Privacy Policy

We do not, at any point, see, transmit, log or store:

• Your recovery phrase (BIP-39 mnemonic) or any private key derived from it.
• Your wallet PIN, biometric template, or hidden-wallet passphrase.
• Your name, email address, phone number, or government ID.
• Your transaction history, balances, or signed transaction blobs.
• Browsing history, advertising IDs, marketing cookies, or device-fingerprinting telemetry.
• Third-party analytics SDKs. There are none in our clients.

None of these values reach our servers. The cryptographic steps that depend on them — seed derivation, PIN stretching, transaction signing — happen entirely on your device, in your iOS app or your browser's tab.

The Sealda iOS app and web client store on your device:

• An encrypted vault containing your seed entropy, sealed with a key derived from your PIN via Argon2id and AES-256-GCM. On iOS the vault lives in the iOS Keychain (kSecAttrAccessibleWhenUnlockedThisDeviceOnly); on the web it lives in IndexedDB and is encrypted before being written.
• Wallet metadata (label, icon, derived public addresses, creation date).
• Local user preferences (auto-lock interval, theme, large-transfer threshold).
• A history of transactions you have broadcast through the app — purely so the app can show you a list. This list never leaves the device unless you explicitly share it.

The vault is bound to that specific device. It is not synced, not uploaded, and not readable without your PIN.

The Sealda iOS app only ever talks to one host: api.sealda.app. That backend in turn forwards chain queries to public RPCs on your behalf, which means:

• Chain RPC proxy. Balance lookups, transaction broadcast, fee estimation, and history reads go through api.sealda.app, which forwards to public chain providers — currently a self-hosted Tron node (with TronGrid as failover), Alchemy and public BSC nodes (publicnode, 1rpc.io), and Etherscan for Ethereum receipts. Because we proxy, the third-party providers never see your device IP — they see only the backend's IP. They do see the wallet address being queried, which is already public on the chain.
• Push notification subscription. If you opt in to push, the app sends an APNs device token + the public addresses you want to be notified about to our push relay. We use these only to forward incoming-transaction notifications to your device. The public addresses are public; the APNs token is opaque to us.
• Pair handoff relay. When you pair the web wallet to the iOS signer, the iOS app uploads an end-to-end-encrypted handoff blob keyed to a one-time pairing token. The relay holds the blob for at most a few minutes and never sees the decryption key (it travels in the QR you scan with the phone).
• Sign-request scanning. When you scan a transaction sign-request QR from another browser tab, the data flows over the air-gap (your phone's camera) — not over our servers.

We do not log request bodies. Our edge — Cloudflare in front of the project-operated endpoints — keeps short-window connection metadata (IP, timestamp, response code) for the standard reasons (abuse mitigation, operational debugging), rotated within 30 days. Cloudflare's own privacy policy applies to that processing.

For each item we touch, the corresponding Apple App Store "App Privacy" nutrition-label category is:

All items are used solely for app functionality (push delivery, abuse prevention, anti-fraud attestation). None are used for tracking, advertising, or sold to third parties.

Sealda's marketing pages (this site, /about, /contact, /privacy, /terms) do not set cookies and do not embed third-party trackers.

The web wallet at /wallet, /pair, /send, /receive, /status, /settings uses your browser's IndexedDB and localStorage to hold your encrypted vault and ephemeral session state. None of this is transmitted to us. Clearing site data in your browser permanently deletes the vault from that browser — make sure you have your recovery phrase first.

We do not run ad networks. We do not embed Google Analytics, Meta Pixel, Hotjar, FullStory, Sentry or any other session-recording / fingerprinting SDK in the wallet clients. The marketing pages you are reading are static HTML / CSS / JS served from our edge.

Sealda is intended for users 17 years of age or older, matching its App Store age rating. The app is not directed at children, and we do not knowingly collect personal data from anyone — children included.

Because we do not collect personal data tied to your identity, most data-subject rights under the EU GDPR, the UK GDPR, and the California Consumer Privacy Act (CCPA) are satisfied by default — there is nothing to access, port, or erase. The exceptions are the limited records described in §4: APNs token + the public addresses you subscribed for push, the anonymous install ID issued during App Attest bootstrap, and the 30-day edge-log connection metadata.

For these records, you may at any time:

• Access — request a copy of the records keyed to your install (APNs token + addresses).
• Erasure — request immediate deletion of the push-subscription record and the App Attest binding. Uninstalling the app + tapping "Disable notifications" in Settings already triggers this automatically; this clause is a written guarantee.
• Object / restrict processing — opt out of push by toggling notifications off in Settings.
• Portability — request the records in a machine-readable JSON form.
• CCPA "Do Not Sell or Share" — we do not sell or share personal information for cross-context behavioural advertising; there is nothing to opt out of.

To invoke any of these, email [email protected] from any address with the install's anonymous ID (you can find it in the app under Settings → About → Diagnostic ID). We will respond within 30 days, or sooner where the applicable law requires it.

Sealda is a project, not a registered legal entity. The project does not maintain offices, sales operations or customer accounts in any jurisdiction. Data we touch (push tokens, edge logs) is processed by the cloud providers we contract with on standard data-processing terms.

We may update this policy as the product evolves. The Last updated date at the top of this page reflects the most recent revision. Material changes — i.e. anything that broadens what we collect — will be highlighted in app release notes.

Questions, takedowns, security disclosures, or formal data-subject requests: [email protected]. We do not maintain official support accounts on social platforms.

See also: Terms of Service.