1 Overview
DefiSync.io ("we," "us," or "our") operates as an enterprise-grade, non-custodial crypto wallet management protocol. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our platform at DefiSync.io and all associated services.
Key principle: We are a non-custodial service. We never store, access, or transmit your private keys, seed phrases, or wallet credentials. All cryptographic operations happen exclusively on your device.
By accessing or using our services, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree, please discontinue use immediately.
3 How We Use Information
We use collected information solely to:
- Provide, operate, and improve the DefiSync platform and services
- Display wallet balances, transaction history, and portfolio data
- Diagnose technical issues and resolve support requests
- Detect and prevent fraud, abuse, or unauthorized activity
- Comply with applicable laws and regulatory obligations
- Send transactional notifications if you have opted in
- Conduct anonymized analytics to improve user experience
We do not use your information for targeted advertising, sell your data to third parties, or use it for any purpose beyond what is described herein.
4 Non-Custodial Commitment
We never have access to your funds. DefiSync is a non-custodial service by design.
This means:
- Your private keys and seed phrases are never transmitted to our servers
- All wallet signing operations occur locally on your device
- We cannot freeze, access, move, or recover your funds
- We do not store passwords, mnemonics, or cryptographic secrets of any kind
- Connection to wallets uses industry-standard protocols (WalletConnect, EIP-1193)
Read-only access to public wallet data is used only to display portfolio information within the platform and is never stored beyond your active session.
5 Data Sharing & Disclosure
We do not sell, trade, or rent your personal information. We may share limited data with:
- Service providers: Trusted vendors who assist with hosting, analytics, and infrastructure, bound by strict confidentiality agreements
- Blockchain networks: Transactions you initiate are broadcast to public blockchains as inherent to their operation
- Legal compliance: When required by valid legal process, court order, or government authority
- Business transfers: In connection with a merger, acquisition, or sale of assets, subject to standard confidentiality obligations
- Safety: To protect the rights, property, or safety of DefiSync, our users, or the public
6 Data Security
We implement industry-leading security measures to protect your information:
- AES-256 encryption for all data in transit and at rest
- TLS 1.3 for all network communications
- Regular third-party security audits and penetration testing
- Strict access controls and employee security training
- Automated threat detection and incident response protocols
Despite these measures, no system is 100% secure. We encourage you to use strong passwords, enable two-factor authentication on your wallets, and never share your seed phrase with anyone � including us.
7 Cookies & Tracking
We use essential cookies required for platform functionality and optional analytics cookies. See our Cookie Policy for full details.
- Essential cookies: Required for authentication, session management, and security
- Analytics cookies: Help us understand usage patterns (anonymized, no PII)
- Preference cookies: Remember your display and language settings
You can manage cookie preferences through your browser settings at any time. Disabling non-essential cookies will not affect core functionality.
8 Data Retention
- Session data: Deleted at session end or after 24 hours of inactivity
- IP addresses: Anonymized after 30 days
- Analytics data: Retained in aggregate form for up to 26 months
- Support correspondence: Retained for 3 years for legal compliance
- Legal hold data: Retained as long as required by applicable law
9 Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of personal data we hold about you
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your personal data ("right to be forgotten")
- Portability: Receive your data in a structured, machine-readable format
- Restriction: Limit how we process your data in certain circumstances
- Objection: Object to processing based on legitimate interests
- Withdraw consent: Revoke any consent you have previously given
To exercise any of these rights, contact us at privacy@DefiSync.io. We will respond within 30 days.
10 Children's Privacy
DefiSync services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a minor has provided us with personal data, please contact us immediately and we will delete it promptly.
11 Policy Changes
We may update this Privacy Policy periodically. When we make material changes, we will notify users via a prominent notice on our platform and update the "Last updated" date above. Continued use of our services after changes constitutes acceptance of the updated policy.