Privacy Policy

01 Introduction

ERC20Token.app is operated by ERC20Token.app, a company registered and based at Singelpassage 9, 9401 JB Assen, Drenthe, Netherlands. This Privacy Policy describes how we collect, use, store, and share information when you visit our website or use our service to create an ERC20 token on the Ethereum blockchain.

We take privacy seriously. This document is written to be read, not skimmed — we have avoided vague language wherever possible and aimed to be specific about what data we handle and why. If you have questions that this policy does not answer, please reach out to us directly using the contact details in Section 12.

By using our website or submitting a token creation request through our platform, you acknowledge that you have read and understood this policy. If you do not agree with any part of it, you should discontinue use of the service. Your continued use after any material changes to this policy constitutes your acceptance of the revised terms.

This policy should be read alongside our Terms of Service and Cookie Policy, which together form the complete legal framework governing your use of ERC20Token.app.

02 Information We Collect

We collect only the information that is necessary to deliver the token creation service and to maintain the security and performance of our platform. We do not collect payment card details, government identification, or any sensitive personal categories as defined under GDPR Article 9.

Information you provide directly:

  • Token configuration parametersthe name, symbol, total supply, decimal places, and optional features (burnable, mintable, transfer tax, reflection, etc.) that you enter into our token creator form. This data is required to deploy the smart contract and is retained as part of the transaction record.
  • Wallet addressyour Ethereum wallet address (e.g. a MetaMask, Coinbase Wallet, or WalletConnect address) that you provide or connect for the purpose of receiving the deployed token contract and paying the 0.02 ETH service fee. We do not store private keys or seed phrases at any point — these never leave your browser or wallet application.
  • Contact communicationsif you send us an email or contact us through any support channel, we retain the content of that message, your email address, and any information you include in order to respond to your enquiry.

Information collected automatically:

  • Log dataour web server records standard HTTP access logs, which include your IP address, browser user-agent string, referring URL, the pages you visited, timestamps, and HTTP response codes. These logs are maintained for security monitoring and are not used for profiling.
  • Session datawe use server-side PHP sessions to maintain state during the token creation workflow. Session identifiers are stored in your browser as a cookie and are automatically expired after your session ends.
  • Analytics datawe use third-party analytics tools (described in Section 5) that may record page views, time on site, click events, and device/browser characteristics. Where possible, we configure these tools with IP anonymisation enabled.
  • Transaction metadataonce a token deployment is submitted to the Ethereum network, the resulting transaction hash and deployed contract address are logged against your session record so that we can provide deployment confirmation and Etherscan verification links.
03 How We Use Your Information

Every use of your data is tied to a specific, documented purpose. We do not sell your information, and we do not use it for advertising targeting on other platforms.

  • Service deliveryyour token configuration and wallet address are used to compile, deploy, and verify your ERC20 smart contract on Ethereum Mainnet. Without this information, the service cannot function. The legal basis under GDPR is the performance of a contract (Article 6(1)(b)).
  • Payment verificationwe verify on-chain that the 0.02 ETH service fee has been received from your wallet address before initiating deployment. This check is performed programmatically against the Ethereum blockchain and does not involve any payment processor holding your funds.
  • Etherscan verificationafter deployment, we submit the contract source code and constructor arguments to the Etherscan API on your behalf, so that your token's source code is publicly verified. This requires transmitting the token parameters to Etherscan's servers.
  • Security and fraud preventionlog data and IP addresses are reviewed when we detect unusual access patterns, repeated failed submissions, or activity that may indicate abuse of the platform. The legal basis is our legitimate interest in protecting the integrity of the service (Article 6(1)(f)).
  • Service improvementanonymised analytics data helps us understand which features are most used, where users encounter difficulties, and how to improve the overall experience of knowing how to create an ERC20 token through our platform.
  • Legal compliancewe may process and retain certain data where required by applicable Dutch or EU law, for example in response to a lawful request from a public authority.
  • Customer supportif you contact us, we use the information you provide to diagnose problems, answer questions, and follow up if necessary.

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on any individual user.

