Please note: thisPrivacy Notice will be regularly updated to reflect any changes in how wehandle your personal information or changes in applicable laws. We encourageyou to review this notice periodically.
This Privacy Notice describes the policies and procedures of ReactWallet ("React Wallet", "we", "our", or"us"), a company incorporated and operating in Dubai InternationalFinancial Center, Dubai, the United Arab Emirates, relating to the collection,use, disclosure, retention and protection of personal data when you use ourwebsite, mobile applications, browser extensions and related services(collectively, the "Services"). This Notice applies together with anyterms of business, agreements and other contractual documents between you andus.Where we refer to "personal data" we mean any information thatidentifies or relates to an identifiable individual.
Where we refer to "personal data" we mean any information thatidentifies or relates to an identifiable individual.
Your privacy matters to us. React Wallet is a non-custodial crypto and digital asset walletnetwork designed to minimize the personal data we process. Where practical we design ourServices to store wallet keys and sensitive credentials locally on your deviceand to process the minimum personal information necessary to providefunctionality, or to comply with legal and regulatory obligations. The information weaccess and process will vary depending on how you use our Services and thefeatures you choose to enable.
By using our Services(including downloading our mobile or browser-based wallet), you consent to thecollection, use and disclosure of your personal data as described in thisPrivacy Notice.
We collect andprocess personal data in three primary ways: directly from you (e.g., when youcontact us, register for an account or opt into features), automatically whenyou use our Services (e.g., device and usage data), and from third parties(e.g., analytics and hosting providers). Wherever possible we de-identify, pseudonymizeor aggregate data.
A. Data you provide directly
● Contact information (e.g.,email address) — when you sign up for optional newsletters, support or accountrecovery features. Purposes: user communications, account support, marketing(where consented). Legal basis: consent or contractual necessity.
● Identity information (e.g., name, government ID, proof of address) —only if you voluntarily undergo identity verification for specific features(e.g., fiat on/off ramps, regulatory compliance). Purposes: KYC/AML compliance,fraud prevention, regulatory reporting. Legal basis: legal obligation, contractor consent as applicable.
● Customer supportcorrespondence and feedback — to respond to inquiries, investigate issues andimprove Services. Legal basis: contractual necessity or legitimate interests.
B. Data created or stored locally
● Wallet seed phrases,private keys and other sensitive cryptographic credentials are generated andstored locally on your device and are never collected or transmitted to ourservers by default. We will never ask you to share your seed phrase or privatekeys. If you choose to use our optional cloud backup or key recovery service,local encryption is used and you will be informed and asked for explicitconsent.
C. Data collected automatically
● Transaction data publishedto public blockchains — when you initiate blockchain transactions, thetransaction details are recorded on the public ledger. This data is controlledby the blockchain network and not by React Wallet. Purposes: transactionexecution and on-chain verification. Legal basis: contractual necessity/legitimateinterests.
● Device and usage information (e.g., IP address, device identifiers, OSversion, app version, crash data, feature usage) — to provide, secure andimprove the Services, detect fraud, debug errors and for analytics. Wherefeasible, we pseudonymize or aggregate this data. IPaddresses may be processed on a transient basis for service routing andregulatory compliance but are not stored or linked to identifiable users.
● Cookies and similartechnologies — see Section 3 below for details.
D. Data from third parties
● Service providers andpartners (e.g., cloud hosting, analytics, payment processors, KYC providers) —we receive and process data as necessary to deliver Services. Purposes:hosting, analytics, payment facilitation, identity checks. Legal basis: contractualnecessity, legal obligation or consent.
We process the limited information described above to:
- Deliver and maintain wallet functionality;
- Support integrations with third-party partners (e.g., swap services via RangoExchange);
- Ensure security and performance through technical monitoring and analytics;
- Comply with legal and regulatory obligations, including fraud prevention andabuse detection.
Summary table (examples):
● Personal data category:Contact details (email). Purpose: Account communications, marketing (withconsent). Retention: Until you unsubscribe or opt out.
● Personal data category: Identity documents (optional). Purpose: KYC foron/off ramps and compliance. Retention: As required by law and our retentionpolicy.
● Personal data category: Device and usage data. Purpose: Security,product improvement, analytics. Retention: Limited period (see Section 6).
● Personal data category:On‑chain transaction data. Purpose: Transaction processing and record on publicledger. Retention: Indefinite on the blockchain; we may store references asneeded.
E. Website Visitors
If you visit our website, we may collect limited technical and usageinformation through analytics tools. We do not engage in marketing tracking orsell user information.
We use cookies, web beacons andsimilar technologies on our website and in some app integrations.
Types and purposes include:
● Strictly necessary cookies: toenable basic site functionality.
● Performance and analytics cookies: to measure and improve siteand app performance (e.g., Google Analytics or similar). These may be pseudonymized.
● Functional cookies: to remember preferences and settings.
● Advertising cookies: used onlywhere you opt in to marketing features.
You can manage cookie preferencesthrough your browser or device settings and through any cookie banner weprovide. Disabling certain cookies may affect your experience of the Services.
We may share information under the following circumstances:
- With service providers (such as hosting on Digital Ocean and analyticsproviders) under contractual confidentiality obligations;
- With regulatory or governmental authorities where required by law;
- With third-party partners where you explicitly initiate an interaction (e.g.,using a swap function via Rango Exchange);
- In connection with mergers, acquisitions, or other corporate restructuring.
