Helium Tracker

Helium Tracker Privacy Policy

Effective date: May 17, 2026

1. Overview

This Privacy Policy describes how Andrena, Inc. (“Andrena,” “we,” “us,” or “our”) collects, uses, discloses, processes, and protects personal information in connection with Helium Tracker, a software-as-a-service dashboard for monitoring publicly available Helium hotspot performance data (the “Services”).

This Policy applies when you access or use the Services, including the Helium Tracker website at heliumtracker.xyz; applications, dashboards, APIs, or related interfaces; account management, authentication, billing, or support functions; and any other software or technology that links to or references this Privacy Policy.

Certain Services involve the display of publicly available blockchain and network data sourced from third-party APIs (including the Helium Foundation and CoinGecko) that are not directly controlled by Andrena. Certain features may be subject to additional terms, eligibility requirements, geographic restrictions, or separate agreements, and may not be available in all jurisdictions.

Helium Tracker is operated by Andrena, Inc., a Delaware corporation. Andrena may also operate other products under separate legal entities governed by separate privacy policies. This Policy applies only to the Helium Tracker Services.

2. Information We Collect

Andrena seeks to limit collection of personal data to information reasonably necessary for operational, contractual, legal, security, compliance, and business purposes.

2.1 Information You Provide

  • email address (for authentication and communications);
  • name (optional, where provided);
  • billing information processed through Stripe (we do not store card numbers);
  • Helium hotspot keys, deployer labels, and other tracking metadata you choose to upload;
  • optional Solana wallet addresses used only at the moment of hotspot lookup; we do not retain wallet addresses after the lookup completes;
  • support requests, feedback, and other communications.

2.2 Authentication Data

  • magic-link verification timestamps and one-time tokens issued at sign-in (short-lived);
  • session tokens issued after successful authentication, stored as hashed values;
  • if you enable two-factor authentication: a TOTP secret encrypted at rest with AES-256-GCM, and SHA-256 hashes of single-use backup codes.

2.3 Technical Information

  • IP address, device type, browser, operating system;
  • log data, request paths, timestamps;
  • usage and performance metrics.

2.4 Subscription and Billing Data

  • Stripe customer ID and subscription identifiers;
  • plan tier and subscription status;
  • billing-related communications (sent by Stripe on our behalf).

Andrena does not collect or store full payment card numbers, CVCs, or bank account credentials. All payment data is handled directly by Stripe pursuant to its own privacy practices.

2.5 Helium Hotspot Data

Hotspot keys you choose to track are public identifiers visible on the Helium blockchain. Andrena queries reward and metadata information about these hotspots from third-party APIs (the Helium Foundation, and Amazon S3 for the reward oracle files) to populate your dashboard. This data is publicly available regardless of whether you use the Services.

2.6 Cookies and Tracking Data

See Section 8.

2.7 Sensitive Information

Unless specifically required for a particular Service, Andrena does not request and users should not provide government-issued identification numbers, financial account credentials, private wallet keys, seed phrases, biometric information, precise geolocation data, health information, or other sensitive categories of information. Users should never share private keys, seed phrases, authentication credentials, or wallet recovery information with Andrena or any third party.

3. How We Use Information

3.1 Operational Purposes

We use personal data to:

  • operate, maintain, and improve the Services;
  • fetch and display reward data for hotspots you choose to track;
  • process subscription payments through Stripe;
  • send transactional emails (magic links, billing receipts);
  • provide customer support;
  • communicate with users about service updates and changes;
  • detect and prevent fraud, abuse, sanctions violations, and security incidents;
  • comply with legal, regulatory, and audit obligations;
  • enforce eligibility requirements, plan limits, rate limits, and acceptable use policies.

3.2 Legal Bases for Processing (GDPR / UK GDPR)

To the extent applicable under the GDPR, UK GDPR, Swiss data protection laws, or similar laws, Andrena processes personal data pursuant to one or more of the following legal bases:

  • performance of a contract or steps taken prior to entering into a contract;
  • compliance with legal obligations;
  • legitimate interests, including operating the Services, fraud prevention, network security, analytics, customer support, and business operations;
  • consent, where required by applicable law;
  • protection of legal rights, security, safety, and operational integrity.

