Skip to main content

Privacy Policy

What limited personal data Lightning Piggy collects, why, and the choices and rights you have.

Last updated: 26 June 2026

This Privacy Policy explains what personal data we collect when you use the Lightning Piggy website at lightningpiggy.com and its subdomains, the Lightning Piggy hardware, the mobile app, and related services (together, the “Services”), why we collect it, and the choices and rights you have. It should be read together with our Terms & Conditions.

The Services are provided by the Lightning Piggy project, a free and open-source project maintained by its volunteer contributors (“Lightning Piggy”, “we”, “us” or “our”). The project is in early development and is not currently incorporated as a legal entity. You can contact us about your data at oink@lightningpiggy.com.

1. Our approach: privacy by design

Lightning Piggy is built to collect as little personal data as possible.

  • The Services use no user accounts. You do not register, and we do not hold a profile about you.
  • The Device and the App connect directly to a wallet you control and to public networks (the Bitcoin and Lightning networks and Nostr relays). They do not route your balances, transactions or activity through our servers, and we cannot see, access or recover your keys, funds or transaction history.
  • We do not sell or rent your personal data, and we do not use advertising or cross-site tracking technologies.

Because of this, most of what you do with Lightning Piggy never reaches us at all. The sections below describe the limited situations where we do process some data.

2. What we collect, and why

a) Newsletter subscription

If you subscribe to our newsletter, we collect your email address. We use it only to send you the newsletter and related project updates. This is stored and sent through our email provider (Resend). We rely on your consent, which you can withdraw at any time by using the unsubscribe link in any email.

b) Vendor / marketplace applications

If you apply to be listed in the marketplace, we collect the information you submit, which may include your store name, contact email, country, website, Nostr public key (npub), store description and the reason for applying. We use this to review your application and to contact you about it. Application data is stored using our hosting provider’s storage (Netlify) and sent to us by email (Resend). If your listing is approved, the parts you intend to be public (such as store name, description and logo) are published on the Website with your consent. Our legal basis is taking steps at your request and our legitimate interest in operating the marketplace.

c) Analytics

We use Umami, a privacy-friendly, cookieless analytics tool, to understand aggregate website usage (such as page views, approximate country, referrer, and device or browser type). It does not use cookies, does not track you across other sites, and is not used to identify you personally. Our legal basis is our legitimate interest in understanding and improving the Website.

d) Server and security logs

Like virtually all websites, our hosting and serverless providers automatically process technical data needed to deliver the Services and keep them secure, which may include your IP address, request metadata, timestamps and basic anti-spam signals (for example, our forms use a honeypot and timing check). Our legal basis is our legitimate interest in operating, securing and protecting the Services from abuse.

e) Donations

Donations are made on the public Bitcoin / Lightning networks through a payment processor (BTCPay Server). We do not require your personal identity to accept a donation. Any data recorded on a public blockchain is, by nature, public and outside our control. If you ask to be recognised as a supporter, we publish only the information you provide for that purpose, with your consent.

f) Messages you send us

If you email us or contact us through our community channels, we process the information you choose to share so we can respond.

3. What we do not collect

We never collect, and the Device and App never transmit to us, your private keys, seed phrases, PINs, wallet balances or transaction history. We do not build advertising profiles, and we do not sell your data.

4. Cookies

The Website does not use tracking or advertising cookies. Our analytics is cookieless. Any storage strictly necessary to make the site function is limited to that purpose.

5. Sharing and processors

We share data only with the service providers that help us run the Services, acting as our processors, including: Resend (email/newsletter), Netlify (hosting and form/application storage), Umami (analytics), and BTCPay Server (donations). We may also disclose information if required by law, to enforce our Terms, or to protect the rights, safety and security of our users or the Services. Public networks (Bitcoin, Lightning, Nostr) are inherently public and are not our processors.

6. International transfers

Some of our providers may process data outside your country, including outside the European Economic Area. Where that happens, we rely on appropriate safeguards (such as the providers’ standard contractual clauses or equivalent mechanisms) to protect your data.

7. Data retention

We keep personal data only as long as needed for the purpose it was collected: newsletter data until you unsubscribe; vendor application data for as long as needed to assess and administer your listing or relationship; logs and analytics for limited periods set by our providers. We then delete or anonymise it.

8. Your rights

Depending on where you live, you may have the right to access, correct, delete, restrict or object to our processing of your personal data, to data portability, and to withdraw consent at any time (without affecting prior processing). To exercise these rights, email oink@lightningpiggy.com. You can unsubscribe from the newsletter at any time using the link in our emails. If you are in the EEA or UK and believe we have mishandled your data, you also have the right to complain to your local data-protection authority.

9. Children’s privacy

The Services are intended to be set up and supervised by a parent or legal guardian (see our Terms & Conditions). Because the Services use no accounts, we do not knowingly collect personal data directly from children. If you believe a child has provided us with personal data (for example, by emailing us or submitting a form), contact us and we will delete it.

10. Security

We take reasonable technical and organisational measures to protect the limited data we hold. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. Remember that the security of your wallet, keys and funds is your responsibility and is governed by your chosen wallet provider, not by us.

11. Third-party services

The Services link to and interoperate with third parties (such as wallet providers, app stores, code hosting and Nostr relays). Their handling of your data is governed by their own privacy policies, which we encourage you to review. We are not responsible for the privacy practices of third parties.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date above. Significant changes will be made clear on this page.

13. Contact

For any privacy question or request, contact us at oink@lightningpiggy.com.