Privacy Policy

HyperWallet ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").

Data Controller:

klarshift UG (haftungsbeschränkt)
Kolonnenstr. 8, 10827 Berlin
Berlin, Germany
Email: privacy@hyper-wallet.app
Managing Director: Raoul Jaeckel
Trade Register: [To be assigned upon registration]

For data protection inquiries, please contact: privacy@hyper-wallet.app

1.1 Information You Provide

• Wallet Addresses: When you connect a wallet, the public address may be stored locally on your device for convenience
• Settings and Preferences: Your app configuration and user preferences
• Support Communications: Information you provide when contacting our support team

1.2 Automatically Collected Information

With your explicit consent, we may collect:

• Usage Analytics: App interactions, feature usage, and navigation patterns
• Performance Data: Crash reports, error logs, and app performance metrics
• Device Information: Operating system version, app version, and device type
• Session Data: App launch frequency, session duration, and user flows

1.3 Technical Identifiers

• App ID: A random unique identifier generated on first launch to manage your consent preferences
• Purpose: Store your analytics consent choice on our servers
• Storage: Stored locally on device and on our backend (Vercel, EU/US regions)
• Privacy: Cannot identify you personally, deleted when you uninstall the app

1.4 Information We Do NOT Collect

• Private Keys: We never have access to or store your private keys
• Transaction Details: We do not collect transaction amounts, recipients, or financial data
• Personal Identifiers: No email addresses, phone numbers, or personal information
• Biometric Data: Biometric authentication is processed locally by your device

2.1 Service Provision

• Provide access to Hyperliquid protocol functionality
• Maintain app performance and reliability
• Store user preferences locally on your device

Legal Basis: Performance of contract (Art. 6(1)(b) GDPR) - necessary to provide the Service you requested.

2.2 Analytics and Improvement (With Consent)

• Analyze app usage patterns to improve user experience
• Monitor app performance and identify technical issues
• Develop new features based on user behavior insights
• Generate anonymous usage statistics

Legal Basis: Your explicit consent (Art. 6(1)(a) GDPR and German TTDSG). You can withdraw consent at any time in app settings without affecting prior processing.

2.3 Legal and Security

• Comply with applicable laws and regulations
• Protect against fraud and security threats
• Enforce our Terms of Service

Legal Basis: Legal obligation (Art. 6(1)(c) GDPR) and legitimate interest (Art. 6(1)(f) GDPR) in protecting our systems and users from security threats.

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

3.1 Third-Party Service Providers

3.2 Legal Requirements

• When required by law, court order, or legal process
• To protect rights, property, or safety of users or others

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred. We will notify you via email and app notification at least 30 days before your data is transferred and becomes subject to a different privacy policy.

We retain your data for the following periods:

• App ID and Consent Preferences: Until you uninstall the app or withdraw consent
• Analytics Data (with consent): Retained for 24 months after collection, then anonymized or deleted
• Crash Logs and Error Reports: Retained for 12 months for debugging purposes
• Support Communications: Retained for 3 years for legal compliance and customer service
• Local Device Data: Until app deletion or manual clearing through device settings
• Legal Compliance: Data may be retained longer if required by law or legal proceedings

5.1 Analytics Consent

• You can withdraw consent for analytics at any time through Settings → Privacy
• Essential app functionality continues to work without analytics
• Withdrawal does not affect the lawfulness of processing based on consent before withdrawal

5.2 Data Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right of Access (Art. 15): Request information about data we have collected about you
• Right to Rectification (Art. 16): Request correction of inaccurate personal data
• Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
• Right to Data Portability (Art. 20): Request a copy of your data in a portable format
• Right to Restriction (Art. 18): Request restriction of processing under certain circumstances
• Right to Object (Art. 21): Object to processing based on legitimate interests

To exercise these rights, please contact privacy@hyper-wallet.app. We will respond within 30 days.

5.3 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe we have violated your data protection rights:

For users in Germany:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin, Germany
Email: mailbox@datenschutz-berlin.de
Website: www.datenschutz-berlin.de

For other EU citizens: You may contact your local data protection authority.

We implement appropriate technical and organizational measures to protect your information:

• Encryption: Data transmission is encrypted using industry-standard protocols (TLS 1.3)
• Local Storage: Sensitive data is stored locally on your device using platform secure storage (iOS Keychain, Android Keystore)
• Minimal Collection: We collect only what is necessary for service provision (data minimization principle)
• No Private Key Access: We never have access to your wallet private keys
• Access Controls: Limited access to data on need-to-know basis

Our services involve data transfers to countries outside the European Economic Area (EEA), specifically to the United States:

7.1 Transfers to the United States

• Hyperliquid Protocol: Trading data (wallet addresses, public transactions) is processed by Hyperliquid, a US-based entity. Your blockchain interactions are public and governed by their terms.
• Vercel (Hosting): App hosting and consent storage. Vercel operates globally with servers in EU and US regions.
• Mixpanel (Analytics, with consent): Anonymous usage analytics processed in the United States.
• Sentry (Error Monitoring): Crash reports and error logs processed in the United States.

7.2 Safeguards for International Transfers

We ensure appropriate safeguards for data transfers outside the EEA:

• Standard Contractual Clauses (SCCs): European Commission-approved contracts with service providers ensuring GDPR-level protection
• Your Explicit Consent: For analytics data, we obtain your explicit consent for international transfers (Art. 49(1)(a) GDPR)
• Contractual Necessity: Transfers to Hyperliquid are necessary to perform the contract (Art. 49(1)(b) GDPR) - you cannot use the Service without accessing the protocol
• Technical Measures: Encryption in transit and at rest, access controls, and regular security audits

Important: If you do not consent to analytics data transfers, you can still use all essential app functionality. However, using the trading features requires interaction with the US-based Hyperliquid protocol.

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. All trading decisions are made by you, and we do not use algorithms to automatically execute trades, block users, or make decisions on your behalf.

HyperWallet is not intended for use by children under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will:

• Notify you at least 30 days before material changes take effect via in-app notification or email (if provided)
• Update the "Last updated" date at the top of this policy
• Request renewed consent if we change how we process data you previously consented to
• Provide a summary of key changes in the notification

Your continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy, except where additional consent is required by law.

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

• Data Protection Inquiries: privacy@hyper-wallet.app
• General Support: support@hyper-wallet.app
• Postal Address: klarshift UG (haftungsbeschränkt), Kolonnenstr. 8, 10827 Berlin, Germany
• Twitter/X: @HyperWallet_App

For data subject rights requests, please include "Data Request" in your subject line. We will respond within 30 days as required by GDPR.