Privacy

Privacy notes

EONAPP is local-first where practical, while paid access, rewards, provider calls, and payment verification may require limited third-party or Cloudflare worker data.

Last updated: 13 June 2026

Public trust policy

This page follows the public trust policy: verified payment activation, public-proof-only support, local-first privacy, explicit wallet approval, refund exceptions, no investment advice, and no profit or result promises.

  • Safe evidence: invoice ID, public transaction hash, quote ID, plan, amount, timestamp, URL, and device context only.
  • Never share secrets: seed phrase, private key, full API key, wallet backup file, password, or full card data.
  • Manual review: refunds, unsupported crypto transfers, abuse reports, and policy exceptions require human review and may need third-party processor evidence.

Local-first storage

EONAPP stores many preferences, badges, plan status, renewal reminders, result history, generated assets, optional vault profile data, and feature state in your browser. Clearing browser storage may erase local state unless you exported a vault backup or kept independent receipt proof.

Payment email and processor data

If you use NOWPayments email subscriptions, your email is sent through the EONAPP Cloudflare worker to NOWPayments so the processor can create the subscription or invoice flow. EONAPP may keep a hashed lookup, quote, or payment-status record for activation, duplicate prevention, and support.

Wallet and public transaction data

Direct EVM fallback payments use public wallet addresses, transaction hashes, chain IDs, token contracts, amounts, confirmations, and quote IDs. These records may be stored or compared for verification, duplicate prevention, support, and entitlement activation.

Vault and backups

Your exported vault file is controlled by you. If you encrypt it with a passphrase, remember the passphrase. EONAPP does not keep a server-side recovery copy unless a future account product explicitly says so in its own terms.

AI provider keys

If you enter your own AI API keys, keep them secret. BYOK flows should keep keys in your device vault and send them only to the relevant provider when you initiate a request. Support should only receive masked provider names or test results, not full key values.

Ads, rewards, analytics, and partners

Rewarded unlocks may open third-party partner pages only after user action. Analytics, payment processors, RPC providers, AI providers, and Telegram integrations may still involve third-party systems. Review third-party policies before relying on those services in sensitive jurisdictions or regulated workflows.

Challenge and referral links

Challenge or referral links may encode aliases, invite context, and local reward data inside the URL. Do not put real names, private wallet notes, secrets, or sensitive details into public share links.