Privacy Policy

Introduction

At Walletix, we prioritize your privacy and the security of your assets. We are committed to protecting your personal information and ensuring it is handled in accordance with applicable United States federal and state regulations, including the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). We collect and process various categories of personal information based on your relationship with us, which may include:

• Individuals interacting with our website, platform, wallet, or financial products;

‍

Walletix Inc., a corporation organized and operating under the laws of the United States, is the designated data controller responsible for your personal information (collectively referred to in this policy as “Walletix”, “we”, “us”, or “our”). This Privacy Policy outlines how we collect, use, disclose, and protect your information, the legal bases for processing under applicable US federal and state laws, and the rigorous safeguards in place to secure your managed private keys. We may update this policy periodically to reflect legal or operational changes. Significant updates will be communicated through appropriate channels, with version history maintained for transparency. Should you have any inquiries or require clarification regarding this Privacy Policy or our data management practices, please contact our Compliance Officer at: compliance@walletix.io.

‍

Types of personal data and other information collected

We collect various categories of personal information and related data from users who interact with our services, either voluntarily or as required for the fulfillment of our legal and contractual obligations under US law. This information enables us to deliver, improve, and personalize our managed wallet services while maintaining the security of your account. The information collected includes, but is not limited to:

1. Personal Identification Information: This includes your full legal name, date of birth, nationality, gender, mobile phone number, email address, physical residential address (including proof of residency), employment status and sector, and your Social Security Number (SSN), Taxpayer Identification Number, or other government-issued identifiers, in accordance with US federal financial regulations and state privacy laws.
2. Usage Information: Details on how you access and interact with the Walletix platform, including your device’s Internet Protocol (IP) address, browser type and version, specific pages visited, date and time of access, duration of visits, and system diagnostic data used to ensure the security, integrity, and optimal performance of our vault infrastructure."
3. Tracking & Cookies Information: We utilize cookies and similar tracking technologies (including web beacons, pixels, tags, and scripts) to enhance your user experience, ensure account security, and collect performance analytics. In accordance with US privacy standards, these technologies allow us to recognize your device and maintain the integrity of your secure vault session. These include:

‍

• Session Cookies - required to maintain your secure authenticated session while you access your managed vault
• Preference Cookies - used to remember your settings and localized US state-level display preferences;
• Security Cookies – utilized to detect unauthorized access attempts, verify identity, and protect your private keys from cyber threats;
• Necessary Cookies – essential for the operation of the platform and to ensure compliance with US financial security standards.

‍

You may manage your cookie preferences through your browser settings, though please note that disabling certain cookies may limit your ability to access secure features of our managed vault. For more information on how we use these technologies in accordance with US privacy laws, please refer to our Cookie Policy

1. Biometric Information: Collected during identity verification processes (e.g., facial scans or "liveness" checks) strictly for secure multi-factor authentication, fraud prevention, and compliance with US financial security standards.
2. Official Identification Documents: Copies of your US Driver’s License, Passport, or State-issued ID, as required for mandatory compliance with federal Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations under the Bank Secrecy Act (BSA) and USA PATRIOT Act.
3. Transaction Information: Detailed records of your Walletix vault activity, including blockchain transaction hashes, amounts, wallet addresses, and related metadata necessary for custodial record-keeping and US tax reporting.
4. Correspondence Data: Any information voluntarily submitted via our US-based support channels, customer surveys, feedback forms, or formal dispute and complaint records.
5. Device and Geolocation Data: Includes IP address, device fingerprinting, and browser metadata used to optimize performance and ensure compliance with US state-level digital asset restrictions and security protocols.

‍

‍

How we collect your information

We collect your personal information and related data from both public and non-public sources using lawful and transparent means. In accordance with US federal and state privacy laws, we gather information through the following primary channels:

• Direct disclosures from you: Information provided during account registration, profile updates, or any interaction where you voluntarily submit data via our managed vault platform.
• Communications with our US-based support teams: Records of interactions through email, secure live chat, telephone, or official social media channels.
• Digital engagement and monitoring: Data gathered through your interaction with our emails, website notices, or marketing materials, including activity monitoring and secure tracking tools to maintain vault integrity.
• Publicly available online sources: Information from corporate websites, professional social platforms, and digital footprints, utilized primarily for regulatory verification and security purposes.
• Searches in federal and state databases: Information retrieved from public registries for mandatory due diligence, identity verification, and sanctions compliance (e.g., OFAC screening).
• Participation in user feedback and promotions: Data submitted voluntarily through surveys, promotional campaigns, or waitlist contests.
• Direct interactions with the Walletix vault: Detailed logs of your account activity, including transaction history, navigation patterns, and feature usage within our custodial infrastructure.
• Third-party providers, including:

