MillionScan is an on-chain perpetual futures trader analytics platform. We score and surface public on-chain trader performance data, continuously monitor it, and refresh it in real time. Built for developers, researchers, and informed observers. Information only. Not investment advice.

Skip to main content

Legal

Privacy Policy

Last updated · April 26, 2026

This Privacy Policy describes how MillionScan (“we”, “us”, “our”) collects, uses, and protects your information when you use our Service at millionscan.com.

1. Information We Collect

Account information: When you register, we collect your email address and display name. Your password is hashed using bcrypt and is never stored in plaintext.

Usage data: We collect information about how you interact with the Service, including pages visited, features used, and actions taken. This data is used to improve the Service and may be collected through lightweight analytics.

Session data: We store session metadata including device information (browser/OS), session creation time, and last activity time to enable account security features such as session management and single-session enforcement.

Payment data: Payment transactions are processed by NOWPayments, our third-party crypto payment processor. NOWPayments handles the wallet-side payment flow end-to-end; we never see or store your private keys, seed phrases, or wallet credentials. From the IPN webhook the payment processor delivers, we persist: invoice id, payment id, the USD price you agreed to, the pay currency, the amount actually paid, the on-chain transaction hash, and the lifecycle status (pending / waiting / confirming / finished / etc). The raw IPN body is kept verbatim for forensic audit in case a billing dispute requires reconstruction.

API key data: When you issue an API key, we store the SHA-256 hash of the key plus its first 12 characters (the prefix shown in the Settings panel). The plaintext key is shown to you exactly once at issuance and never persisted server-side — we cannot recover or re-display it. We additionally record the key's creation timestamp, last-used timestamp (best-effort, updated when the key authenticates a request), and a per-(api_key, endpoint, day) request counter used to populate the “today” / “this month” usage display in Settings. None of this data leaves the platform.

2. How We Use Your Data

We use your information to: (a) provide, maintain, and improve the Service; (b) process payments and manage subscriptions; (c) send transactional communications (payment confirmations, account verification); (d) enforce our Terms of Service; (e) detect and prevent fraud or abuse; and (f) generate aggregated, anonymized analytics to improve the platform.

3. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. We may share data with: (a) payment processors to complete transactions; (b) infrastructure providers necessary to operate the Service; (c) law enforcement when required by law or to protect our legal rights; and (d) in connection with a merger, acquisition, or sale of assets, with appropriate notice to you.

4. Cookies and Tracking

MillionScan uses essential cookies and local storage for authentication (JWT tokens) and session management. We do not use third-party advertising cookies or cross-site tracking. Analytics, when enabled, use privacy-respecting methods that do not involve third-party tracking cookies.

5. Data Storage and Security

Your data is stored on secure servers. We implement industry-standard security measures including encrypted connections (TLS), hashed passwords (bcrypt), JWT-based authentication with short-lived tokens, IP-based access controls for administrative endpoints, and rate limiting. While we take reasonable precautions, no method of electronic transmission or storage is 100% secure.

6. Data Retention

We retain your account data for as long as your account is active. If you request account deletion, you have 30 days to cancel the request. After 31 days from the request, your data will be permanently removed. Aggregated, anonymized data that cannot be used to identify you may be retained indefinitely for analytical purposes.

7. Your Rights

You have the right to: (a) access the personal data we hold about you; (b) correct inaccurate data (via Settings); (c) request deletion of your account and associated data; and (d) withdraw consent where processing is based on consent. To exercise these rights, use the in-app Settings or contact us directly.

8. International Data

The Service is operated from servers that may be located in various jurisdictions. By using the Service, you consent to the transfer and processing of your data in the jurisdiction where our servers are located, which may have different data protection laws than your country of residence.

9. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from minors. If we learn that we have collected data from a user under 18, we will delete the account and associated data promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or via email. The “Last updated” date at the top reflects the most recent revision. Your continued use of the Service after changes constitutes acceptance.

11. Contact

For privacy-related inquiries or to exercise your data rights, contact us at [email protected].