This Privacy Policy ("Policy") describes how Trader Wallet sp. z o.o. ("Trader Wallet", "we", "our", or "us") collects, uses, discloses, stores, transfers, and protects information in connection with the Trader Wallet mobile application for iOS and Android (the "App"), our website at trader-wallet.com (the "Site"), and the backend services that support them (together, the "Services"). It also explains the rights you have over your personal data and how to exercise them, and it includes region-specific information for the European Economic Area, the United Kingdom, California and other US states, and other jurisdictions.
Trader Wallet is a non-custodial, multi-chain, hierarchical-deterministic Web3 wallet. This means your recovery phrase and private keys are generated and stored only on your device, are never transmitted to us, and cannot be recovered by us. We have engineered the Services to process the least personal data reasonably necessary to provide the features you choose to use. Certain optional features (such as signing in, using the AI assistant, or enabling push notifications) require us and certain service providers to process limited personal data; this Policy explains exactly what, why, for how long, and with whom.
Please read this Policy together with our Terms of Service. By downloading, accessing, or using the Services, you acknowledge that you have read and understood this Policy. If you do not agree with it, please do not use the Services.
To make this Policy easier to follow, the following terms have the meanings set out below.
The controller responsible for your personal data is Trader Wallet sp. z o.o., a limited-liability company registered in Poland (KRS 0001218226) with its registered office at ul. Złota 2-19, 15-016 Białystok, Poland. As we are established in the European Union, we are not required to appoint an Article 27 GDPR representative; for all privacy matters you may contact us directly using the details in Section 30.
This Policy applies to all users of the Services worldwide, on both iOS and Android, and to visitors of the Site. It covers all processing carried out by the App, the Site, and our backend, as well as the limited data shared with the third-party providers and blockchain networks needed to deliver the features you use. It does not apply to third-party websites, wallets, protocols, or services that we do not operate, which are governed by their own privacy policies (see Section 27).
We designed the Services around a small set of principles, consistent with the data-protection concepts of privacy by design and by default:
Because Trader Wallet is self-custodial, the most sensitive information stays exclusively on your device and is never transmitted to us, our backend, or any third party:
These are generated on your device and stored encrypted in the platform secure store (Android Keystore or iOS Keychain). We cannot read them, cannot move your funds, and cannot recover them if you lose them. We also do not collect government identification documents, and we do not perform identity verification ("KYC"). We do not collect biometric identifiers: biometric unlock is handled entirely by your device operating system and is never shared with us. We do not process payment-card or bank-account details; any in-app service fees are collected on-chain in cryptocurrency at the moment of a transaction, as described in our Terms of Service.
There is no "forgot password" for your recovery phrase and no way for us to restore it. If you lose your recovery phrase and lose access to your device, your funds are permanently lost. Always back up your recovery phrase offline and keep it private.
To function, the App generates and caches certain data locally, inside the App's isolated storage. This data is not uploaded to us:
Uninstalling the App, clearing its data in your device settings, or performing a factory reset permanently deletes this local data. If you have not backed up your recovery phrase beforehand, you will lose access to your funds.
The features in this section are optional. If you choose to use them, the personal data described is processed by us and/or by the service providers listed in Section 16. Each subsection states what data is involved, why, and where it goes.
You can use the wallet in Guest mode without an account. If you sign in, we use Firebase Authentication (Google) to authenticate you. Depending on the sign-in method, we process your email address (email sign-in), your Google or Apple account identifier and any display name you provide (social sign-in), and a Firebase user ID that identifies your account within our systems. We use this only to authenticate you and associate optional features (such as saved AI chat history) with your account. Signing in is not required to hold, send, receive, swap, or trade assets.
If you use the in-app AI assistant ("Grunwald"), the messages you send, and any voice input or images you submit for analysis, are transmitted through our backend to our AI provider, Anthropic, which generates the responses. If you are signed in, your chat history may be stored so the assistant can maintain context across sessions; you can delete it. Voice input is converted to text using your device's speech-recognition capability while you are actively using that feature.
