Privacy

No off-chain accounts

SolMask has no user accounts. There is no email, username, password, or profile. You connect a Solana wallet and that is the only identity the app uses, and only for the duration of the session.

What we store

SolMask deliberately stores almost nothing. Your notes are not saved to disk at all:

• Your note secrets (in memory only). When you deposit, the note's secrets are derived deterministically from your wallet signature and held only in memory for the session — never written to local storage or disk. There is no passphrase to choose. The only persistent copy is an encrypted recovery blob published on-chain that only your wallet can decrypt, so reconnecting the same wallet on any device restores your balance. We never see your secrets. Lose access to the wallet and the funds are not recoverable by us.
• A signed-in flag. A short-lived signature that tells the app you control the connected wallet, scoped to the current session.

We do not run analytics, behavioural tracking, third-party ads, or session replay.

What the relayer sees

When you withdraw, the proof and the destination address go through SolMask's relayer so you don't need to pay gas or expose your IP to the chain RPC. The relayer sees:

• The withdraw proof and the recipient address (it has to — that's the transaction).
• The IP address the request came from (standard HTTP request metadata).
• A timestamp.

The relayer does not see your deposit, your note secrets, or any link between the wallet you deposited from and the recipient address you're withdrawing to. The ZK proof is what breaks that link.

Relayer logs are kept for 14 days for operational debugging, then deleted. You can withdraw via your own wallet instead of the relayer — see the self-relay docs.

Address-risk screening

Deposit and recipient addresses are checked against a sanctions / illicit-funds screening provider (Cipherowl). High-risk wallets are blocked at the protocol layer. We cache results for 14 days per address, so the same wallet isn't re-queried on every deposit.

The screening provider receives the address being checked and returns a risk level. They do not receive your IP or any other identifier from us.

What the chain reveals

Solana is a public ledger. Anyone can see that wallet X deposited into the SolMask pool and that wallet Y withdrew from it. What they cannot see — because of the zero-knowledge proof — is whether X and Y are the same person. Privacy on SolMask comes from the size of the anonymity set (other depositors in the same pool) and from your privacy delay. The longer you wait, the larger the crowd.

Cookies

None. We don't set cookies. Wallet adapters from the Solana ecosystem may store connection state in localStorage; that's scoped to your browser and never sent to us.

Third parties we talk to from our servers

• Jupiter Aggregator — for token price lookups and swap routing. They see the mint addresses you're pricing or quoting, not your wallet.
• Solana RPC — for reading on-chain state and broadcasting transactions. The RPC provider sees standard request metadata.
• Cipherowl — for address risk, as above.

Changes to this page

If we materially change how we handle data, we'll update the "last updated" date below and call it out on the blog. There is no email list to opt into for notifications — we don't have your email.