Skip to content

Privacy Policy

Last updated: March 25, 2026

This Privacy Policy explains how Constellation Network, Inc. ("we," "us," or "our") collects, uses, and protects information when you use the Arca Wallet mobile application (the "Wallet" or "Application"). Please read this Privacy Policy carefully before using the Wallet.

1. Our Principles

  • Privacy is a human right and software should help protect your rights.
  • Arca Wallet is non-custodial. We never have access to your funds, private keys, or recovery credentials.
  • We collect only the minimum information necessary to provide the Service.
  • We do not sell, rent, or trade your personal information to third parties.
  • We do not display advertising or share your data with advertisers.

2. Acceptance

By accessing and using Arca Wallet, you signify acceptance of the terms of this Privacy Policy. We may provide additional notices about data processing practices of specific components or services within the Wallet. These notices may supplement or clarify our privacy practices or may provide you with additional choices about how we process your data.

If you do not agree with or are not comfortable with any aspect of this Privacy Policy, you should immediately discontinue access or use of the Wallet.

3. Non-Custodial Architecture and Private Keys

Arca Wallet is a non-custodial wallet. Your private keys are generated and stored exclusively on your device. We do not collect, store, transmit, or have access to your private keys, recovery phrases, or any cryptographic credentials that control your digital assets.

Because we do not hold your private keys, we cannot access your wallet, view your balances, initiate transactions on your behalf, or recover your account if you lose your credentials. Your digital assets remain entirely under your control at all times.

Your blockchain transactions are broadcast to public distributed ledger networks and will be publicly visible due to the inherent transparency of blockchain technology. This is a property of the underlying networks and is not within our control.

4. Information We Collect

4.1 Account and Authentication Information

Arca Wallet uses a third-party authentication provider (Privy, Inc.) to enable account creation and login. Depending on the method you choose, the following information may be collected during authentication:

  • Email address (if you sign up with email)
  • Phone number (if you sign up with phone)
  • Social login identifiers (if you sign up via a social account such as Google or Apple)
  • Passkey and biometric authentication metadata (stored locally on your device, not transmitted to us)

This authentication information is processed by Privy, Inc. under its own privacy policy. We receive only the minimum identifiers necessary to associate your login session with your wallet. We do not receive or store your passwords.

4.2 Wallet Address Information

When your wallet is created, a public wallet address is generated. This address is inherently public on the blockchain. We store your public wallet address on our servers solely to provide the Service, including enabling transaction screening (see Section 6), delivering notifications, and displaying your transaction history.

4.3 Identity Verification (KYC)

Certain features of the Wallet, such as on-ramp and off-ramp services, may require identity verification ("Know Your Customer" or KYC). When you opt into these features, you may be asked to provide additional personal information such as your full legal name, date of birth, government-issued identification, and proof of address. This information is collected and processed by Sumsub (Sum and Substance Ltd.), our third-party KYC provider, and is shared with us only to the extent necessary to comply with applicable laws and regulations. You will be informed before any KYC data is collected and will have the opportunity to consent or decline (declining may limit access to certain features).

KYC data collected by Sumsub may include your full legal name, date of birth, nationality, government-issued photo identification (such as a passport, national ID card, or driver's license), selfie or liveness check images, and proof of address. This data is stored and processed by Sumsub under its own privacy policy and data protection practices. We receive only a verification status (approved, pending, or rejected) and the minimum identity data required to comply with applicable regulations.

4.4 Portable KYC Sharing

Arca Wallet offers a portable KYC feature that allows you to share your verified identity status with compatible third-party applications (including Safe Apps) without repeating the verification process. This feature is entirely opt-in and works as follows:

  • When a third-party application requests identity verification, you will be shown a consent screen that clearly identifies the requesting application and the specific data to be shared.
  • No KYC data is shared until you explicitly approve the request. You may decline any sharing request without affecting your use of Arca Wallet.
  • The data shared is limited to what the third-party application requests and what you consent to. This may include your verification status, name, date of birth, and nationality, but never includes raw identity documents or biometric images unless you explicitly consent.
  • You can review your sharing history within the Application at any time to see which applications you have shared data with.

Once your KYC data is shared with a third-party application, that application processes your data under its own privacy policy. The Company is not responsible for how third-party applications use, store, or protect your data after you have consented to share it.

4.5 Device and Technical Information

We may collect limited technical information to ensure the proper functioning of the Application, including:

  • Device type and operating system version
  • Application version
  • Crash reports and error logs (anonymized, containing no personal data)
  • Camera access (used solely for QR code scanning, processed locally on your device)

This information does not include personally identifiable data and is used exclusively for debugging, performance monitoring, and improving the Application.