04 Blockchain & Wallet Data

The Ethereum blockchain is a public, immutable ledger. When you use ERC20Token.app to deploy a token contract, the following information is permanently written to the blockchain and is publicly accessible to anyone in the world:

  • Your Ethereum wallet address (the deployer/owner address)
  • The deployed token contract address
  • The transaction hash of the deployment transaction
  • The token name, symbol, total supply, and any constructor arguments
  • The timestamp and block number of the deployment
  • The 0.02 ETH fee transaction from your address to our platform wallet

We have no ability to delete or alter any data that has been written to the Ethereum blockchain. This is a fundamental property of public blockchain networks and is not within our control. If you use our service to create your own ERC20 token, you should understand and accept that your wallet address will be permanently associated with the deployed contract in a publicly visible way.

We do not have access to your private keys, seed phrase, or any signing credentials. Token deployment transactions are signed entirely within your wallet application (such as MetaMask). We receive only your public wallet address and the signed transaction broadcast, never anything that could allow us to move funds from your wallet.

If you connect a wallet using WalletConnect or a similar protocol, the connection is established directly between your wallet application and your browser. We do not intercept or store the raw connection payload beyond what is needed to present you with your wallet address in the form.

05 Third-Party Services

Running a modern web service requires integrating with a small number of trusted third parties. Each integration is described below, along with the data shared and the relevant privacy documentation.

  • Infura / Alchemy (Ethereum node providers)to submit deployment transactions to the Ethereum network, we use a professional RPC node provider. Your transaction data (signed transaction hex) is relayed through this provider to Ethereum nodes. These providers log IP addresses and request metadata for their own security and billing purposes. See their respective privacy policies for details.
  • Etherscanafter deployment, we use the Etherscan API to verify your contract's source code. We transmit the contract source, compiler version, and constructor arguments. Etherscan publishes this information publicly on its platform, which is the intended purpose of the verification step.
  • Google Analytics / similar analytics providerswe use analytics software to understand aggregate usage patterns. Where possible, IP anonymisation is enabled. Analytics providers may set cookies in your browser. See our Cookie Policy for full details and opt-out instructions.
  • Cloudflare (CDN and DDoS protection)our site may be proxied through Cloudflare's network for performance and security. Cloudflare processes traffic metadata including IP addresses, and its own privacy policy governs that processing.
  • XAMPP / Apache (hosting infrastructure)our server infrastructure is operated under our control. Third-party hosting providers with whom we have data processing agreements may have physical access to server hardware.

We do not share your personal data with advertising networks, data brokers, or any party for marketing purposes. We do not participate in third-party ad retargeting.

06 Data Retention

We retain personal data only for as long as it is necessary to fulfil the purpose for which it was collected, or as required by law.

  • Token deployment records(wallet address, token parameters, transaction hash, contract address) — retained for a minimum of 5 years from the date of deployment. This retention period is set because these records may be required in the event of a legal dispute, regulatory enquiry, or for tax documentation purposes under Dutch law.
  • Web server access logsretained for 90 days, then automatically purged. We may retain specific log entries for longer if they are relevant to an ongoing security investigation.
  • Email and support communicationsretained for 2 years from the date of the last communication, after which they are permanently deleted unless an active legal matter requires their preservation.
  • Analytics dataaggregated and anonymised analytics data may be retained indefinitely, as it no longer constitutes personal data. Raw, IP-linked analytics data is retained in line with the third-party provider's own retention policy (typically 14 months for Google Analytics).
  • PHP session datasession data is purged when your browser session ends or after a maximum of 24 hours of inactivity.

When data is no longer required, we delete it securely or anonymise it such that it can no longer be linked to any individual. We do not archive personal data "just in case."

07 Your Rights (GDPR)

Because we are based in the Netherlands and serve users across the European Union, the General Data Protection Regulation (GDPR) applies to our processing of personal data. If you are located in the EEA, the United Kingdom, or Switzerland, you have the following rights with respect to your personal data:

  • Right of access (Article 15)you may request a copy of the personal data we hold about you and information about how it is being used.
  • Right to rectification (Article 16)if data we hold about you is inaccurate or incomplete, you may ask us to correct it.
  • Right to erasure (Article 17)also known as the "right to be forgotten." You may request deletion of your personal data where there is no overriding legitimate reason for us to continue holding it. Note that data recorded on the public Ethereum blockchain cannot be erased — this is an inherent limitation of the technology and is not a restriction we impose.
  • Right to restriction of processing (Article 18)in certain circumstances, you may ask us to pause processing of your data while a dispute about its accuracy or lawfulness is resolved.
  • Right to data portability (Article 20)where processing is based on your consent or on contract performance, you may request your data in a structured, machine-readable format.
  • Right to object (Article 21)you may object to processing carried out on the basis of our legitimate interests. We will stop that processing unless we can demonstrate compelling legitimate grounds that override your interests.
  • Right to withdraw consentwhere processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing that took place before withdrawal.
  • Right to lodge a complaintyou have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl, or with the supervisory authority in your country of residence.

