Privacy Policy
Last Updated: May 2026. This policy outlines how 0xRAM Labs (0xram.org) safeguards smart contract inputs and user metadata.
Our Privacy Principle
We operate under a strict Zero Trust Privacy Mandate. Because our partners trust us to secure millions in Web3 liquidity, our systems are built from the ground up to minimize data collection, enforce sandbox isolation, and respect contract confidentiality.
1. Code Submission & Zero-Retention Policy
At 0xRAM Labs, security is our absolute core value. Any smart contract code, ABI specifications, or compilation outputs uploaded through our interactive Threat Scanner or submitted via intake portals are handled exclusively in highly secure, transient sandboxed sessions. Once analysis is completed and report transmission is confirmed, all code snippets are immediately purged from our active telemetry memory systems. We never store, cache, or lease your smart contract code without explicit cryptographic agreement.
2. Threat Telemetry & Metadata Analytics
To continuously strengthen our smart contract vulnerability models, our Threat Scanner aggregates anonymized threat telemetry (such as vulnerability types detected, contract compilation frameworks, and compiler versions used). This data is completely stripped of any identifying tags, intellectual property indicators, address footprints, or functional logic. We use this metadata strictly to optimize scanning models and improve Web3 security.
3. Cryptographic Storage & Private Keys
0xRAM Labs never requests, interacts with, or stores private keys, mnemonic phrases, or administrative passwords. Our red-teaming and simulation operations are conducted strictly inside local fork nodes (such as Hardhat or Anvil) and sandboxed environments. We advise all partners to utilize standard multi-signature vaults and testnets for staging, keeping their real-world production secrets completely isolated.
4. Web Server Access Logs & Cookieless Operations
Our web servers collect standard, privacy-respecting server logs (such as IP addresses, browser agents, and time stamps) to maintain platform uptime and mitigate DDoS attempts. We do not engage in target marketing, cross-site advertisement tracking, or selling user records. Our analytics are strictly internal and cookieless.
Questions Regarding Data Compliance?
If you have inquiries regarding our transient sandbox setups, automated log purges, or require a specialized non-disclosure agreement (NDA) before sharing contract codebases, contact our threat compliance team.
Submit Compliance Inquiry →