Last updated: 2025-08-09

Introduction

Gasyard (“we”, “us”, “our”) builds Web3 payment infrastructure. This Privacy Policy explains what we do and don’t collect when you use our mobile apps, websites, SDKs, and services (the “Services”). Our design principle is data minimization: we only process what is required to operate the protocol and app features. For any questions or privacy requests, contact: hello@gasyard.fi.

What we do NOT collect

  • No account creation, usernames, or passwords
  • No email address or phone number (unless you proactively contact us)
  • No precise geolocation
  • No contacts, calendars, photos, or device files
  • No advertising identifiers and no third‑party ad tracking
  • No biometric templates or private keys (we never access your keys)

Data we collect (Web3‑centric)

We collect only the minimum off‑chain metadata needed to operate the Services. Most payment data lives on public blockchains and is not controlled by us.
  • Wallet & Connection Metadata
    • Public wallet address(es) you connect
    • Connection method and provider (e.g., WalletConnect, injected wallet)
    • Network/chain IDs, RPC endpoint region (not precise location), and session status
  • Intent & Settlement Metadata (off‑chain)
    • Amount, currency/token symbol, chain/network for settlement
    • Merchant or recipient identifiers where applicable
    • Non‑sensitive labels you add (e.g., “coffee”), if used
  • On‑chain Data (public)
    • Transaction hashes, events, balances, and other data permanently recorded on supported chains
  • App, Device, and Diagnostic Data
    • App version, OS, device model, basic performance logs, and crash reports
    • IP address may be transiently processed by infrastructure to deliver network traffic and mitigate abuse
  • Optional Telemetry (off by default unless you opt‑in)
    • Anonymous feature usage to improve reliability and UX

How we use data

  • Provide core functionality (wallet connection, intent creation, routing, settlement)
  • Secure the protocol (fraud/abuse detection, rate limiting, and incident response)
  • Improve reliability and performance (debugging, crash analysis)
  • Provide support if you contact us
  • Comply with legal obligations

On‑chain data is public and immutable

Transactions and events written to blockchains are public, replicated, and typically cannot be altered or deleted by us. Keep this in mind when you include any optional labels or metadata.

Cookies and local storage

  • Web app may use strictly necessary cookies or local storage for session continuity and CSRF protection
  • No third‑party advertising cookies

Sharing and disclosure

We do not sell your personal information. We may share limited metadata with:
  • Service providers (e.g., RPC/indexing, infrastructure, crash reporting) under contractual safeguards
  • Wallet connectivity services you choose (e.g., WalletConnect) to establish the session you requested
  • Law enforcement or regulators where required by applicable law
  • Successors in a corporate transaction, with notice as required

Data retention

  • Wallet connection and session metadata: kept only as long as needed for operation and security
  • Diagnostic logs: typically short‑lived (e.g., 30–90 days) unless required longer for security or legal obligations
  • Support communications: retained as necessary to resolve your request and comply with law
  • On‑chain data: permanent and outside our control

Security

We use technical and organizational measures to protect the limited off‑chain data we process. No system is perfectly secure; we continuously improve controls and limit what we store by default.

Your choices and rights

Because we do not create accounts, your data is usually keyed to your public wallet address. Depending on your jurisdiction, you may request:
  • Access to or deletion of off‑chain data we hold that is linked to your wallet address
  • Correction of inaccurate off‑chain metadata
  • Restriction or objection to certain processing
Submit requests to hello@gasyard.fi. We will verify ownership by a signed message from your wallet address or alternative proof. Note: on‑chain data cannot be altered by us.

International transfers

We may process data in countries different from yours. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) for cross‑border transfers.

Children’s privacy

Our Services are not directed to children under 13 (or 16 where applicable). We do not knowingly collect data from children. If you believe a child has used the Services, contact us.

Third‑party services you choose

  • Wallet providers and connectors (e.g., WalletConnect, injected wallets): subject to their own policies
  • RPC and indexing providers: used to read/write blockchain data
  • Optional analytics/crash reporting (if enabled): used to improve reliability
Review their respective privacy policies when you use those services.

Apple App Review summary (data types and purpose)

  • Collected (linked to wallet address, not identity):
    • Wallet public address, connection method/provider, chain/network ID — for app functionality and security
    • Intent metadata (amount, token, target chain) — for transaction preparation and settlement
    • App diagnostics/crash logs — for app performance and reliability (may be optional)
  • Not collected:
    • Email, phone, contacts, precise geolocation, advertising ID, health, financial account numbers, biometrics
  • Tracking: None (no cross‑app or third‑party advertising tracking)

Contact us