SpendTheBits Inc. (the “Company”, “we”, “us” or “our”) respects your privacy and is committed to protecting it in accordance with this Privacy Policy. This Privacy Policy describes the types of information we may collect, or that you may provide, when you download, install, register with, access, or use the SpendTheBits mobile application and related services (together, the “App”), and our practices for collecting, using, maintaining, protecting, and disclosing that information.
The most important thing to understand about SpendTheBits is that it is fully non-custodial. Your recovery phrase (seed) and private keys are generated and stored only on your device, inside the operating system’s secure keychain, protected by your device biometrics or passcode. They never leave your device and are never transmitted to, or stored by, us. We cannot access your keys, move your funds, or recover your recovery phrase for you.
Privacy laws in Canada generally define “Personal Information” as information about an identifiable individual. This Privacy Policy applies to Personal Information we collect through the App and through email, text, and other electronic communications sent in connection with the App. It does not apply to information collected by any third party, including third-party services or blockchain networks you interact with through the App (see “Third-Party Services” below).
By downloading, registering with, or using the App, you acknowledge that you understand and consent to the practices described in this Privacy Policy. If you do not agree, do not use the App. We may update this Privacy Policy from time to time (see “Changes to this Privacy Policy”); your continued use of the App after we post changes means you accept those changes.
Scope of the App
The App is a self-custody wallet for crypto assets and stablecoins. It lets you generate and restore a wallet, view balances and transaction history across supported blockchain networks, and prepare, sign, and broadcast transactions from your device. Features may include on-device signing for sends, self-custodial access to third-party decentralized-finance (“DeFi”) protocols, cross-chain transfers, recurring and streaming stablecoin payments, payment requests, payable @handles, guardian-based social recovery and inheritance, in-app support and assistant tools, and bookkeeping exports.
The App does not provide fiat bank accounts, and we do not require identity verification (KYC) to hold or use the self-custodial wallet. We do not take custody of your crypto assets at any time.
Information we collect and how we collect it
We collect information in the following ways:
- Information you provide to us. When you create an account we collect your email address (and, if you choose phone-based verification, your phone number) to secure account sync, deliver one-time passcodes, and send service notifications. We also collect the contents of correspondence if you contact support, and any information you submit through in-app forms.
- Public blockchain data. To show balances and history and to prepare transactions, we store and process public, non-secret data such as your wallet addresses, extended public keys (xpubs), and transaction hashes. This information is public by nature on the relevant blockchain networks.
- Device and usage information. We automatically collect certain technical information such as device type and operating system, app version, language and time-zone settings, general usage and diagnostic events, and IP address, to operate, secure, and improve the App.
- Crash and error reports. If the App encounters an error, we may collect diagnostic information (for example, a stack trace and device context) through our error-monitoring provider to help us fix problems.
- Support-assistant input. If you use the in-app assistant, the text you send is processed to generate a response. Recovery-phrase and private-key patterns are redacted before your input is sent to the model, and the assistant uses read-only tools only.
Information we never collect. We do not collect, receive, store, or log your recovery phrase, private keys, passphrase, PIN, or signed transaction hex. We do not collect biometric information — biometric unlock is handled entirely by your device and stays on your device.
How we use your information
We use the information we collect to:
- provide, operate, maintain, and secure the App and its features;
- prepare unsigned transaction context and relay device-signed transactions to the relevant blockchain networks at your request;
- authenticate you, deliver one-time passcodes, and send service and security notices (for example, incoming payments, allowance expiry, or security alerts);
- screen recipient addresses for known risk indicators before a send;
- diagnose problems, prevent fraud and abuse, and improve the App;
- respond to your support requests; and
- comply with applicable law and enforce our terms.
We may send you product or marketing communications only where permitted by law. You can opt out at any time by using the unsubscribe mechanism in the message or by emailing privacyofficer@spendthebits.com.
Disclosure of your information
We do not sell your Personal Information, and we do not share it with advertising networks. We may disclose information as follows:
- Service providers. To contractors and service providers who support the App — for example, cloud hosting, blockchain node/RPC providers, error monitoring, the support assistant, email/SMS delivery, and push notifications — who are contractually required to keep the information confidential and use it only to provide their services to us.
- Aggregated or de-identified data. We may share information that does not identify you, such as aggregate usage statistics.
- Legal and safety. To comply with a valid court order, law, or legal process, to respond to a lawful government or regulatory request, to enforce our terms, or where we believe disclosure is necessary to protect the rights, property, or safety of SpendTheBits, our users, or others, or to prevent fraud.
- Business transfers. In connection with a merger, acquisition, financing, reorganization, or sale of assets, in which case information may be transferred as part of that transaction, subject to this Privacy Policy.
Please note that transactions you broadcast are recorded on public, decentralized blockchain networks that we do not control. Information written to a blockchain (such as addresses and amounts) is public and outside the scope of this Privacy Policy.
Transferring your information
We may process, store, and transfer information in Canada and in other countries where our service providers operate, which may have privacy laws that differ from those in your jurisdiction. Where we engage a service provider, we require that its privacy and security practices are consistent with this Privacy Policy and applicable Canadian law. By using the App, you consent to this transfer, storage, and processing.
Data security
We use physical, electronic, and administrative safeguards designed to protect the information we hold from accidental loss and unauthorized access, use, alteration, and disclosure. Connections to our servers use encryption in transit. Critically, our servers do not store your recovery phrase, private keys, or PIN — those remain on your device.
The security of your assets also depends on you: keep your recovery phrase and device credentials secret, keep a secure offline backup of your recovery phrase, and do not share them with anyone. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. Anyone who obtains your recovery phrase can access your funds.
Data retention
We retain Personal Information only for as long as necessary to fulfil the purposes described in this Privacy Policy, including to meet legal, accounting, or reporting requirements. We may anonymize or aggregate information so that it can no longer be associated with you and use it for legitimate business purposes.
Children
The App is not intended for children under 13 years of age, and we do not knowingly collect Personal Information from children under 13. If you believe we have collected such information, please contact us at customersupport@spendthebits.com and we will delete it.
Accessing and correcting your information
You have the right to request access to, and correction of, the Personal Information we hold about you, and to withdraw your consent to our collection, use, or disclosure of it, subject to legal and contractual restrictions. To make a request, email customersupport@spendthebits.com. We may need to verify your identity before acting on a request. Note that we cannot recover or delete data held on a public blockchain, and deleting your account does not remove transactions already recorded on a blockchain network.
Third-party services
The App interacts with third parties such as blockchain networks and node/RPC providers, and may let you access third-party DeFi protocols and bridges. We do not control these third parties or their handling of your information, and this Privacy Policy does not apply to them. We encourage you to review the terms and privacy policies of any third-party service you use.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will post any changes on this page and update the “Last modified” date above. If we make material changes, we will take reasonable steps to notify you. You are responsible for periodically reviewing this Privacy Policy.
Contact us
We welcome your questions, comments, and requests about this Privacy Policy and our privacy practices. Please contact our Privacy Officer, Jaskaran Kambo:
SpendTheBits Inc.
28-655 Tamarack Rd NW, Edmonton, Alberta, Canada, T6T 0N4
Email: privacyofficer@spendthebits.com
Phone: +1 (516) 515-0156
See also our Terms of Service (User Agreement).
