Iris Wallet Privacy Policy
Last Updated: November 12, 2025
Effective: November 12, 2025
NockBox Inc. ("we," "us") operates the Iris Wallet, a non-custodial cryptocurrency wallet. This policy explains how we handle your data.
NOTICE AT COLLECTION
What we collect: Service delivery, security, legal compliance
What we DON'T collect: Private keys, recovery phrases, transaction history, balances
Why: Service delivery, security, legal compliance
Your rights: Access, delete, correct, opt-out
We don't sell your data
Contact: support@nockbox.org
Appeals: support@nockbox.org (subject: "Privacy Appeal")
NON-CUSTODIAL WALLET PRIVACY
Critical Privacy Features
Private keys are generated and stored ONLY on your device
We NEVER have access to private keys or recovery phrases
We CANNOT see your balances, tokens, or transaction history
We CANNOT recover lost wallets or reverse transactions
All sensitive data remains under your exclusive control
1. DATA WE COLLECT
You Provide
Email address (if contacting support)
Transaction hashes or public addresses (only if shared for support)
Feedback and bug reports
Device logs (only if manually submitted)
Automatically Collected
Device information (OS, browser type, wallet version)
IP address (required for sanctions compliance)
General location (country/region for compliance)
Feature usage analytics (which features used, not transaction data)
Error logs (without private keys or sensitive data)
We NEVER Collect
Private keys or recovery phrases
Wallet passwords or PINs
Token balances or holdings
Personal identification tied to wallet addresses
2. HOW WE USE DATA
Use
Legal Basis (GDPR)
Purpose
Wallet functionality
Contract
Service delivery
Security monitoring
Legitimate interest
Fraud pervention
Sanctions screening
Legal obligation
Compliance
Support requests
Contract
Service
Updates/patches
Legitimate interest
Security
Analytics
Legitimate interest
Improvements
3. THIRD-PARTY SERVICES
RPC Providers
The wallet connects to blockchain networks via RPC endpoints that may collect:
Your IP address
API requests (not private keys)
Request frequency
You can change RPC providers in settings. Third-party RPCs have their own privacy policies.
Payment Providers
If using fiat on-ramps (MoonPay, Transak):
You interact directly with the payment provider
They collect KYC information per their policies
We receive only: completion status and public wallet address
We do NOT receive identity documents or payment details
Service Providers (under contract)
Cloudflare (security)
Google Cloud/AWS (infrastructure)
ipdata.co (geolocation for compliance)
4. DATA SHARING
We share data only
With service providers under confidentiality agreements
To comply with valid legal process
To protect rights, safety, or property
With your explicit consent
Blockchain transactions are PUBLIC by nature
5. DATA RETENTION
Type
Period
Reason
IP logs
30 days
Security
Support tickets
3 years
Service
Error logs
90 days
Debugging
Compliance alerts
5 years
Legal requirement
Analytics
13 months
Service improvements
6. YOUR RIGHTS
Everyone
✓ Access your data
✓ Correct errors
✓ Delete account data (except compliance records)
✓. Export data
✓ Opt-out of analytics where available
California (CCPA)
Additional rights to know, delete, and non-discrimination. We honor GPC signals.
EU/UK (GDPR)
Additional rights to port, restrict, object, and complain to regulators.
Response time: 30 days (45 for complex)
Appeals: 45 days
7. MANDATORY COMPLIANCE
Sanctions (Cannot Opt Out)
We must collect IPs for U.S. sanctions compliance
Auto-block: Comprehensively sanctioned countries
Blockchain Transparency
Wallet addresses and transactions are permanently public on the blockchain. We cannot delete or hide blockchain data.
8. SECURITY
Sanctions (Cannot Opt Out)
Local encryption for private keys
HTTPS/TLS for all communications
No cloud backup of sensitive data
Regular security audits
Remember: Your wallet's security depends primarily on your device security and recovery phrase protection.
9. COOKIES & TRACKING
Essential cookies only (session management). No advertising or tracking cookies. Browser extension uses local storage for settings.
10. INTERNATIONAL TRANSFERS
Your data may be processed in the US. We use:
Standard Contractual Clauses
Appropriate safeguards per GDPR
11. CHILDREN'S PRIVACY
The Wallet is not intended for users under 18. We do not knowingly collect data from children under 13.
12. PLATFORM-SPECIFIC
Browser Extension
Permissions: Storage (settings only), network (RPC calls)
No access to browsing history or other sites
Mobile Apps [When applicable]
Permissions: Camera (QR codes), storage (local data)
No access to contacts or call logs
13. UPDATES
We may update this policy with 30-day notice for material changes. Updates posted at iris.nockbox.org/privacy
14. CONTACT
Privacy inquiries: privacy@nockbox.org
General support: support@nockbox.org
NockBox Inc., Austin, Texas
Effective Date: November 12, 2025
Version: 1.0