Privacy Policy

🔒 Our Privacy Commitment

📊 What Information We Collect

Rogue Wallet connects you to blockchain networks and helpful services. Here's what information is processed:

Authentication Data

When you create a wallet using social login (Google, Twitter, Facebook, etc.), your identity management is performed by Web3Auth (a Consensys product). By opting for Social Login, you expressly adhere to Consensys Terms of Use and Privacy Notice.

Your private keys are managed by Web3Auth using multi-party computation (MPC) and are never stored in or accessible by Rogue Wallet. Rogue acts solely as a facilitating interface for Web3Auth's authentication infrastructure.

Wallet & Portfolio Data

To show you your holdings and execute transactions, we access:

• Your blockchain wallet addresses (public information)
• Token balances and NFT holdings
• DeFi positions (liquidity pools, staking, farming)
• Transaction history (publicly available on-chain)

AI Assistant Interactions

The AI Privacy Trade-off: Using our AI assistant requires sharing context with external services. By activating the AI features, you acknowledge that:

• Local Sanitization: Your data is sanitized locally (removing direct identifiers such as full wallet addresses) before being sent to the AI provider.
• External Processing: The anonymized context is processed by xAI (Grok) under their privacy terms.
• Financial Profiling: AI-powered portfolio analysis and trading insights constitute automated profiling under GDPR Art. 22, LGPD Art. 20, and CPRA regulations.

Your Rights: You have the right to opt-out of AI-powered features and limit the use of your financial data (Sensitive Personal Information) for automated processing. Simply do not use the AI assistant if you require absolute data privacy.

Conversations are stored locally on your device and can be cleared at any time.

Device Information

For app functionality, we collect minimal device data:

• Push notification token (to send you price alerts)
• Device platform (iOS/Android) for compatibility
• Biometric authentication: We use native platform APIs (Face ID/Touch ID on iOS, BiometricPrompt on Android). Your biometric data never leaves the Secure Enclave of your device. Rogue Wallet receives only a cryptographic validation token confirming successful authentication—we never access, process, or store your actual biometric data.

Optional Features

Only if you choose to use them:

• Voice input - Processed on-device, never sent to servers
• QR code scanning - Processed locally on your device
• Exchange integration - ASTER credentials stored encrypted on your device

🎯 How We Use Your Data

Your data is used exclusively to make Rogue Wallet work:

• Display your portfolio - Show balances, positions, and transaction history
• AI assistance - Provide intelligent trading insights and portfolio analysis
• Position monitoring - Alert you when DeFi positions need attention
• Execute transactions - Send tokens, swap assets, interact with DeFi
• Security - Protect your exchange credentials with biometric locks

Rogue does NOT: Track your behavior, build advertising profiles, or sell your data. Note: Third-party services we integrate with (Web3Auth, xAI, etc.) operate under their own privacy policies.

🔗 Third-Party Services

To provide comprehensive wallet features, Rogue Wallet integrates with third-party services via API. By interacting with features from these partners, you tacitly agree to their respective Terms of Service and Privacy Policies:

Your Rights: Under CCPA Section 1798.120 and LGPD Art. 18, you have the right to know with whom your data is shared and to opt-out of data sharing. You can limit data sharing by not using specific features (e.g., don't use swaps to avoid OpenOcean, don't use DeFi tracking to limit DeBank data access).

⚙️ Your Control & Rights

You have complete control over your data:

Access & Deletion

• View all locally stored data within the app
• Clear chat history anytime
• Delete all app data by logging out or clearing app storage
• Uninstall the app to remove all local data

Opt-Out Options

• Disable push notifications in device settings
• Turn off background position monitoring
• Don't use voice input or QR scanning features
• Disconnect exchange integrations anytime

Data Portability

Important: Web3Auth uses multi-party computation (MPC) for key management. Unlike traditional seed phrase wallets, you cannot directly export your private keys to another wallet application. Your blockchain transaction history and on-chain data remain publicly accessible and portable. For questions about key recovery or account migration, refer to Consensys documentation.

🛡️ Security Measures

Your security is our top priority:

• Non-custodial architecture - Rogue never holds or has access to your private keys; keys are managed by Web3Auth
• Web3Auth security - Authentication infrastructure managed by Consensys (see their privacy notice)
• Local encryption - Sensitive data encrypted on your device using iOS Keychain or Android Keystore
• Biometric protection - Face ID/Touch ID via Secure Enclave (biometric data never transmitted; only cryptographic tokens used)
• HTTPS/TLS - All network communications encrypted
• On-device processing - Voice recognition processed locally, never transmitted

Your Security Responsibilities

• Keep your social login credentials secure
• Use a strong device passcode or biometric lock
• Verify transaction details before signing
• Keep your device OS and app updated

📱 Device Permissions

Rogue Wallet requests specific permissions only when needed:

• Microphone - For voice commands (optional)
• Camera - For QR code scanning (optional)
• Photo Library - To save QR codes and receipts (optional)
• Notifications - For price alerts and position warnings
• Biometric - To protect exchange credentials
• Background - To monitor positions and send alerts

You can revoke any permission anytime through your device settings. Features will gracefully degrade if permissions are revoked.

🔄 Background Processing

If enabled, Rogue Wallet checks your DeFi positions periodically (approximately every 15 minutes) to send you timely alerts when positions approach their limits. This helps you avoid impermanent loss and manage risk.

Background tasks only access: locally stored preferences, public blockchain data, and your device notification system. No data is sent to our servers.

👶 Age Restriction

Rogue Wallet is intended for users 18 years and older. Cryptocurrency trading carries financial risks inappropriate for minors. We do not knowingly collect information from users under 18.

🌍 International Users

Rogue Wallet connects with global blockchain networks and services. Third-party services we integrate with may process data in various countries including the United States and Singapore. These services maintain their own security standards and privacy practices.

🔔 Data Retention

• Authentication sessions - 7 days (Web3Auth policy)
• Chat history - Stored locally until you clear it
• Position data - Stored locally until you remove it
• Exchange credentials - Encrypted locally until you disconnect
• Blockchain data - Permanently recorded on public blockchains (not controlled by us)

📝 Policy Updates

We may update this policy to reflect new features, regulations, or user feedback. Material changes will be communicated through in-app notifications. The "Last Updated" date at the top will always reflect the most recent version.

Your continued use of Rogue Wallet after updates constitutes acceptance of the revised policy.

🌐 Third-Party Links

Rogue Wallet may link to decentralized exchanges (DEXs), DeFi protocols, NFT marketplaces, and block explorers. These external services have their own privacy policies. We recommend reviewing their policies before interacting with them.