Privacy Policy

Effective 1 March 2026

Spondula (“Spondula”, “we”, “us”, or “our”) operates the Spondula mobile application, web platform, payment gateway, and Spondula Chain (collectively, the “Service”). This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use the Service.

Spondula is the data controller for personal data processed in connection with the Service. By creating an account or using the Service you acknowledge that you have read and understood this policy.

1. Information We Collect

1.1 Information You Provide

Account information: email address, display name, first and last name, date of birth, country of residence, and account type (personal, business, or operator).
Authentication credentials: password (hashed by Firebase Authentication, never stored in plain text), PIN (hashed locally on your device), and optional TOTP multi-factor authentication secret.
Wallet information: your Spondula wallet address (SS58 public address) and an encrypted backup of your recovery phrase (AES-256-GCM encrypted with a key derived from your PIN; we cannot decrypt it).
Identity verification (KYC / KYB): government-issued photo ID, proof of address document, live selfie, and — for business accounts — company registration documents, beneficial ownership, and director information.
S Handle: your chosen unique username (e.g. #yourname) for receiving payments.
Contact information: phone number (optional, for discoverability). If you enable contacts sync, device contact phone numbers are hashed and checked against our database to find existing Spondula users — we do not persist your address book.
Chat messages: messages exchanged with other Spondula users through our in-app messaging feature. Messages are stored in Firestore and are not end-to-end encrypted.
Payment method details: bank account name, sort code, and IBAN used for fiat on/off-ramp via the Payment Gateway.
Merchant data: for business accounts — invoices you issue, gateway transaction records, and payout bank details.
Feedback and support: any information you provide when contacting us at support@spondula.com.

1.2 Information Collected Automatically

Device and session data: browser type and version, operating system, device type, and IP address. Used to display your active sessions and detect unauthorised access.
Transaction data: on-chain records including sender address, recipient address, asset, amount, block number, and timestamp. These are recorded on the Spondula blockchain and cached server-side for performance.
Usage preferences: theme, default currency, auto-lock duration, biometric toggle, and notification settings (stored locally on your device).

1.3 Information We Do NOT Collect

We do not sell, rent, or trade your personal data to third parties.
We do not have, and cannot obtain, your PIN, your recovery phrase in plaintext, or your private key.
We do not set analytics or advertising cookies unless you have explicitly opted in. See Section 10 below for details on what each opt-in covers.

2. How We Use Your Information

We use the information we collect to:

Create and manage your account.
Process and record transactions on the Spondula Chain.
Verify your identity as required by applicable anti-money-laundering (AML), counter-terrorism-financing (CTF), and know-your-customer (KYC) regulations.
Enable you to send, receive, exchange, and redeem S-Assets.
Operate the Payment Gateway for merchants, including settling pay-ins and pay-outs with Operators.
Provide in-app messaging, contacts, and S Handle resolution.
Display your active device sessions and allow remote session revocation for security.
Send transactional notifications (e.g. payment received, KYC status updates, security alerts).
Detect and prevent fraud, unauthorised access, sanctions breach, and other illegal activity.
Respond to support requests.
Comply with legal, regulatory, and tax obligations.

3. Non-Custodial Wallet Architecture

Spondula is a non-custodialwallet. Your private key is generated on your device. Your recovery phrase is encrypted with a key derived from your PIN using AES-256-GCM. The encrypted backup stored in our infrastructure cannot be decrypted by Spondula — only you hold the PIN. If you lose your PIN and your recovery phrase, we cannot recover your wallet.

4. Lawful Basis for Processing (UK / EU GDPR)

We process your personal data under the following lawful bases:

Performance of a contract: to create your account, execute transactions, provide messaging, run the Payment Gateway, and deliver the Service you have asked for.
Legal obligation: to conduct KYC / KYB, sanctions screening, transaction monitoring, suspicious-activity reporting, and record-keeping under UK Money Laundering Regulations and equivalent EU / UN frameworks.
Legitimate interest: to secure the platform against fraud, unauthorised access, and abuse, and to improve the Service. We balance these interests against your privacy rights.
Consent: for optional features such as contacts sync, phone-number discoverability, and marketing communications. You can withdraw consent at any time via Privacy settings.

