Privacy Policy

1. Introduction

LinkFiCrypto ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our non-custodial cryptocurrency wallet service. As a non-custodial wallet, we do not have access to your private keys or funds. This policy complies with GDPR (EU), CCPA/CPRA (California), UK GDPR, Brazil's LGPD, and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide

We collect minimal information as a non-custodial wallet:

• Account credentials (username, encrypted passwords)
• Wallet addresses you connect to our service
• Transaction history visible on public blockchains
• Communication data if you contact our support team
• Optional profile information (display name, preferences)

2.2 Automatically Collected Information

• Device information (browser type, operating system, device identifiers)
• IP address and precise geolocation data (with your consent)
• Usage data, analytics, and behavioral patterns
• Cookies, web beacons, and similar tracking technologies
• Network information and connection metadata

2.3 Sensitive Data

We do not intentionally collect sensitive personal data such as biometric information, health data, or financial account numbers. Your private keys and seed phrases are encrypted locally on your device and never transmitted to our servers.

2.4 Automated Decision-Making and AI

We may use automated systems and AI for fraud detection, security monitoring, and service optimization. You have the right to request human review of automated decisions that significantly affect you.

3. How We Use Your Information

We process your data based on the following legal bases:

3.1 Contractual Necessity

• Provide and maintain our wallet service
• Process your transactions on blockchain networks
• Authenticate and secure your account
• Provide customer support

3.2 Legitimate Interests

• Improve user experience and service functionality
• Detect and prevent fraud, security issues, and illegal activities
• Conduct analytics and research to improve our services
• Send important service updates and notifications

3.3 Legal Compliance

• Comply with legal obligations and regulations
• Respond to lawful requests from authorities
• Enforce our terms of service and protect our rights

3.4 With Your Consent

• Marketing communications (you can opt-out anytime)
• Optional features that require additional data access
• Third-party integrations you choose to enable

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share information with:

4.1 Service Providers

We engage trusted third-party service providers who assist in operating our platform under strict contractual obligations:

• Cloud hosting and infrastructure (Vercel, Supabase)
• Analytics providers (Google Analytics)
• Security and fraud prevention services
• Customer support tools

4.2 Blockchain Networks

Transaction data is public by nature of blockchain technology. Once you submit a transaction, it becomes permanently visible on the public blockchain.

4.3 Legal Requirements

• Law enforcement when required by valid legal process
• Regulatory authorities for compliance purposes
• Court orders, subpoenas, or other legal obligations

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity. We will notify you of any such change.

4.5 With Your Consent

We will share information with third parties only with your explicit consent.

5. Your Privacy Rights

Depending on your jurisdiction, you have the following rights:

5.1 Universal Rights

• Right to Access: Obtain a copy of your personal data we hold
• Right to Rectification: Request correction of inaccurate data
• Right to Deletion ("Right to be Forgotten"): Request deletion of your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Object: Object to processing based on legitimate interests

5.2 GDPR Rights (EU/EEA/UK)

• Right to Restriction: Restrict processing in certain circumstances
• Right to Lodge a Complaint: File a complaint with your supervisory authority
• Right to Human Review: Contest automated decisions

5.3 CCPA/CPRA Rights (California)

• Right to Know: Know what categories of data we collect
• Right to Delete: Request deletion of your data
• Right to Opt-Out: Opt-out of sale/sharing of data (we don't sell data)
• Right to Limit Use of Sensitive Data: Limit use of sensitive personal information
• Right to Non-Discrimination: Equal service regardless of privacy rights exercise
• Right to Correct: Correct inaccurate personal information

5.4 AI Transparency Rights (New 2026)

• Right to Explanation: Understand how AI systems process your data
• Right to Contest: Challenge automated decisions that significantly affect you
• Right to Human Oversight: Request human review of AI-driven decisions

5.5 Exercising Your Rights

To exercise any of these rights, contact us at privacy@linkficrypto.com. We will respond within 30 days (45 days for complex requests). You may be required to verify your identity before we fulfill your request.

6. Data Security

We implement comprehensive security measures to protect your information:

6.1 Technical Safeguards

• End-to-end encryption for sensitive data
• TLS/SSL encryption for data in transit
• AES-256 encryption for data at rest
• Regular security audits and penetration testing
• Multi-factor authentication options

6.2 Organizational Safeguards

• Access controls and role-based permissions
• Employee training on data protection
• Regular security awareness programs
• Incident response and disaster recovery plans

6.3 Your Responsibility

As a non-custodial wallet, you are responsible for:

• Securing your private keys and seed phrases
• Using strong, unique passwords
• Enabling two-factor authentication
• Keeping your device and software updated

6.4 Data Breach Notification

In the event of a data breach that poses a risk to your rights, we will notify you and relevant authorities within 72 hours as required by law. We will provide information about the nature of the breach, potential consequences, and measures taken to address it.

7. Data Retention

We retain your personal data only as long as necessary for the purposes stated in this policy:

• Account Data: Retained while your account is active and for 90 days after deletion request
• Transaction Records: 7 years for regulatory compliance
• Support Communications: 3 years from last interaction
• Analytics Data: Aggregated and anonymized after 26 months
• Security Logs: 1 year for incident investigation

After retention periods expire, we securely delete or anonymize your data. Blockchain transaction data is permanently public and cannot be deleted.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. We ensure appropriate safeguards are in place:

• EU-US Data Privacy Framework: For transfers to the US
• Standard Contractual Clauses (SCCs): EU-approved transfer mechanisms
• UK International Data Transfer Agreement (IDTA): For UK data transfers
• Adequacy Decisions: Transfers to countries deemed adequate by relevant authorities
• Binding Corporate Rules: Internal data transfer policies

You can request a copy of the safeguards we use for international transfers by contacting us.

9. Children's Privacy

Our service is not intended for users under 18 years of age (or the age of majority in your jurisdiction). We do not knowingly collect information from children under 18. If we become aware that we have collected data from a child, we will delete it promptly. Parents or guardians who believe we may have collected information from a child should contact us immediately.

10. California Privacy Rights

California residents have specific rights under CCPA/CPRA:

10.1 Categories of Personal Information

We collect the following categories of personal information:

• Identifiers (username, email, wallet addresses)
• Internet/network activity (browsing history, device information)
• Geolocation data (with consent)
• Commercial information (transaction history)

10.2 Do Not Sell or Share

We do not sell or share your personal information as defined by CCPA. We do not have actual knowledge of selling or sharing personal information of minors under 16 years of age.

10.3 Shine the Light

California residents can request information about personal data disclosed to third parties for direct marketing purposes. We do not share information for such purposes.

11. EU/UK Representative

For GDPR compliance matters, EU/EEA and UK residents can contact our designated representative at: gdpr@linkficrypto.com

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting a prominent notice on our website
• Sending you an email notification (if you have provided your email)
• Requiring you to acknowledge changes upon login

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or need to report a concern:

We will respond to your request within 30 days (or as required by applicable law).

14. Supervisory Authorities

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority:

• EU/EEA: Your national data protection authority
• UK: Information Commissioner's Office (ICO)
• California: California Privacy Protection Agency
• Brazil: Autoridade Nacional de Proteção de Dados (ANPD)