Privacy Policy
Version 1.1 — Last Updated: April 29, 2026
Plain English Summary
This site does not have a backend, does not run a database, and does not receive or store your name, email address, or any other personal information.
Three small pieces of data are stored in your browser's local storage: your dark mode preference, the last RPC endpoint you selected, and the token you chose to display in the price ticker. All three stay on your device and are never sent anywhere. No tracking cookies are set by this site.
When your browser loads the page, it automatically fetches live token prices from CoinGecko and GeckoTerminal, and loads a JavaScript library from jsDelivr. As part of normal internet operation, those services receive your IP address and basic request information. This happens directly between your browser and those services.
If you scroll to the RPC section, the site automatically tests the response time of each RPC node by sending a small network request directly to each one. Your IP address is briefly exposed to each RPC provider's servers during this test. No personal data is retained by this site as a result.
If you use the Wallet Approval Scanner, the site sends the contract addresses being scanned to the GoPlus Security API to check them against a live threat database. Your IP address is exposed to GoPlus's servers as part of that request. This happens only when you initiate a scan — not on page load.
Wallet interactions, such as connecting MetaMask, approving transactions, or switching networks, happen entirely inside your wallet software. This site never has access to your private keys, seed phrase, or wallet credentials.
Blockchain transactions you choose to broadcast are public by design and permanently recorded on-chain. This is a property of blockchain networks and not something this site controls.
This site is hosted on GitHub Pages, which may process technical access data such as IP addresses under its own privacy policy.
For full details, including how third party services may process data, please read the complete Privacy Policy below.
This Privacy Policy describes how the Hunter's Toolbox website (the "Site") handles information in connection with your use of its tools, interfaces, and documentation.
This policy applies to all pages and tools hosted under this project. It should be read alongside the Terms of Use, which governs your use of the Site.
By using this Site, you acknowledge that you have read and understood this Privacy Policy.
Overview
This Site is a static, client-side web application hosted on GitHub Pages. It has no server-side application layer, no database, no user accounts, no registration system, and no backend infrastructure operated by the maintainer.
The maintainer does not receive, collect, store, or otherwise have access to personal data of users. However, in order for the Site to function, a user's browser necessarily makes direct requests to third party services (such as content delivery networks and data APIs). As a result, personal data such as IP addresses and request metadata may be processed by those third party services as an inherent part of delivering web content.
The maintainer does not have access to, and does not retain, any such data processed by third parties.
Data Controller
For the limited purposes for which any personal data may be considered to be processed in connection with this Site, the data controller is:
Hunter Rodriguez
Maintainer, Hunter's Toolbox
Contact: Via GitHub repository (see Contact section below)
Because the Site does not operate a backend or directly process personal data, the maintainer's role is limited to determining the structure and functionality of the Site, including the selection of third party services that are loaded in the user's browser.
Those third party services process data independently and for their own purposes. To the extent that applicable law may interpret the inclusion of such services as constituting joint participation in processing, such processing is limited to what is strictly necessary to deliver the Site's functionality, and the maintainer does not control or determine the subsequent use of data by those third parties.
What This Site Does Not Collect
The following types of data are not collected, stored, or transmitted to the maintainer by this Site:
- Names, email addresses, phone numbers, or any other contact information
- Account credentials of any kind
- Wallet private keys, seed phrases, or mnemonics
- Precise geolocation data
- Payment card information
- Behavioral tracking data or cross-site tracking profiles
- Form submissions containing personal information (this Site has no such forms)
This Site does not use advertising networks, behavioral analytics platforms, session replay tools, heatmapping services, or fingerprinting technologies.
Local Browser Storage
This Site uses your browser's localStorage API to remember three functional preferences between visits. No other data is written to local storage by this Site. The three keys stored are:
theme— Stores your display preference ("light"or"dark") so the correct mode is applied when you return to the Site.activeRPC— Stores the URL of the last RPC endpoint you selected using the RPC switching tool, so that endpoint can be visually highlighted as your active selection on your next visit.priceToken— Stores the token you last selected in the price ticker dropdown (for example,"BNB"or"PML"), so the ticker remembers your preferred token between sessions.
All three of these stored values:
- Remain on your device and are never transmitted to any server by this Site
- Contain no personally identifiable information
- Are not used for tracking or analytics of any kind
- Can be cleared at any time through your browser's settings
This Site does not set HTTP cookies through its own code. To the best of the maintainer's knowledge, the third party services used by this Site also do not set cookies in connection with the resources loaded by this Site. However, users should be aware that third party services operate independently and may change their behavior over time.
ePrivacy Directive and Cookie Compliance
This section addresses compliance with Directive 2002/58/EC (the "ePrivacy Directive"), as amended by Directive 2009/136/EC, which applies to users in the European Economic Area and, by extension, to users in the United Kingdom under equivalent retained legislation.
