Privacy Policy

Data we collect

• Account info: email, hashed password, account ID.
• Wallet info: public addresses, encrypted private keys, balances, transaction history.
• API usage: timestamps, endpoint, response status, IP address (for rate limiting and abuse detection).
• On-chain data: deposit signatures, transaction hashes, settlement events.

How we use it

• To operate the payment rail and execute on-chain transactions on your behalf.
• To prevent fraud, abuse, and unauthorized access.
• To send transactional emails (account verification, password reset, security alerts).
• To comply with legal obligations.

Sharing

We do not sell your personal data. We share data with infrastructure providers needed to run the service (Cloudflare, Helius, Resend, the Solana network). We may share data when required by law.

Security

Passwords are hashed with PBKDF2-SHA256 (100,000 iterations + per-user salt). API keys are stored as SHA-256 hashes. Wallet private keys are encrypted at rest with AES-256-GCM derived via HKDF from a secret only Viaclave holds. All traffic is HTTPS.

Your rights

You can export your data, delete your account (after withdrawing all funds), and update your profile anytime. Email hello@viaclave.com for any privacy requests.

Retention

Transaction records are retained for at least 7 years for compliance. Account profile data is deleted within 30 days of account deletion (immutable on-chain data cannot be deleted).