Aeda Wallet Privacy & Cookies Policy

Last updated: September 10, 2025

VanCoin LLC ("Aeda," "we," "us," or "our") is a non-custodial cryptocurrency wallet provider (Aeda Wallet). We do not hold or manage your funds or private keys. Instead, we facilitate user interactions, identity verification and transfers through our integration with Bridge and its partners. This policy outlines how we collect, use, store and share your personal information when you interact with our services, including our mobile app and website. Aeda is not a licensed bank or financial advisor.

By accessing or using our services, you accept and consent to the practices described in this Privacy & Cookies Policy. If you disagree with any part, please do not use our services.

INFORMATION WE COLLECT

We collect personal information about you through various methods:

Information You Provide

Account registration: When you create an account, we collect your name, date of birth, email address, phone number and country of residence.
Identity verification (KYC): To fulfill regulatory requirements, you provide government-issued ID documents, a selfie, proof of address and possibly source-of-funds documentation. These are securely collected and transmitted to Bridge and its identity verification partners.
Support and communications: If you contact us or our support team, we collect the communications you provide, along with any attachments.
Payment Data Collection and Use: If you use our fiat on-ramp or off-ramp functionality, you may be asked to provide financial information (e.g., IBAN, credit/debit card data, or account identifiers). These are processed directly by our third-party providers and are not stored or accessed by Aeda. However, transactional metadata (e.g., amounts, timestamps, currency) may be logged by us or Bridge for fraud prevention, compliance reporting, and dispute resolution.
Fiat Transaction Metadata: We may collect metadata associated with your fiat transactions (such as amount, currency, provider, transaction ID, and status) to help improve service delivery, resolve disputes, and comply with regulatory obligations. We do not collect or store sensitive bank or card data.

By submitting a photo or selfie as part of the identity verification process, you expressly consent to Aeda and its third-party partners processing your biometric data for the purpose of verifying your identity. You may withdraw your consent at any time by contacting [email protected], though this may limit your access to our services.

Information Collected Automatically

Device and usage data: When you use our app or access our website, we collect information such as IP address, app version, device/browser type, operating system, unique device identifiers, crash reports and other diagnostic logs.
Behavioral analytics: We monitor usage patterns, session properties and feature interaction to understand and improve user experience.

Information from Bridge and Third Parties

Verification outcomes: Bridge processes your identity-related information (selfie, document scans, verification status) often via providers such as Persona, Beam or Paxos. These may retain your biometric data for up to 5 years.
Third-party partners: As part of the onboarding or transfer processes, Bridge may share your information with financial institutions or regulated partners in compliance with law.

Biometric authentication and OTP verification flows implemented in Aeda follow platform-specific APIs such as Android SMS Retriever API, iOS One-Time Code Autofill, and native Keychain/Keystore mechanisms. This ensures maximum compliance with mobile security guidelines and minimizes the risk of data leakage or interception.

PURPOSES FOR WHICH WE USE YOUR INFORMATION

Your information is used for the following purposes:

Identity verification (KYC): We submit your documents to Bridge and authorized verification partners solely to confirm your identity and comply with legal obligations. Failure to provide accurate information may result in service denial or restricted access.
Service delivery: We use your data to authenticate app usage, process crypto transfers, send notifications, address service requests and resolve issues.
Security and analytics: We analyze device logs and app usage data to detect and prevent fraud, optimize performance, debug our systems and enhance functionality.
Legal and compliance: We share personal information with regulators, law enforcement, financial partners and auditors when required by law or to respond to subpoenas, court orders or investigations.

COOKIES & TRACKING TOOLS

Aeda and Bridge utilize cookies, pixel tags and similar technologies to enhance user experience:

Essential cookies: Enable basic wallet functions and session continuity.
Performance and analytics tags: Used to collect data on app performance and usage trends.
Marketing and advertising tracking: Only used when you grant consent.

You may disable non-essential cookies via app settings or your browser/device settings. However, disabling these may limit certain non-critical features while preserving core functionality.

Non-essential cookies (e.g., for analytics or marketing) will only be activated after you have provided explicit consent through our cookie banner or in-app settings.

DATA RETENTION AND DELETION

KYC and Identity Data

Retained for up to 5 years following legal and regulatory retention requirements.
For users who begin but do not complete onboarding, data is kept for a maximum of 3 years, then securely deleted.

Usage and Log Data

Stored for a period necessary for as long as legally required for audit and compliance purpose, as well as to provide services, prevent fraud and comply with applicable laws. When no longer needed, such data will be anonymized or deleted.

Deletion Procedures

All data is securely erased or anonymized according to our internal data retention policy.
Users may request account termination or data deletion. We will comply unless legal retention obligations prevent it.

UNENCRYPTED KEY STATEMENT

Aeda never stores, processes, or transmits unencrypted private keys. All keys are stored in encrypted form locally on your device or, if you choose to use cloud backup, are encrypted before upload and stored only within your cloud provider account.

