KlipbitPrivacy

Privacy Policy

Last updated: March 24, 2026

1. Who we are

Klipbit is a self-custodial digital wallet software, published by an independent developer. Klipbit is not a financial institution or financial services provider. We do not collect personal data for commercial purposes.

This Policy describes how Klipbit software handles information when you use it. As there is no legal entity responsible, this Policy is a transparency commitment from the project contributors — not a contractual obligation of a company.

2. Core principle

Klipbit is designed to operate with the minimum data possible. The architecture is self-custodial: your private keys, Recovery Phrase, and digital assets remain exclusively on your device. We do not have access to them and we do not want access.

If you opt into encrypted backup (optional), your email is collected for OTP verification. Your Recovery Phrase is encrypted on your device with a password only you know (AES-256-GCM), and the encrypted blob is stored on the server. Klipbit cannot decrypt your backup — only you have the password.

3. What we do NOT collect

To be clear, Klipbit never collects:

  • Private keys, Recovery Phrases, or wallet passwords (even with backup enabled — the backup is encrypted on your device before leaving);
  • Identity documents, social security numbers, selfies, or any KYC data;
  • Your wallet balances or transaction history;
  • Precise location (GPS);
  • Contacts, photos, files, or data from other apps;
  • Biometric data (fingerprint and Face ID are processed locally by your device — never transmitted).

4. What we collect

The software may collect or process the following data, depending on the features you use:

4.1 Waitlist

If you sign up for the waitlist, we collect your email address and, optionally, your name. This data is stored in Supabase (hosted database) and used exclusively to communicate project updates.

4.2 Encrypted backup (optional)

If you opt into encrypted backup, we collect your email address for OTP verification. Your Recovery Phrase is encrypted locally on your device (AES-256-GCM with a password you set) before being sent to the server. The stored blob is unreadable without your password — Klipbit cannot access your keys.

4.3 Third-party providers (asset purchases)

The app may offer the option to purchase digital assets through third-party providers (e.g., Transak). If you choose to use these services, KYC data collection (identity, documents) is done directly by the provider, under their own privacy policy. Klipbit does not collect, store, or have access to that data. Use of third-party providers is at your own discretion.

4.4 Diagnostic logs

To investigate failures in critical operations (blockchain transactions, escrow interactions), the software may send technical logs to a diagnostic server. These logs contain:

  • Operation identifiers (listing IDs, trade IDs);
  • Transaction signatures (public blockchain data);
  • Technical error messages;
  • The step at which the operation failed.

Logs never contain private keys, passwords, balances, or personally identifiable data.

4.5 Web browsing data

The web interfaces (website and PWA) are hosted on Vercel, which may automatically collect IP address, browser type, and access data per its own privacy policy. Klipbit does not use tracking cookies, conversion pixels, or third-party analytics tools.

5. Blockchain data

Blockchain transactions are public and permanent. Wallet addresses, transferred amounts, and transaction signatures are recorded forever on decentralized networks — beyond the control of anyone, including Klipbit contributors.

The software cannot erase, modify, or hide data already recorded on a blockchain. If you made a transaction, that transaction data is permanent. This is an inherent characteristic of blockchain networks, not a design choice.

6. Local storage (your device)

The software stores locally on your device:

  • Private keys and Recovery Phrase — in your device's secure storage (Keychain/SecureStore), encrypted by the device;
  • Preferences — language, selected network, interface settings;
  • Cache — temporary data to improve performance.

This data remains exclusively on your device. If you uninstall the app, all local data is erased. If you do not have a copy of your Recovery Phrase or an active encrypted backup, your assets will be permanently and irreversibly lost.

7. Data sharing

Klipbit does not sell, rent, or trade user data. Data may be shared only in the following circumstances:

  • With infrastructure providers — Supabase (database), Vercel (hosting), Helius (Solana RPC node) process technical data necessary for operation;
  • With third-party providers — if you choose to use asset purchase services (e.g., Transak), your data is shared directly with the provider, under their own privacy policy;
  • On the blockchain — transactions are public by nature.

We do not use data for advertising, profiling, or any purpose beyond the operation of the software.

8. Your rights

As there is no legal entity acting as data controller, rights provided by data protection laws (LGPD, GDPR) may not be exercisable in the traditional way. However, in practice:

  • Access and portability — your assets and keys are on your device. You already have full access;
  • Deletion — if you signed up for the waitlist, you can request email removal at hello@klipbit.com. Blockchain data cannot be erased;
  • Minimization — the software already collects the minimum necessary by design;
  • Uninstall — uninstalling the app erases all local data. If you do not have a copy of your Recovery Phrase or an active encrypted backup, your assets will be permanently and irreversibly lost.

9. Security

The project contributors adopt reasonable security practices, including encryption in transit (HTTPS/TLS), secure storage of sensitive credentials, and code review. However, no system is infallible.

The escrow smart contract is open source and can be audited by anyone. Security vulnerabilities can be reported at hello@klipbit.com.

10. Minors

The software is not intended for anyone under 18 years of age. We do not intentionally collect data from minors. If you believe a minor has provided data through the software, please contact us so we can remove it.

11. Changes to this Policy

This Policy may be updated at any time. The current version will always be available on this page with the date of the last update. Continued use of the software after changes indicates acceptance of the updated Policy.

12. Contact

For privacy questions, data removal requests, or vulnerability reports: hello@klipbit.com

This channel is maintained by voluntary contributors. Responses are not guaranteed.