Never enter your recovery phrase, private keys, or passwords into the AI assistant or anywhere else. No legitimate feature of Trader Wallet will ever ask for your recovery phrase.
If you enable notifications, we use Firebase Cloud Messaging and the Apple Push Notification service, which involves a device push token, to deliver alerts such as price, transaction, and trading notifications. The push token identifies your device installation so notifications can be routed to it. You can turn notifications off at any time in your device settings, which stops this processing.
When you use in-app token swaps, cross-chain bridges, staking, lending, perpetual-futures trading, prediction markets, or tokenized-asset features, the relevant public wallet address, token pair, network, and amount are sent to the third-party providers that source quotes and route or execute those actions (for example 0x, Jupiter, LI.FI, and Hyperliquid) and to blockchain RPC providers. As with any internet request, these providers can also observe your IP address and the addresses you query. We charge on-chain service fees for some of these features, as detailed in our Terms of Service. Your private keys are never shared; transactions are signed on your device.
Our backend runs on Vercel. When your device contacts our backend (to fetch prices, obtain a swap quote, proxy a blockchain RPC request, or reach the AI assistant), standard technical data is processed as part of the internet request, including your IP address, request timestamps, the endpoint called, and a user-agent string describing your app version and device type. We keep operational logs to the minimum needed for security, abuse prevention, and reliability, and we do not use them to build advertising or behavioral profiles.
If you email us or otherwise contact us, we process your contact details and the content of your message to respond and to keep a reasonable record of the request.
The table below summarizes the categories of personal data we may process, whether we collect them, and why. We do not sell or share any of these categories for cross-context behavioral advertising, and we do not process sensitive personal data.
| Category | Collected? | Examples & purpose |
|---|---|---|
| Identifiers | Yes, if you use optional features | Email, Google/Apple ID, Firebase user ID, device push token, IP address — used for sign-in, notifications, and backend requests |
| Internet / network activity | Yes (minimal) | Backend request logs, app version, endpoint accessed — used for security and reliability |
| Approximate location | Inferred only | Coarse location may be inferred from your IP address; we do not collect GPS or precise location |
| Audio | Only when you use voice input | Voice input to the AI assistant, converted to text; not stored as audio by us |
| User content | Yes, if you use the assistant | Messages and images you submit to the AI assistant |
| Transaction data | On-chain only | Wallet addresses and amounts you transact are public on the blockchain; we do not maintain a private ledger of them |
| Sensitive personal data | No | We do not collect government IDs, biometrics, health, religion, precise location, or similar sensitive data |
| Inferences / profiles | No | We do not build behavioral profiles or make inferences about you |
We obtain personal data from the following sources:
We use personal data only for the following purposes:
Where the EU or UK General Data Protection Regulation applies, we rely on the following legal bases:
| Processing activity | Legal basis |
|---|---|
| Providing core wallet functionality you request | Performance of a contract (Art. 6(1)(b)) |
| Account sign-in, AI assistant, push notifications | Consent (Art. 6(1)(a)), withdrawable at any time |
| Security, fraud and abuse prevention, reliability | Legitimate interests (Art. 6(1)(f)) |
| Responding to your enquiries | Legitimate interests, or steps prior to a contract |
| Complying with legal obligations that apply to us | Legal obligation (Art. 6(1)(c)) |
Where we rely on legitimate interests, we have assessed that those interests are not overridden by your rights and freedoms. Where we rely on consent, you can withdraw it at any time (for example by signing out or disabling a feature); withdrawal does not affect processing that took place before it.
We do not run advertising and we do not sell your data to marketers. We may send you service-related (transactional) messages that are necessary to operate the Services, such as security notices or important changes to these documents. If we ever offer an optional newsletter or promotional messages, they will be strictly opt-in and you will be able to unsubscribe at any time. We do not need your consent to send essential service messages, but we will not use your contact details for marketing without a lawful basis.
We do not carry out automated decision-making that produces legal or similarly significant effects about you, and we do not build marketing or behavioral profiles. The AI assistant generates responses automatically, but it does not make decisions about you or your access to the Services; it is an informational tool only.
