Privacy Policy

Last Updated: 2026-05-30

This Privacy Policy explains how UnlimitedLN ("we," "our," or "us") collects, uses, stores, and protects your personal data when you use our website unlimitedln.fun ("the Service") and our browser extension UnlimitedLN Assistant ("the Extension").

We are committed to protecting your privacy. Please read this policy carefully. By using our Service or Extension, you consent to the practices described herein.

1. Data Collected by the Website (unlimitedln.fun)

1.1 Information You Provide

Data	Purpose	Legal Basis
Email address	Account registration, login, support communication	Contract (account creation)
Main Lightning Address	Automatic payouts of your balance	Contract (service delivery)
Password (hashed with `PASSWORD_DEFAULT`)	Authentication	Contract (security)
Referral code (optional)	Affiliate program tracking	Consent / legitimate interest
Support ticket messages & photos	Handling support requests	Legitimate interest

1.2 Information Collected Automatically

Data	Purpose	Retention
IP address	VPN/proxy detection, fraud prevention, login logging	Login logs retained indefinitely
HTTP User-Agent	Bot detection, device fingerprinting	Used in real-time, not stored long-term
Browser fingerprint (language, timezone, platform, etc.)	Security verification, session validation	Hashed, not stored in raw form
Transaction data (deposits, withdrawals, balances)	Account management, payouts	Indefinitely for accounting purposes

1.3 Cookies

Cookie	Purpose	Duration
`remember`	Persistent login ("Remember me")	30 days
`userid`	User identification	30 days
`security`	Security code validation	30 days
`DF9G6fb`	Ad-blocker detection	3 days
PHP session cookie (`PHPSESSID`)	Session management	Session

1.4 Third-Party Services

Service	Purpose	Data Shared
OpenNode	Lightning Network invoice creation and withdrawal processing	Invoice amounts, withdrawal addresses
Cloudinary	Profile picture uploads (support tickets)	Uploaded images
Google AdSense	Advertising	Per Google's ad serving policies
Coinserom	Advertising	Per Coinserom's privacy policy
ProxyCheck.io	VPN / proxy / Tor detection	IP address
Discord (webhooks & bot)	Registration notifications, support ticket alerts, community features	Email (partial), IP address, support messages
PayPal	Payment processing	Per PayPal's privacy policy
Seznam SMTP (via PHPMailer)	Sending transactional and support emails	Email address, message content

2. Data Collected by the Extension (UnlimitedLN Assistant)

About the Extension

UnlimitedLN Assistant is a Chrome/Edge browser extension that provides quick access to your UnlimitedLN account — automatic login, address overview, and balance checking without visiting the main website.

2.1 Data Collected & Stored

Data	Purpose	Storage Location
Device ID (SHA-256 hash of userAgent, language, screen resolution, CPU, installed fonts, timezone, platform + random salt)	Device identification for account pairing	`chrome.storage.local`
Auth token	User authentication with the API	`chrome.storage.local`
User data (email, main Lightning address, address count)	Display account information in the popup	`chrome.storage.local`
Auth state (UUID)	CSRF protection during OAuth-like flow	`chrome.storage.local`
`extension_logged_in` cookie	Signal to the website that the extension is authenticated	Web cookie (SameSite=Strict)

2.2 How the Extension Communicates

External communication — only with https://unlimitedln.fun/* (sender origin is verified)
Internal communication — between popup, background script, and content script via chrome.runtime
All API requests include the X-Device-Id header and use credentials: 'include' for session cookies

2.3 Permissions Used

Permission	Reason
`storage`	Store auth token, device ID, user data, and auth state
`tabs`	Open the website for authentication flow
`https://unlimitedln.fun/*`	Communicate with the service API

2.4 Security Measures

Message origin verification (sender.url validation)
All communication over HTTPS
Device fingerprint is SHA-256 hashed with a random salt — original data cannot be recovered
Crypto.randomUUID() for auth state (CSRF protection)
Email is masked in the UI (e.g., na***@domena)
Auth tokens expire after 90 days

3. General Provisions

3.1 Data Retention

We retain your personal data only as long as necessary for the purposes described in this policy. Account data is retained until you request deletion or until your account is terminated. Transaction records may be retained longer for accounting and legal compliance.

3.2 Your Rights

Under applicable law (including GDPR), you have the right to:

Access — request a copy of your personal data
Rectification — correct inaccurate data
Erasure — request deletion of your data ("right to be forgotten")
Portability — receive your data in a machine-readable format
Withdraw consent — at any time, without affecting the lawfulness of processing before withdrawal

3.3 Data Security

We implement appropriate technical and organizational measures to protect your data, including password hashing, HTTPS encryption, prepared SQL statements (preventing SQL injection), and token-based authentication for the Extension API.

3.4 Changes to This Policy

We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this page will reflect the most recent changes. Your continued use of the Service or Extension after changes constitutes acceptance of the updated policy.

3.5 Contact

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us via the support ticket system in your dashboard or email us at unlimitedln@unlimitedln.fun.

Governing Law

This Privacy Policy is governed by the laws of the Czech Republic. If you are a resident of the European Economic Area (EEA), you have the right to lodge a complaint with your local data protection authority.

This document is provided for informational purposes only and does not constitute legal advice.