Every time you make a transaction through MetaMask using the default settings, both your IP address and your wallet address are sent to Infura, which is owned by the same company as MetaMask. This means your real-world internet location and your crypto identity are linked in Consensys's systems unless you manually change a setting.
This analysis describes what MetaMask's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision matters because IP addresses can be used to identify a person's approximate physical location and internet service provider, and when combined with a specific wallet address, can potentially link on-chain financial activity to a real-world identity.
Interpretive note: The exact text of this provision in the current published policy was not fully rendered in the truncated document; the characterization is based on well-documented public versions of MetaMask's privacy policy, but specific wording may vary from the current version.
By default, every MetaMask user's IP address and wallet address are collected together by Infura; this pairing could reduce the pseudonymity many users associate with blockchain transactions and represents the most material privacy consideration in this policy.
How other platforms handle this
We collect information about your interaction with the Netflix service (including playback events, such as play, pause, etc.); choices made when engaging with interactive titles, your Netflix game activity (such as gameplay, game use and interaction information, and progress or saved game informatio...
While the categories of Restricted Content above provide a clear framework, we may also moderate other types of Content in response to evolving challenges posed by advancements in Machine Learning. As we assess such Content, we hold consent as a core value, ensuring our approach remains thoughtful, ...
Mistral AI may monitor use of the Mistral AI Products through automated means in accordance with the Usage Policy. This monitoring is conducted to ensure compliance with Mistral AI's terms and policies, and to maintain the security and integrity of Mistral AI Products. We reserve the right to review...
Monitoring
MetaMask has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"When you use MetaMask, by default your IP address and Ethereum wallet address may be collected by Infura, our default RPC provider, when you send a transaction. Infura is a Consensys product. You can change your RPC provider in MetaMask settings to a non-Infura provider if you do not want this data collected by Infura.— Excerpt from MetaMask's MetaMask Privacy Policy
REGULATORY LANDSCAPE: This provision engages GDPR Articles 5, 6, and 13 regarding lawful basis for processing and transparency obligations, as well as UK GDPR equivalents. The European Data Protection Board's guidance on blockchain and pseudonymous identifiers suggests that wallet addresses linked to IP addresses may constitute personal data, which would require a documented lawful basis. The California Consumer Privacy Act and CPRA similarly apply to IP addresses and financial account identifiers. GOVERNANCE EXPOSURE: High. The combination of IP addresses with wallet addresses within a single corporate family (Consensys/Infura) creates a data set with significant re-identification potential. If this data is classified as personal data under GDPR, collection without adequate consent or a documented legitimate interest assessment could constitute a compliance violation. The fact that both MetaMask and Infura are Consensys entities requires clear internal data sharing documentation. JURISDICTION FLAGS: EU/EEA users face the highest exposure given GDPR's broad definition of personal data and its extraterritorial reach. UK users face similar exposure under UK GDPR. California users have rights under CCPA/CPRA to know about and opt out of sharing of personal information including IP addresses and financial identifiers. Users in jurisdictions with financial surveillance laws may find that this data linkage interacts with AML/KYC obligations. CONTRACT AND VENDOR IMPLICATIONS: Because Infura is a Consensys affiliate rather than an independent third-party processor, traditional GDPR Article 28 processor agreements may be replaced by intra-group data sharing agreements. Procurement teams at organizations deploying MetaMask should assess whether this arrangement constitutes a controlled data transfer subject to internal binding corporate rules or standard contractual clauses for cross-border transfers. COMPLIANCE CONSIDERATIONS: Compliance teams should evaluate whether MetaMask's consent or legitimate interest legal basis is adequately documented for this specific collection activity. Data mapping exercises should capture Infura as a data recipient. User-facing disclosures about the RPC switching option should be assessed for prominence and accessibility, as burying this option could affect the adequacy of consent or transparency under GDPR Article 13.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision matters because IP addresses can be used to identify a person's approximate physical location and internet service provider, and when combined with a specific wallet address, can potentially link on-chain financial activity to a real-world identity.
By default, every MetaMask user's IP address and wallet address are collected together by Infura; this pairing could reduce the pseudonymity many users associate with blockchain transactions and represents the most material privacy consideration in this policy.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by MetaMask.