Where consent is required by applicable law, users may withdraw consent at any time, subject to legal and operational limitations.

3.3 Marketing and Transactional Communications

Andrena may send operational communications, transactional notices, security notifications, support communications, and, where permitted by applicable law, occasional product-related or promotional communications. Users may opt out of marketing communications at any time by using unsubscribe functionality in the email or by contacting contact@heliumtracker.xyz. Users may continue to receive operational, transactional, compliance, legal, or account-related communications necessary for operation of the Services.

4. How We Share Information

Andrena does not sell personal information for monetary consideration. We share data only as necessary to operate the Services and comply with applicable law, including in the circumstances described below.

4.1 With Service Providers

We share data with third-party service providers strictly as needed to operate the Services. Each provider processes information only as reasonably necessary to provide services on behalf of Andrena, subject to applicable contractual, legal, and security restrictions.

RecipientPurposeData shared
Stripe (USA)Payment processingEmail, name, payment details
SendGrid (USA)Transactional email deliveryEmail address, message content
Supabase (USA/EU)Database hostingAll stored account and hotspot data
Vercel (USA)Application hosting and loggingServer-side logs, IP addresses
Helium Foundation (USA)Hotspot metadata lookupsHotspot keys (public blockchain data)
Amazon Web Services (USA)Reward + data-transfer oracle files (S3)Hotspot keys (public blockchain data)
CoinGecko (USA)HNT price lookupsNo user data sent

4.2 With Regulators or Authorities

Andrena may disclose information where required by applicable law, regulation, subpoena, court order, governmental request, or legal process; to comply with sanctions obligations, anti-money laundering obligations, fraud prevention requirements, or other compliance obligations; to protect the rights, safety, integrity, security, or property of Andrena, users, counterparties, or third parties; or to investigate suspected fraud, abuse, unauthorized access, security incidents, sanctions violations, or unlawful activity.

4.3 Public Blockchain

Helium hotspot keys are publicly visible identifiers on the Helium blockchain. Reward data, transaction history, and protocol activity associated with these hotspots may be publicly visible, immutable, permanently accessible, and independently indexed by third parties.

Andrena does not control public blockchain records, third-party blockchain indexing, decentralized storage systems, validator activity, blockchain explorers, or independent blockchain analytics providers. Users should understand that blockchain- related information may remain publicly accessible indefinitely.

4.4 Corporate Transactions

Information may be disclosed or transferred in connection with mergers, acquisitions, financings, restructurings, sales of assets, or other corporate or commercial transactions, subject to applicable law. Recipients may include counterparties, lenders, investors, professional advisors, insurers, and auditors.

5. International Data Transfers

Where required by applicable law, Andrena implements safeguards intended to protect personal data transferred internationally, including Standard Contractual Clauses (“SCCs”), contractual data protection obligations, technical and organizational safeguards, adequacy decisions, transfer impact assessments, and other legally recognized transfer mechanisms.

The Services are operated from the United States. If you access the Services from outside the US, your information may be transferred to and processed in the US or other jurisdictions that may provide different levels of legal protection than your jurisdiction of residence.

6. Data Retention

Andrena retains personal data only as long as necessary to provide the Services, meet legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data category:

  • Account data: retained while your Account is active. Upon Account deletion, removed within thirty (30) days. Backups containing deleted data are purged within ninety (90) days.
  • Technical logs: retained for up to thirty (30) days for security, debugging, and abuse prevention.
  • Compliance-related data: retained as required by applicable law, accounting standards, or audit obligations.
  • Hotspot snapshot data: retained as long as you track the corresponding hotspot. Removed from your snapshot upon deletion of the hotspot or your Account.
  • Public blockchain data: Hotspot keys, transaction records, and protocol activity may remain publicly accessible indefinitely due to the nature of public blockchain systems, and are not within Andrena’s control once published.

