Privacy Policy

walyt ("we", "our", "us") is committed to protecting your privacy. This policy explains what personal data we collect, how we use it, who we share it with, and what rights you have. We aim to collect only what is necessary to provide the Service and to be transparent about our practices.

By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

Account data

When you create an account, we collect:

• Email address — Provided during sign-up via Magic.link. Used for authentication and for essential service communications (e.g. sign-in links, billing issues).
• Magic DID — A unique identifier from Magic.link used to recognize your device. We do not store your password; authentication is passwordless.

Wallet and profile data

You voluntarily provide:

• Wallet addresses and chain selections — Displayed on your public page. You choose which addresses to add and which chains to use. These are public once you publish your page.
• Display name and bio — Optional; shown on your public page.
• Payout address — If you participate in the affiliate program, we store the Solana address you provide for receiving USDC payouts. This is used only for paying commissions.

Payment data

Payment for Pro and Premium subscriptions is processed by Stripe. We do not see or store your card number or full payment details. We store only your Stripe customer ID and subscription ID so we can manage your plan and billing portal access.

Technical and session data

To keep you signed in and to secure the Service, we use:

• Session tokens — Stored as SHA-256 hashes in our database. The actual token is stored in an httpOnly, secure cookie in your browser. We do not store plain-text session values.
• Referral cookie — If you arrive via a referral link, we set a cookie to attribute sign-ups to the referrer. See our Cookies policy for details.

What we do not collect

• We do not use third-party analytics, tracking pixels, or advertising cookies.
• We do not store IP addresses for longer than needed for request handling. Our hosting provider (Vercel) may log requests briefly; such logs are not used by us for profiling.
• We do not collect private keys, seed phrases, or any data that would give us access to your wallets.

We use the information we collect to:

• Provide, maintain, and improve the Service
• Authenticate you and manage your account
• Process subscription payments and manage billing
• Calculate and pay affiliate commissions
• Display your public wallet page and referral stats
• Send essential service notifications (e.g. sign-in links, payment failures)
• Detect and prevent fraud, abuse, and security issues
• Comply with legal obligations

We do not sell, rent, or share your personal data with third parties for their marketing purposes.

We share data only with the following, and only as needed to operate the Service:

• Magic.link — Passwordless authentication. They process your email to send sign-in links; see their privacy policy for how they handle data.
• Stripe — Payment processing. They handle card and payment details; we receive only customer and subscription identifiers.
• MongoDB Atlas — Database hosting. Your data is stored in databases that we control; MongoDB provides the infrastructure. Data is encrypted at rest.
• Vercel — Application hosting. They serve our application and may temporarily log request data (e.g. IP) as part of their infrastructure.

We may also disclose your information if required by law, such as in response to a valid legal process or to protect our rights, safety, or property.

We retain your data for as long as your account is active. If you delete your account, we permanently remove your personal data within 30 days, except where we must retain it for legal, regulatory, or legitimate business purposes (e.g. resolving disputes, enforcing terms).

Stripe and Magic.link retain their own data according to their policies. We do not control their retention.

We implement measures to protect your data, including:

• HTTPS (TLS) for all traffic
• Session tokens stored only as cryptographic hashes
• Passwordless authentication (no passwords to steal)
• httpOnly, secure, sameSite cookies for sessions
• Encryption at rest for our database (MongoDB Atlas)
• Security headers (e.g. X-Frame-Options, Content-Security-Policy)

No system is completely secure. You are responsible for keeping your email account and devices secure. We will notify you of any breach that we believe poses a risk to your personal data, where required by law.

We use only essential and strictly necessary cookies: a session cookie to keep you signed in, and optionally a referral cookie if you arrive via a referral link. We do not use advertising or third-party analytics cookies. For full details, see our Cookies policy.

Depending on your location, you may have the right to:

• Access — Request a copy of the personal data we hold about you. You can see much of this in your account and billing pages.
• Correction — Ask us to correct inaccurate data. You can update your wallet page and profile yourself in the dashboard.
• Deletion — Request deletion of your data. You can delete your account at any time from account settings; we will remove your data within 30 days.
• Portability — Request an export of your data in a machine-readable format.
• Object or restrict processing — In certain circumstances, object to or ask us to restrict how we use your data.
• Withdraw consent — Where we rely on consent, you may withdraw it at any time.

To exercise these rights, contact us at privacy@walyt.app. We will respond within a reasonable time. You also have the right to lodge a complaint with a supervisory authority in your country.

We comply with applicable data protection laws, including the GDPR and CCPA, where they apply.

Our servers and service providers may be located in countries other than your own. By using the Service, you consent to the transfer of your data to those countries. We ensure appropriate safeguards (e.g. standard contractual clauses) where required by law.

The Service is not directed at individuals under 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. We will post the updated policy on this page and change the "Last updated" date. For material changes, we will notify you by email or through the Service where appropriate. Your continued use after changes constitutes acceptance of the updated policy.

For privacy-related questions, to exercise your rights, or to report a concern, contact us at privacy@walyt.app.