5. Data Storage, Residency, and Security

Account data, KYC documents, chat messages, S Handles, contacts, and payment records are stored in Google Firebase (Cloud Firestore and Cloud Storage), hosted in the europe-west2 (London) region.
On-chain data is stored on the Spondula Chain, currently operated from a validator node in London.
All data in transit is encrypted via TLS 1.2+. Data at rest is encrypted using Google Cloud's default encryption.
Recovery phrases are encrypted with AES-256-GCM using a key derived from your PIN on your device before any backup leaves the device.
KYC documents are stored in a restricted Firebase Storage bucket accessible only to admin personnel with a documented review need.
We enforce a strict Content Security Policy (CSP), HSTS with preload, X-Frame-Options: DENY, and other security headers.
Access to admin tooling requires Firebase custom-claim role-based permissions (admin / support / viewer) and is audited.
You can enable biometric device lock, auto-lock, and TOTP multi-factor authentication in the Security panel.

6. Who We Share Data With

We share your personal data only in the following circumstances:

Google Cloud / Firebase — hosting, authentication, storage, and push notification infrastructure (UK / EU regions).
Operators (Regional and Local) — for cash-in and cash-out transactions, we share the minimum information the Operator needs to complete the fiat leg (typically your verified name, the amount, and a transaction reference). Operators are independently KYB-verified and are bound by confidentiality and data-protection obligations.
Payment Gateway partners — where you pay in by card or bank transfer, the relevant card acquirer, bank, or payment institution receives the transaction data necessary to settle the payment.
KYC and sanctions-screening providers — we may use face-match, liveness, sanctions-list, document-fraud, and PEP / adverse-media screening providers to process KYC submissions. A provider only receives the specific documents and attributes needed to run its check.
Other Spondula users — your display name, S Handle, and wallet address are visible to people you transact or chat with. Your discoverability settings control whether users can find you by email or phone number.
The Spondula blockchain — transaction data (sender address, recipient address, amount, asset) is recorded on the Spondula Chain and is visible to anyone with access to the network.
Legal, regulatory, and law-enforcement requests — we may disclose data where required by applicable law, court order, regulator, or Financial Intelligence Unit request.
Corporate transactions — in a merger, acquisition, or restructuring, data may be transferred to the successor entity subject to this policy.

7. International Transfers

Your data is processed and stored primarily within the United Kingdom and European Union. Where data is transferred outside of the UK / EEA (for example to an Operator operating in another corridor, or to a KYC provider headquartered elsewhere), we rely on UK International Data Transfer Agreements, Standard Contractual Clauses, or adequacy decisions, as applicable.

8. Data Retention

Account data: retained for the life of your account and for a reasonable period after closure for dispute resolution and legal defence.
KYC / KYB documents and verification decisions: retained for at least five (5) years after your last transaction or account closure, as required by UK Money Laundering Regulations 2017 (as amended).
Transaction records (on-chain): permanent and immutable by design. Cached off-chain copies are kept for the life of your account plus applicable AML retention.
Payment Gateway records: retained for at least six (6) years for tax and accounting purposes.
Chat messages: retained for the life of the conversation unless you delete it.
Session / device data: retained until the session is revoked or after 90 days of inactivity.
Support correspondence: retained for up to three (3) years.

When you delete your account, we remove personal data from our active systems within 30 days, except where retention is required by law.

9. Your Rights

Under UK and EU GDPR you have the right to:

Access the personal data we hold about you.
Rectify inaccurate or incomplete data (via the Personal Details panel in the app).
Erase your account and associated data (account deletion is available in the app). This right is limited by our AML retention obligations and by the immutability of on-chain records.
Restrict or object to processing in certain circumstances, including processing based on legitimate interest.
Data portability: receive your account data in a structured, machine-readable format.
Withdraw consent for optional features at any time via Privacy settings.
Lodge a complaint with the UK Information Commissioner's Office (ICO) or your local supervisory authority.

