Privacy Policy

1. Introduction

CryptoShield Protocol ("CryptoShield", "we", "us", or "our") operates the wallet verification service accessible at cryptoshield.io (the "Service"). This Privacy Policy explains what information we collect when you use the Service, how we use that information, and what rights you have in relation to your data.

By using the Service, you acknowledge you have read and understood this Privacy Policy. If you do not agree with any part of this Policy, you must not use the Service.

This Policy applies to all users of the CryptoShield website and verification protocol, regardless of geographic location. We comply with applicable data protection laws including the General Data Protection Regulation (GDPR) where applicable.

2. Information We Collect

2.1 Information You Provide

CryptoShield is designed to function without requiring any personally identifiable information. You are not required to create an account, provide your name, email address, phone number, or any other personal identifier to use the verification Service.

If you contact our support team voluntarily, we collect the email address and message content you provide in that communication.

2.2 Wallet Data

When you initiate wallet verification, we access the following data from your wallet connection:

• Your wallet's public address (e.g., your Ethereum address beginning with 0x). This is public information on the blockchain.
• Your wallet provider type (e.g., Trust Wallet, MetaMask).
• A one-time cryptographic signature of a verification message, used solely to prove ownership of the wallet address. This signature is verified and then discarded — it is not stored.

We do NOT access:

• Private keys or seed phrases (these never leave your device)
• Token balances or holdings
• Transaction history
• NFT ownership
• Approved token allowances

2.3 Automatically Collected Technical Data

When you visit the CryptoShield website, our servers may automatically log standard HTTP request data including your IP address, browser type, operating system, and referring URL. This data is used solely for security monitoring and is not associated with your verification record. Log data is retained for a maximum of 7 days before being deleted.

3. How We Use Information

We use the information collected for the following purposes:

• Providing the Service: To verify wallet ownership and issue a verification certificate.
• Security and Fraud Prevention: To detect, investigate, and prevent abuse of the verification system, including Sybil attacks and bot activity.
• Service Improvement: Aggregate, anonymized statistics about verification volumes and wallet provider usage are used to improve the protocol. No individual-level data is used for this purpose.
• Legal Compliance: To comply with applicable laws, regulations, court orders, or governmental requests.
• Support: To respond to your inquiries if you contact us voluntarily.

We do not use your information for advertising, marketing profiling, or sale to third parties under any circumstances.

4. Data Storage and Retention

Certificate records — consisting of your public wallet address, wallet provider type, and verification timestamp — are stored in our verification registry and retained for as long as the certificate is active. Upon certificate revocation, the record is marked as inactive in our database. Due to the nature of blockchain anchoring, the transaction recording the certificate issuance remains permanently on the public blockchain and cannot be deleted; however, the registry status (active/revoked) is updated.

Cryptographic signatures are not stored. After the ownership verification check is completed, the signature is discarded from our systems.

Server access logs are deleted after 7 days.

Support communications are retained for 90 days after resolution.

5. Information Sharing

We do not sell, rent, or trade your personal information to any third party. We may share information only in the following limited circumstances:

• Public Verification API: Your verification status (verified / not verified / revoked) and wallet address are accessible via our public API. This is the core function of the Service — enabling third-party dApps to check wallet verification status.
• Service Providers: We use a limited number of third-party providers for infrastructure (server hosting, cloud storage). These providers process data only as data processors under our instruction and may not use the data for their own purposes.
• Legal Obligations: We may disclose information when required by applicable law, subpoena, court order, or other governmental request, or when we believe disclosure is necessary to protect the rights, property, or safety of CryptoShield, our users, or the public.

6. Blockchain Data

CryptoShield anchors certificate records to a public blockchain. Blockchain transactions are permanent and irreversible by nature. Once a verification record is written to the blockchain, it cannot be deleted. However, the content written to the blockchain is limited to: a hash of the certificate ID and the verification timestamp. Your wallet address is associated with this record in our off-chain registry but is not directly written into the blockchain transaction data in plaintext.

You should be aware that all blockchain data is publicly accessible by anyone. CryptoShield is not responsible for data that has been recorded to a public blockchain network by any party.

7. Cookies and Tracking Technologies

CryptoShield uses only strictly necessary cookies required for the functioning of the website (e.g., session state). We do not use advertising cookies, third-party tracking pixels, or behavioral analytics services.

You may disable cookies in your browser settings. Disabling cookies may affect the proper functioning of certain parts of the website but will not prevent you from completing wallet verification.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate data.
• Deletion: Request deletion of your data from our off-chain systems. Note that blockchain records cannot be deleted (see Section 6).
• Revocation: Revoke your verification certificate at any time, which removes your wallet from the active registry.
• Portability: Request a machine-readable copy of the data we hold about you.
• Objection: Object to the processing of your data in certain circumstances.

To exercise any of these rights, contact us at privacy@cryptoshield.io. We will respond within 30 days.

9. Children

The Service is not directed to individuals under the age of 18. We do not knowingly collect data from children. If you believe a child under 18 has used the Service, please contact us at privacy@cryptoshield.io and we will take steps to remove the relevant data.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to the Service or applicable law. We will post the revised Policy on this page with an updated "Last updated" date. For material changes, we will make reasonable efforts to provide prior notice, such as a notice on the website homepage.

Your continued use of the Service after any changes to this Policy constitutes your acceptance of the updated Policy.

11. Contact

If you have any questions about this Privacy Policy or our data practices, please contact: