Privacy Policy

/ 1 Scope

This Privacy Policy applies to usdt-wallet.org, any sub-domains, the USDT Wallet desktop & mobile applications, the command-line interface, and related online services (collectively, the “Services”). It describes:

• what information we collect and why,
• how we use that information,
• the choices you have, and
• your rights under applicable laws.

By downloading, installing or using the Services you acknowledge that you have read, understood and agreed to the practices described herein.

/ 2 Data We Collect

USDT Wallet is designed to operate as privately as possible. The core wallet operates fully client-side; all sensitive operations (key generation, signing, balance lookups) occur on your device only. Nevertheless, some data is necessary to keep the Services secure and functional.

2.1 Information you provide voluntarily

• Email address — only if you subscribe to our newsletter or open a support ticket.
• Support messages & attachments — the content of communications you initiate, plus any screenshots or logs you attach.
• Participation in beta-testing — feedback forms you submit via our TestFlight or TestFairy programmes.

2.2 Information collected automatically

• Server access logs — IP address, user-agent string, requested URL and timestamp. Logs rotate in 7 days and are never linked to wallet addresses.
• Crash analytics (opt-in) — anonymised stack trace, OS version, memory footprint.
• Update pings — a daily, randomised “ping” (uw-update) containing the app version & OS to check for new releases. This ping is not tied to your IP (routed via proxy) and can be disabled in Settings → Privacy.

2.3 What we never collect

• Your seed phrase, private keys, passphrases, or biometric patterns.
• Raw transaction payloads or signature requests.
• Clipboard contents, keystrokes, microphone or camera data.

/ 3 How We Use Data

We process your information solely for the following purposes:

• Service delivery — to provide core wallet functions, verify software updates, and route support tickets.
• Security — to detect and mitigate phishing, brute-force login attempts, DDoS, or other abuse.
• Communication — to send release notifications, security advisories or marketing emails only if you opted in. You may unsubscribe at any time via the link in each email.
• Research & development — aggregated, de-identified analytics help us prioritise new features and platforms.
• Legal compliance — to comply with anti-money-laundering obligations where applicable and to respond to lawful requests.

/ 4 Legal Basis

Under the EU/UK GDPR, the California Consumer Privacy Act (CCPA) and comparable frameworks, we rely on the following lawful bases:

• Contractual necessity — processing required to fulfil our agreement with you.
• Legitimate interest — a minimal level of processing necessary to maintain platform integrity and prevent fraud. We carefully balance our interests against your rights.
• Consent — for optional newsletters, beta-testing telemetry and marketing. Consent can be withdrawn at any time.
• Legal obligation — to meet obligations under applicable laws, regulations or court orders.

/ 5 Sharing & Disclosure

We never sell your data. We share it only with vetted sub-processors under strict data-protection agreements, and solely for the purposes described:

• AWS (eu-central-1) — cloud infrastructure; encrypted backups; ISO 27001 certified.
• Cloudflare — edge DDoS protection & TLS termination; IPs retained for 24 hours.
• Postmark — transactional email delivery; stores recipient email & event metadata.
• Security auditors — Cure53, Trail of Bits; receive code artefacts without user data under NDA.

We will disclose information if required to comply with a lawful request from law-enforcement or regulatory body. Where legally permissible, we will notify you before disclosure.

/ 6 Cookies & Tracking

USDT Wallet sets exactly one first-party cookie:

• uw_sess — a non-persistent, random token that keeps you signed-in to the support portal. It expires after 4 hours of inactivity or when you log out.

No third-party analytics, advertising, social-media or fingerprinting cookies are used. We believe privacy should be the default.

Managing cookies

You can refuse or delete cookies via your browser settings. Doing so will not affect the wallet software, but support-portal sessions may not persist.

/ 7 Data Retention

We store data for the shortest time necessary:

• Email subscriptions — erased immediately upon unsubscribe.
• Support tickets — retained for 18 months, then irreversibly anonymised for product metrics.
• Server logs — rotated daily and purged after 7 days.
• Crash reports — kept 90 days to diagnose regressions.

When retention periods lapse, data is securely deleted using NIST SP 800-88 “Purge” guidelines.

/ 8 Security Measures

Protecting your data is paramount. Our controls include:

• End-to-end encryption — all traffic enforced via TLS 1.3 (AES-256-GCM).
• Encryption at rest — databases & backups encrypted with AES-256 keys stored in AWS KMS (HSM backed).
• Zero-trust architecture — micro-segmented VPCs, mutual TLS between internal services, principle-of-least-privilege IAM.
• Hardware tokens — mandatory YubiKey + SSO for production access.
• Continuous auditing — static-analysis, dependency scanning, and quarterly penetration tests. Reports are published on our GitHub.
• Bug bounty programme — open invitation for researchers on Immunefi. High-severity reports triaged within 24 hours.

/ 9 Your Rights

Depending on your jurisdiction you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate or incomplete data.
• Request erasure (“right to be forgotten”).
• Object to or restrict certain processing activities.
• Receive a copy of your data in a portable format.
• Withdraw consent for optional processing at any time.
• Not be subject to automated decision-making producing legal effects.
• Lodge a complaint with your local data-protection authority.

To exercise any of these rights please write to privacy@usdt-wallet.org from the email address we have on file. We will respond within 30 days.

/ 10 Minors

The Services are not directed to children under 13. We do not knowingly collect personal information from minors. If a parent or guardian believes that a minor has provided us with personal data, please contact us and we will delete it promptly.

/ 11 Changes to This Policy

We may revise this Policy from time to time to reflect regulatory changes, new technologies or business practices. We will:

• Update the “Last Updated” date below.
• Post the updated version on this page.
• Notify you via email or in-app notice when material changes occur.

Last Updated: 4 March 2024

/ 12 Contact Us

If you have questions, concerns or complaints regarding this Policy, reach out via:

• Email: privacy@usdt-wallet.org
• Mail: USDT Wallet Inc., 8 Fitzroy St, London, W1T 4BJ, UK
• Telegram: @usdtwallet_support (PGP-signed replies)