SECURITY MEASURES

Aeda is committed to protecting your personal data with strong safeguards:

Encryption: All data in transit and at rest is encrypted using industry-standard encryption protocols.
Access controls: Only authorized personnel have access to personal data, under strict confidentiality agreements.
Audits & monitoring: Regular internal and external reviews ensure continued data protection.
Incident response: In case of breach, we follow regulatory notification standards to inform affected users and authorities.
Device-Level Encryption: All user PINs and biometric data are stored exclusively on the user's device using secure, device-level encrypted storage technologies, such as Apple Keychain for iOS and Android Keystore. These authentication credentials are never transmitted to Aeda or Bridge, nor are they accessible to our systems at any time.

While no system is entirely secure, we strive to use best practices. Users are responsible for safeguarding their own credentials and enabling multi-factor authentication where available.

CONSENT LOGGING

Where explicit user consent is required—such as for identity verification, biometric authentication, or cloud backup—Aeda records and securely stores a log of the user's confirmation. This includes the timestamp, the specific action consented to, and the version of the Terms & Conditions or Privacy Policy presented at the time.

These records are retained as part of our internal consent audit trail, which serves to demonstrate legal compliance with GDPR, MiCA, and VASP regulations. This audit trail may be reviewed periodically by our internal compliance officers and, where required by law, disclosed to regulatory authorities or external auditors upon lawful request.

CLOUD BACKUP CONSENT AND RESPONSIBILITY

If you choose to enable cloud backup for your encrypted wallet key, you will be prompted with a clear consent message that outlines:

Your wallet backup will be encrypted locally and uploaded to your cloud account (e.g., iCloud or Google Drive);
Only you can access or recover this backup;
Aeda does not store any version of your private key and cannot retrieve your wallet if your cloud access is lost;
No unencrypted wallet information is ever stored or transmitted.

YOUR PRIVACY RIGHTS

Depending on your jurisdiction (GDPR, CCPA, etc.), you have the following rights:

Access: You can request copies of your personal data.
Rectification: You can ask to correct inaccurate or incomplete information.
Erasure: Where permitted, you can request deletion of your data.
Restriction or objection: You can limit how your data is used or object to certain processing activities.
Data portability: You can request to export your data in a structured, machine-readable format.
Consent withdrawal: You can remove your consent to processing. It will not affect past lawful processing.

You have the right to withdraw your consent to any processing of your personal data at any time, without affecting the lawfulness of prior processing. To do so, please contact [email protected].

COMMUNICATIONS

While using Aeda Wallet you consent to receiving:

Essential notifications (security alerts, KYC updates, service changes)
Marketing messages (email, SMS or push) with opt-out options. You may unsubscribe from promotional emails or SMS messages at any time using links provided. Text opt-out is available via "STOP" replies. Please note that opting out will not affect essential service-related communications or legal notifications.

CHILDREN'S PRIVACY

Aeda services are intended exclusively for individuals 18 years or older. We do not knowingly collect information from minors. If we become aware that data from a child under 18 is inadvertently collected, it will be promptly deleted.

INTERNATIONAL DATA TRANSFERS

We may transfer your personal data to locations worldwide, including Bridge and its partners. For EU/EEA users, we apply lawful transfer mechanisms such as Standard Contractual Clauses or adequacy decisions to ensure compliant data handling.

POLICY UPDATES

We may update this Privacy & Cookies Policy to reflect legal or operational changes. We will notify you of significant amendments via in-app alerts or email and update the "Effective Date." Continued use of our services after changes implies your acceptance.

JURISDICTION‑SPECIFIC ADDENDUM

European Union (GDPR): You have additional rights and protections under Articles 12--23 of GDPR, including access, portability and right to lodge a supervisory complaint.
California (CCPA/CPRA): California residents can request to know, delete, correct or opt-out of data sharing; we do not sell personal information.
EU Crypto Regulation (MiCA): As a CASP, Aeda maintains transparency in asset segregation, fees, user withdrawal rights and incident notifications.
Czech VASP Regulation: Aeda meets AML/CFT compliance with risk assessment, STR reporting, recordkeeping and designated compliance officer under FAU license.

DISCLAIMERS

Non‑custodial Model: Aeda does not hold user funds or private keys.
Third‑Party Responsibility: Bridge and its partners maintain separate privacy and service terms. Aeda is not liable for their conduct.
No Warranty: Our services are provided "as is." We disclaim liability for third-party system failures or data loss beyond our control.
Legal Hierarchy: Where local law conflicts with this policy, mandatory local regulations shall prevail and more protective terms will apply.

CONTACT INFORMATION

If you have questions, concerns or want to exercise your data rights, please contact:

Email: [email protected]
Data Protection Officer (EU): [email protected]

We aim to respond to all inquiries within the timelines set by applicable regulations.