Privacy-first desktop tooling

Privacy Policy for Validator Tools.

How we handle product data, website diagnostics, and operator communications. Validator Tools is built to keep work local and transparent — this page describes what we collect, why, and your controls.

Effective: 07 Feb 2025 Applies to Validator Tools app, downloads, and support
Local-first by default
Telemetry is optional & transparent
No key material collected

Quick overview

Validator Tools runs locally and avoids sensitive material by design. This overview highlights what we collect, what we avoid, and how you can control diagnostics, storage, and communications.

Principle

Accounts are not required

The app works without creating a profile or logging in. Any network calls are explicit and driven by you.

Scope

Keys stay out of scope

Validator private keys, keystores, signing keys, and seed phrases are never collected, transmitted, or stored.

Control

Telemetry is optional

If diagnostics are enabled, we aim for minimal, non-sensitive signals — and you can disable them anytime.

  • Off by default; opt-in per device and reversible.
  • No marketing pixels or session replay; only aggregate counts and crash traces.
  • Validator lists, endpoints, payouts, and signing material never leave your machine.

What we collect (and what we do not)

Validator Tools is designed to run locally. The app does not require accounts, and it never asks for validator keys or keystores.

App

Product data (app)

Lives on your device by default. Run history, exports, and configuration stay local unless you choose to move or back them up.

  • No validator private keys, seed phrases, or signing material are requested.
  • Local caches (e.g., endpoint responses) can be cleared from the app.
  • Exports are explicit: you choose when to create and where to store them.

Opt-in

Diagnostics & telemetry

Prefer opt-in diagnostics only. If enabled, we capture minimal, non-sensitive signals to improve stability.

  • Crash reports and performance traces exclude validator identifiers and payloads.
  • Feature usage counts are aggregated; no session replay or keystroke tracking.
  • You can disable diagnostics at any time inside the app settings.
  • No validator lists, endpoints, payout destinations, or keys are included.

Website

Website & downloads

Basic web server logs are retained for abuse prevention and reliability of downloads.

  • IP address, user agent, and requested resource may appear in access logs.
  • No marketing cookies or cross-site tracking pixels are used.
  • Download counts are aggregated to plan mirrors and bandwidth.
  • Newsletter signup stores only your email and opt-in state; unsubscribes honored immediately.
  • No ads, no sale or rental of any data.
We do not sell or rent data. Data is used to operate and improve Validator Tools, support customers, and secure our infrastructure. Anything sensitive remains in your control.

How we use information

Usage is scoped to product quality, support, and safety. We aim for clear intent and minimal retention.

Product

Operate the product

  • Provide downloads, verify integrity, and maintain mirrors.
  • Keep opt-in diagnostics to improve performance and stability.
  • Prevent abuse of endpoints that serve installers and updates.
  • Plan product improvements from aggregated, non-sensitive signals.

Support

Support & communication

  • Respond to support requests you send via email or forms.
  • Send product updates only if you subscribe (with an opt-out link in each email).
  • Follow up on security reports or incident-related questions.
  • Support bundles are user-reviewed/redacted before sending.

Security

Security & compliance

  • Detect misuse, fraud, or attempts to tamper with releases.
  • Maintain auditability of release artifacts and checksums.
  • Comply with legal requests when required, after review.
  • Apply least-data posture with vendors; no resale or enrichment.
Keys stay out of scope. Validator keys, keystores, signing keys, and seed phrases are never collected, transmitted, or stored by Validator Tools.

Storage, retention, and location

We keep the smallest possible footprint. Local app data remains on your machine; server-side records are short-lived unless required for security or legal reasons.

Local

On your device

Run history, exports, and configuration live locally. You can clear caches, delete runs, or move exports to offline storage.

Opt-in

Diagnostics retention

Crash/performance signals are retained for a bounded window (typically 90 days) for debugging, then deleted or anonymized.

Site

Access logs

Web and download logs are retained briefly (up to 30 days) for reliability and abuse mitigation unless a longer period is needed for investigations.

Category Where stored Retention Why
App data (runs, exports, configs) On your device only User-controlled Enable offline-first workflows and audit trails you manage.
Opt-in diagnostics Secure telemetry backend ~90 days Improve stability; remove identifiers where possible.
Server access logs Hosting provider Up to 30 days Reliability, security, and abuse prevention.
Support conversations Support inbox While the ticket is active + minimal archive Respond to your requests and maintain context for follow-ups.

Sharing and transfers

We keep vendors to a minimum. When third parties are involved, they are bound by data protection terms and receive only what is necessary.

Vendors

Infrastructure

  • Hosting/CDN providers deliver downloads and website assets.
  • DNS and DDoS protection vendors receive traffic necessary to operate the site safely.
  • No third-party trackers or advertising networks are embedded.

Support

Support tooling

  • Emails you send may be processed by our mail provider.
  • If you opt into newsletters, addresses are stored in our mailing system with unsubscribe links.
  • No enrichment or resale of contact information.
  • Support bundles are only accessed for the life of a ticket.

Legal

Legal requirements

  • We may disclose data if required to comply with applicable law or lawful requests.
  • When possible, we notify affected users unless legally prohibited.
  • We review each request for scope and legitimacy before responding.

Your controls and choices

We aim for clear, in-product controls. For anything else, reach out and we will respond promptly.

In-app

In the app

Disable diagnostics, clear caches, delete runs, and manage exports directly from settings.

  • Export or erase run history/logs under your control.
  • Verify telemetry state; toggle on/off at any time.

Email

Communications

Unsubscribe using the link in any email or by contacting support. Subscription is optional.

  • Release/update emails only if you opted in.
  • No marketing if you never subscribed; unsubscribe honored immediately.

Requests

Data requests

Request a copy of contact/support data we hold about you, or ask us to delete it where legally allowed.

  • Include the ticket/reference ID to speed up processing.
  • We respond as permitted by applicable law and our retention limits.
Contact: support@eth2tools.org for privacy questions, data access requests, or security disclosures.
Email support Verify downloads

Updates to this policy

Material changes will be reflected here with an updated effective date. For significant updates, we may also notify subscribers or note changes in release notes.

Process

Versioning

Each update includes an effective date and a short summary of what changed.

Docs

Changelog

Release notes and docs will mention privacy-impacting changes (e.g., new telemetry options).

Help

Questions

If something is unclear, reach out. We will respond with the specific data in scope and options available.