‍

• Identity verification services: Including US-based providers used to satisfy mandatory KYC and AML standards;
• Credit reporting agencies: Utilized for identity verification and risk assessment in accordance with the Fair Credit Reporting Act (FCRA);
• Financial institutions and payment processors: Including ACH and wire transfer partners used to fund your Walletix vault;
• Federal and state regulatory and law enforcement authorities: When required by valid legal process or mandatory reporting under US federal law.

‍

The collected information is used internally to enhance service delivery, respond to inquiries, develop new features, and ensure compliance with US legal obligations. It may also be reviewed to maintain the security and integrity of our managed vault infrastructure. All personal information is retained only for as long as necessary to fulfill its intended purpose or to comply with federal record-keeping requirements, typically for a minimum of five (5) years post-account closure. Any retained information is handled with strict confidentiality and safeguarded against unauthorized access. If material changes are made to our data collection methods, we will notify you via a prominent notice on our platform. Walletix does not sell, lease, or distribute your personal information to third parties for marketing purposes without your explicit consent, except as legally required or contractually agreed.

‍

Use and Processing of Personal Information

We process your personal information lawfully, fairly, and transparently, solely for purposes necessary for our business operations. In the United States, we rely on specific legal bases to ensure the security of your managed vault, including:

1. Contractual Necessity: When processing is essential to fulfill our contractual obligations to you under Walletix’s Terms of Service and managed key agreements.
2. Legal Obligation: Where processing is required for us to comply with US federal or state laws, including financial reporting, tax, and anti-money laundering regulations.
3. Legitimate Interests: Where we have a legitimate business interest that does not override your rights, such as enterprise-grade fraud prevention, cybersecurity monitoring, and service enhancements.
4. Consent: Where you have expressly granted us permission to process your information for specific purposes, such as marketing or advanced biometric features. You may withdraw your consent at any time.

‍

Specifically, your personal information is processed for the following purposes:

1. To verify your identity in compliance with Know Your Customer (KYC), Anti-Money Laundering (AML), and Sanctions Screening (OFAC) regulations, as required by the Bank Secrecy Act (BSA) and the USA PATRIOT Act.
2. To create, manage, and maintain your Walletix vault, including secure private key generation, authentication, and asset protection.
3. To detect, investigate, and prevent fraudulent or unauthorized access to your custodial account or our platform infrastructure.
4. To manage our relationship with you effectively, including security audits, quality control, and platform monitoring.
5. To innovate new vault features and improve the technical architecture of our managed key storage.
6. To inform you of critical security enhancements or changes to our custodial services that affect your assets.
7. To provide personalized support and respond to your queries, support requests, or complaints via our US-based compliance team.
8. To comply with federal regulatory requirements, participate in legal proceedings, or assist US law enforcement agencies where required by valid legal process.
9. To support business continuity activities, including financial audits, risk management, and corporate restructuring.

‍

All processing activities are conducted with rigorous technical safeguards, ensuring your information is only used for the purposes stated above unless further consent is obtained or required by US law.

‍

Transfer of Data

Walletix is a US-based entity, and your personal information is primarily stored on secure servers located within the United States. However, to provide global vault access and enterprise-grade redundancy, your information may be transferred to or maintained on systems located in jurisdictions outside of your home state or country. By using our services, you acknowledge such transfers in accordance with US privacy standards. We will only transfer your information under the following conditions:

1. The transfer is necessary for the performance of our custodial contract with you;
2. The recipient entity is subject to strict data protection obligations equivalent to US federal standards;
3. Appropriate safeguards have been implemented, such as secure data processing agreements or standard contractual clauses;
4. The transfer is required for public interest reasons, legal claims, or to protect the vital security of your digital assets.

‍

Walletix Inc. ensures that any data transfers comply with applicable US laws and that robust security measures, including Hardware Security Modules (HSMs) and encryption, are in place to protect your assets. Walletix does not sell, lease, or rent your personal information to third parties. All transfers are strictly controlled and conducted only with entities subject to rigorous data protection and financial security obligations.

