Rustok Rustok Star on GitHub
Privacy Policy

Your keys. Your data. Your device.

Effective date: April 19, 2026

Summary

Rustok ships with zero telemetry. We do not collect seed phrases, private keys, passwords, balances, or transaction history. They never leave your device. The website does not use cookies or analytics. When you use the wallet, your IP address is visible to the third-party services your device queries directly (blockchain RPC nodes, block explorers, the GoPlus address-risk API). We do not control what those parties log.

Who this applies to

This policy covers the Rustok Wallet mobile applications (Android and iOS), the Rustok desktop application, and the website at rustokwallet.com. Together, these are referred to as “Rustok” below.

Rustok is developed by Temrjan. It is open-source software — you can read every line of code at github.com/temrjan/rustok and independently verify the claims in this policy.

What we do not collect

  • Seed phrases, private keys, passwords. Generated and stored locally, encrypted with AES-256-GCM in the device keystore. They are never transmitted anywhere.
  • Wallet balances, transaction history, addresses you hold. These are derived on-device from public blockchain data. We do not receive or store them.
  • Personal information. No account, sign-up, email, phone number, or identity verification is required to use the wallet.
  • Analytics and telemetry. There are no crash reporters, usage analytics, performance monitoring SDKs, or tracking libraries. No Firebase, Sentry, Amplitude, Mixpanel, PostHog, Segment, or similar. This is verifiable from the source code.
  • Device data. We do not access contacts, photos, location, microphone, or camera.

What happens when you use Rustok

A non-custodial wallet necessarily talks to public blockchain infrastructure. When you open the Activity tab, sign a transaction, or scan an address, your device makes HTTP requests directly to third-party services. These services see your IP address and the content of your request (for example, the address whose history you are viewing). We do not proxy these requests and we do not have access to the logs those services keep.

The one first-party service is the txguard address scanner at api.rustokwallet.com. It is used by the scanner on the homepage of this website. When you submit an Ethereum address through the homepage scanner, our server receives the address and your IP address in standard HTTP access logs, forwards the address to GoPlus Security, and returns the verdict. Access logs are kept only as long as needed for security monitoring and debugging, then purged. We do not associate addresses with identities, we do not build profiles, and we do not share logs with anyone. The mobile and desktop apps do not use this endpoint — they call GoPlus directly from your device.

Third-party services

Rustok relies on the following third parties. Each has its own privacy policy, which you should read if you are concerned about what they do with request data.

Blockchain RPC providers
Public endpoints for Ethereum, Arbitrum, Base, Optimism, zkSync Era, and Sepolia (LlamaRPC, Ankr, PublicNode, dRPC, and official chain endpoints). Used by the wallet to read blockchain state and broadcast signed transactions. Your IP is visible to the endpoint you are currently connected to.
Blockscout
Block explorer API used by the Activity tab to show transaction history. Queried directly from your device. Your IP and the queried address are visible to Blockscout.
GoPlus Security
Address risk-scoring API used by txguard. Called from the wallet on-device, and from the homepage scanner through our API. Your IP and the scanned address are visible to GoPlus.
Vercel
Hosts this website. Receives standard HTTP request metadata (IP, user agent, referrer) when you load a page.
Google Fonts
This website loads the Inter and JetBrains Mono typefaces from fonts.googleapis.com and fonts.gstatic.com. Google receives your IP address when the fonts are loaded. Google Fonts are not used by the mobile or desktop applications.
Cloudflare
DNS provider for rustokwallet.com and email routing for [email protected].

Device permissions

The mobile application requests the following permissions:

  • Biometrics (Face ID / fingerprint). Used exclusively on-device to unlock the wallet. No biometric data leaves the device; we never see it.
  • Local storage. Used to store the encrypted keystore and application state. Data is kept only on your device.
  • Network access. Required to query blockchain RPC nodes, block explorers, and the GoPlus API as described above.

Cookies and browser storage

The rustokwallet.com website does not set cookies, does not use localStorage or sessionStorage, and does not use any client-side tracking mechanism. The only client-side JavaScript on the site is the homepage scanner, which submits a form on your click and displays the response.

Security

Private keys and seed phrases are encrypted with AES-256-GCM and stored in the device keystore. All network traffic uses TLS. The source code is public, allowing independent security review by anyone.

Children

Rustok is not directed to children under 13. We do not knowingly collect personal information from children.

Your rights

Because Rustok does not store personal information on our servers, most data-subject rights are satisfied by design: there is no profile to access, rectify, export, or delete. If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with equivalent rights, you retain the right to:

  • Ask what personal information, if any, we hold about you.
  • Object to processing or request restriction.
  • Request erasure of any information we do hold.
  • Lodge a complaint with your national data-protection supervisory authority.

To uninstall the wallet and remove all local data, delete the application from your device. Make sure you have backed up your recovery phrase if you intend to restore the wallet later — we cannot recover it for you.

Changes to this policy

If we change this policy, we will update the effective date above. Material changes will be announced on the Rustok GitHub repository and on @rustokwallet. Because the site is open-source and version-controlled, you can always view the full history of this document.

Contact

Questions or concerns about this policy can be sent to [email protected].

← Back to home