4.6 Information We Do Not Collect

To be clear, we do not collect:

  • Your private keys, recovery phrases, or signing credentials
  • Your fund balances (these are read directly from public blockchain data by your device)
  • Your physical location or GPS data
  • Your contacts, photos, or files (beyond the camera permission described above)
  • Browsing history or activity outside the Application

5. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide and maintain the Service, including account authentication and wallet functionality.
  • To perform transaction screening against restricted address databases, as required by applicable law (see Section 6).
  • To send you transaction notifications (received, sent, failed) if you have enabled push notifications.
  • To detect, prevent, and address technical issues, bugs, and errors.
  • To comply with applicable legal and regulatory requirements.
  • To communicate important updates about the Service, such as changes to these Terms or security alerts.

We do not use your information for marketing, profiling, targeted advertising, or any purpose unrelated to providing the Service.

6. Transaction Screening

To comply with applicable legal requirements, the Application may screen wallet addresses involved in transactions against third-party databases of restricted addresses. This process involves transmitting the relevant wallet address (and only the wallet address) to a third-party screening provider for comparison against their database.

No other personal information, transaction amounts, or account details are shared with the screening provider. The screening provider receives only the public wallet address, which is already publicly visible on the blockchain.

If an address is identified as restricted, the Application may block the transaction. We do not store the results of individual screening checks beyond what is necessary for compliance record-keeping.

7. Third-Party Services and Safe Apps

7.1 Third-Party Service Providers

We use the following categories of third-party service providers to operate the Wallet:

  • Authentication provider (Privy, Inc.) for account creation and login
  • Transaction screening provider for address verification
  • Infrastructure providers for hosting and network services
  • KYC provider (Sumsub) for identity verification and portable KYC sharing (only when you opt in)

These providers receive only the minimum data necessary to perform their specific function. We require our service providers to handle your information in accordance with applicable privacy laws.

7.2 Safe Apps

The Wallet provides a directory of third-party applications ("Safe Apps") that have been verified for technical compatibility. When you access a Safe App, you are redirected to a third-party service that operates under its own privacy policy. We do not control the data collection or privacy practices of Safe Apps.

We do not share your personal information with Safe App operators. However, when you interact with a Safe App, that application may independently collect information from you according to its own privacy policy. We strongly encourage you to review the privacy policies of any Safe App before using it.

7.3 Blockchain Networks and Third-Party Servers

Balances, transactions, and other blockchain data may be read from or relayed through third-party servers ("nodes") and indexing services. While we do not share personal information with these services, your public wallet address and transaction data are inherently visible on public blockchain networks. We cannot guarantee the privacy of your internet connection or the data processing practices of blockchain infrastructure providers.

8. Data Storage and Security

The limited information we collect is stored on secure servers with industry-standard encryption and access controls. Your private keys and authentication credentials are stored exclusively on your device and are never transmitted to our servers.

While we implement reasonable technical and organizational measures to protect the information we hold, no method of electronic storage or transmission over the internet is completely secure. We cannot guarantee absolute security of any information transmitted to or stored by the Service.

9. Data Retention

We retain your account and authentication information for as long as your account is active or as needed to provide the Service. If you discontinue use of the Wallet, we will retain your information only for as long as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Anonymized technical data (crash reports, aggregated usage statistics) may be retained indefinitely as it cannot be traced back to any individual user.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • The right to access the personal information we hold about you.
  • The right to request correction of inaccurate personal information.
  • The right to request deletion of your personal information, subject to legal retention requirements.
  • The right to restrict or object to certain processing of your personal information.
  • The right to data portability where technically feasible.

Because Arca Wallet is non-custodial and collects minimal personal data, certain rights (such as deletion) may have limited applicability. For information stored solely on your device (private keys, local wallet data), you maintain full control and can delete this data at any time by uninstalling the Application.

To exercise any of these rights, please contact us using the information provided in Section 14.

11. Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

12. International Data Transfers

Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that differ from those of your jurisdiction. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions where we or our service providers operate.

If you are a resident of the European Economic Area (EEA), the United Kingdom, or another jurisdiction with data transfer restrictions, we will ensure that appropriate safeguards are in place for any cross-border transfers of your personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will make reasonable efforts to notify you through the Application or other means prior to the change taking effect. We encourage you to review this Privacy Policy periodically for any changes.

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

14. Questions and Contact

If you have any questions about this Privacy Policy or believe we have infringed on your privacy rights, you can contact us:

Our support team can escalate your concerns to our designated data protection officer as appropriate.

15. Confidentiality

Any personally identifying information which is voluntarily submitted, such as when requesting support, will be kept strictly confidential and never provided to third parties other than in an aggregated, anonymized form. All Constellation Network staff are bound by confidentiality agreements.