extension does not access any other website, does not read cross-site data, and does not modify the trade.padre.gg page.
7. Data security
Passwords are hashed and salted. All connections between the extension, our backend, and third-party providers are encrypted over HTTPS. We follow reasonable technical and organizational measures to protect your data, though no system can guarantee absolute security.
8. Data retention
We retain your data as follows:
- Account data (email, hashed password, subscription status) — retained while your account is active. Deleted within 30 days of an account deletion request.
- Scan data — not retained. Holder data sent during a scan is processed in memory and not written to a database.
- Server logs — retained for a short rolling period (typically 30 days) for security and debugging, then purged.
- Stripe transaction records — Stripe retains records of completed transactions as required by financial regulations. This is outside our control; see Stripe's privacy policy for details.
9. Your rights
You can request to access, correct, or delete your personal data at any time by emailing support@rugscannerpro.com. Depending on where you live, you may have additional rights under laws such as the GDPR (EU) or CCPA (California) — we will honor those requests regardless of where you are located.
10. Children
RugScanner Pro is not directed at anyone under 18. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us and we will remove it.
11. Changes to this policy
If we change this policy materially, we will update the "Last updated" date at the top and, for significant changes, notify active users by email. Continued use of the extension after a change means you accept the updated policy.
12. Contact
Questions, concerns, data requests, or anything else — email support@rugscannerpro.com.