‍

Your Rights Over Your Information

Depending on your state of residence (e.g., California, Virginia, Colorado), you are entitled to exercise certain rights over the personal information we hold about you under the CCPA/CPRA and other applicable US privacy laws. These rights include the right to:

1. Right to Know/Access: Request confirmation that we are processing your information and receive a report of the specific pieces of data collected;
2. Right to Correct: Request that we update any inaccurate or outdated personal information;
3. Right to Delete: Request the erasure of your personal information, subject to mandatory US federal record-keeping requirements;
4. Right to Portability: Receive a copy of your data in a structured, machine-readable format to transmit to another service provider;
5. Right to Opt-Out: Direct us not to share your personal information with non-affiliated third parties for specific purposes (though Walletix does not sell data);
6. Right to Limit Sensitive Data: Request that we limit the use of sensitive personal information (like your SSN or biometric data) to only what is necessary to provide our vault services;
7. Right to Non-Discrimination: Exercise your privacy rights without fear of denied service or increased pricing.

‍

To exercise any of these rights, please contact our Compliance Team at compliance@walletix.io. Please note that as a custodial provider, federal regulations (such as the Bank Secrecy Act) require us to retain certain identity and transaction data even after a deletion request has been made.

‍

How to Exercise Your Rights

To exercise your data rights, you may submit a request by contacting our Compliance Officer at compliance@walletix.io. Upon verification of your identity—which may require providing additional identifiers to protect your vault—we will respond to your request within the timeframes mandated by state law (typically 45 days). Please note the following conditions:

1. We may decline a request that is manifestly unfounded, excessive, or repetitive, as permitted by US state privacy statutes.
2. We aim to respond to all verified requests within 45 days, unless an extension is warranted and communicated to you in writing.
3. Your right to erasure does not extend to data that Walletix is required to retain under US federal law, including:

1. IRS tax and reporting records;
2. Mandatory AML/KYC audit logs;
3. Custodial transaction and subscription data required for financial reconstructive purposes;
4. Information retained in isolated, secure backup systems for disaster recovery.

‍

If you believe your rights under this Privacy Policy have been violated, you may seek redress in accordance with our Terms of Service. In line with US standards, claims must typically be lodged within the applicable statute of limitations for the relevant breach.

‍

Complaints and Redress

If you believe Walletix has violated your privacy rights, you have the right to lodge a complaint with the Consumer Financial Protection Bureau (CFPB) or your state’s Attorney General (e.g., the California Privacy Protection Agency). Before approaching regulatory bodies, we encourage you to contact us directly so we can resolve your concerns amicably. You can reach our Compliance Officer via compliance@walletix.io.

‍

How Long We Keep Your Information

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected or to satisfy US federal, state, and regulatory requirements. To determine the appropriate retention period, we consider:

• The volume and sensitivity of the information;
• The potential risk of unauthorized use;
• Mandatory US federal statutes, including the Bank Secrecy Act (BSA), which generally requires financial institutions to maintain records for at least five (5) years post-account closure.

‍

In accordance with US data minimization principles:

• You may request deletion once data is no longer necessary, subject to the legal exceptions noted above;
• If complete deletion is not permissible due to federal audits, we will securely isolate the data from further processing;
• Anonymized data may be retained indefinitely for internal research or analytical purposes.

‍

In line with US federal record-keeping requirements and data minimization standards:

• You may request deletion of your information when it is no longer necessary for the purpose for which it was collected, subject to the legal exceptions outlined in “How to Exercise Your Rights.”
• In cases where complete deletion is not legally permissible (e.g., for mandatory US federal audits or BSA compliance), we will securely isolate and protect the data from further processing.
• In some cases, we may anonymize your information so that it can no longer be associated with you. Anonymized data may be retained indefinitely for internal research or analytical purposes.

‍

Once data retention is no longer justified under US law, we take appropriate steps to securely delete or depersonalize the information from our systems and from the systems of any third parties processing data on our behalf.

