Legal

Privacy Policy

Last updated: January 1, 2025

Privacy First: WalletDingin is built on a zero-knowledge architecture. We never see your private keys, seed phrases, or wallet data. The encrypted blob we store is mathematically impossible for us to decrypt.

1. Overview

WalletDingin ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

2. Information We Collect

Data TypeWhat We CollectPurpose
Account DataEmail address, username, bcrypt-hashed passwordAuthentication and account management
Wallet DataPublic wallet addresses, AES-256-GCM encrypted key blobsWallet storage — we cannot decrypt these blobs
Activity LogsLogin timestamps, IP address (hashed), action typeSecurity auditing and fraud prevention
Support DataMessages you send to our support teamResponding to your inquiries

3. What We Never Collect

  • Private keys or seed phrases (these never leave your device in plaintext)
  • Decrypted wallet data of any kind
  • Browsing history outside of our Service
  • Financial information (we process no payments)
  • Location data beyond IP address used for rate limiting

4. How We Use Your Information

  • Authentication: To verify your identity when you sign in
  • Security: To detect suspicious activity, enforce rate limits, and protect against brute-force attacks
  • Service Delivery: To store and retrieve your encrypted wallet data
  • Communication: To send one-time verification codes and respond to support requests

5. Cookies and Local Storage

We use a single authentication cookie (wd_auth) that is:

  • HttpOnly — inaccessible to JavaScript, protecting against XSS
  • SameSite=Strict — prevents CSRF attacks
  • Session-limited — expires when you sign out

We do not use analytics cookies, advertising trackers, or third-party tracking scripts of any kind.

6. Third-Party Services

We use the following third-party services:

  • Binance WebSocket API: For real-time cryptocurrency price data. Your IP address may be visible to Binance when establishing this connection.
  • Cloudflare Turnstile: For bot protection on sign-in/sign-up forms. Cloudflare's privacy policy governs data collected during challenge verification.
  • Email Provider (SMTP): For sending one-time verification codes. Your email address is shared with our email provider for this purpose only.

7. Data Retention

  • Account data is retained until you delete your account
  • Activity logs are retained for 90 days for security purposes
  • Pending email verifications are automatically purged after 10 minutes
  • Support chat transcripts are retained for 30 days

8. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your account and associated data
  • Object to processing of your personal data
  • Receive a copy of your data in a portable format

To exercise these rights, contact us through our Help Center.

9. Security

We implement multiple technical safeguards including AES-256-GCM encryption, PBKDF2-SHA256 key derivation with 310,000 iterations, HTTPS-only transport with HSTS, Content Security Policy headers, and rate limiting on all sensitive endpoints.

10. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last Updated" date above. Your continued use of the Service after any changes constitutes acceptance of the new policy.

12. Contact

For privacy-related inquiries, please contact us through our Help Center.