Article 5(3) of the ePrivacy Directive requires that storing information on, or accessing information from, a user's terminal equipment is only permitted with the user's consent, or where the storage or access is strictly necessary for the provision of a service explicitly requested by the user.
This Site does not use HTTP cookies for any purpose. The three localStorage items described in the section above are each strictly necessary for the provision of functionality explicitly requested by the user:
- The
themekey stores a UI display preference that the user sets by interacting with the dark mode toggle. Storing this preference is strictly necessary to honour the user's explicit choice across page loads. - The
activeRPCkey stores the RPC endpoint the user last selected, enabling the interface to correctly indicate the user's active selection on return. This is strictly necessary for the continuity of the RPC management tool. - The
priceTokenkey stores the token the user selected in the price ticker. This is strictly necessary to preserve the user's explicit selection between sessions.
None of these stored values are used for tracking, analytics, advertising, or any purpose other than restoring the user's own functional preferences. Accordingly, no cookie consent banner is implemented or required for these items under the strictly necessary exemption.
This Site does not deploy any cookies or similar technologies for analytics, advertising, or cross-site tracking. No consent management platform is used because no consent is required for the limited local storage described above.
The automatic loading of external resources on page load — specifically the CoinGecko price API, the GeckoTerminal price API, and the jsDelivr CDN — is strictly necessary for the Site to function as a token price display and Web3 tooling interface. These requests are made by the browser directly to the respective third party services; the maintainer does not intercept or receive the data transmitted.
Client-Side Technical Reads
This Site reads certain browser-provided values client-side in order to function correctly. These reads occur entirely within your browser and the values are not transmitted to the maintainer. Specifically:
- User Agent String (
navigator.userAgent): Read once on page load to detect whether you are using a mobile browser. This is used to determine whether to display the automatic token-add button or the manual token address flow for MetaMask Mobile users. The value is not stored or sent anywhere by this Site. - Browser Language (
navigator.language): Read to format numbers in your locale's style within the token value calculator. Not stored or transmitted. - Clipboard API (
navigator.clipboard): Used to copy token contract addresses or swap links to your clipboard when you tap a Copy button. The data written is a public blockchain address or URL only. Nothing is read from your clipboard.
These client-side reads are strictly necessary for the provision of the specific functionality described above and are not used for tracking, profiling, or identifying users.
Wallet Addresses and Blockchain Data
Certain tools on this Site interact with MetaMask or other browser-based Web3 wallet extensions. The following applies to those interactions:
- This Site does not transmit wallet addresses, private keys, seed phrases, or any wallet credentials to the maintainer or any server controlled by the maintainer.
- When you connect your wallet, your wallet's public address is displayed in the browser interface for your reference. It is not stored by this Site beyond the active browser session.
- All transaction parameters generated by this Site (such as donation amounts or token transfer data) are passed locally to your wallet extension for your review and approval. The Site does not submit or broadcast any transaction on your behalf.
- When you use the RPC switching tools, this Site calls MetaMask's standard
wallet_addEthereumChainandwallet_switchEthereumChainmethods. These calls go through your wallet extension.
RPC Latency Testing
When you scroll to the RPC section of the Site, the Site's JavaScript automatically sends a small test request (an eth_blockNumber JSON-RPC call) directly to each of the nine available RPC endpoints in order to measure their response time. This is handled by fetch() calls made from your browser to the RPC endpoints themselves — it does not pass through your wallet. As a result of these direct requests, your IP address is briefly exposed to each RPC provider's servers. No personal data is retained by this Site as a result of these latency tests. If you do not wish your browser to contact RPC endpoints directly, you should avoid scrolling to the RPC section or use the Site's Lite Version.
On-Chain Transparency: Blockchain transactions you approve and broadcast are recorded permanently and publicly on the BNB Smart Chain. This includes transaction amounts, wallet addresses, and timestamps. This is an inherent property of public blockchain networks and is entirely outside the control of this Site or its maintainer. You are solely responsible for understanding the privacy implications of any on-chain activity you initiate.
Donation Wallet: The maintainer's donation wallet address is publicly disclosed in the Site's source code. Any donations you send to that address are permanently recorded on-chain and visible to anyone.
