Privacy & Security

How Satoshi Tracker protects your data

End-to-End Encryption

Can the operator see my xPubs or wallet addresses?

No. All sensitive data (xPubs, wallet addresses, labels, transaction details) is encrypted with a key derived from your password using AES-256-GCM. The database only contains ciphertext. Not even the server operator can read your data.

How does the encryption work?

When you register, a random encryption key (dataKey) is generated. This key is encrypted with a master key derived from your password (PBKDF2 with 600,000 iterations). Only someone with your password can decrypt the dataKey, and only the dataKey can decrypt your data.

What happens if I forget my password?

All your data is permanently lost. There is no password reset, no recovery email, no backdoor. This is by design - just like losing your Bitcoin seed phrase. Write down your password and store it safely. If you lose access, you will need to create a new account and re-enter all your xPubs and wallet addresses from scratch.

Network Privacy

Can anyone link my IP address to my Bitcoin holdings?

Practically no, with one caveat. All blockchain queries (Blockstream, Mempool) are made by our server, not your browser, so those APIs only ever see our server's IP, never yours. Our application code does not store your IP anywhere in the database. The one thing the application cannot control: Vercel (our hosting provider) automatically keeps access logs containing IP, user agent and timestamp per request. These logs are not public, but they exist at the platform level and could be released under legal compulsion. They never contain wallet addresses, xPubs, or amounts - all of those are encrypted and never appear in logs.

Do you use analytics or tracking?

No. No Google Analytics, no tracking cookies, no fingerprinting. The only cookie is a random session token (httpOnly, Secure, SameSite=Strict). The database only stores its SHA-256 hash. We also send a Permissions-Policy header that blocks FLoC, the Topics API, camera, microphone and geolocation.

Should I use my real name as username?

No! For maximum privacy, always choose an anonymous username that cannot be traced back to you. Never use your real name, email address, or any other personally identifiable information. The username is the only piece of data stored in plain text.

What is stored and how

What exactly is stored in the database?

Here is exactly what is stored:

Username: stored in plain text (needed for login)Klartext

Password: bcrypt hash with cost factor 12 (cannot be reversed)Hash

xPubs & wallet addresses: AES-256-GCM encrypted (unreadable without your password)E2E

Wallet labels: AES-256-GCM encryptedE2E

Wallet group names: AES-256-GCM encryptedE2E

Transactions (amounts, block height, timestamps, prices): AES-256-GCM encryptedE2E

DCA plans (name, amount, start date): AES-256-GCM encryptedE2E

Bitcoin price history: plain text (public data, not user-specific)Public

Where is the database hosted?

On Neon (PostgreSQL), a serverless Postgres provider hosted in the EU. Data is encrypted at rest by the provider and encrypted end-to-end by our application on top of that.

Sessions & Authentication

How are sessions handled?

We use server-side sessions with httpOnly, Secure, and SameSite=Strict cookies. No JWT tokens in localStorage. Session tokens are stored as SHA-256 hashes in the database. Your encryption key is re-encrypted with each session token, so it's only accessible during your active session.

How long does a session last?

1 hour. After 1 hour of inactivity, your session expires and you need to log in again. This ensures your encryption key is not kept in memory longer than necessary. For a financial application, short sessions are a security feature, not a limitation.

Security Headers

What security measures are in place?

We enforce the following HTTP security headers on every response:

Content-Security-Policy: strict allowlist (mitigates XSS and unauthorized external requests)

Strict-Transport-Security: enforces HTTPS for 2 years (preload)

X-Content-Type-Options: nosniff

X-Frame-Options: DENY (prevents clickjacking)

Referrer-Policy: no-referrer (no referrer leaks)

Permissions-Policy: blocks FLoC, camera, microphone, geolocation

What the database actually looks like (Demo):

username: satoshi42(plain text (the only readable field))

password: $2b$12$LJ3m4kG8rK...yX2Q7e(bcrypt hash (irreversible))

xpub: rK3j8F+mQ==:7xVn2...pL9w==:aH4kM...zQ8r==(AES-256-GCM encrypted (unreadable))

wallet_label: Yx8mK+3Q==:nR4p7...wJ2k==:bT5nL...mK9s==(AES-256-GCM encrypted (unreadable))

btc_price: 9742000(public data, not encrypted)