Your keys. Your machine. Your data.
Effective date: June 24, 2026
Rustok is self-custody by design. The wallet runs as a local Docker image and speaks MCP over stdio — your private keys, seed phrase and password are generated and stored on your machine, encrypted at rest, and are never transmitted to us. There is zero telemetry. The website sets no cookies, runs no analytics, and self-hosts its fonts, so it makes no third-party requests for content. When the wallet operates, it talks directly to the Ethereum RPC endpoints you configure; those providers see your IP and request data, which we neither proxy nor log.
Who this applies to
This policy covers the Rustok agent wallet — distributed as the Docker image
ghcr.io/rustok-org/rustok-wallet and run as an MCP server — and the website at
rustokwallet.com. Together these are referred to as “Rustok” below. Rustok is
open-source at the skill layer (MIT-0); the core is proprietary. You can review the public
code at github.com/rustok-org.
What we do not collect
- Seed phrase, private keys, password. Generated and stored locally inside the wallet core, encrypted at rest with Argon2id + AES-256-GCM. They never leave your machine and are never sent to us.
- Balances, positions, addresses. Derived on your machine from public blockchain data. We do not receive or store them.
- Personal information. No account, sign-up, email, phone, or identity check is required to run Rustok.
- Analytics and telemetry. No crash reporters, usage analytics, or tracking SDKs — in the wallet or on the website. This is verifiable from the public code.
What happens when you run Rustok
A self-custody wallet necessarily talks to public blockchain infrastructure. When your agent
previews or sends a transaction, your machine makes requests directly to the Ethereum RPC
endpoint(s) you configured via RUSTOK_RPC_URLS_*. Those endpoints see your IP
address and the content of the request. We do not run a server in this path and we do not
have access to their logs. Capability gating is fail-closed: a session can be scoped to
read only, prepare only, or execute — nothing more than you grant.
Third-party services
Rustok relies on the following third parties, each with its own privacy policy.
Cookies and browser storage
The website does not set cookies and does not use localStorage or sessionStorage. Fonts are self-hosted, so loading a page makes no request to Google Fonts or any other third-party content host.
Security
Keys live only in the local Rustok core and are encrypted at rest with Argon2id + AES-256-GCM. txguard risk-flags transactions before you sign. Self-custody means your risk: there are no hard-coded spending limits — txguard warns, it does not block. The keys, crypto and keyring boundary has had a security review; this is not a full external audit.
Children
Rustok is not directed to children under 13, and we do not knowingly collect information from children.
Your rights
Because Rustok stores no personal information on our servers, most data-subject rights are
satisfied by design — there is no profile to access, export, or delete. To remove all local
data, delete the Docker volume (rustok-wallet). Make sure you have backed up
your 24-word recovery phrase first — we cannot recover it for you.
Changes to this policy
If we change this policy we will update the effective date above. Because the site is open-source and version-controlled, you can always view the full history. Material changes are announced on GitHub and @rustokwallet.
Contact
Questions about this policy: [email protected].