Privacy Policy

1.1 Wallet & Identity Data

When you connect your wallet or authenticate via Magic Link, we collect your public wallet address, email address (for authentication), and session tokens. We do not collect, store, or have access to your private keys at any time.

1.2 Transaction Data

We record metadata about blockchain transactions you initiate through the Crest platform, including transaction hashes, amounts, timestamps, and vault addresses. All on-chain data is inherently public on the Avalanche network.

1.3 Usage Data

We collect anonymised usage analytics including page views, feature usage, session duration, and device type. This data is aggregated and cannot be linked to individual users.

1.4 AI Chat Data

When you interact with the Crest AI assistant, your messages are processed by Groq AI's LLM service. We retain chat history in our database to provide context across sessions. You may delete your chat history at any time from Settings.

2.1 Service Delivery

We use your data to operate the Crest platform: to process transactions, execute automation rules, calculate staking rewards, and generate goal projections. Without this data, we cannot provide the service.

2.2 AI-Powered Features

Your balance data, transaction history, and goals are used to personalise AI responses in the chat interface. This processing happens within our secured infrastructure. We do not share your financial data with third-party AI providers — only anonymised query context is sent to Groq.

2.3 Security & Fraud Prevention

We analyse login patterns and transaction behaviour to detect suspicious activity and protect your account.

2.4 Improvement & Research

Aggregated, anonymised usage data helps us improve the platform. We do not sell or license individual user data for any purpose.

3.1 Avalanche Network

Transactions you submit are broadcast to the Avalanche blockchain, which is a public, permissionless network. On-chain data is visible to anyone and cannot be deleted.

3.2 Magic Link (Authentication)

We use Magic Link to provide passwordless email authentication. Magic Link processes your email address to deliver authentication tokens. Their privacy policy governs this processing.

3.3 Groq AI

The AI chat feature uses Groq's inference API. We send anonymised query context only — your wallet address, real balances, and personal identifiers are never transmitted to Groq.

3.4 No Data Sales

We do not sell, rent, or trade your personal information to any third party, ever.

4.1 Account Data

We retain your account data for as long as your account is active. You may request account deletion at any time by contacting support@crest.app.

4.2 Transaction Records

For regulatory compliance, transaction records may be retained for up to 7 years even after account deletion, in anonymised form.

4.3 Chat History

AI chat logs are retained for 90 days by default and may be deleted earlier from your account settings.

5.1 Encryption

All data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256. Database access is restricted to authorised infrastructure with audit logging.

5.2 Private Keys

Crest operates a non-custodial wallet model. We never have access to your private keys. You are solely responsible for securing your seed phrase and wallet credentials.

5.3 Incident Response

In the event of a security incident affecting your data, we will notify affected users within 72 hours of becoming aware of the breach, in accordance with applicable data protection laws.

6.1 Access & Portability

You have the right to access a copy of all personal data we hold about you. Requests can be made at support@crest.app and will be fulfilled within 30 days.

6.2 Correction & Deletion

You may correct inaccurate data or request deletion of your account and associated personal data at any time, subject to legal retention requirements.

6.3 Opt-Out

You may opt out of analytics tracking and non-essential data collection at any time through the Privacy section of your account settings.

We may update this Privacy Policy from time to time. Material changes will be communicated via email and an in-app notification at least 14 days before taking effect. Continued use of Crest after that date constitutes acceptance of the updated policy.

Questions about this Privacy Policy? Contact our Data Protection team at privacy@crest.app or write to: Crest Labs, Privacy Office. We aim to respond to all privacy enquiries within 5 business days.