In addition to the services expressly mentioned above, React Wallet may,from time to time, enable integrations with other third-party service providersor decentralized applications (“Additional Third-Party Services”). Theseintegrations may include, but are not limited to, decentralized exchanges,liquidity providers, portfolio management tools, or NFT platforms. Any personaldata shared in connection with such Additional Third-Party Services will beprocessed under the privacy policies and terms of those providers, not by thisPrivacy Notice.
We do not sell or rent personal data.
As a UAE-basedcompany, we process data in the UAE and may transfer or store data in otherjurisdictions where our service providers operate (for example, data centres inthe UAE, EU, US, Asia). When transferring personal data outside the UAE or tojurisdictions without an adequate level of protection, we implement appropriatesafeguards (contractual agreements, standard contractual clauses, technicalencryption, or other measures) to protect your personal data in accordance withapplicable law.
Your information may be processed in jurisdictions outside your countryof residence. Where applicable, we implement safeguards, such as StandardContractual Clauses, to ensure that such transfers comply with internationaldata protection standards.
We retain personaldata only for as long as necessary to fulfil the purposes for which it wascollected, to comply with legal and regulatory obligations, to resolvedisputes, and to enforce our agreements. Retention periods vary by data typeand purpose; examples:
● Contact and supportrecords: retained for the period needed to provide support and for a reasonableperiod thereafter for audit and legal compliance.
● KYC records: retained as required by applicable law and internalpolicies.
● Device, usage and analytics data: retained in aggregated orpseudonymised form for product improvement; raw logs for a limited periodunless required for investigations.
● On‑chain transaction data:recorded on public blockchains and therefore not erasable by us.
● Errorlogs and usage analytics are retained only for as long as necessary to ensurestability and improve performance.
● Blockchaindata cannot be deleted or altered, as transactions are permanently recorded ondecentralized public networks beyond our control.
If you want more details about specific retention periods, contact ourPrivacy Team (see Section 11).
We useadministrative, technical and physical safeguards to protect personal data,including encryption in transit (TLS) and at rest where appropriate, accesscontrols, multi-factor authentication for internal systems, regular securityassessments and vulnerability management, and incident response procedures. Foroptional backups or recovery services, private keys are encrypted locallybefore any transmission. Walletkeys and recovery phrases remain on your device and under your sole control atall times. Our infrastructure providers, such as Digital Ocean, applyindustry-standard security protections.
Despite thesemeasures, no system is 100% secure. You are responsible for keeping your seedphrases and private keys secure. We will never ask you to reveal them. If youbelieve your wallet has been compromised, contact support immediately.
Subject to applicable law(including the UAE Federal Decree-Law No. 45 of 2021 on the Protection ofPersonal Data (PDPL) and any relevant free zone regulations), you may have thefollowing rights regarding your personal data:
● Access: request confirmation ofprocessing and access to your personal data.
● Rectification: request correction of inaccurate or incompletedata.
● Erasure: request deletion of personal data where permitted bylaw.
● Restriction or objection: request restriction of processing orobject to certain processing activities.
● Portability: receive your personal data in a portable formatwhere technically feasible.
● Withdraw consent: withdraw consent where processing is based onconsent (withdrawal will not affect processing that occurred prior towithdrawal).
● Lodge a complaint with the UAEData Office or other competent supervisory authority if you believe your rightsunder applicable law have been violated.
To exercise these rights, please contact us at media@reactwallet.io. We may need to verify your identity before fulfillingrequests and may refuse requests that are manifestly unfounded or excessive,subject to applicable law.
Our Services are not directed to children under 18. We do not knowinglycollect personal data from children. If we learn that we have collectedpersonal data of a child under 18 without appropriate parental consent, we willtake steps to delete the information. If you believe we have collected personaldata from a child, please contact us.
Our Services may allow you to interact with external service providersand decentralized applications (dApps), such as Rango Exchange. Any informationshared in the course of such interactions is governed by the privacy policiesof the relevant third-party providers, not by this Privacy Notice.
In addition to the services expressly mentioned above, React Wallet may,from time to time, enable integrations with other third-party service providersor decentralized applications (“Additional Third-Party Services”). Theseintegrations may include, but are not limited to, decentralized exchanges,liquidity providers, portfolio management tools, or NFT platforms. Any personaldata shared in connection with such Additional Third-Party Services will beprocessed under the privacy policies and terms of those providers, not by thisPrivacy Notice.
We may amend this Privacy Notice from time to time to reflect legal,regulatory, or business developments. Updates will be published with a revised“Effective Date.” Continued use of the Services after such updates constitutesacceptance of the revised terms.
If you havequestions, privacy requests, or concerns about this Privacy Notice or our datapractices, please contact:
React Wallet Technology Limited
Registered Address: Unit IH-00-01-01-OF-01, Level 1, Dubai International Financial Centre (DIFC), Dubai, UAE
Data Protection Officer Email: media@reactwallet.io
Important security notice:
● We will never ask for your seed phrase, private key or fullwallet passphrase by email or support chat. If you receive any such request, donot respond and report it to us immediately.