Third Party Data Processing
This Site relies on several third party services to function. Each of these services may process your IP address and other technical data as part of their normal operation. The maintainer does not control these services and is not responsible for their data practices. You are encouraged to review each service's own privacy policy.
| Service | Purpose | When Triggered | What May Be Processed | Their Privacy Policy |
|---|---|---|---|---|
| GitHub Pages (GitHub, Inc.) | Hosts and serves this Site | Every page load | IP address, HTTP request headers, browser type, pages accessed, timestamps | GitHub Privacy Statement |
| CoinGecko API | Fetches live BNB price data | Every page load (automatic) | IP address, HTTP request metadata | CoinGecko Privacy Policy |
| GeckoTerminal API | Fetches live price data for PFI, PFB, PFS, PFG, PML, and JOY tokens | Every page load (automatic) | IP address, HTTP request metadata | CoinGecko / GeckoTerminal Privacy Policy |
| jsDelivr CDN | Delivers the ethers.js JavaScript library | Every page load (automatic) | IP address, HTTP request metadata, browser type | jsDelivr Privacy Policy |
| GoPlus Security API (gopluslabs.io) | Checks contract addresses against a live security threat database as part of the Wallet Approval Scanner | Only when you initiate an approval scan — not on page load | IP address, HTTP request metadata, the contract addresses submitted for checking (these are public blockchain addresses, not personal data) | GoPlus Labs |
| pmlcoin.app | Serves token logo images (PFI, PFB, PFS, PFG, PML) displayed in the Site's UI | Every page load (automatic) | IP address, HTTP request metadata | Refer to that site's privacy policy if available |
| hrweb3buttons.github.io | Serves the JOY token logo image displayed in the Site's UI | Every page load (automatic) | IP address, HTTP request metadata | GitHub Privacy Statement |
| cryptologos.cc | Serves the USDT logo image | Every page load (automatic) | IP address, HTTP request metadata | cryptologos.cc |
Price data and token images are fetched automatically when the page loads. No user action is required to trigger these requests. This means that simply visiting the Site will result in your browser making requests to CoinGecko's API, GeckoTerminal's API, jsDelivr's CDN, pmlcoin.app, hrweb3buttons.github.io, and cryptologos.cc, each of which may log your IP address.
RPC Providers
When you scroll to the RPC section, the Site's JavaScript sends direct latency test requests to each of the following RPC providers: LlamaRPC, PublicNode, Blockrazor, BLXR, dRPC, PublicNodies, 1RPC, SubQuery, and NowNodes. These requests are made directly from your browser to each provider's servers, and your IP address is exposed to each provider as a result. This is separate from and in addition to any communication that occurs via MetaMask when you choose to add an RPC endpoint to your wallet. Each RPC provider operates independently and is governed by its own terms and privacy policy.
Users who wish to avoid any transmission of technical data to third party services should refrain from using the Site, as the loading of external resources is necessary for its functionality.
External Links and Redirects
This Site contains links and buttons that open external websites in a new tab, including ApeSpace, BscScan, PancakeSwap, Google Drive, myjoy.market, and GitHub. When you navigate to these sites, you leave this Site entirely. The maintainer has no control over, and no responsibility for, the data practices of any external site. Your use of those sites is governed solely by their own terms and privacy policies.
All external links are opened with noopener noreferrer attributes to prevent the destination site from accessing this page's context and to avoid passing the HTTP referrer header where supported.
Children's Privacy
This Site is intended for users who are at least 18 years of age, as stated in the Terms of Use. This Site does not knowingly collect personal information from anyone under the age of 18. If you believe a minor has provided personal information in connection with this Site, please contact the maintainer using the information in the Contact section below.
Rights Under the GDPR and Similar Laws
This section applies to individuals located in the European Economic Area (EEA), the United Kingdom, and other jurisdictions with comprehensive data protection laws such as Brazil's LGPD, Canada's PIPEDA, and California's CCPA/CPRA.
Position Under the GDPR
The General Data Protection Regulation (EU) 2016/679 applies to the processing of personal data of individuals in the EEA. The maintainer's position is as follows:
- The Site operates with no backend, no database, and no server-side infrastructure controlled by the maintainer. No personal data — including IP addresses, wallet addresses, or any other identifying information — is collected, stored, or processed by the maintainer.
- The Site is hosted on GitHub Pages. GitHub, Inc. processes server access data (including IP addresses) as an independent data controller under its own privacy policy and its obligations as a data processor. The maintainer has no access to this data.
- Third party APIs and CDNs (CoinGecko, GeckoTerminal, jsDelivr, GoPlus Security) similarly process request data as independent data controllers. The maintainer does not receive or have access to any data those services collect.
