Privacy Policy
Last updated: May 2026 · Effective immediately
The short version: we never see, store, or have access to your private keys, seed phrase, or wallet password. We store only your public wallet address (when you connect) and your Telegram ID (if you use Telegram features). Nothing else leaves your device that you don't explicitly trigger.
1. Who we are
GiftSnipr is an independently developed Telegram Mini App and web tool that helps users find and track Telegram Gift NFT deals across TON marketplaces (Tonnel, MRKT, Portals, Fragment). We are not affiliated with Telegram, the TON Foundation, Tonkeeper, or any listed marketplace.
Operator contact: hello@giftsnipr.com · Security: security@giftsnipr.com
2. What we collect
When you visit the site or open the Mini App
- Anonymized analytics: pageviews, country (city level), device type, referrer. No cookies needed for this; we use server-side aggregation.
- Standard server logs (IP address, user agent, timestamp) retained for 14 days for abuse detection, then permanently deleted.
When you connect a wallet
- Your public wallet address (e.g.
UQAb…q3vN). This is necessary to show your portfolio.
- A signed authentication proof (ton_proof) generated once at connect time. Verified, then discarded.
- A short-lived session token (JWT, 24-hour lifetime), stored in an httpOnly cookie.
When you use Telegram features
- Your Telegram user ID (a number, not your username) — needed for streak tracking, referrals, and notifications.
- Your Telegram username (if public) — used only to display you on leaderboards if you opt in.
3. What we never collect
- Your private key, seed phrase, or wallet password — these never leave your wallet app.
- Your real name, email (unless you contact us), or phone number.
- Browsing activity outside our app.
- Contents of your Telegram chats.
- Tracking cookies for advertising purposes — we don't run ads.
4. How we use your data
- Display your gift portfolio and P&L (your wallet address only).
- Track your streak, level, and badges (your Telegram ID).
- Credit your referrals when invited friends connect (signed referral codes).
- Detect abuse, fraud, and bot traffic (IP and rate-limit data).
- Improve the product (anonymized aggregate analytics).
5. Who we share data with
No one, with these technical exceptions:
- Marketplace APIs (Tonnel, MRKT, Portals, Fragment): when you tap a snipe link, you leave our site and your browser sends standard request headers to their domain. We don't push your data to them.
- TON blockchain: if you ever sign a transaction (premium subscription, etc.), the transaction is broadcast publicly to the TON network — that's how blockchains work.
- Hosting and infrastructure: Cloudflare (CDN/DDoS), Netlify (static hosting), Supabase (database). These providers process traffic but don't have access to your wallet's funds.
We never sell your data. We never share for advertising.
6. Cookies and storage
- Auth session cookie (httpOnly, Secure, SameSite=Lax) — keeps you logged in for 24 hours.
- Wallet connection state (sessionStorage) — cleared when you close the tab.
- Preferences (localStorage) — UI settings only, no personal data.
No third-party cookies, no advertising trackers, no fingerprinting.
7. Your rights
- Disconnect anytime — from inside GiftSnipr or directly in Tonkeeper's connected-apps list.
- Delete your data — email privacy@giftsnipr.com with your wallet address. We delete within 7 days.
- Export your data — same email, we send your stored records as JSON.
- EU/UK users: you have full GDPR rights to access, rectification, erasure, restriction, and portability.
8. Security
We follow industry best practices: HTTPS-only with HSTS preloaded, strict Content Security Policy, signed authentication proofs (ton_proof), server-side rate limiting, and dependency pinning. Found a vulnerability? Please report it via security@giftsnipr.com or our security.txt.
9. Children
GiftSnipr is not intended for users under 18. We do not knowingly collect data from minors. If you believe we have, contact us and we'll delete it immediately.
10. Changes to this policy
We'll update this page when we change our practices. Material changes will be announced in our Telegram channel and via in-app notice at least 14 days before they take effect.
11. Contact
Privacy questions: privacy@giftsnipr.com
Security reports: security@giftsnipr.com
General: hello@giftsnipr.com
← back to giftsnipr