Privacy policy

Version 1.0Effective 22 May 2026

The plain-English summary is on our privacy page. This is the complete legal version.

The short version

Maru is a browser extension that catches better swap rates before you hit confirm. To do that, we need to see one thing: that you're about to make a swap, and where. That's it.

What we store

Your swap intent (e.g. "swap 1 ETH for USDC on Uniswap") and the site you're swapping on.

What we never store

Your IP address. Our server receives it at the network layer (it has to, in order to respond), but we don't log it, attach it to your swap intent, or keep it.
Your wallet address. We never read it, query it, or send it anywhere.
Device data — no browser fingerprinting, screen size, OS, or anything like it.
Cookies. We don't set them, read them, or use them to track you.
Analytics or telemetry. We don't track what you click, where you scroll, or how you use any site.
Anything on any page that isn't a swap. The rest of your browsing is yours.

Who we share it with

Third-party rate sources (DEX aggregators, liquidity providers, routing services) — we send them the swap intent so they can quote you a better route. Nothing else goes with it.

Consent

When you first install Maru, we ask you to agree to this processing. The extension does nothing with your data until you do.
You can withdraw consent at any time by flipping the toggle in the extension's settings. The extension will go dormant and stop sending anything to our server or to third parties.

No accounts. No tracking. No profile of you. The extension is anonymous to use.

The full version

1 Who we are

This extension and the underlying service ("Maru") are operated by The Internet Community Company OÜ ("TICC OÜ", "we", "us"), an Estonian private limited company. We are the data controller for the limited personal data described in this policy.

For privacy questions or requests, email contact@usemaru.com.

2 What we collect

When you initiate a swap on a supported site, the Maru browser extension captures two pieces of information and sends them to our server:

Swap intent — the input token, output token, and amount you are attempting to swap.
Source site — the domain where you initiated the swap (e.g. the DEX or aggregator you're using).

We do not collect, store, or transmit any other data from any page you visit. The extension is silent on every page that isn't a swap interaction.

3 What we do not collect

To be explicit, Maru does not collect:

Wallet addresses. The extension does not read connected wallet addresses from the page, and they are never included in requests to our server or to third parties.
IP addresses. When your browser contacts our server, our server necessarily sees your IP at the network layer in order to return a response — but we do not log it, store it, or associate it with your swap intent. The IP is discarded after the response is sent.
Device or browser data. No fingerprinting, no user agent collection, no screen size, no OS.
Cookies or local storage tracking. We do not set cookies for tracking. The extension may use local browser storage strictly to function (e.g. user preferences and your consent state within the extension itself); this never leaves your device.
Analytics or telemetry. We do not track clicks, scroll behaviour, time on page, or any other usage signals.
Page content. We do not read, parse, or transmit the contents of any page outside of detecting swap intent on supported sites.

4 How we use what we collect

We use swap intent and source site for one purpose: to query third-party rate sources and return a better available rate (if one exists) before you confirm the transaction.

We do not use this data for advertising, profiling, resale, or any secondary purpose.

5 Who we share it with

To find you a better rate, we send the swap intent (token in, token out, amount) to third-party services such as DEX aggregators, liquidity providers, and routing protocols. Source site may be included where relevant to the quote.

These third parties receive only the swap intent. They do not receive your IP address from us, your wallet address, or any identifier that links the intent back to you as an individual. We may expand or change the set of third-party rate sources as the product evolves, within these same categories.

We do not sell data to anyone. We do not share data with advertisers, data brokers, or marketing partners.

6 Where data is stored

Stored swap intent and source site data is held on servers operated by Amazon Web Services in the EU (Frankfurt) region.

7 How long we keep it

Swap intent and source site records are retained indefinitely, in a form that contains no direct identifiers (no IP, no wallet, no device data). Because the data we hold is not linked to an identifiable person, we treat it as non-personal once collected.

If we ever change the categories of data we collect in a way that would make this data identifiable, we will update this policy and apply a defined retention period from that point.

8 Legal basis (EU/UK users)

Our legal basis for processing under the GDPR and UK GDPR is your consent, given under Article 6(1)(a).

When you first install Maru, the extension presents a consent screen explaining what data we collect and what we do with it. The extension does not transmit any data to our server or to third-party rate sources unless you have given consent.

9 Your rights

You have the following rights with respect to data we hold about you under the GDPR, UK GDPR, and similar laws (including the CCPA/CPRA in California):

Withdraw consent at any time. You can do this in two ways:
1. Toggle off the "Find me better rates" switch in the Maru extension settings. The extension will immediately stop sending swap intent or source site to our server or to any third party, and remain dormant until you turn it back on.
2. Uninstall the extension from your browser, which has the same effect.
Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.
Access, correction, deletion, restriction, portability, and objection. Because Maru is anonymous — we do not store your IP, wallet address, or any identifier — we generally have no way to link a stored swap intent back to you as an individual, and therefore no practical way to fulfil access or deletion requests for specific records. If you have questions about this, contact us at contact@usemaru.com and we will respond in good faith.
Lodge a complaint. EU/UK users may lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, aki.ee) as our lead supervisory authority, or with their local supervisory authority.

10 Children

Maru is not directed at children and we do not knowingly collect data from anyone under 16.

11 Security

We use standard security practices to protect the data we hold, including encryption in transit (HTTPS/TLS) and access controls on our infrastructure. No system is perfectly secure, but the limited and non-identifying nature of the data we hold significantly reduces risk.

12 Changes to this policy

We may update this policy from time to time. The version number and effective date at the top will reflect the most recent version.

If we make material changes — for example, collecting new categories of data, adding new categories of third-party recipients, or changing the purposes for which we use data — we will ask for your consent again through the extension before the new processing begins. Cosmetic or clarifying changes do not require fresh consent.

13 Contact

For any questions about this policy or our handling of data, email contact@usemaru.com.

Back to privacy