Skip to main content
WalletSuite Logo

Privacy Policy

Last updated: April 2026

At WalletSuite, we take your privacy seriously. This policy describes how we collect, use, and protect your personal information when you use our website and services.

1. Information We Collect

WalletSuite is a B2B developer platform; the personal data we process is the business contact data of authorised representatives of customer organisations (name, email, company details) collected when an account is created, a demo is booked, or our team is contacted. We also process usage and operational data — API call logs, MCP tool invocations, transaction-policy decisions, hash-chained audit events, and standard infrastructure telemetry (page views, device fingerprint) — to operate the service and produce the audit trail customers depend on.

2. How We Use Your Information

We use this data to provide and maintain the platform, communicate with customer representatives about their account, send product and security communications, develop new features, and meet our security and audit-trail obligations under the customer agreement. Marketing communications (newsletters, product announcements) are sent only on the basis of legitimate interest with a clear opt-out, or with explicit consent where required by local law.

3. Data Sharing

We do not sell personal information. We share data with sub-processors that operate our infrastructure (hosting, analytics, email delivery, payment processing). A current sub-processor list is available on request. We may also share data when compelled by valid legal process or where necessary to protect our legal rights. We never share customer transaction signing data with third parties.

4. Data Security

Production infrastructure runs on cloud providers with SOC 2 / ISO 27001 attested baselines. Internal access to customer data is RBAC-controlled, audit-logged, and reviewed quarterly. WalletSuite has no formal SOC 2 / ISO 27001 / FIPS certifications of its own at this time; controls and roadmap are described on the Security page. In MPC signing mode, customer key material is never assembled in any single location; in OWS opt-out mode, key material never reaches WalletSuite infrastructure at all.

5. Data Retention

Account contact data is retained for the duration of the customer relationship and deleted on request after termination. Hash-chained audit events are retained for the duration of the customer relationship plus a regulatory-baseline period (typically 7 years for financial-adjacent data) so the customer can satisfy their own audit obligations. Specific retention windows for individual data classes are available on request.

6. Your Rights

Where applicable law grants data subjects the right to access, correct, delete, port, or restrict processing of their personal data — including under EU/UK GDPR for EEA/UK residents and CCPA/CPRA for California residents — those rights apply to data subjects in the relevant jurisdictions. Customer-employer privacy notices may govern employee data first. To exercise any right, contact privacy@walletsuite.io.

7. Cookies and Analytics

We use essential cookies to maintain session and preferences. We use Google Analytics for aggregate usage analysis. We use Microsoft Clarity for session-replay analytics, which can record mouse movement, clicks, scroll, and keystrokes on non-masked fields — sensitive form fields are masked. Where required by law (EU/UK ePrivacy, UAE PDPL, etc.), non-essential analytics cookies are loaded only after user consent via our cookie banner.

8. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date.