Trader Wallet

Privacy Policy

Effective date: 4 July 2026   |   Version: 3.0.0   |   Last updated: 4 July 2026
Data controllerTrader Wallet sp. z o.o.
Registered officeul. Złota 2-19, 15-016 Białystok, Poland
Company registrationKRS 0001218226  ·  NIP 9662216850  ·  REGON 543768404
Privacy contactcontact@trader-wallet.com
Websitetrader-wallet.com

This Privacy Policy ("Policy") describes how Trader Wallet sp. z o.o. ("Trader Wallet", "we", "our", or "us") collects, uses, discloses, stores, transfers, and protects information in connection with the Trader Wallet mobile application for iOS and Android (the "App"), our website at trader-wallet.com (the "Site"), and the backend services that support them (together, the "Services"). It also explains the rights you have over your personal data and how to exercise them, and it includes region-specific information for the European Economic Area, the United Kingdom, California and other US states, and other jurisdictions.

Trader Wallet is a non-custodial, multi-chain, hierarchical-deterministic Web3 wallet. This means your recovery phrase and private keys are generated and stored only on your device, are never transmitted to us, and cannot be recovered by us. We have engineered the Services to process the least personal data reasonably necessary to provide the features you choose to use. Certain optional features (such as signing in, using the AI assistant, or enabling push notifications) require us and certain service providers to process limited personal data; this Policy explains exactly what, why, for how long, and with whom.

Please read this Policy together with our Terms of Service. By downloading, accessing, or using the Services, you acknowledge that you have read and understood this Policy. If you do not agree with it, please do not use the Services.

1.Key definitions

To make this Policy easier to follow, the following terms have the meanings set out below.

Personal data / personal information
Any information relating to an identified or identifiable natural person, such as an email address, an account identifier, an IP address, or a device token.
Processing
Any operation performed on personal data, including collection, storage, use, disclosure, transfer, and deletion.
Controller
The party that determines the purposes and means of processing. For the Services, the controller is Trader Wallet sp. z o.o.
Processor / sub-processor
A third party that processes personal data on our behalf or as part of delivering a feature you use (for example, our hosting and authentication providers).
Recovery phrase
The 12-word BIP39 mnemonic that deterministically generates all of your private keys. It is the master secret to your wallet.
Private key
The secret cryptographic key that authorizes transactions from a blockchain address, derived from your recovery phrase on your device.
Self-custodial (non-custodial)
A design in which you alone hold your keys and control your funds, and the provider has no access to, or control over, your assets.
On-device
Data stored and processed only on your phone, within the App's protected storage, and not uploaded to us.
Sub-processor / third-party provider
An external company whose service is used to deliver a feature (for example, authentication, hosting, or AI).

2.Who we are & scope

The controller responsible for your personal data is Trader Wallet sp. z o.o., a limited-liability company registered in Poland (KRS 0001218226) with its registered office at ul. Złota 2-19, 15-016 Białystok, Poland. As we are established in the European Union, we are not required to appoint an Article 27 GDPR representative; for all privacy matters you may contact us directly using the details in Section 30.

This Policy applies to all users of the Services worldwide, on both iOS and Android, and to visitors of the Site. It covers all processing carried out by the App, the Site, and our backend, as well as the limited data shared with the third-party providers and blockchain networks needed to deliver the features you use. It does not apply to third-party websites, wallets, protocols, or services that we do not operate, which are governed by their own privacy policies (see Section 27).

3.Our privacy principles

We designed the Services around a small set of principles, consistent with the data-protection concepts of privacy by design and by default:

4.What we never collect or access

Because Trader Wallet is self-custodial, the most sensitive information stays exclusively on your device and is never transmitted to us, our backend, or any third party:

These are generated on your device and stored encrypted in the platform secure store (Android Keystore or iOS Keychain). We cannot read them, cannot move your funds, and cannot recover them if you lose them. We also do not collect government identification documents, and we do not perform identity verification ("KYC"). We do not collect biometric identifiers: biometric unlock is handled entirely by your device operating system and is never shared with us. We do not process payment-card or bank-account details; any in-app service fees are collected on-chain in cryptocurrency at the moment of a transaction, as described in our Terms of Service.

Important

There is no "forgot password" for your recovery phrase and no way for us to restore it. If you lose your recovery phrase and lose access to your device, your funds are permanently lost. Always back up your recovery phrase offline and keep it private.

5.Data stored on your device

To function, the App generates and caches certain data locally, inside the App's isolated storage. This data is not uploaded to us:

Uninstalling the App, clearing its data in your device settings, or performing a factory reset permanently deletes this local data. If you have not backed up your recovery phrase beforehand, you will lose access to your funds.

