1. Overview
Because Walley is non-custodial, we do not hold your funds, your recovery phrase, or your private keys. Your recovery phrase is generated and imported entirely client-side and is never transmitted to our servers. Browser-side signing keys are non-extractable within the active browser context. This architecture minimizes the data we collect by design, and it means that certain categories of sensitive credential information never reach our systems at all.2. Information We Process
We process the following categories of information to operate the Service:Account and Wallet Metadata
- Party identifiers and public key fingerprints associated with your wallet
- Invite and signup state
- Wallet-related profile metadata
Session and Device Data
- Session identifiers and authentication status
- User agent string and IP address
- Request metadata (timestamps, endpoints, response codes)
Ledger Interaction Data
- Transaction requests, transfers, balances, and holdings
- Approvals and related API responses
dApp Integration Data
- dApp connection session identifiers
- Method requests and approval flow metadata from connected applications
Support Communications
- Information you voluntarily provide when you contact Walley for support
3. Data We Do Not Intend to Collect as Custodian
Walley is not a custodian. Consistent with our non-custodial design:- We do not hold or operate custodial end-user wallets.
- Recovery phrases are generated and imported client-side and are never transmitted to our servers.
- Browser-side signing keys are non-extractable and do not leave your device’s secure context.
4. How We Use Information
We use the information we process for the following purposes:- Provide wallet and API functionality: Authenticate your sessions, process transaction requests, and return ledger data.
- Operate dApp connection flows: Facilitate the connection and interaction between your wallet and third-party dApps you choose to connect.
- Detect abuse and fraud: Monitor for unusual activity, unauthorized access attempts, and misuse of the Service.
- Monitor performance and reliability: Identify and diagnose technical issues to maintain Service availability.
- Comply with legal obligations: Meet applicable legal, regulatory, and law enforcement requirements.
5. Legal Bases for Processing
Where the General Data Protection Regulation (GDPR) or equivalent legislation applies, we rely on the following legal bases:- Performance of a contract: Processing necessary to provide the Service you have requested.
- Legitimate interests: Processing for fraud detection, security monitoring, and performance optimization, where those interests are not overridden by your rights.
- Legal compliance: Processing required to meet applicable legal obligations.
- Consent: Where we request your consent for specific processing activities, we will process that data only on that basis and you may withdraw consent at any time.
6. Sharing and Disclosure
We do not sell your personal data. We share information only in the following circumstances:- Infrastructure and service providers: We engage third-party processors (such as hosting and infrastructure providers) who process data on our behalf under appropriate contractual protections.
- Connected network and ledger components: Transaction data is shared with the underlying Canton Network ledger as necessary to execute the transactions you request.
- Professional advisers: We may share information with lawyers, auditors, or insurers where necessary for legitimate business operations.
- Law enforcement and legal process: We disclose information when legally required to do so by a valid court order, subpoena, or applicable law, or where necessary to protect the rights, property, or safety of Walley or others.
7. Data Retention
We retain information only for as long as necessary for the operational, security, contractual, and legal purposes described in this Policy. When data is no longer needed, we delete or anonymize it. Specific retention periods depend on the category of data and the legal requirements applicable to it.8. Security
We implement administrative, technical, and organizational safeguards designed to protect the information we process against unauthorized access, disclosure, alteration, and loss. These measures include access controls, encryption in transit, and regular security reviews.No security system is perfectly secure. While we take reasonable precautions, we cannot guarantee the absolute security of information processed through the Service.
9. International Data Transfers
Walley may process and store information in jurisdictions other than the one in which you are located. When we transfer information internationally, we use appropriate safeguards — such as standard contractual clauses or equivalent mechanisms — to ensure your information receives a consistent level of protection regardless of where it is processed.10. Your Rights
Depending on your jurisdiction, you may have the following rights with respect to your personal data:- Access: Request a copy of the personal data we hold about you.
- Correction: Request that we correct inaccurate or incomplete personal data.
- Deletion: Request that we delete your personal data, subject to applicable legal retention requirements.
- Restriction: Request that we restrict the processing of your personal data in certain circumstances.
- Objection: Object to processing based on legitimate interests.
- Portability: Request that we provide your personal data in a structured, machine-readable format.
- Complaint: Lodge a complaint with the relevant data protection supervisory authority in your jurisdiction.