What CacaoTracker does with your data, in plain English
Last updated: July 19, 2026
CacaoTracker is a community-built analytics dashboard for the Maya Protocol. Almost everything it shows is public blockchain data, and most features work without any account. Still, there are two things you should know up front: wallet addresses you look up are saved on our servers so we can keep their position history up to date, and anything recorded on a blockchain is public by nature — we index it, we don't create it.
The app keeps two things in your browser's local storage: the list of wallet addresses you've added to your dashboard and your light/dark theme preference. This data stays on your device — it is only sent to our API when the app fetches analytics for the addresses you track. Clearing your browser data removes it.
If you sign in to an account, a session cookie is set for the cacaotracker.xyz domain and its subdomains so you stay logged in across the app and the API. We don't set any advertising or cross-site tracking cookies.
This is the most important thing to understand about CacaoTracker: when you view a dashboard for a wallet address, that address is saved on our servers.
We do this so we can take ongoing snapshots of the address's liquidity positions, rewards, and impermanent loss — that history is what powers the charts you see. Alongside the address itself, our analytics database stores the on-chain activity associated with it: swaps, deposits, withdrawals, LP positions, bonds, and rewards.
All of this is public blockchain data — anyone can see the same activity on any Maya Protocol explorer. We never ask you to link an address to your name, email, or any other identity, and we don't attempt to make that link ourselves. There is currently no self-service way to stop an address from being tracked once it has been viewed.
You don't need an account to use the dashboard. If you want to manage API keys, you can create a managed account, which is deliberately minimal: we store only a random account ID and a hashed password (never the password itself). No email, no name, nothing that identifies you.
If you create an API key, we store the key itself, the allowed domains and IP addresses you configure for it, and request counts used for rate limiting and usage quotas. API keys are tied to managed accounts, so no email is required.
Paid API subscriptions are processed by Polar.sh. Polar handles your payment details; on our side we only store which subscription tier your account has and its Polar subscription ID.
We use Vercel Analytics to understand how the site is used: page views and a small set of feature-usage events (for example, that a theme was toggled or a report was exported). Vercel Analytics is cookieless, aggregates data, and does not track you across other sites. Events never include your wallet addresses or account details.
We run error monitoring on both the frontend and the backend to catch crashes and bugs. Error reports are sent to BetterStack (hosted in the EU) and are explicitly configured to not attach personal identifiers such as IP addresses. They contain technical details about what went wrong — stack traces, browser version, the page involved — so we can fix problems.
Our API reads your IP address on each request to enforce rate limits and protect the service from abuse. These checks are transient — rate-limit counters expire on their own, and we do not keep a log of which IP addresses visited which pages.
We rely on a small set of services to run CacaoTracker:
We don't show ads. We don't sell your data. We don't track you across other websites. We don't link wallet addresses to real-world identities, and we don't require an email address or any personal information to use the dashboard, the managed accounts, or the API.
If how we handle data changes, we'll update this page and the "last updated" date at the top. Significant changes will also be mentioned in our community channels.