6.Personal data we process

The features in this section are optional. If you choose to use them, the personal data described is processed by us and/or by the service providers listed in Section 16. Each subsection states what data is involved, why, and where it goes.

6.1 Account and sign-in

You can use the wallet in Guest mode without an account. If you sign in, we use Firebase Authentication (Google) to authenticate you. Depending on the sign-in method, we process your email address (email sign-in), your Google or Apple account identifier and any display name you provide (social sign-in), and a Firebase user ID that identifies your account within our systems. We use this only to authenticate you and associate optional features (such as saved AI chat history) with your account. Signing in is not required to hold, send, receive, swap, or trade assets.

6.2 Grunwald AI assistant

If you use the in-app AI assistant ("Grunwald"), the messages you send, and any voice input or images you submit for analysis, are transmitted through our backend to our AI provider, Anthropic, which generates the responses. If you are signed in, your chat history may be stored so the assistant can maintain context across sessions; you can delete it. Voice input is converted to text using your device's speech-recognition capability while you are actively using that feature.

Do not share secrets with the assistant

Never enter your recovery phrase, private keys, or passwords into the AI assistant or anywhere else. No legitimate feature of Trader Wallet will ever ask for your recovery phrase.

6.3 Push notifications

If you enable notifications, we use Firebase Cloud Messaging and the Apple Push Notification service, which involves a device push token, to deliver alerts such as price, transaction, and trading notifications. The push token identifies your device installation so notifications can be routed to it. You can turn notifications off at any time in your device settings, which stops this processing.

6.4 On-chain features: swaps, bridges, staking, lending, and trading

When you use in-app token swaps, cross-chain bridges, staking, lending, perpetual-futures trading, prediction markets, or tokenized-asset features, the relevant public wallet address, token pair, network, and amount are sent to the third-party providers that source quotes and route or execute those actions (for example 0x, Jupiter, LI.FI, and Hyperliquid) and to blockchain RPC providers. As with any internet request, these providers can also observe your IP address and the addresses you query. We charge on-chain service fees for some of these features, as detailed in our Terms of Service. Your private keys are never shared; transactions are signed on your device.

6.5 Backend and technical data

Our backend runs on Vercel. When your device contacts our backend (to fetch prices, obtain a swap quote, proxy a blockchain RPC request, or reach the AI assistant), standard technical data is processed as part of the internet request, including your IP address, request timestamps, the endpoint called, and a user-agent string describing your app version and device type. We keep operational logs to the minimum needed for security, abuse prevention, and reliability, and we do not use them to build advertising or behavioral profiles.

6.6 Support and correspondence

If you email us or otherwise contact us, we process your contact details and the content of your message to respond and to keep a reasonable record of the request.

7.Categories of personal data

The table below summarizes the categories of personal data we may process, whether we collect them, and why. We do not sell or share any of these categories for cross-context behavioral advertising, and we do not process sensitive personal data.

CategoryCollected?Examples & purpose
IdentifiersYes, if you use optional featuresEmail, Google/Apple ID, Firebase user ID, device push token, IP address — used for sign-in, notifications, and backend requests
Internet / network activityYes (minimal)Backend request logs, app version, endpoint accessed — used for security and reliability
Approximate locationInferred onlyCoarse location may be inferred from your IP address; we do not collect GPS or precise location
AudioOnly when you use voice inputVoice input to the AI assistant, converted to text; not stored as audio by us
User contentYes, if you use the assistantMessages and images you submit to the AI assistant
Transaction dataOn-chain onlyWallet addresses and amounts you transact are public on the blockchain; we do not maintain a private ledger of them
Sensitive personal dataNoWe do not collect government IDs, biometrics, health, religion, precise location, or similar sensitive data
Inferences / profilesNoWe do not build behavioral profiles or make inferences about you

8.Sources of personal data

We obtain personal data from the following sources:

9.How we use personal data

We use personal data only for the following purposes:

10.Legal bases for processing (GDPR)

Where the EU or UK General Data Protection Regulation applies, we rely on the following legal bases:

Processing activityLegal basis
Providing core wallet functionality you requestPerformance of a contract (Art. 6(1)(b))
Account sign-in, AI assistant, push notificationsConsent (Art. 6(1)(a)), withdrawable at any time
Security, fraud and abuse prevention, reliabilityLegitimate interests (Art. 6(1)(f))
Responding to your enquiriesLegitimate interests, or steps prior to a contract
Complying with legal obligations that apply to usLegal obligation (Art. 6(1)(c))

Where we rely on legitimate interests, we have assessed that those interests are not overridden by your rights and freedoms. Where we rely on consent, you can withdraw it at any time (for example by signing out or disabling a feature); withdrawal does not affect processing that took place before it.

