Privacy policy

rpcfree.com — public RPC endpoints and documentation

Overview

This policy explains what technical data we process when you use rpcfree.com, including the public JSON-RPC endpoints and the informational website. The service is operated by Etox (etox.io) as blockchain RPC infrastructure.

Public RPC endpoints (JSON-RPC)

The documented RPC URLs (for example https://rpcfree.com/ethereum-rpc) accept POST requests with JSON-RPC payloads. They are designed for no signup and no API key. Because there is no API key, we identify traffic by client IP address to enforce fair-use limits.

IP addresses are tracked and used for rate limiting: 10 requests/second (burst 20), 333,333 compute units per day, and 10 million CU per month on rpcfree.com (no API key). Limits use your full IPv4 address, or IPv6 /64 prefix where noted. Over-limit responses are HTTP 429 with a JSON-RPC error describing which limit was hit.
The same IP data supports DDoS protection and security filtering at the edge. We use Cloudflare in front of the origin; Cloudflare may also log client IPs and related metadata under its own terms.
We do not use RPC traffic to build marketing profiles, and we do not correlate RPC requests with wallet addresses for analytics.
JSON-RPC request bodies are forwarded to the node for execution and are not retained for advertising or resale.
We do not run third-party analytics scripts on the RPC response path itself.

Documentation website (GET)

Chain pages on rpcfree.com are static HTML served over HTTPS. They may load assets (CSS) from the same host. We do not embed third-party advertising trackers on these pages.

If you use Cloudflare Web Analytics or similar in the future, this section should be updated to name the product and what it collects.

Retention

For abuse prevention and rate limiting, security-relevant logs (including IP addresses and IP-derived keys used to enforce per-client limits) are typically retained for up to 30 days, except where a longer retention is required for security investigations or legal obligations.

Your rights & contact

For privacy questions about rpcfree.com or Etox infrastructure, contact Etox through the website: https://etox.io

If you are in the EU/UK and wish to exercise GDPR-related rights, please reach out through the same channel with enough detail for us to verify and respond.

Changes

We may update this policy when the service or legal requirements change. The “last updated” date at the bottom reflects the latest revision.

FAQ

Why does rpcfree use my IP address?

Public JSON-RPC endpoints have no API key, so fair-use limits, abuse prevention, and DDoS protection rely on identifying traffic by client IP (and sometimes IP-prefix grouping). Cloudflare may also log client IPs at the edge under its own terms.

Are JSON-RPC request bodies stored for marketing?

No. JSON-RPC request bodies are forwarded to the node for execution and are not retained for advertising or resale. We do not use RPC traffic to build marketing profiles or correlate requests with wallet addresses for analytics.

How long are rate-limit and security logs kept?

For abuse prevention and rate limiting, security-relevant logs (including IP addresses and IP-derived keys used to enforce limits) are typically retained for up to 30 days, except where longer retention is required for security investigations or legal obligations.

Who operates rpcfree.com and where can I ask privacy questions?

The service is operated by Etox (etox.io) as blockchain RPC infrastructure. For privacy questions, contact Etox through https://etox.io; EU/UK users can exercise GDPR-related rights through the same channel.