To be unambiguous about our practices, we do not:
The App requests only the permissions needed for specific features. You can grant or revoke optional permissions at any time in your device settings.
| Permission | Why it is used | Optional? |
|---|---|---|
| Camera | Scanning QR codes containing wallet addresses. No images are captured, saved, or uploaded. | Yes |
| Microphone / speech recognition | Voice input for the AI assistant, used only while you are actively using voice input. | Yes |
| Notifications | Delivering the push notifications you opt into. | Yes |
| Internet / network | Communicating with blockchains, providers, and our backend. Essential for the App to function. | Required |
We share the limited data described in this Policy only with the providers needed to deliver the features you use, and only to the extent necessary. Each provider operates under its own privacy policy and its own security and retention practices, which we do not control. This list may change as the App evolves; we keep it current and update the effective date when we make material changes.
| Provider | What it does | Data it may receive | Privacy policy |
|---|---|---|---|
| Google / Firebase | Sign-in (Authentication) and push messaging (Cloud Messaging) | Email or account identifier, Firebase user ID, device push token, IP address | firebase.google.com/support/privacy |
| Anthropic | Generates AI-assistant responses | Your AI messages, voice-to-text input, and any images you submit | anthropic.com/legal/privacy |
| Vercel | Hosts our backend and website | IP address, request metadata, wallet addresses queried | vercel.com/legal/privacy-policy |
| CoinGecko | Prices, charts, and token icons | IP address, the assets you request | coingecko.com/en/privacy |
| 0x, Jupiter, LI.FI | Swap and cross-chain bridge quotes and routing | Wallet address, token pair, amount, IP address | See each provider's website |
| Hyperliquid | Perpetual futures and prediction markets | Wallet address, order data, IP address | See provider's website |
| RPC providers (e.g. Helius, TronGrid, public nodes) | Reading balances and broadcasting transactions | Wallet address, transaction data, IP address | See each provider's website |
| Blockchain explorers | Optional external links to view transactions | Whatever the linked page collects when you visit it | See each explorer's website |
We may also disclose personal data where required to comply with a valid legal obligation, to protect our rights or the safety of users, or in connection with a corporate transaction (such as a merger or asset transfer), in which case we will require the recipient to honor this Policy.
We may create aggregated or anonymized data that does not identify you (for example, the total number of installations or the number of transactions of a given type). Once data is truly anonymized, it is no longer personal data, and we may use and disclose it for any lawful purpose, including operating and improving the Services.
When you send, receive, swap, bridge, stake, lend, or trade on public blockchains, your wallet addresses, transaction amounts, timestamps, and counterpart addresses become part of a permanent, public ledger that anyone can view using a blockchain explorer. This information cannot be deleted, altered, or hidden, and it is outside our control. This is a fundamental property of public blockchains, not a feature of Trader Wallet.
Cryptocurrency addresses are pseudonymous, not anonymous. Your legal identity is not published on-chain, but if an address is ever linked to you (for example through a KYC exchange, a public post, or blockchain analysis), your associated on-chain activity can be traced back to you. Consider this before transacting, and consider using a new address where appropriate.
Some of our providers process data outside your country, including in the United States. Where personal data of users in the European Economic Area, the United Kingdom, or Switzerland is transferred internationally, that transfer is protected by an appropriate safeguard, such as the European Commission's Standard Contractual Clauses adopted by the relevant provider, or is necessary to perform the service you requested under Article 49(1)(b) GDPR. You may contact us for more information about the safeguards that apply.
We keep personal data only for as long as needed for the purpose it was collected, then delete it or anonymize it. Specific retention criteria are set out below.
| Category | Retention |
|---|---|
| On-device data (keys, caches, settings) | Until you delete it or uninstall the App; controlled entirely by you |
| Account data (if you sign in) | While your account exists; deleted upon account deletion or on request, subject to any short technical backup cycle |
| AI chat history (if signed in) | Until you delete the history or your account |
| Backend operational logs | Kept only for a short period for security and reliability, then deleted or anonymized |
| Support correspondence | For as long as needed to handle the matter and keep a reasonable record |
| Blockchain records | Permanent and public; not controlled by us |
Where we are required to retain certain data to comply with a legal obligation or to establish, exercise, or defend legal claims, we will retain it for the period required for that purpose.
