Sambaex Privacy Policy
Last updated: 2025-12-02
Sambaex is a self-custodial crypto wallet. Unless otherwise stated, we do not operate any backend that requires you to register an account. Your private keys and mnemonic phrases are stored only on your device and are not uploaded to us or any third party. We do not custody your assets, provide crypto-fiat exchange, or operate an order-book-based trading platform.
1. What information do we collect?
- On-device data (never leaves your device): private keys, mnemonic phrases, derivation path indices, and wallet-related settings (e.g., network/RPC, custom thresholds). These are stored locally (for example, in iOS Keychain or UserDefaults) and are not transmitted to our servers.
- Public on-chain data: when you query balances or transaction history, your wallet address and related query parameters are sent to the selected blockchain RPC node as required to provide the service.
- Push notification tokens: if you enable push notifications, we receive a device push token or Firebase Cloud Messaging (FCM) token in order to deliver wallet-related notifications (for example, transaction status or important service messages). We do not use these tokens for advertising or cross-app tracking.
- Network metadata from third-party RPC providers: when you use third-party RPC endpoints, those providers may log IP address, User-Agent, timestamps, and other network metadata under their own privacy policies. We do not control or participate in such logging.
2. How do we use your data?
- Private keys and mnemonic phrases are used only on your device for local signing and account derivation. They are not uploaded to our servers or shared with third parties. Where available, they may be protected by system biometrics or the device passcode.
- Your wallet address and query parameters are used solely to fetch balances, token and transaction information, or to submit signed transactions via the selected RPC endpoint.
- Push notification tokens are used only to send wallet-related or service-related notifications to your device. We do not use them for advertising, behavioral profiling, or tracking you across other apps and websites.
We do not sell your data and do not use your information for advertising or cross-site tracking.
3. Third-party services and RPC nodes
Sambaex allows you to select mainnet/testnet/devnet or configure custom RPC endpoints. When you use a third-party RPC provider, their privacy and rate-limit policies apply to your use of their service. We are not responsible for how third parties handle data such as IP address, request logs, or wallet addresses.
We may use third-party infrastructure providers such as Firebase Cloud Messaging solely for delivering push notifications. These providers may process device identifiers and network metadata in order to deliver messages, under their own privacy policies. We do not use these services for analytics or advertising.
4. Children and minors
Sambaex is a financial tool intended primarily for adults with full legal capacity. Minors should only use the app with the consent and supervision of a parent or legal guardian and after proper assessment of the risks associated with crypto assets.
5. Security
- Private keys and mnemonic phrases are stored in device-level secure storage (such as iOS Keychain or equivalent). Where supported, Face ID / Touch ID / device passcode can be used as an additional protection layer.
- We strongly recommend backing up your mnemonic phrase offline (for example, on paper stored safely) to prevent permanent loss of access to your assets if the device is lost, damaged, or wiped.
6. Data retention and deletion
- You may delete the app at any time to remove locally stored data such as private keys, mnemonics, and settings from your device. Future versions may provide an in-app “Reset / Clear Wallet” option to wipe Keychain items.
- On-chain data resides on a public distributed ledger and cannot be modified or deleted by us.
- Server-side configuration and log data (such as gateway requests) are retained only for as long as reasonably necessary for security, abuse prevention, and service stability, and then deleted or anonymized where feasible.
7. Your rights
Subject to applicable laws (for example, GDPR or CCPA), you may have rights to request access, correction, or deletion of your personal information. Because we typically do not host your identifiable personal information and most sensitive data remains on your device, many requests can be fulfilled locally by you (for example, uninstalling the app or resetting the wallet). For assistance, you may contact us using the email below.
8. International transfers
Depending on your location and the servers you choose, request data (including your wallet address and technical metadata) may be sent directly to servers in other countries or regions. By using Sambaex and selecting those endpoints, you consent to such international data transfers as necessary to provide the service.
9. Changes to this policy
We may update this policy from time to time. The updated version will be made available in the app or on our website and will be labeled with the “Last updated” date. Your continued use of the app after changes become effective constitutes your acceptance of the updated policy.
Disclaimer: Crypto assets are volatile and involve risk. Evaluate your own risk tolerance carefully. If your private keys or mnemonic phrase are lost or exposed, your assets may be irrecoverable. Sambaex does not custody your assets and cannot be responsible for losses resulting from compromised credentials, device loss, or market movements.