← BACK TO WALL

Privacy Policy

Last updated: May 2026

1. Who we are

Regrets is operated by FrankNFT as a personal side project from Belgium. This is a pseudonymous operator identity used for personal safety reasons, consistent with the risks faced by individuals active in the cryptocurrency space in Europe.

Privacy inquiries: legal@regrets.today

2. What we collect

Wallet addresses are processed when you connect your wallet to the site. A wallet address can, under certain circumstances, constitute personal data under the GDPR (e.g., when linked to other information that can identify a natural person). We acknowledge this classification and process wallet addresses accordingly.

Beyond wallet addresses, we collect no other personal data in the traditional sense.

3. Wallet addresses and on-chain data

When you connect a wallet and browse the site, your wallet address is visible to us through the wallet connection — we use this to display your posts and identity.

When you post a regret:

  • your Ethereum wallet address is recorded on the public blockchain as the author of the NFT
  • the message text you submit is stored permanently on-chain
  • the transaction hash, block number, and timestamp are public blockchain data

This data is public by nature. Once confirmed on-chain, it is not under our control and cannot be deleted by us from the blockchain.

We display your wallet address (or ENS name if one resolves for your address) on the public wall. This display is a processing of already-public on-chain data, done under our legitimate interest in operating a public regret wall. You may request removal of your post from the website feed — see section 12.

4. What we do not collect

  • no email addresses
  • no passwords
  • no names or profile data
  • no off-chain user accounts
  • no cookies for tracking or advertising purposes
  • no server-side logs associating your IP address with your wallet address

5. Legal basis for processing

We process your data under the following legal bases (GDPR Article 6):

Processing activityLegal basisExplanation
Displaying wallet addresses / ENS names on the public wallLegitimate interest
Art. 6(1)(f)		Operating a public on-chain wall requires displaying author identities. This serves the legitimate interest of providing a transparent, functional service.
Page view analytics (Vercel Analytics)Legitimate interest
Art. 6(1)(f)		Understanding anonymous traffic patterns helps us maintain and improve the service. The impact on users is minimal because analytics are fully anonymized and cookie-less.
Processing content reportsLegal obligation
Art. 6(1)(c)		We may process reports of illegal content under applicable law (including the EU Digital Services Act and Belgian law).
ENS resolutionLegitimate interest
Art. 6(1)(f)		Resolving ENS names improves readability of the wall for all users.

You may object to processing based on legitimate interest — see section 12.

6. ENS resolution

If your wallet address resolves to an ENS name, we display that ENS name instead of your address. ENS resolution is performed client-side using viem against Ethereum mainnet. We do not store ENS lookups; they are cached in your browser session only. The RPC endpoint used for resolution may log the address being resolved per its own privacy policy.

7. Third-party services

Ethereum providers: Reads from the blockchain use a public RPC endpoint (such as cloudflare-eth.com or llamarpc.com) before wallet connection. After connection, your wallet's own provider is used. These providers may log request metadata per their own privacy policies.

Wallet providers: Wallet providers (MetaMask, WalletConnect, etc.) operate under their own privacy policies. We do not receive any data from them beyond the wallet address you choose to connect.

WalletConnect: WalletConnect infrastructure is used to support mobile and multi-device wallet connections. See their privacy policy at walletconnect.com/privacy.

Vercel (hosting and analytics): This website is hosted on Vercel Inc. (San Francisco, US). Vercel provides:

  • Server infrastructure: Standard request logs (IP addresses, user agents, timestamps) are retained as part of normal platform operations. These logs are not used by us for analytics or profiling.
  • Vercel Analytics: Aggregated, anonymized page view data (page views, visit duration, referrer sources). Vercel Analytics is privacy-friendly by design:
    • no cookies are set
    • no personal data is collected (no IP addresses, no user identifiers)
    • no cross-site tracking
    • data is aggregated and anonymized

Analytics data is retained for one month before being automatically purged.

Vercel acts as data processor under a Data Processing Agreement that incorporates EU Standard Contractual Clauses (SCCs) and complies with the EU-US Data Privacy Framework. See vercel.com/privacy for full details.

8. Data retention

Data typeRetention periodNotes
Vercel Analytics (aggregated, anonymized)1 monthAutomatically purged from Vercel's systems after 30 days
Vercel server request logs24 hours to 7 daysStandard platform operations; not used for user analytics
Wallet connection stateBrowser session onlyStored in your browser's local storage by wagmi; discarded on page close or disconnect
ENS resolution cacheBrowser session onlyStored in your browser's session only
Content reports (name, email, details)1 month, or until dispute resolvedProcessed manually for review; deleted after resolution
On-chain data (wallet address, message, timestamps)IndefiniteRetained by the Ethereum network; outside our control

We do not otherwise store, log, or retain any personal data on our servers.