To exercise any of these rights, contact privacy@spondula.com. We will respond within the timescales required by applicable law (typically one month).

10. Cookies and Local Storage

We use strictly-necessary session cookies for Firebase Authentication and browser local storage to persist your encrypted wallet data, transaction cache, and preferences. Your PIN is never stored on our servers in any form. Clearing your browser storage without having backed up your recovery phrase will result in loss of access on that device.

10.1 Optional cookies — opt-in only

We also offer two optional cookie categories. Both are off by default and are only enabled when you grant consent via the cookie banner. You can change your choice at any time by clearing the spondula-consent and spondula-ads-consententries from your browser's local storage, which will re-show the banner on your next visit.

Analytics cookies — when you opt in, we use Firebase Analytics (Google Analytics 4) to understand which pages help most. URL paths are scrubbed of personal identifiers (S handles, wallet addresses, claim tokens) before any data is sent. We do not pass your email, phone, or wallet contents to Google.
Advertising cookies— when you opt in, we use the Meta Pixel to measure the effectiveness of our advertising on Facebook and Instagram, and to help us reach people likely to be interested in Spondula. The Pixel records page visits and key conversion events (e.g. signup, waitlist join). We never pass your PIN, recovery phrase, wallet contents, transaction history, or S handle to Meta. Personal identifiers sent to Meta's Conversions API are SHA-256 hashed in line with Meta's data handling requirements.

Rejecting either category does not affect your ability to use Spondula. Strictly-necessary cookies remain active in either case because they are required for the service to function.

11. Children's Privacy

The Service is not directed to children under 13. Our onboarding flow includes a date-of-birth age gate that blocks accounts below this threshold. Certain features (transfers, exchange, cash-in, cash-out) are only available to users aged 18 or older. If we learn that we have collected data from a child under 13 without consent, we will delete the account and associated data promptly.

12. Security Incidents

We maintain an incident-response process and will notify affected users and the UK Information Commissioner's Office (or equivalent supervisory authority) of a personal-data breach within 72 hours of becoming aware of it, where required by law. Notifications will explain the nature of the breach, likely consequences, and the steps we are taking.

13. Data Protection Contact

If you have questions about this Privacy Policy, want to exercise a right, or wish to raise a concern:

14. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via in-app notification or email. The “Effective” date above indicates the latest revision. Continued use of the Service after changes constitutes acceptance of the updated policy.

Privacy Policy

Effective 1 March 2026

Spondula is the data controller for personal data processed in connection with the Service. By creating an account or using the Service you acknowledge that you have read and understood this policy.

1. Information We Collect

1.1 Information You Provide

Account information: email address, display name, first and last name, date of birth, country of residence, and account type (personal, business, or operator).
Authentication credentials: password (hashed by Firebase Authentication, never stored in plain text), PIN (hashed locally on your device), and optional TOTP multi-factor authentication secret.
Wallet information: your Spondula wallet address (SS58 public address) and an encrypted backup of your recovery phrase (AES-256-GCM encrypted with a key derived from your PIN; we cannot decrypt it).
Identity verification (KYC / KYB): government-issued photo ID, proof of address document, live selfie, and — for business accounts — company registration documents, beneficial ownership, and director information.
S Handle: your chosen unique username (e.g. #yourname) for receiving payments.
Contact information: phone number (optional, for discoverability). If you enable contacts sync, device contact phone numbers are hashed and checked against our database to find existing Spondula users — we do not persist your address book.
Chat messages: messages exchanged with other Spondula users through our in-app messaging feature. Messages are stored in Firestore and are not end-to-end encrypted.
Payment method details: bank account name, sort code, and IBAN used for fiat on/off-ramp via the Payment Gateway.
Merchant data: for business accounts — invoices you issue, gateway transaction records, and payout bank details.
Feedback and support: any information you provide when contacting us at support@spondula.com.

