Privacy Policy

Product: RareSats (iOS · Apple Watch)

Operator: Fumiha Co., Ltd.

Version: v1.2

Effective Date: May 11, 2026

This Privacy Policy explains what information we collect, how we use it, and the choices and rights you have when you use the RareSats iPhone and Apple Watch app and the RareSats website (collectively, the “Services”). RareSats is operated by Fumiha Co., Ltd.(“RareSats,” “we,” “us,” or “our”).

RareSats is a display app. It uses only public on-chain data that you choose to add (a public Bitcoin address or a sat number) to identify and display your rare satoshis. It does not transact, transfer, or take custody of any digital assets.

1. Summary of Data Practices

We follow a strict data minimization principle. The summary below mirrors the disclosures we make in the Apple App Store Privacy Nutrition Labels:

  • Data used to track you across other companies’ apps or websites: None.
  • Data linked to you: Only an optional account email if you sign up for an account, and any contact details you voluntarily include in support requests.
  • Data not linked to you: Crash diagnostics, anonymized product usage metrics, device model, OS version, app version, language, and time zone.
  • Sensitive data we do not collect: Precise location, contacts, biometric identifiers, or photos other than those you explicitly export from the app.

2. Information We Collect

2.1 Information you provide voluntarily

  • Public Bitcoin addresses or sat numbers that you paste, scan, or type into the app so it can identify and display your rare sats. These are public on-chain identifiers, not credentials.
  • Optional account details (e.g., email or Sign in with Apple identifier) if you create an account for cross-device sync, notifications, or beta features. An account is not required.
  • Support and feedback you send us — issue description, screenshots you choose to attach, and contact details.
  • App settings and preferences (theme, language, watch-face configuration). Stored locally on your device by default.

2.2 Information collected automatically

  • Diagnostics: anonymized crash logs and basic performance metrics (e.g., load time, error rate).
  • Device & environment: device model, OS version, app version, locale, time zone, and a non-persistent install identifier.
  • Aggregated usage: de-identified event counts (e.g., “how many users opened Collection”). You can disable this telemetry in Settings → Privacy.

2.3 Public on-chain information

To identify and display rare satoshis, the Services query public Bitcoin blockchain data — for example, sat numbers and the public addresses you have added. This information is public by design and is queried through third-party indexer APIs. We do not link blockchain addresses to real-world identities ourselves.

3. Information We Do Not Collect

RareSats is a display app and does not collect:

  • Credentials of any kind — the app has no UI to enter passwords, mnemonics, or signing material, and no functionality that would use them.
  • Biometric data. Face ID / Touch ID is handled entirely by Apple’s Secure Enclave on your device; templates never leave the device and are never sent to us.
  • Precise location, contacts, photo library, microphone — none are used by the app. The camera is used only while a QR scanner is open (for example, to capture a public address you paste in).
  • Advertising identifiers. The app does not request the iOS App Tracking Transparency (ATT) prompt because it does not track you across other apps and websites.

4. How We Use Information

  • Provide and maintain the Services: rare-sat identification, themed collection display, watch-face rendering, the Apple Watch app, and creative export.
  • Identify and display rare satoshis: matching public on-chain data against satribute classifications.
  • Security and abuse prevention: anomaly detection and abuse mitigation on our infrastructure.
  • Improvements and analytics: aggregated analysis of usage trends to optimize experience and performance.
  • Customer support: responding to your inquiries and providing technical assistance.
  • Legal & regulatory compliance: fulfilling obligations imposed by applicable law.

No sale of personal information. We do not sell, rent, or share your personal information for cross-context behavioral advertising. This satisfies the CCPA/CPRA “Do Not Sell or Share” baseline.

5. Apple Watch Faces & WatchKit

Watch faces and complications are rendered locally on your paired Apple Watch using Apple’s WatchKit / WatchConnectivity frameworks. The Watch app mirrors content from your iPhone and does not independently contact our servers or collect data on its own.

Watch face content contains only the public sat metadata you have selected (e.g., sat number, block height, satribute label) — never personal data, account information, or device identifiers.

