Last updated: July 13, 2026
Greenlit was built to know as little about you as possible. This page lists everything it does process — it is a short list — and is honest about the one thing no privacy request can undo: public blockchains and IPFS never forget.
Greenlit is operated by a single individual (the “Operator”). This policy explains what the hosted interface at greenlit.fun processes when you use it, why, and what your choices are. Privacy questions and requests go to [CONTACT EMAIL].
This policy covers only the interface itself. It does not cover your wallet software, block explorers, Uniswap, creator-supplied websites and social links, or the public blockchain and IPFS networks — those are separate systems with their own practices.
The design keeps data handling minimal:
IP addresses. Server endpoints (the JSON-RPC proxy, metadata uploads, launch registration) apply per-IP rate limits to prevent abuse. Your IP address is used as a rate-limit counter key in Upstash Redis and appears in hosting provider request logs. Legal basis where GDPR applies: legitimate interest in keeping a free, keyless service online and preventing abuse.
Wallet addresses. When you connect a wallet, its public address is used in your browser to read balances and build transactions, and reaches the server only inside ordinary requests (for example, when checking your launches or when a signed metadata authorization is verified). Wallet addresses are public blockchain data — the blockchain, not Greenlit, is their source of record, and anyone can observe them there independently of this interface.
Launch content. If you launch a token, the name, ticker, description, links, image, and a wallet-signed authorization (which includes your wallet address) are uploaded to public IPFS via Pinata and referenced on-chain. See the next section — this is permanent.
Technical logs. The hosting platform records standard server logs (IP, user agent, requested URL, timing, errors) used for debugging, security, and keeping the service running.
Email, if you write to us. If you contact [CONTACT EMAIL], we process what you send in order to respond.
We do not use any of the above for profiling or marketing.
Anything you put on-chain or in token metadata is public, worldwide, and effectively permanent. Wallet addresses, transactions, token names, descriptions, and images are replicated across systems nobody controls. Neither you nor the Operator can edit or delete them later — no privacy request can undo an IPFS upload or a blockchain transaction.
Before launching: do not put your real name, contact details, or anything else you might ever want removed into a token’s metadata or image.
What the Operator can do is stop pinning content through the interface’s own Pinata account and stop displaying it on greenlit.fun (see the Content & Acceptable Use Policy). Copies may nonetheless persist on other IPFS nodes and gateways.
These providers process limited data to make the interface work. Each applies its own privacy policy and retention practices:
The server also fetches a public ETH/USD price from exchange APIs (Coinbase, CoinGecko, Kraken); no user data is included in those requests. We disclose data beyond this list only if required by law or to protect the service and its users from abuse.
Depending on where you live (for example under the GDPR, UK GDPR, or CCPA/CPRA), you may have rights to access, correct, delete, or receive a copy of personal data, to object to or restrict certain processing, and to complain to a supervisory authority. To exercise them, email [CONTACT EMAIL]. Expect an honest, human reply from a one-person operation — normally within 30 days. You will never be treated differently for exercising a privacy right.
Two honest caveats:
The interface runs on infrastructure that may be located in the United States and other countries, so the limited data described above may be processed outside your own jurisdiction. Where GDPR applies, transfers rely on the providers’ standard safeguards (such as Standard Contractual Clauses in their data-processing terms).
The interface uses HTTPS everywhere, a strict Content Security Policy, server-only credentials, input bounds, and rate limits. No system is perfectly secure — but the best protection here is architectural: the interface never holds your keys or funds, so there is no custodial honeypot to breach. Protect your own wallet: nobody legitimate, including the Operator, will ever ask for your seed phrase.
The interface is not directed to children and may not be used by anyone under 18. We do not knowingly process children’s personal data; if you believe a child has used the interface, contact [CONTACT EMAIL].
If our data practices change — for example, a new provider joins the stack — this policy will be updated and the “Last updated” date will change. Material changes will be flagged on the interface for a reasonable period.
Privacy questions, rights requests, and complaints: [CONTACT EMAIL].