9. Data security

We implement the following measures to protect your data:

  • HTTPS/TLS encryption for all website traffic
  • Client-side processing only: Regret messages are constructed and submitted from your browser directly to the blockchain via your wallet — we do not receive or store messages on our servers before submission
  • No server-side database: The website has no user database, no accounts, and no persistent server-side storage of personal data
  • Minimal data architecture: We process only the data necessary to provide the service, reducing exposure surface

10. Reporting content and dispute handling

Our /report page allows users to report content that may violate our Terms of Service or applicable law.

Data collected through reports:

  • your name and contact information (email or other means you provide)
  • details of the reported content and the alleged violation
  • any supporting information you choose to submit voluntarily

Purpose: Reviewing reported content for compliance with our Terms of Service and applicable law, including obligations under the EU Digital Services Act and Belgian law.

Legal basis: Legal obligation (GDPR Art. 6(1)(c)) and legitimate interest (Art. 6(1)(f)).

Retention: Report data is retained for one month, or until the dispute is fully resolved if a formal dispute arises. After resolution, the data is deleted.

Automated actions: Reports are reviewed manually. No automated decisions are made based on report submissions.

11. Children's data

This service is not intended for users under 18 years of age. Our Terms of Service require users to be at least 18. We do not knowingly collect or process personal data from minors. If you believe a minor has submitted data through this service, please contact us so we can take appropriate action.

12. Your rights

Under the GDPR, you have the following rights regarding your personal data:

Right of access (Art. 15): You may request confirmation of whether we process your personal data and a copy of the data processed.

Right to rectification (Art. 16): You may request correction of inaccurate personal data. For on-chain data, we cannot modify the blockchain record, but we can update website display where feasible.

Right to erasure / right to be forgotten (Art. 17): You may request removal of your posts from this website's feed. The contract owner can burn a token via the remoteBurn moderation hook, which removes the post from this website's display. The underlying blockchain transaction remains permanently accessible — this is outside our control and consistent with the public, immutable nature of blockchain technology.

Right to restrict processing (Art. 18): You may request restriction of processing where applicable.

Right to data portability (Art. 20): Your regret messages and associated on-chain data are publicly readable from the blockchain. We can assist with extracting your data in a machine-readable format upon request.

Right to object (Art. 21): You may object to processing based on legitimate interest (see section 5). If you object to analytics processing, you may use a browser extension that blocks analytics scripts.

How to exercise your rights: Contact us at legal@regrets.today. We will respond within the timeframe required by applicable law. Because we process minimal personal data, most requests can be handled promptly.

Right to lodge a complaint with a supervisory authority (Art. 77): If you believe we have processed your personal data in violation of applicable law, you may lodge a complaint with your local data protection authority or with the Belgian Data Protection Authority (see section 16 for contact details).

Important note on on-chain data: Data recorded on the Ethereum blockchain is public, permanent, and outside our control. We cannot alter or delete on-chain records. Rights exercised through us apply to our processing of the data (e.g., removing the post from the website feed, ceasing analytics processing for your device), not to the underlying blockchain ledger.

13. Automated decision-making

The Regrets smart contract automatically processes mint transactions. When you submit a regret:

  • the contract checks whether minting is currently paused
  • the contract validates the message length (maximum 256 bytes)
  • the contract validates that the message is not empty
  • the contract verifies that the payment covers the mint fee

If any check fails, the transaction is reverted automatically. This constitutes automated decision-making that may have a financial effect (loss of gas fees). There is no human review of failed transactions. You should verify the current fee and contract state before submitting.

14. International data transfers

Vercel Inc. (San Francisco, US) provides hosting and analytics. Transfers of data from the EEA to the US are governed by:

  • Vercel's Data Processing Agreement incorporating EU Standard Contractual Clauses (SCCs)
  • The EU-US Data Privacy Framework (where applicable)

By using this service, you acknowledge that on-chain data (including your wallet address and messages) is stored on the Ethereum network, which is a globally distributed public ledger with nodes worldwide. This is inherent to the nature of blockchain technology and outside our control.

15. Changes

We may update this policy at any time. The date at the top of this page reflects when it was last updated. Material changes will be communicated through the website.

16. Contact and supervisory authority

Operator: FrankNFT (personal side project, Belgium)

Privacy inquiries: legal@regrets.today

Competent data protection authority:

Belgian Data Protection Authority (APD/GBA)
Rue de la Presse 35 / Drukpersstraat 35
1000 Brussels, Belgium
contact@apd-gba.be
dataprotectionauthority.be

17. Governing law

This privacy policy is governed by the laws of Belgium, consistent with our Terms of Service.