← Back

Privacy Policy

Last updated: March 10, 2026

1. Introduction

This Privacy Policy describes how Question Labs LLC ("Company," "we," "us") collects, uses, and protects information in connection with the BOTCOIN Miner software and related services (the "Service"). The Service uses Bankr Bot as a third-party service provider for wallet management, authentication, and LLM gateway access.

2. Information We Collect

Information you provide:

• Email address: Used solely for authentication via Bankr Bot's OTP (one-time password) system. We pass your email to Bankr Bot to initiate the login flow.
• API key: Your Bankr API key is encrypted in memory using AES-128-CBC with HMAC-SHA256 (Fernet encryption) and stored only in server-side sessions. The encryption key is ephemeral (regenerated on each server restart). API keys are never written to disk, logged, or exposed in API responses.

Information collected automatically:

• IP address: Used solely for rate limiting on authentication endpoints. Not stored persistently.
• Blockchain addresses: Your public wallet address on Base, as resolved from your Bankr account. This is a public blockchain address and is used to interact with mining contracts.
• Mining activity: Challenge results (pass/fail counts, credits earned) are stored in server memory during your session for dashboard display. This data is not persisted to disk and is lost on server restart.

Information we do NOT collect:

• We do not use cookies for tracking or advertising.
• We do not use analytics services, tracking pixels, or advertising networks.
• We do not collect browser fingerprints or device identifiers.
• We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. How We Use Information

We use the information we collect solely for the following purposes:

• Authenticating your identity via Bankr Bot
• Managing your encrypted session
• Executing mining operations on your behalf (requesting challenges, submitting solutions, posting receipts)
• Displaying mining statistics and wallet balances on your dashboard
• Rate limiting to prevent abuse

4. Data Storage and Security

• Sessions: All session data (including encrypted API keys) is stored in server memory only. Sessions expire after 24 hours and are limited to 50 concurrent sessions. All sessions are invalidated on server restart.
• Encryption: API keys are encrypted at rest using Fernet symmetric encryption (AES-128-CBC + HMAC-SHA256) with an ephemeral key generated at server startup.
• Cookies: We use a single HttpOnly, SameSite=Strict session cookie for authentication. No tracking cookies are used.
• CSRF protection: All state-changing operations are protected with CSRF tokens.
• No persistent storage: We do not operate a database. No user data is written to disk or persisted beyond the server process lifetime.

5. Third-Party Services

The Service integrates with the following third-party services, each governed by their own privacy policies:

• Bankr Bot (bankr.bot) — Wallet management, authentication, transaction execution, LLM gateway. Your email and API key are processed by Bankr Bot.
• LLM providers (Anthropic, OpenAI, Google, etc. via Bankr LLM Gateway) — Mining challenge text is sent to LLM providers for solving. These providers have their own data handling policies.
• Base blockchain — Transaction data, wallet addresses, and smart contract interactions are recorded on the public Base blockchain permanently.
• Google Fonts — Font files are loaded from Google's CDN. Google may collect standard web request data (IP address, user agent).

6. Blockchain Data

Blockchain transactions are public and immutable. Once a transaction is posted to the Base network (including mining receipts, staking, and claims), it becomes permanently and publicly visible. Question Labs LLC has no ability to delete, modify, or restrict access to blockchain data.

7. Data Retention

Session data is retained in memory for a maximum of 24 hours or until server restart, whichever comes first. We do not maintain any persistent database of user information. Rate limiting counters are stored in memory and reset on server restart.

8. Your Rights

Since we do not persistently store personal data, most data subject rights (access, correction, deletion) are satisfied by the ephemeral nature of our data handling. You can terminate your session at any time by logging out, which destroys your encrypted session data immediately. If you have questions about your data, contact us at the information provided on agentmoney.net.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

10. International Users

The Service is operated from the United States. If you access the Service from outside the United States, you understand and consent to the transfer and processing of your information in the United States, which may have different data protection laws than your jurisdiction.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes become effective upon posting. Your continued use of the Service after changes are posted constitutes acceptance of the updated Privacy Policy.

12. Contact

For questions about this Privacy Policy, contact Question Labs LLC at the information provided on agentmoney.net.