← Back to meetalfred.io

Privacy Policy

Effective 2026-05-29 · Alfred NFT Butler
TL;DR. Alfred is a portfolio tracking app. We collect your email to sign you in, your wallet addresses to display the NFTs already on them, and a device token if you opt in to push notifications. We never custody your assets, never see your private keys, never sell your data. You can delete your account at any time and we wipe everything within 30 days.

Who we are

Alfred is operated by Ponadero work s.r.o., a Czech limited liability company registered in the Czech Republic, EU. Director: Alexander Mayer. Contact: hello@meetalfred.io. For purposes of GDPR, Ponadero work s.r.o. is the data controller for personal data processed by Alfred.

What Alfred is — and isn't

Alfred is a read-only NFT portfolio tracker. You give us your public wallet addresses; we fetch information about NFTs and tokens already on those addresses from public APIs (OpenSea, Magic Eden, Alchemy, CoinGecko) and display them in a structured dashboard with valuations and analytics.

We do not:

What we collect and why

DataWhyWhere it lives
Email address Sign-in (one-time codes via Privy). Optional sign-up notifications. Privy (auth) + Supabase (our database)
Wallet addresses you add Read NFTs and tokens held on those addresses via public APIs to display in your dashboard. Supabase
Manual cost-basis overrides You can manually set what you paid for a specific NFT. Improves your P&L calculations. Supabase
Holdings snapshots Daily snapshots of total portfolio value for charts of your performance over time. Supabase
Push notification token Send alerts you opted in to (offer received, large move on a held collection, etc.). Optional. Supabase
Subscription & payment state Track Pro plan status. Payment processing is handled by Stripe — we never see your card details. Supabase (state) + Stripe (payment processor)
App usage events Basic counts: how many users fetched their portfolio today, how often errors occur. Used to keep the app healthy. No cross-session profiling. Supabase function logs

Third parties Alfred talks to

ServiceWhat forTheir policy
PrivyAccount authentication (email codes, Apple Sign-in)privy.io/privacy-policy
SupabaseOur database (Postgres) hosting your account and portfolio datasupabase.com/privacy
OpenSea APIFetching NFT metadata and floor prices for Ethereumopensea.io/privacy
Magic Eden APIFetching Solana collection statisticsmagiceden.io/privacy
Alchemy APIOn-chain queries for ERC-20 token balances and cost-basis lookupsalchemy.com/privacy-policy
CoinGecko APICrypto asset prices (ETH/USD, SOL/USD)coingecko.com/privacy
StripePayment processing for Pro subscriptionsstripe.com/privacy
ResendSending transactional emails (sign-in codes, subscription receipts)resend.com/privacy-policy
NetlifyWeb hosting and serverless functions infrastructurenetlify.com/privacy
Apple Push Notification ServiceDelivering push notifications to iOS devices (if opted in)apple.com/privacy

We send only the minimum data necessary to each service. Wallet addresses go to OpenSea/Magic Eden/Alchemy because we have to ask them about those addresses. Your email never leaves Privy and our Supabase database.

How long we keep your data

Your rights (GDPR)

If you're in the EU/EEA you have these rights regarding your personal data:

Email hello@meetalfred.io to exercise any of these. We respond within 30 days.

Security

We use industry-standard encryption (TLS) for all data in transit. Database access is restricted to authenticated service accounts. We do not employ wallet-address encryption at rest in our database today — see our security page for the current threat model and roadmap.

Cookies and tracking

Our web app uses only essential first-party storage (auth tokens) to keep you signed in. We do not use marketing cookies, analytics trackers (no Google Analytics, no Mixpanel, no Hotjar), or third-party advertising pixels.

Children

Alfred is not directed at children under 16. If you believe a child has provided personal data to us, contact hello@meetalfred.io and we will delete it.

International transfers

Our hosting providers (Supabase, Netlify) may store data in the United States. We rely on Standard Contractual Clauses (SCCs) for these transfers under GDPR.

Changes to this policy

If we change this policy in a material way, we will notify you by email and post the updated version with a new effective date. The current effective date is listed at the top of this page.

Contact

For privacy questions, data requests, or general inquiries:
hello@meetalfred.io

Ponadero work s.r.o. · Czech Republic, EU · Director: Alexander Mayer
This policy is provided in good faith. Legal language has been kept minimal so you can actually read it.