Smirk

Privacy Policy

At Smirk, we believe privacy is a fundamental human right. Our architecture is designed so that we never have access to your private keys, unencrypted funds, or the ability to spend your money.

1. The Non-Custodial Guarantee

Smirk is a non-custodial service.

  • Private Spend Keys: Your private spend keys (the keys required to move money) are generated and stored locally on your device. They are never transmitted to our servers.
  • No Access: We cannot "freeze" accounts or "seize" funds because we do not hold the keys to move them.

2. Information We Collect

To facilitate social tipping and identity verification, we collect the following:

A. Monero & Wownero Private View Keys

To provide a fast mobile and browser-extension experience without requiring you to download the entire blockchain, Smirk collects and stores your Private View Keys for Monero (XMR) and Wownero (WOW).

  • Purpose: These keys allow our Light Wallet Server (LWS) to scan the blockchain on your behalf to identify incoming tips and update your balance.
  • Limitation: A View Key cannot be used to spend your funds. It only allows the server to see that a transaction has occurred. Your funds remain secure and spendable only by your local Smirk wallet (browser extension or mobile app).

B. Social Identity Data

When you link a social account (Telegram, Discord, etc.), we store:

  • Your platform-specific User ID and Username.
  • Your public wallet address (so others can find you to send tips).

C. Transaction Metadata & Payloads

  • Encrypted Payloads: The ciphertext of the tip (which we cannot read).
  • Status & Timestamps: Metadata regarding when a tip was created or claimed.

D. Bitcoin & Litecoin Public Addresses

To show your BTC and LTC balances and broadcast your transactions, our backend forwards your public wallet addresses to mainstream blockchain indexers (e.g. mempool.space for Bitcoin, litecoinspace.org for Litecoin). These are the same indexers most non-custodial wallets use.

  • What is shared: only public address strings and signed transaction bytes — never seed phrases or private keys.
  • What we store: nothing additional on our side beyond what is already in your wallet's local view.

E. Wallet Fingerprint

On first login your wallet derives a one-way fingerprint(SHA-256 of your seed) and sends it to our backend as a stable, anonymous identifier. It is used to associate your wallet with social handles and tip history across devices, and is the value our backend joins on internally. It is not reversible back to your seed and cannot be used to spend your funds.

F. Optional Dapp Connections (window.smirk)

Smirk exposes a window.smirk API to web pages so dapps like smirk.cash, claim pages, and merchant sites can request a connection or a signature from your wallet. Connections are per-origin and require an explicit approval prompt the first time a site asks; you can revoke any origin at any time from Settings. You can also globally disable thewindow.smirk surface from Settings — when off, pages cannot detect that Smirk is installed.

  • What gets shared: only the public material you approve (asset public keys, addresses) plus the signatures you explicitly authorize per request.
  • What we do not share: seed phrases, private spend keys, balances of un-authorized assets, history of other origins.

G. Optional Crypto Swaps

Smirk offers in-wallet crypto swaps (e.g. BTC ↔ XMR) via third-party aggregators such as Trocador. We do not operate an exchange ourselves. When you choose to swap, the wallet queries the third-party aggregator for quotes and routes the trade through them.

  • What gets shared with the aggregator: the asset pair, amount, and destination public address — exactly what the aggregator needs to fulfill the trade.
  • Subject to the aggregator's own privacy policy: we are a passthrough at trade time. Trocador's policy lives at trocador.app/privacy.
  • Opt-in: no swap data leaves your device until you tap to request a quote.

3. How We Protect Your Data

  • Backend Security: Our Rust-based backend utilizes SQLx type safety and memory-safe architecture to protect your stored view keys and social data.
  • No Sale of Data: We do not, and will never, sell your social handles, transaction history, or view key data to third parties.

🛡️ Why do we need your View Key? (The "Smirk" Approach)

Traditional Monero wallets require hours of syncing. By providing your Private View Key to our server:

  • ✓ We scan the blockchain for you in real-time.
  • ✓ We notify your extension when a tip arrives.
  • ✓ You remain the only one with the Private Spend Key required to actually move those funds.

🛡️ Quick-Glance Summary

  • Non-Custodial: We never see your private spend keys. Your money is yours.
  • View Keys: We collect Monero/Wownero view keys to scan for your tips so you don't have to sync the whole blockchain.
  • Public Addresses: Your BTC/LTC public addresses are forwarded to mainstream blockchain indexers — the same ones every non-custodial wallet uses. Nothing private.
  • Fingerprint: A one-way SHA-256 of your seed is sent to identify your wallet — not reversible, cannot move funds.
  • Encrypted: All tip payloads are encrypted on your device.
  • Identity: We only store your Social ID to help people find your public key.
  • Dapps: The window.smirk API is opt-in per origin, revocable per origin, and can be turned off globally in Settings.
  • Swaps: Optional, opt-in, routed through third-party aggregators (e.g. Trocador). We never operate an exchange.
← Back to Smirk