Privacy & Security

How Satoshi Tracker protects your data

End-to-End Encryption

Can the operator see my xPubs or wallet addresses?

No. All sensitive data (xPubs, wallet addresses, labels, transaction details) is encrypted with a key derived from your password using AES-256-GCM. The database only contains ciphertext. Not even the server operator can read your data.

How does the encryption work?

When you register, a random encryption key (dataKey) is generated. This key is encrypted with a master key derived from your password (PBKDF2 with 600,000 iterations). Only someone with your password can decrypt the dataKey, and only the dataKey can decrypt your data.

What happens if I forget my password?

All your data is permanently lost. There is no password reset, no recovery email, no backdoor. This is by design - just like losing your Bitcoin seed phrase. Write down your password and store it safely. If you lose access, you will need to create a new account and re-enter all your xPubs and wallet addresses from scratch.

Network Privacy

Can anyone link my IP address to my Bitcoin holdings?

No. All blockchain queries (Blockstream, Mempool) are made by our server, not your browser. The blockchain APIs only see our server's IP address, never yours. Your IP is never stored or logged by our application.

Do you use analytics or tracking?

No. No Google Analytics, no cookies for tracking, no fingerprinting. The only cookie is your encrypted session token. We also send a Permissions-Policy header to block FLoC and similar tracking technologies.

Should I use my real name as username?

No! For maximum privacy, always choose an anonymous username that cannot be traced back to you. Never use your real name, email address, or any other personally identifiable information. The username is the only piece of data stored in plain text.

What is stored and how

What exactly is stored in the database?

Here is exactly what is stored:

Username: stored in plain text (needed for login)Klartext

Password: bcrypt hash with cost factor 12 (cannot be reversed)Hash

xPubs & wallet addresses: AES-256-GCM encrypted (unreadable without your password)E2E

Wallet labels: AES-256-GCM encryptedE2E

Transaction data: AES-256-GCM encryptedE2E

Bitcoin price history: plain text (public data, not user-specific)Public

Where is the database hosted?

On Neon (PostgreSQL), hosted on AWS in Frankfurt, Germany. Data is encrypted at rest by the provider and encrypted end-to-end by our application on top of that.

Sessions & Authentication

How are sessions handled?

We use server-side sessions with httpOnly, Secure, and SameSite=Strict cookies. No JWT tokens in localStorage. Session tokens are stored as SHA-256 hashes in the database. Your encryption key is re-encrypted with each session token, so it's only accessible during your active session.

How long does a session last?

1 hour. After 1 hour of inactivity, your session expires and you need to log in again. This ensures your encryption key is not kept in memory longer than necessary. For a financial application, short sessions are a security feature, not a limitation.

Security Headers

What security measures are in place?

We enforce the following HTTP security headers on every response:

X-Content-Type-Options: nosniff

X-Frame-Options: DENY (prevents clickjacking)

Referrer-Policy: no-referrer (no referrer leaks)

Permissions-Policy: interest-cohort=() (blocks FLoC tracking)

What the database actually looks like (Demo):

username: satoshi42(plain text (the only readable field))

password: $2b$12$LJ3m4kG8rK...yX2Q7e(bcrypt hash (irreversible))

xpub: rK3j8F+mQ==:7xVn2...pL9w==:aH4kM...zQ8r==(AES-256-GCM encrypted (unreadable))

wallet_label: Yx8mK+3Q==:nR4p7...wJ2k==:bT5nL...mK9s==(AES-256-GCM encrypted (unreadable))

btc_price: 9742000(public data, not encrypted)