6. Third-Party Services

We share only the minimum information necessary with the following categories of service providers, under written Data Processing Agreements that limit them to processing data on our instructions.

  • Apple Inc. — App Store distribution, push notifications (APNs), Sign in with Apple (optional), and Apple Watch (WatchKit / WatchConnectivity).
  • Bitcoin / Ordinals indexer APIs — public mempool / Ordinals indexers used to fetch sat data. Only public blockchain identifiers (addresses, sat numbers) are sent; no personal data.
  • Crash and diagnostics SDK — an anonymous crash reporting provider that receives only device-level diagnostic information.
  • Cloud infrastructure — hosting providers for our website and any optional backend (e.g., subscription preferences) under Standard Contractual Clauses.

We do not integrate advertising SDKs, social-media tracking pixels, or cross-app analytics SDKs.

7. Cookies and Web Analytics (Website Only)

The RareSats website uses strictly necessary cookies (e.g., for language preferences) which cannot be disabled. Optional analytics cookies, if used, are loaded only with your consent.

The mobile and watch apps do not use HTTP cookies. SDK-based diagnostics on the iPhone app can be disabled in Settings → Privacy.

8. Legal Bases for Processing (GDPR)

  • Performance of a contract (Art. 6(1)(b)): providing the Services you requested.
  • Legitimate interests (Art. 6(1)(f)): security protection, abuse prevention, and basic product analytics.
  • Consent (Art. 6(1)(a)): optional telemetry, marketing communications, and analytics cookies. You may withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)): regulatory or judicial obligations where applicable.

9. International Data Transfers

We are based in Japan. If we transfer personal data internationally (for example, to processors in the United States or EEA), we rely on Standard Contractual Clauses (SCCs), supplementary measures such as encryption in transit and at rest, and case-by-case necessity assessments.

10. Data Retention

  • Account data (if you create an account): retained for the lifetime of the account; deleted or anonymized within 30 days of account deletion, subject to legal retention obligations.
  • Support tickets: deleted or anonymized within 6–24 months after resolution.
  • Telemetry and aggregate logs: retained for 3–12 months in aggregated/anonymized form.
  • On-device data (added public addresses, settings, cached collection metadata, watch-face configuration): persists only on your device until you uninstall the app or wipe its data.
  • Public blockchain data is permanently stored by Bitcoin nodes globally and is outside our control.

11. Your Rights

Depending on where you live, you may have the following rights:

  • Access, rectify, delete, or restrict processing of your personal information (GDPR / APPI).
  • Data portability: receive a copy of your data in a structured, commonly used, machine-readable format.
  • Withdraw consent at any time for processing based on consent.
  • Opt out of sale or sharing of personal information (CCPA/CPRA). RareSats does not sell or share personal information for cross-context behavioral advertising.
  • Non-discrimination for exercising your privacy rights.
  • Lodge a complaint with your local data protection authority (e.g., the Personal Information Protection Commission of Japan, an EU Member State Data Protection Authority, or the California Privacy Protection Agency).

To exercise any of these rights, contact us at cs@raresats.me. We respond to verifiable requests within 30 days (or as required by applicable law).

12. Children and Minors

The Services are not directed to children under 13 (or under 16 in the EEA/UK), and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

13. Security

  • Encryption in transit (HTTPS / TLS 1.2+) for all network communication.
  • Server-side encryption at rest for any stored backend data.
  • Least-privilege access controls and audit logging on internal systems.
  • Vulnerability response process and periodic third-party security review.
  • On-device data (collection metadata, settings, watch-face configuration) is protected by the device’s standard application sandbox.

14. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, applicable law, or product features. Material changes will be communicated through the website and/or in-app notices. Continued use of the Services after the effective date of any update constitutes your acceptance of the revised Policy.

15. Contact Us

Operator: Fumiha Co., Ltd.

Email (privacy / data protection): cs@raresats.me

For EEA/UK residents: you may contact us using the email above and may also lodge a complaint with your local Data Protection Authority. For California residents: you may exercise CCPA/CPRA rights by emailing the same address with the subject “California Privacy Request.”