The principle

The data we never collect cannot be breached, subpoenaed, leaked, or sold. Data minimization is not a compliance box — it is a security decision that shapes every feature we build.

TrueStake is a read-only analytics and tax-reporting tool. We derive your reward history from public on-chain data. We do not need — and therefore do not collect — the categories below.

What we permanently do not collect

| What | Why it is a permanent non-goal | |---|---| | Government ID, passport, SSN, date of birth | No KYC — ever. We are not a financial intermediary, money transmitter, or registered investment adviser. We have no legal basis and no operational need. | | Exchange API keys or credentials | We never connect to exchange accounts. TrueStake reads public on-chain data from your own staking setup — no exchange access is required or solicited. | | Validator private keys or withdrawal private keys | We never see these. TrueStake reads your validator's public key and on-chain activity. The private keys that control your stake never leave your possession. | | ETH or other assets in custody | TrueStake cannot move funds. We hold no crypto assets. Our product is a record of what happened on-chain, not an interface to what happens next. | | Customer real name or billing address | We identify you by email address only. We do not collect your name. Billing address is held by Stripe, not by TrueStake. | | Payment card data | Stripe handles billing. TrueStake stores only a Stripe customer identifier — no card numbers, CVVs, or banking credentials. | | IP address or location in our application database | IP addresses appear transiently in infrastructure access logs (Vercel, Supabase) under vendor-controlled retention policies. We do not copy them into our application database or use them for analytics. | | AI training on your data | We do not use your reward data, tax calculations, or any customer data to train machine learning models. | | Sale of customer data or tax positions | We do not sell, license, or share customer data with data brokers or advertisers. |

What we do collect — for completeness

TrueStake holds the minimum necessary to deliver the product:

• Email address — used for authentication and, when needed, incident notification. Your primary identifier.
• Validator public keys and withdrawal addresses — encrypted at rest. Required to look up your on-chain reward history.
• Staking reward data — derived from public on-chain sources. The core product: a reconciled, timestamped, audit-defensible record of your rewards.
• Stripe customer ID — a reference token, not payment data. Held so we can manage your subscription.

Why this matters for security

Every category in the "do not collect" list is a category of data that attackers, subpoenas, and data brokers target. By not holding it, we reduce our blast radius — a breach of TrueStake cannot expose your government ID, exchange credentials, or private keys, because we never had them.

This is a deliberate architectural choice reflected in our permanent product non-goals. It is not a gap we intend to fill.

This reflects TrueStake's data posture as of 2026-06-26.