‍

Security of Personal Information

We take the protection of your personal information and managed private keys seriously. We implement robust technical and organizational measures to secure our infrastructure from unauthorized access, alteration, disclosure, or destruction. In accordance with industry-leading security frameworks (such as NIST) and US financial security standards, our practices include:

• Encryption of sensitive data at rest and in transit using AES-256 and TLS 1.2+ protocols;
• Enterprise-grade Hardware Security Modules (HSMs) for the storage and management of private keys;
• Strict role-based access controls (RBAC) and mandatory Multi-Factor Authentication (MFA) for all internal systems;
• Regular internal and external security audits, including penetration testing and vulnerability assessments;
• Comprehensive staff training on US data privacy laws and cybersecurity awareness;
• Documented incident response plans for the rapid detection and mitigation of potential data breaches.

‍

While we strive to implement industry-standard security measures, no method of electronic storage or transmission over the internet is 100% secure. Therefore, we cannot guarantee absolute security, but we continually assess and improve our safeguards to protect your assets.

‍

Disclosure of Personal Information

We treat your personal information as confidential and will not share it with third parties except as outlined in this Privacy Policy or as permitted by US law. Your information may be shared with: Walletix employees and authorized personnel solely for operational purposes; US financial institutions and payment processors involved in delivering our services; third-party vendors providing infrastructure, security analytics, and customer support; and verification firms conducting KYC, AML, and OFAC sanctions screening.

We will disclose your personal information to third parties only: Where you have explicitly authorized such disclosure; where we are required to do so by US federal or state law, court order, or government regulation (e.g., the Bank Secrecy Act); to enforce our contractual rights or protect our legal interests; or in connection with a merger, acquisition, or transfer of business assets, in which case appropriate safeguards will be applied. All third-party recipients are subject to strict confidentiality obligations and US-compliant data protection agreements.

‍

Data Processing Principles

In all processing activities, we adhere to core US privacy principles to ensure your information is handled responsibly:

• Lawfulness and Transparency: We process information legally and transparently, ensuring you are informed of your rights under US law.
• Purpose Limitation: Information is collected for defined, legitimate business purposes and is not used in ways incompatible with those purposes.
• Data Minimization: We collect only the information necessary for the specific custodial services provided.
• Accuracy: We take reasonable steps to ensure your information is accurate and up to date.
• Storage Limitation: We retain information only as long as required for service delivery or mandatory US regulatory compliance.
• Integrity and Confidentiality: We apply appropriate technical safeguards to ensure the security of your data and managed keys.

‍

Service Providers

We engage trusted third-party companies (“Service Providers”) to support our US operations, including infrastructure, compliance verification, and customer support. These Service Providers are granted access to your information only to the extent necessary to perform their functions on our behalf. All such providers are contractually bound to maintain the confidentiality and security of your information and comply with applicable US data protection regulations.

‍

External Sites

Our platform may contain links to external websites not controlled by Walletix. When you follow a third-party link, you are subject to that party’s privacy practices. We encourage you to read the privacy policies of any third-party site you visit. Walletix assumes no responsibility for the content or data handling procedures of external websites.

‍

Children's Privacy Policy

Walletix services are strictly intended for individuals who are at least 18 years of age. We do not knowingly collect, maintain, or use personal information from children under the age of 13, in accordance with the Children’s Online Privacy Protection Act (COPPA). If we become aware that a child under 13 has provided us with personal information, we will take immediate steps to delete such data and terminate the associated vault access.

‍

Changes to Privacy Policy

We may update this Privacy Policy periodically to reflect changes in US legal, regulatory, or operational requirements. Significant updates will be communicated through:

• Email notifications to your registered address;
• Prominent notices on the Walletix website or platform dashboard;
• An updated "Last Updated" date at the top of this document.

‍

We recommend that you review this policy periodically to stay informed about how we protect your personal information and managed keys. Changes take effect immediately upon posting to this page unless otherwise stated.

‍

Client's Liability and Security Responsibility

While Walletix implements enterprise-grade security to protect your managed private keys, the security of your individual account access is a shared responsibility. You are responsible for safeguarding your login credentials, recovery phrases (if applicable), and any multi-factor authentication (MFA) devices linked to your Walletix vault.

Walletix shall not be liable for any unauthorized access, loss of assets, or data breaches resulting from your negligence, sharing of credentials, or failure to secure your personal device and account information. By using our services, you agree to assume full responsibility for maintaining the confidentiality of your account access points.

‍

Contact Us

If you have any questions about this Privacy Policy or how we manage your digital asset security, please contact our Compliance Officer via: compliance@walletix.io