11.Marketing communications

We do not run advertising and we do not sell your data to marketers. We may send you service-related (transactional) messages that are necessary to operate the Services, such as security notices or important changes to these documents. If we ever offer an optional newsletter or promotional messages, they will be strictly opt-in and you will be able to unsubscribe at any time. We do not need your consent to send essential service messages, but we will not use your contact details for marketing without a lawful basis.

12.Automated decisions & profiling

We do not carry out automated decision-making that produces legal or similarly significant effects about you, and we do not build marketing or behavioral profiles. The AI assistant generates responses automatically, but it does not make decisions about you or your access to the Services; it is an informational tool only.

13.Cookies, storage & website technologies

Mobile App. The App does not use advertising or tracking cookies. It uses on-device storage (such as secure storage, local databases, and app preferences) purely to make the App function, keep you signed in, and cache data. This storage is local to your device.

Website. The Site is primarily an informational landing page. It may use strictly necessary local storage to function and, if you sign in on the web, to keep your session. The Site does not use advertising cookies or third-party analytics or advertising trackers. The Site currently loads web fonts from Google's font service; when your browser requests those fonts, your IP address is shared with Google as part of that request. We may in future self-host fonts to remove this dependency. We do not use cookies to track you across other websites.

Do Not Track. Because we do not track users across sites, we do not respond to browser "Do Not Track" signals in a special way; our default behavior is not to track you.

14.What we do not do

To be unambiguous about our practices, we do not:

15.Device permissions

The App requests only the permissions needed for specific features. You can grant or revoke optional permissions at any time in your device settings.

PermissionWhy it is usedOptional?
CameraScanning QR codes containing wallet addresses. No images are captured, saved, or uploaded.Yes
Microphone / speech recognitionVoice input for the AI assistant, used only while you are actively using voice input.Yes
NotificationsDelivering the push notifications you opt into.Yes
Internet / networkCommunicating with blockchains, providers, and our backend. Essential for the App to function.Required

16.Third parties & sub-processors

We share the limited data described in this Policy only with the providers needed to deliver the features you use, and only to the extent necessary. Each provider operates under its own privacy policy and its own security and retention practices, which we do not control. This list may change as the App evolves; we keep it current and update the effective date when we make material changes.

ProviderWhat it doesData it may receivePrivacy policy
Google / FirebaseSign-in (Authentication) and push messaging (Cloud Messaging)Email or account identifier, Firebase user ID, device push token, IP addressfirebase.google.com/support/privacy
AnthropicGenerates AI-assistant responsesYour AI messages, voice-to-text input, and any images you submitanthropic.com/legal/privacy
VercelHosts our backend and websiteIP address, request metadata, wallet addresses queriedvercel.com/legal/privacy-policy
CoinGeckoPrices, charts, and token iconsIP address, the assets you requestcoingecko.com/en/privacy
0x, Jupiter, LI.FISwap and cross-chain bridge quotes and routingWallet address, token pair, amount, IP addressSee each provider's website
HyperliquidPerpetual futures and prediction marketsWallet address, order data, IP addressSee provider's website
RPC providers (e.g. Helius, TronGrid, public nodes)Reading balances and broadcasting transactionsWallet address, transaction data, IP addressSee each provider's website
Blockchain explorersOptional external links to view transactionsWhatever the linked page collects when you visit itSee each explorer's website

We may also disclose personal data where required to comply with a valid legal obligation, to protect our rights or the safety of users, or in connection with a corporate transaction (such as a merger or asset transfer), in which case we will require the recipient to honor this Policy.

17.Aggregated & anonymized data

We may create aggregated or anonymized data that does not identify you (for example, the total number of installations or the number of transactions of a given type). Once data is truly anonymized, it is no longer personal data, and we may use and disclose it for any lawful purpose, including operating and improving the Services.

18.Blockchain transparency

When you send, receive, swap, bridge, stake, lend, or trade on public blockchains, your wallet addresses, transaction amounts, timestamps, and counterpart addresses become part of a permanent, public ledger that anyone can view using a blockchain explorer. This information cannot be deleted, altered, or hidden, and it is outside our control. This is a fundamental property of public blockchains, not a feature of Trader Wallet.

Cryptocurrency addresses are pseudonymous, not anonymous. Your legal identity is not published on-chain, but if an address is ever linked to you (for example through a KYC exchange, a public post, or blockchain analysis), your associated on-chain activity can be traced back to you. Consider this before transacting, and consider using a new address where appropriate.