1.2 Information Collected Automatically

Device and session data: browser type and version, operating system, device type, and IP address. Used to display your active sessions and detect unauthorised access.
Transaction data: on-chain records including sender address, recipient address, asset, amount, block number, and timestamp. These are recorded on the Spondula blockchain and cached server-side for performance.
Usage preferences: theme, default currency, auto-lock duration, biometric toggle, and notification settings (stored locally on your device).

1.3 Information We Do NOT Collect

We do not sell, rent, or trade your personal data to third parties.
We do not have, and cannot obtain, your PIN, your recovery phrase in plaintext, or your private key.
We do not set analytics or advertising cookies unless you have explicitly opted in. See Section 10 below for details on what each opt-in covers.

2. How We Use Your Information

We use the information we collect to:

Create and manage your account.
Process and record transactions on the Spondula Chain.
Verify your identity as required by applicable anti-money-laundering (AML), counter-terrorism-financing (CTF), and know-your-customer (KYC) regulations.
Enable you to send, receive, exchange, and redeem S-Assets.
Operate the Payment Gateway for merchants, including settling pay-ins and pay-outs with Operators.
Provide in-app messaging, contacts, and S Handle resolution.
Display your active device sessions and allow remote session revocation for security.
Send transactional notifications (e.g. payment received, KYC status updates, security alerts).
Detect and prevent fraud, unauthorised access, sanctions breach, and other illegal activity.
Respond to support requests.
Comply with legal, regulatory, and tax obligations.

3. Non-Custodial Wallet Architecture

4. Lawful Basis for Processing (UK / EU GDPR)

We process your personal data under the following lawful bases:

Performance of a contract: to create your account, execute transactions, provide messaging, run the Payment Gateway, and deliver the Service you have asked for.
Legal obligation: to conduct KYC / KYB, sanctions screening, transaction monitoring, suspicious-activity reporting, and record-keeping under UK Money Laundering Regulations and equivalent EU / UN frameworks.
Legitimate interest: to secure the platform against fraud, unauthorised access, and abuse, and to improve the Service. We balance these interests against your privacy rights.
Consent: for optional features such as contacts sync, phone-number discoverability, and marketing communications. You can withdraw consent at any time via Privacy settings.

5. Data Storage, Residency, and Security

Account data, KYC documents, chat messages, S Handles, contacts, and payment records are stored in Google Firebase (Cloud Firestore and Cloud Storage), hosted in the europe-west2 (London) region.
On-chain data is stored on the Spondula Chain, currently operated from a validator node in London.
All data in transit is encrypted via TLS 1.2+. Data at rest is encrypted using Google Cloud's default encryption.
Recovery phrases are encrypted with AES-256-GCM using a key derived from your PIN on your device before any backup leaves the device.
KYC documents are stored in a restricted Firebase Storage bucket accessible only to admin personnel with a documented review need.
We enforce a strict Content Security Policy (CSP), HSTS with preload, X-Frame-Options: DENY, and other security headers.
Access to admin tooling requires Firebase custom-claim role-based permissions (admin / support / viewer) and is audited.
You can enable biometric device lock, auto-lock, and TOTP multi-factor authentication in the Security panel.

6. Who We Share Data With

We share your personal data only in the following circumstances:

Google Cloud / Firebase — hosting, authentication, storage, and push notification infrastructure (UK / EU regions).
Operators (Regional and Local) — for cash-in and cash-out transactions, we share the minimum information the Operator needs to complete the fiat leg (typically your verified name, the amount, and a transaction reference). Operators are independently KYB-verified and are bound by confidentiality and data-protection obligations.
Payment Gateway partners — where you pay in by card or bank transfer, the relevant card acquirer, bank, or payment institution receives the transaction data necessary to settle the payment.
KYC and sanctions-screening providers — we may use face-match, liveness, sanctions-list, document-fraud, and PEP / adverse-media screening providers to process KYC submissions. A provider only receives the specific documents and attributes needed to run its check.
Other Spondula users — your display name, S Handle, and wallet address are visible to people you transact or chat with. Your discoverability settings control whether users can find you by email or phone number.
The Spondula blockchain — transaction data (sender address, recipient address, amount, asset) is recorded on the Spondula Chain and is visible to anyone with access to the network.
Legal, regulatory, and law-enforcement requests — we may disclose data where required by applicable law, court order, regulator, or Financial Intelligence Unit request.
Corporate transactions — in a merger, acquisition, or restructuring, data may be transferred to the successor entity subject to this policy.

