Privacy Policy
How we collect, use, and protect your information
1. Introduction
crossovr.me is an independent, community-operated platform built for participants in the Crossover ecosystem. It is not affiliated with, endorsed by, or officially connected to Crossover, the Crossover Foundation, or its core development team.
This Privacy Policy describes what information we collect when you use our platform — including Beacon, Vault, Scanner, Council, and any future apps — and how that information is used and protected.
By using crossovr.me, you agree to the collection and use of information as described in this policy.
2. Information We Collect
2a. Account Registration (Required)
When you create an account, we collect the following information:
| Data | Purpose |
|---|---|
| Full Name | Display name for your account and community profile |
| Email Address | Account identification and login credential |
| Password | Account authentication. Stored only as a bcrypt hash — your plaintext password is never stored or logged. |
| Discord Username | Community identity verification and contact |
2b. Automatically Collected Information
When you use the platform, we automatically collect certain technical information for security and abuse prevention:
| Data | Purpose |
|---|---|
| IP Address | Recorded in our activity log for security monitoring and abuse prevention |
| Browser User Agent | Recorded alongside IP for security context (browser type, OS) |
| Activity Timestamps | When actions occur (logins, content creation, wallet operations) |
This information is logged when you perform specific actions (logging in, creating/editing content, managing wallets) — not on every page view.
2c. Voluntarily Provided Information
You may choose to provide additional information through your use of the platform. All of the following is entirely optional:
- Community Profile — Bio, about text, location, interests, website URL, social media handles (Twitter, Telegram, GitHub), avatar image, and banner image
- Wallet Addresses — Solana public keys you add to Vault (owned wallets) or Scanner (watch-only tracking). Note: Solana wallet addresses are publicly visible on the blockchain; we do not make them any more or less public than they already are.
- Wallet Labels & Descriptions — Names and notes you assign to wallets for organizational purposes
- Posts & Comments — Content you publish on Beacon (signals, discussions)
- Post Likes — Which posts you have liked
- Display Preferences — Theme selection, timezone, and preferred display currency
3. Cookies & Local Storage
We use a minimal number of cookies, all of which are strictly functional. We do not use advertising, analytics, or third-party tracking cookies.
| Cookie | Purpose | Duration | Scope |
|---|---|---|---|
XAND_SESSION |
Session identifier for logged-in users. HttpOnly, Secure, SameSite=Lax. | 2 hours | All crossovr.me subdomains |
ecosystem_theme |
Remembers your selected visual theme preference | 1 year | All crossovr.me subdomains |
We also use browser localStorage to remember your view preference (card vs. table layout). This data never leaves your browser and is not sent to our servers.
4. How We Use Your Information
We use the information we collect for the following purposes:
- Account Management — Creating and maintaining your account, authenticating logins, and managing access permissions
- Platform Functionality — Displaying your profile, publishing your posts, showing wallet balances and governance data
- Security & Abuse Prevention — Monitoring for unauthorized access, detecting suspicious activity, and protecting against abuse through activity logging
- On-Chain Data Queries — Using wallet addresses you provide to fetch publicly available blockchain data (balances, token holdings, governance participation)
5. Third-Party Services
The platform communicates with the following external services during normal operation:
| Service | Data Transmitted | Purpose |
|---|---|---|
| Google Fonts | Your browser sends standard HTTP request headers (IP address, user agent, referrer) when loading the Inter typeface | Typography rendering |
| Solana RPC / Helius | Wallet addresses and token mint addresses (public blockchain data) | Fetching on-chain balances, token accounts, governance data |
| Jupiter API | Token mint addresses only | Token price quotes for portfolio display |
| DexScreener API | Token mint addresses only | Market data (price, volume, liquidity) |
| Frankfurter (ECB) | Currency codes only (e.g., USD, EUR) | Exchange rate conversion for multi-currency display |
| IPFS Gateways | Content hashes (CIDs) only | Loading token and NFT metadata images |
6. Data Storage & Security
We take the security of your data seriously and employ the following measures:
- Password Hashing — Passwords are hashed using bcrypt (cost factor 12) before storage. Plaintext passwords are never stored, logged, or accessible to administrators.
- HTTPS Encryption — All connections to the platform are encrypted via TLS/SSL
- Secure Session Management — Session cookies are marked HttpOnly (not accessible to JavaScript), Secure (HTTPS only), and SameSite=Lax. Session IDs are regenerated periodically and upon login.
- CSRF Protection — All form submissions are protected against cross-site request forgery attacks
- Access Controls — User management is restricted to platform administrators. New accounts require admin approval before activation.
- Input Sanitization — All user inputs are sanitized and escaped to prevent injection attacks
While we implement industry-standard security practices, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.
7. Data Retention
- Account Data — Your account information is retained for as long as your account remains active. If your account is suspended or deleted, account data may be retained for a reasonable period for security and abuse prevention purposes.
- Activity Logs — IP addresses, user agents, and action timestamps are retained in the activity log for security monitoring. These logs may be periodically purged.
- User-Generated Content — Posts, comments, and profile information are retained until you delete them or request their removal.
- Wallet Data — Wallet addresses and labels you add to the platform are retained until you remove them.
- Cookies — The session cookie expires after 2 hours of inactivity. The theme preference cookie expires after 1 year.
8. Your Rights
You have the following rights regarding your personal data:
- Access — You can view your account information, profile data, and wallet configurations at any time through the platform
- Correction — You can update your profile information, display name, and preferences through the platform interface
- Deletion — You can remove your wallet addresses, profile content, posts, and comments at any time. To request full account deletion, contact us through the channels listed below.
- Data Portability — You can request a copy of your personal data by contacting us
9. Children’s Privacy
This platform is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us so we can take appropriate action.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make changes, we will update the “Effective” date at the top of this page. We encourage you to review this page periodically.
11. Contact
If you have questions about this Privacy Policy or wish to exercise your data rights, you can reach us through our community channels:
- Discord — Crossover Discord Server
- Twitter / X — https://x.com/crossovrtokn