Privacy Policy

Last updated: April 1, 2026

1. What We Store

When you register a NIP-05 identity, we store the following information:

  • Public key (npub/hex) — Your Nostr public key, which is already public on the Nostr network.
  • Username — The username you chose for your NIP-05 address.
  • Domain — Which domain your identity is registered on.
  • Profile information — Optional display name, bio, and avatar URL that you provide.
  • Payment status — For premium domains, we store whether payment was completed (not payment details or wallet information).
  • Registration timestamp — When your account was created.

2. What We Do NOT Store

  • Private keys (nsec) — Your private key is generated in your browser and never sent to our servers. We have no ability to access or recover it.
  • Passwords — Nostr does not use passwords. Authentication is done via cryptographic keys.
  • Personal identification — We do not collect names, email addresses, phone numbers, or any government-issued identification.
  • Payment wallet details — Lightning payments are processed through third-party providers. We only store the payment status.

3. NIP-05 Public Data

Your NIP-05 identity (username and public key mapping) is served publicly via the/.well-known/nostr.json endpoint with Access-Control-Allow-Origin: *headers, as required by the NIP-05 specification. This data is intentionally public and accessible to any Nostr client worldwide.

4. Cookies and Tracking

We use minimal cookies strictly necessary for locale preferences (language setting). We do not use analytics cookies, tracking pixels, or third-party advertising scripts.

5. Third-Party Services

We use the following third-party services:

  • Supabase — Database hosting (PostgreSQL). Data is stored on Supabase infrastructure with row-level security enabled.
  • Vercel — Application hosting and CDN. Standard Vercel access logs may contain IP addresses temporarily.
  • Lightning payment provider (Alby) — Processes Bitcoin Lightning payments. We do not share personal data with the payment provider beyond the invoice amount and description.

6. Data Retention

Your NIP-05 identity data is retained as long as your account is active. For paid domains, data is retained for the duration of your subscription. We may remove inactive free accounts after 12 months.

7. Your Rights

You can:

  • Request deletion of your NIP-05 identity at any time.
  • Update your profile information through the Nostr protocol.
  • Export your data (your public key is already public on the Nostr network).

8. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date.

9. Contact

For privacy-related questions, please reach out via the Nostr protocol or through our GitHub repository.