We take reasonable and appropriate technical and organizational measures to protect personal data, including:
No method of transmission or storage is perfectly secure. If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority and affected users where required by law, and we will take steps to mitigate the breach. You play an essential role in security: keep your device updated and protected, use a strong device lock, never share your recovery phrase, be alert to phishing, and avoid using the App on a jailbroken or rooted device.
You have direct, practical control over most processing:
If the GDPR applies to you, you have the right to:
To exercise your rights, email contact@trader-wallet.com. To protect your data, we may need to verify your identity before acting on a request, for example by confirming control of the email address associated with your account. We will respond within the timeframes required by law (generally within one month, extendable for complex requests). Exercising your rights is free unless a request is manifestly unfounded or excessive. You also have the right to lodge a complaint with your local data-protection authority; in Poland this is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, UODO).
If you are a California resident, the California Consumer Privacy Act, as amended, gives you rights over your personal information. This section serves as our notice at collection and describes those rights.
Categories collected. As set out in Section 7, we may collect identifiers, internet/network activity, coarse location inferred from IP, audio (voice input), and user content you submit to the assistant. We do not collect sensitive personal information as defined by the CPRA.
No sale or sharing. We do not sell your personal information and do not share it for cross-context behavioral advertising. We have not done so in the preceding 12 months. Accordingly, no "Do Not Sell or Share My Personal Information" action is necessary.
Purposes and disclosures. We use personal information for the business purposes in Section 9, and disclose it only to the service providers in Section 16, who are contractually limited to processing it on our behalf.
Your rights. You have the right to know, access, correct, and delete your personal information, and to not receive discriminatory treatment for exercising these rights. We do not offer financial incentives in exchange for personal information. To exercise your rights, email contact@trader-wallet.com; you may use an authorized agent, and we may verify your identity and the agent's authority. Because we collect little personal information and store your keys only on your device, many requests will result in confirmation that we do not hold the data in question.
If you are a resident of another US state with a comprehensive consumer-privacy law (such as Virginia, Colorado, Connecticut, Utah, Texas, or others as they come into effect), you may have rights similar to those described above, including the rights to access, correct, delete, and obtain a copy of your personal data, and to opt out of targeted advertising, sale, or certain profiling. We do not engage in targeted advertising, the sale of personal data, or profiling that produces legal or similarly significant effects, so those opt-outs do not apply. To exercise applicable rights, contact us at contact@trader-wallet.com. Where a law provides an appeal process for a declined request, we will honor it.
Data-protection laws in other jurisdictions may grant you additional or similar rights, for example Brazil's LGPD, Canada's PIPEDA, the UK GDPR, Switzerland's FADP, and laws in Australia, Japan, and elsewhere. Regardless of where you live, you may contact us to ask about the personal data we hold and to exercise any rights available to you under your local law, and we will respond in accordance with that law.
The Services may contain links to third-party websites, protocols, blockchain explorers, or applications that we do not operate. This Policy does not apply to those third parties, and we are not responsible for their content or privacy practices. We encourage you to read the privacy policy of any third-party service before using it.
The Services are not directed to, and are not intended for, anyone under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will take appropriate steps to delete it.
We may update this Policy as the Services and applicable laws evolve. When we make material changes, we will update the effective date at the top and, where appropriate, notify you in the App or on the Site. We encourage you to review this Policy periodically. Your continued use of the Services after changes take effect means you accept the updated Policy.
For any question or request about this Policy or your personal data, contact the controller:
Trader Wallet sp. z o.o.
ul. Złota 2-19, 15-016 Białystok, Poland
Email: contact@trader-wallet.com
We aim to respond to privacy enquiries within 30 days.