Andrena may retain personal data longer where necessary to establish, exercise, or defend legal claims; comply with legal, accounting, tax, sanctions, or regulatory obligations; enforce agreements; conduct audits; or maintain security and fraud prevention systems.

7. Data Security

7.1 Security Safeguards

Andrena implements commercially reasonable administrative, technical, organizational, and physical safeguards designed to protect personal data against unauthorized access, disclosure, alteration, misuse, destruction, or loss. Such safeguards include:

  • TLS encryption for data in transit;
  • AES-256-GCM encryption for sensitive data at rest, including two-factor authentication secrets;
  • hashed session tokens and HTTP-only secure cookies;
  • role-based access controls;
  • network monitoring and logging;
  • incident response procedures;
  • vendor security reviews.

Access to personal data is limited to personnel, contractors, and service providers that reasonably require such access for operational, legal, security, compliance, or support purposes.

7.2 Limitations

Despite these measures, no system, network, cloud environment, communication channel, or data transmission method can be guaranteed to be completely secure or error-free. Users are solely responsible for maintaining the security of their devices, credentials, two-factor authentication backup codes, and email accounts.

Nothing in this Privacy Policy constitutes a guarantee against security incidents, cyberattacks, unauthorized access, or third- party compromises.

7.3 Security Incidents

In the event of a suspected or confirmed security incident involving personal data, Andrena may investigate, contain, remediate, cooperate with authorities, notify affected parties, and take other actions consistent with applicable law, operational requirements, and security practices.

8. Cookies and Analytics

8.1 Types of Cookies

  • Essential cookies required for authentication, session integrity, and security;
  • Functional cookies for user preferences;
  • Performance and analytics cookies, where used to understand aggregate usage and improve the Services.

Andrena does not use third-party advertising cookies or behavioral tracking cookies for the Helium Tracker Services.

8.2 Cookie Control and Consent Management

Users may manage or disable cookies and similar technologies through browser settings, device-level privacy controls, or industry-standard opt-out mechanisms. Disabling essential cookies may affect the availability or functionality of the Services, including the ability to sign in.

8.3 Global Privacy Control (GPC)

Where required by applicable law, Andrena recognizes Global Privacy Control (“GPC”) signals and similar browser- based opt-out preference signals intended to communicate a user’s privacy preferences. Depending on applicable law and technical feasibility, recognized signals may be treated as requests to opt out of certain categories of data sharing.

Certain processing activities may continue notwithstanding such signals where necessary to provide requested Services; required for security, fraud prevention, sanctions compliance, or legal obligations; or otherwise permitted under applicable law.

8.4 Do Not Track Signals

Because there is no universally accepted standard for “Do Not Track” signals, Andrena does not currently respond to DNT browser signals except as otherwise required by applicable law.

9. Your Privacy Rights

9.1 General Rights

Depending on your jurisdiction and applicable law, you may have certain rights regarding your personal data, including the right to:

  • request access to personal data we maintain about you;
  • request correction of inaccurate or incomplete data;
  • request deletion of certain personal data;
  • request restriction of certain processing activities;
  • object to certain categories of processing;
  • withdraw consent where processing is based on consent;
  • request portability of eligible personal data;
  • opt out of certain categories of data sharing or targeted advertising; and
  • lodge complaints with applicable regulatory authorities.

These rights may be subject to legal limitations, verification procedures, fraud prevention requirements, security considerations, technical feasibility, and applicable legal exemptions.

9.2 Self-Service

You can exercise many privacy-related actions directly through the Services without contacting us: update your email through your billing portal, delete your Account from the security page, disable 2FA, and download your tracked data via CSV export.

9.3 Submitting Privacy Rights Requests

Users may submit privacy rights requests by contacting contact@heliumtracker.xyz. Requests should specify the nature of the request, sufficient information to verify identity, and details necessary to process the request.

Andrena may require verification of identity or authority before processing requests. Authorized agents may be required to provide proof of authorization where required by applicable law.

