Privacy Policy

Last Updated: November 15, 2025

1. Introduction

DefiShard ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our browser extension and mobile application (collectively, the "Service").

This Privacy Policy complies with applicable data protection laws, including:

  • GDPR (General Data Protection Regulation - EU/EEA)
  • CCPA (California Consumer Privacy Act - California, USA)
  • UK GDPR (United Kingdom)
  • PIPEDA (Personal Information Protection and Electronic Documents Act - Canada)

2. Information We Collect

2.1 Information You Provide

  • Email address (when you join our waitlist)
  • Wallet addresses you create or import
  • Transaction data you initiate

2.2 Information We Do NOT Collect

  • Your private keys or key shares (these never leave your devices)
  • Your seed phrases or recovery phrases
  • Personal identification information beyond what you provide
  • Browsing history or activity outside our application

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain our service
  • Notify you about changes to our service
  • Provide customer support
  • Monitor usage and detect technical issues
  • Send you updates and announcements (with your consent)

4. Data Security

We implement industry-standard security measures to protect your information:

  • End-to-end encryption for all sensitive data
  • Multi-Party Computation (MPC) technology ensuring your private keys never exist in one place
  • Regular security audits and updates
  • Secure communication protocols (HTTPS/TLS)

5. Key Security Architecture

DefiShard uses Distributed Key Generation (DKG) and Threshold Signature Schemes (TSS). This means:

  • Your private key never exists on any device
  • Key shares are generated independently on your mobile and browser extension
  • Transactions are signed using distributed computation without reconstructing the private key
  • We cannot access, view, or recover your private keys or key shares

6. Third-Party Services and International Transfers

6.1 Third-Party Service Providers

We may use third-party services for:

  • Blockchain RPC providers (to broadcast transactions to blockchain networks)
  • Analytics services (anonymized usage statistics only)
  • Cloud infrastructure providers (for hosting our website and backend services)
  • Email service providers (for waitlist notifications)

These third parties do not have access to your private keys, key shares, or sensitive wallet information. We ensure all service providers are bound by contractual obligations to protect your data.

6.2 International Data Transfers

Your information may be transferred to and processed in countries outside your country of residence, including the United States and other jurisdictions where our service providers operate.

For transfers from the EU/EEA/UK, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs): Approved by the European Commission
  • Adequacy Decisions: Transfers to countries recognized as providing adequate protection
  • Additional Safeguards: Technical and organizational measures to ensure data security

6.3 Blockchain Data

Please note that blockchain transactions are public by nature. Once a transaction is broadcast to a blockchain network, it becomes part of the public ledger and cannot be deleted. This is inherent to blockchain technology, not a choice by DefiShard.

7. Data Retention

We retain your information only as long as necessary to provide our services. You can request deletion of your account data at any time by contacting us at info@defishard.com.

8. Your Rights

8.1 Rights Under GDPR (EU/EEA/UK Users)

If you are in the European Economic Area or United Kingdom, you have the following rights:

  • Right of Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

Legal Basis for Processing: We process your data based on consent, contractual necessity, legitimate interests, and compliance with legal obligations.

8.2 Rights Under CCPA (California Users)

If you are a California resident, you have the following rights:

  • Right to Know: Request disclosure of personal information collected
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt-out of sale of personal information (Note: We do NOT sell your data)
  • Right to Non-Discrimination: Not be discriminated against for exercising your rights
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Limit Use: Limit use and disclosure of sensitive personal information

California Privacy Notice: We do NOT sell or share your personal information for cross-context behavioral advertising. We have not sold personal information in the past 12 months.

8.3 How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: info@defishard.com

Subject Line: "Data Rights Request - [Your Right]"

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

9. Children's Privacy

Our service is not intended for users under the age of 18. We do not knowingly collect personal information from children under 18.

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

11. Contact Information and Data Protection Officer

11.1 General Inquiries

If you have any questions about this Privacy Policy, please contact us at:

Email: info@defishard.com

11.2 EU/EEA/UK Users - Data Protection Officer

For GDPR-related inquiries, you can contact our Data Protection Officer:

Email: info@defishard.com

Response time: Within 30 days of receipt

11.3 Supervisory Authorities

If you are in the EU/EEA/UK and believe we have not addressed your concerns adequately, you have the right to lodge a complaint with your local data protection authority:

11.4 California Users

California residents can also contact us toll-free at: [Your Toll-Free Number]

Or submit requests through our online form: /data-request

Disclaimer: This is a beta version of our service. While we implement strong security measures, use of cryptocurrency wallets always carries inherent risks. Please only use funds you can afford to lose during the beta testing period.