Alfred is operated by Ponadero work s.r.o., a Czech limited liability company registered in the Czech Republic, EU. Director: Alexander Mayer. Contact: hello@meetalfred.io. For purposes of GDPR, Ponadero work s.r.o. is the data controller for personal data processed by Alfred.
Alfred is a read-only NFT portfolio tracker. You give us your public wallet addresses; we fetch information about NFTs and tokens already on those addresses from public APIs (OpenSea, Magic Eden, Alchemy, CoinGecko) and display them in a structured dashboard with valuations and analytics.
We do not:
| Data | Why | Where it lives |
|---|---|---|
| Email address | Sign-in (one-time codes via Privy). Optional sign-up notifications. | Privy (auth) + Supabase (our database) |
| Wallet addresses you add | Read NFTs and tokens held on those addresses via public APIs to display in your dashboard. | Supabase |
| Manual cost-basis overrides | You can manually set what you paid for a specific NFT. Improves your P&L calculations. | Supabase |
| Holdings snapshots | Daily snapshots of total portfolio value for charts of your performance over time. | Supabase |
| Push notification token | Send alerts you opted in to (offer received, large move on a held collection, etc.). Optional. | Supabase |
| Subscription & payment state | Track Pro plan status. Payment processing is handled by Stripe — we never see your card details. | Supabase (state) + Stripe (payment processor) |
| App usage events | Basic counts: how many users fetched their portfolio today, how often errors occur. Used to keep the app healthy. No cross-session profiling. | Supabase function logs |
| Service | What for | Their policy |
|---|---|---|
| Privy | Account authentication (email codes, Apple Sign-in) | privy.io/privacy-policy |
| Supabase | Our database (Postgres) hosting your account and portfolio data | supabase.com/privacy |
| OpenSea API | Fetching NFT metadata and floor prices for Ethereum | opensea.io/privacy |
| Magic Eden API | Fetching Solana collection statistics | magiceden.io/privacy |
| Alchemy API | On-chain queries for ERC-20 token balances and cost-basis lookups | alchemy.com/privacy-policy |
| CoinGecko API | Crypto asset prices (ETH/USD, SOL/USD) | coingecko.com/privacy |
| Stripe | Payment processing for Pro subscriptions | stripe.com/privacy |
| Resend | Sending transactional emails (sign-in codes, subscription receipts) | resend.com/privacy-policy |
| Netlify | Web hosting and serverless functions infrastructure | netlify.com/privacy |
| Apple Push Notification Service | Delivering push notifications to iOS devices (if opted in) | apple.com/privacy |
We send only the minimum data necessary to each service. Wallet addresses go to OpenSea/Magic Eden/Alchemy because we have to ask them about those addresses. Your email never leaves Privy and our Supabase database.
If you're in the EU/EEA you have these rights regarding your personal data:
Email hello@meetalfred.io to exercise any of these. We respond within 30 days.
We use industry-standard encryption (TLS) for all data in transit. Database access is restricted to authenticated service accounts. We do not employ wallet-address encryption at rest in our database today — see our security page for the current threat model and roadmap.
Our web app uses only essential first-party storage (auth tokens) to keep you signed in. We do not use marketing cookies, analytics trackers (no Google Analytics, no Mixpanel, no Hotjar), or third-party advertising pixels.
Alfred is not directed at children under 16. If you believe a child has provided personal data to us, contact hello@meetalfred.io and we will delete it.
Our hosting providers (Supabase, Netlify) may store data in the United States. We rely on Standard Contractual Clauses (SCCs) for these transfers under GDPR.
If we change this policy in a material way, we will notify you by email and post the updated version with a new effective date. The current effective date is listed at the top of this page.
For privacy questions, data requests, or general inquiries:
hello@meetalfred.io
Ponadero work s.r.o. · Czech Republic, EU · Director: Alexander Mayer
This policy is provided in good faith. Legal language has been kept minimal so you can actually read it.