Andrena may deny, limit, or condition requests where permitted by applicable law, including where identity cannot reasonably be verified; requests are excessive, repetitive, or abusive; or information must be retained pursuant to legal, regulatory, contractual, sanctions, cybersecurity, or operational obligations.

9.4 Blockchain and Decentralized System Limitations

Due to the decentralized, distributed, and immutable nature of blockchain systems, certain information recorded on public blockchains cannot be modified, deleted, anonymized, restricted, or controlled by Andrena once published.

This may include hotspot keys, transaction records, reward distributions, validator activity, timestamps, metadata, and other blockchain-related information that may remain permanently publicly accessible and independently indexed by third parties. Andrena does not guarantee the deletion, removal, anonymization, or restriction of information that has been published to public blockchain systems or has been independently retained by third parties.

9.5 Automated Processing and Compliance Screening

Andrena may use automated systems, analytics tools, sanctions- screening systems, fraud-detection systems, and geolocation systems in connection with eligibility determinations, access restrictions, fraud prevention, sanctions compliance, abuse prevention, and operational risk management. Such systems may contribute to automated decisions relating to access restrictions, feature availability, or risk assessments, subject to applicable law.

10. California Privacy Rights

California residents may have rights under the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), including rights to:

  • know the categories of personal information collected;
  • know the categories of sources from which personal information is collected;
  • understand the business or commercial purposes for processing;
  • know the categories of third parties with whom information is shared;
  • request deletion of certain personal information;
  • request correction of inaccurate personal information;
  • limit certain uses of sensitive personal information where applicable; and
  • receive equal service and pricing without unlawful discrimination for exercising privacy rights.

Andrena does not sell personal information for monetary consideration. Certain processing activities involving analytics or infrastructure providers may constitute “sharing” under California law depending on applicable legal interpretations.

California residents may exercise applicable rights by contacting contact@heliumtracker.xyz. We may require verification of identity prior to processing requests. Certain rights may not apply where information is retained for legal, security, fraud prevention, compliance, or operational purposes; is publicly available through blockchain systems; is deidentified or aggregated; or is otherwise exempt under applicable law.

11. Children's Privacy

The Services are not directed to individuals under the age of eighteen (18), and Andrena does not knowingly collect personal information from children. If Andrena becomes aware that personal information has been collected from an individual under the applicable age of consent without appropriate authorization, reasonable steps will be taken to delete such information. Parents or guardians who believe that a child has provided personal information may contact contact@heliumtracker.xyz.

12. Third-Party Links

The Services may contain links to or integrations with third-party websites, applications, blockchain networks, APIs, social media platforms, or other third-party services. Andrena does not control and is not responsible for the privacy practices, security practices, availability, content, or terms of any third-party services.

Interactions with third-party services are governed solely by the applicable third party’s terms and privacy policies. Users access and interact with third-party services entirely at their own risk. Andrena encourages users to review the privacy policies of all third-party services before interacting with them.

13. Changes

Andrena may update or modify this Privacy Policy from time to time for operational, legal, regulatory, security, technical, or business reasons. Updated versions will be posted with a revised effective date. Where required by applicable law, Andrena may provide additional notice regarding material changes (typically via email at least fourteen (14) days in advance for material changes). Continued access to or use of the Services following publication of updated terms constitutes acknowledgment of the revised Privacy Policy to the extent permitted by law.

14. Contact

Questions, concerns, privacy requests, regulatory inquiries, or complaints regarding this Privacy Policy or personal data practices may be directed to:

Andrena, Inc.
33 Washington Street
Newark, NJ 07102
contact@heliumtracker.xyz

Andrena may request additional information to verify identity, authority, or request scope before responding to inquiries or exercising applicable rights. Communications transmitted via email or the internet may not be completely secure. Users should avoid transmitting sensitive information, private keys, seed phrases, or highly confidential information through unsecured communication channels.

15. Relationship to Terms

This Privacy Policy is incorporated into and forms part of the Helium Tracker Terms and Conditions. In the event of a conflict between this Privacy Policy and any separate written agreement governing specific Services, the applicable separate agreement may control to the extent of such conflict.