19.International data transfers

Some of our providers process data outside your country, including in the United States. Where personal data of users in the European Economic Area, the United Kingdom, or Switzerland is transferred internationally, that transfer is protected by an appropriate safeguard, such as the European Commission's Standard Contractual Clauses adopted by the relevant provider, or is necessary to perform the service you requested under Article 49(1)(b) GDPR. You may contact us for more information about the safeguards that apply.

20.Data retention

We keep personal data only for as long as needed for the purpose it was collected, then delete it or anonymize it. Specific retention criteria are set out below.

CategoryRetention
On-device data (keys, caches, settings)Until you delete it or uninstall the App; controlled entirely by you
Account data (if you sign in)While your account exists; deleted upon account deletion or on request, subject to any short technical backup cycle
AI chat history (if signed in)Until you delete the history or your account
Backend operational logsKept only for a short period for security and reliability, then deleted or anonymized
Support correspondenceFor as long as needed to handle the matter and keep a reasonable record
Blockchain recordsPermanent and public; not controlled by us

Where we are required to retain certain data to comply with a legal obligation or to establish, exercise, or defend legal claims, we will retain it for the period required for that purpose.

21.Security & data breaches

We take reasonable and appropriate technical and organizational measures to protect personal data, including:

No method of transmission or storage is perfectly secure. If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority and affected users where required by law, and we will take steps to mitigate the breach. You play an essential role in security: keep your device updated and protected, use a strong device lock, never share your recovery phrase, be alert to phishing, and avoid using the App on a jailbroken or rooted device.

22.Your choices & controls

You have direct, practical control over most processing:

23.Your rights (GDPR)

If the GDPR applies to you, you have the right to:

To exercise your rights, email contact@trader-wallet.com. To protect your data, we may need to verify your identity before acting on a request, for example by confirming control of the email address associated with your account. We will respond within the timeframes required by law (generally within one month, extendable for complex requests). Exercising your rights is free unless a request is manifestly unfounded or excessive. You also have the right to lodge a complaint with your local data-protection authority; in Poland this is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, UODO).

24.California privacy rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended, gives you rights over your personal information. This section serves as our notice at collection and describes those rights.

Categories collected. As set out in Section 7, we may collect identifiers, internet/network activity, coarse location inferred from IP, audio (voice input), and user content you submit to the assistant. We do not collect sensitive personal information as defined by the CPRA.

No sale or sharing. We do not sell your personal information and do not share it for cross-context behavioral advertising. We have not done so in the preceding 12 months. Accordingly, no "Do Not Sell or Share My Personal Information" action is necessary.

Purposes and disclosures. We use personal information for the business purposes in Section 9, and disclose it only to the service providers in Section 16, who are contractually limited to processing it on our behalf.

Your rights. You have the right to know, access, correct, and delete your personal information, and to not receive discriminatory treatment for exercising these rights. We do not offer financial incentives in exchange for personal information. To exercise your rights, email contact@trader-wallet.com; you may use an authorized agent, and we may verify your identity and the agent's authority. Because we collect little personal information and store your keys only on your device, many requests will result in confirmation that we do not hold the data in question.

25.Other US state privacy rights

If you are a resident of another US state with a comprehensive consumer-privacy law (such as Virginia, Colorado, Connecticut, Utah, Texas, or others as they come into effect), you may have rights similar to those described above, including the rights to access, correct, delete, and obtain a copy of your personal data, and to opt out of targeted advertising, sale, or certain profiling. We do not engage in targeted advertising, the sale of personal data, or profiling that produces legal or similarly significant effects, so those opt-outs do not apply. To exercise applicable rights, contact us at contact@trader-wallet.com. Where a law provides an appeal process for a declined request, we will honor it.

26.Other jurisdictions

Data-protection laws in other jurisdictions may grant you additional or similar rights, for example Brazil's LGPD, Canada's PIPEDA, the UK GDPR, Switzerland's FADP, and laws in Australia, Japan, and elsewhere. Regardless of where you live, you may contact us to ask about the personal data we hold and to exercise any rights available to you under your local law, and we will respond in accordance with that law.

28.Children's privacy

The Services are not directed to, and are not intended for, anyone under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will take appropriate steps to delete it.

29.Changes to this Policy

We may update this Policy as the Services and applicable laws evolve. When we make material changes, we will update the effective date at the top and, where appropriate, notify you in the App or on the Site. We encourage you to review this Policy periodically. Your continued use of the Services after changes take effect means you accept the updated Policy.

30.How to contact us

For any question or request about this Policy or your personal data, contact the controller:

Trader Wallet sp. z o.o.
ul. Złota 2-19, 15-016 Białystok, Poland
Email: contact@trader-wallet.com

We aim to respond to privacy enquiries within 30 days.