7. International Transfers

8. Data Retention

Account data: retained for the life of your account and for a reasonable period after closure for dispute resolution and legal defence.
KYC / KYB documents and verification decisions: retained for at least five (5) years after your last transaction or account closure, as required by UK Money Laundering Regulations 2017 (as amended).
Transaction records (on-chain): permanent and immutable by design. Cached off-chain copies are kept for the life of your account plus applicable AML retention.
Payment Gateway records: retained for at least six (6) years for tax and accounting purposes.
Chat messages: retained for the life of the conversation unless you delete it.
Session / device data: retained until the session is revoked or after 90 days of inactivity.
Support correspondence: retained for up to three (3) years.

When you delete your account, we remove personal data from our active systems within 30 days, except where retention is required by law.

9. Your Rights

Under UK and EU GDPR you have the right to:

Access the personal data we hold about you.
Rectify inaccurate or incomplete data (via the Personal Details panel in the app).
Erase your account and associated data (account deletion is available in the app). This right is limited by our AML retention obligations and by the immutability of on-chain records.
Restrict or object to processing in certain circumstances, including processing based on legitimate interest.
Data portability: receive your account data in a structured, machine-readable format.
Withdraw consent for optional features at any time via Privacy settings.
Lodge a complaint with the UK Information Commissioner's Office (ICO) or your local supervisory authority.

To exercise any of these rights, contact privacy@spondula.com. We will respond within the timescales required by applicable law (typically one month).

10. Cookies and Local Storage

10.1 Optional cookies — opt-in only

Analytics cookies — when you opt in, we use Firebase Analytics (Google Analytics 4) to understand which pages help most. URL paths are scrubbed of personal identifiers (S handles, wallet addresses, claim tokens) before any data is sent. We do not pass your email, phone, or wallet contents to Google.
Advertising cookies— when you opt in, we use the Meta Pixel to measure the effectiveness of our advertising on Facebook and Instagram, and to help us reach people likely to be interested in Spondula. The Pixel records page visits and key conversion events (e.g. signup, waitlist join). We never pass your PIN, recovery phrase, wallet contents, transaction history, or S handle to Meta. Personal identifiers sent to Meta's Conversions API are SHA-256 hashed in line with Meta's data handling requirements.

Rejecting either category does not affect your ability to use Spondula. Strictly-necessary cookies remain active in either case because they are required for the service to function.

11. Children's Privacy

12. Security Incidents

13. Data Protection Contact

If you have questions about this Privacy Policy, want to exercise a right, or wish to raise a concern:

The fine print.

Privacy Policy

1. Information We Collect

1.1 Information You Provide

1.2 Information Collected Automatically

1.3 Information We Do NOT Collect

2. How We Use Your Information

3. Non-Custodial Wallet Architecture

4. Lawful Basis for Processing (UK / EU GDPR)

5. Data Storage, Residency, and Security

6. Who We Share Data With

7. International Transfers

8. Data Retention

9. Your Rights

10. Cookies and Local Storage

10.1 Optional cookies — opt-in only

11. Children's Privacy

12. Security Incidents

13. Data Protection Contact

14. Changes to This Policy

The fine print.

Privacy Policy

1. Information We Collect

1.1 Information You Provide

1.2 Information Collected Automatically

1.3 Information We Do NOT Collect

2. How We Use Your Information

3. Non-Custodial Wallet Architecture

4. Lawful Basis for Processing (UK / EU GDPR)

5. Data Storage, Residency, and Security

6. Who We Share Data With

7. International Transfers

8. Data Retention

9. Your Rights

10. Cookies and Local Storage

10.1 Optional cookies — opt-in only

11. Children's Privacy

12. Security Incidents

13. Data Protection Contact

14. Changes to This Policy