To exercise any of these rights, contact us at the address or email provided in Section 12. We will respond within 30 days. We may ask you to verify your identity before processing your request, particularly in cases where revealing data to the wrong person would itself constitute a privacy breach.

08 Cookies

Our website uses cookies for a limited number of purposes. We do not use cookies for behavioural advertising or cross-site tracking. A detailed breakdown of every cookie we set, including its name, duration, provider, and purpose, is available in our Cookie Policy.

In summary, we use:

  • Strictly necessary cookiesincluding the PHP session cookie (PHPSESSID) which is essential for the token creation workflow to function. These cookies cannot be refused without breaking the service.
  • Analytics cookiesset by our analytics provider to help us understand traffic patterns. These are optional and can be declined via your browser settings or our cookie preference controls.
  • Preference cookiesused to remember any settings you have chosen on the site, such as UI preferences, where applicable.

You can manage or delete cookies through your browser settings at any time. For guidance specific to your browser, visit allaboutcookies.org. Note that disabling cookies may affect the functionality of certain parts of the site.

09 Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:

  • HTTPS encryption enforced across all pages of the site using TLS 1.2 or higher
  • Server-side validation and sanitisation of all user inputs to prevent injection attacks
  • Limited access controls — only staff who need access to server infrastructure for operational reasons are granted it
  • Regular review of access logs for anomalous patterns
  • No storage of private keys, seed phrases, or wallet signing credentials at any point
  • Separation of the public-facing web application from internal administrative systems

Despite these measures, no internet transmission or data storage system is guaranteed to be 100% secure. If you discover a potential security vulnerability affecting our service, we ask that you contact us responsibly at the address in Section 12 before disclosing it publicly, so that we can investigate and remediate the issue promptly.

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify affected individuals and the relevant supervisory authority in accordance with our obligations under GDPR Articles 33 and 34.

10 Children's Privacy

Our ERC20 token creation service is intended for adults aged 18 and over. Deploying smart contracts on Ethereum involves financial transactions (the 0.02 ETH service fee) and engagement with the DeFi ecosystem, which requires both legal capacity to enter into contracts and a mature understanding of the risks involved in blockchain-based financial activity.

We do not knowingly collect personal data from individuals under the age of 18. If you are a parent or guardian and believe that your child has submitted personal data to us through our platform, please contact us immediately using the details in Section 12. We will take prompt steps to delete that data.

If you are under 18, please do not use our ERC20 token creator or submit any personal information through our website.

11 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the services we offer, or applicable legal requirements. When we make material changes — that is, changes that meaningfully affect how we handle your data or your rights — we will update the "Last updated" date at the top of this page.

For significant changes, we may also provide a more prominent notice, such as a banner on the homepage or (if we hold your email address) a direct notification. However, we encourage you to review this page periodically so that you are always informed about our current practices.

Your continued use of our ERC20 token creator after a revised policy has been published constitutes your acceptance of the updated terms, to the extent permitted by applicable law. If you do not agree with a revised policy, you should stop using the service and may exercise any applicable data rights as set out in Section 7.

12 Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or the way we handle your personal data, please contact us using the details below. We aim to respond to all enquiries within 5 business days, and to all formal data subject requests within 30 calendar days as required by GDPR.

  • Company name:ERC20Token.app
  • Registered address:Singelpassage 9, 9401 JB Assen, Drenthe, Netherlands
  • Telephone:0592 331 011

When contacting us about a data subject request, please include sufficient information to allow us to identify the personal data you are referring to (for example, the Ethereum wallet address used during token creation and the approximate date of the transaction). This will help us locate your records quickly and respond accurately.

If you are unsatisfied with our response, you have the right to escalate your complaint to the Autoriteit Persoonsgegevens (Dutch DPA), Hoge Nieuwstraat 8, 2514 EL The Hague, Netherlands, or to the data protection authority in your country of residence within the EEA.