Your data,
your control.

All sensitive data is stored exclusively in your device's encrypted secure storage: Android Keystore / iOS Secure Enclave. Nothing is transmitted to our servers unless you explicitly enable SMS mode.

• Private keys & seed phrase: encrypted on-device, never transmitted in normal mode.
• PIN hash: a one-way hash stored locally. We cannot recover your PIN.
• Transaction history & cached balances: stored locally so the app works offline.

To send transactions via SMS, you may optionally register your phone number. The following is stored solely to execute your transaction commands:

• Phone number: used to identify inbound SMS commands.
• Wallet addresses (public keys): needed to construct transactions.
• Encrypted private keys: stored server-side solely to sign and broadcast SMS-initiated transactions.
• Hashed PIN: used to authorise SMS-initiated transactions.
• Transaction history: amounts, destinations, and on-chain hashes.

You can delete your SMS registration and all server-side data at any time from Settings → Delete Wallet.

• Name, email address, or government ID
• Location data (precise or approximate)
• Device identifiers (IMEI, advertising ID)
• Your contacts list: names are shown on-device and never uploaded
• Incoming SMS messages: READ_SMS and RECEIVE_SMS permissions are explicitly blocked

• All app-to-server communication uses HTTPS/TLS.
• On-device keys use Android Keystore / iOS Secure Enclave.
• Server-side keys are stored in an encrypted PostgreSQL database.
• Android backups are disabled (allowBackup: false); key material never appears in Google Drive.