- The three items stored in
localStorage— theme preference, active RPC URL, and selected price token — do not constitute personal data within the meaning of Article 4(1) GDPR. They contain no information that identifies or is capable of identifying a natural person.
In light of the above, the maintainer does not act as a data controller or data processor with respect to any personal data of EEA users for the purposes of the GDPR. To the extent any residual interpretation of applicable law might conclude otherwise, any processing is strictly limited to what is technically necessary to deliver the Site's functionality, as described in this policy.
Where the GDPR is considered applicable, the legal basis for the limited technical processing described in this policy is the legitimate interests of the maintainer (Article 6(1)(f) GDPR), namely the provision of a functional, client-side web interface. The maintainer has determined that these interests are not overridden by the rights and freedoms of users, given that no personal data is received, stored, or profiled by the maintainer, and that any incidental processing occurs transiently and directly between the user's browser and independent third party services.
Data Subject Rights
Because this Site does not directly collect or store personal data, the maintainer generally cannot fulfill data subject rights requests that presuppose the existence of stored personal data — because no such information exists in the maintainer's possession.
For data processed by third party services (such as GitHub, CoinGecko, or jsDelivr), you must submit your request directly to those services, as they are the independent data controllers for that data.
Nonetheless, to the extent any rights apply, users in applicable jurisdictions may have the following rights:
- Right of Access: The right to request information about personal data processed about you.
- Right to Rectification: The right to request correction of inaccurate personal data.
- Right to Erasure: The right to request deletion of personal data under certain circumstances.
- Right to Restriction of Processing: The right to request that processing be limited in certain circumstances.
- Right to Data Portability: The right to receive personal data in a structured, machine-readable format.
- Right to Object: The right to object to processing based on legitimate interests.
- Right to Withdraw Consent: Where processing is based on consent, the right to withdraw consent at any time without affecting the lawfulness of prior processing.
- Right to Lodge a Complaint: The right to lodge a complaint with your local data protection supervisory authority. For EEA users, this is the supervisory authority in your Member State. For UK users, this is the Information Commissioner's Office (ICO).
To exercise any applicable rights, or for questions regarding data protection, please use the contact information in the Contact section below.
International Data Transfers
This Site is hosted by GitHub Pages, a service operated by GitHub, Inc., which is based in the United States. When your browser accesses this Site, your technical data (such as your IP address) may be transferred to and processed in the United States and other countries where GitHub and its infrastructure partners operate.
Similarly, CoinGecko, GeckoTerminal, jsDelivr, and GoPlus Security may process requests from their respective infrastructure locations, which may be outside your country of residence.
Such transfers are carried out by the respective third party service providers under their own responsibility. These providers may rely on legally recognized transfer mechanisms, such as Standard Contractual Clauses or other appropriate safeguards where applicable. The maintainer does not control these mechanisms and does not have access to the transferred data.
Data Retention
This Site does not retain personal data on behalf of the maintainer. The three items stored on your device in localStorage — theme preference, active RPC URL, and selected price token — persist until you clear your browser data or change the settings within the Site.
Data retained by third party services (such as GitHub server logs) is subject to those services' own retention policies.
Security
This Site implements a Content Security Policy (CSP) header that restricts which external domains the browser is permitted to load resources from or connect to. This is designed to reduce the risk of unauthorized script injection or data exfiltration.
The Site loads its JavaScript library (ethers.js) from jsDelivr with a Subresource Integrity (SRI) hash, ensuring that the script cannot be silently modified or tampered with by the CDN without detection.
However, no security measure is perfect. The maintainer makes no warranty that the Site is free from vulnerabilities. Your device, browser, wallet software, and network connection each carry their own security considerations that are outside the scope of this Site.
Changes to This Policy
This Privacy Policy may be updated from time to time. The version number and date at the top of this page reflect the most recent revision. Material changes will be noted where possible. Continued use of the Site after any update constitutes your acceptance of the revised policy. If you do not agree with a revised policy, you must discontinue use of the Site.
Governing Law
This Privacy Policy is governed by and construed in accordance with the laws of the Republic of Panama, without regard to its conflict of law principles, consistent with the governing law provisions of the Terms of Use.
Nothing in this Privacy Policy limits any rights you may have under mandatory data protection laws applicable in your jurisdiction, including the GDPR and the ePrivacy Directive where applicable.
Contact
This Site is independently maintained by Hunter Rodriguez.
For questions or concerns about this Privacy Policy, data protection inquiries, or to exercise any applicable data subject rights, please use the project's GitHub repository as the designated contact channel.
For formal legal notices, please refer to the contact procedures described in the Terms of Use.