Ciphering Privacy Policy

Effective Date: June 6, 2026

Operator: This Privacy Policy ("Policy") describes how Relay ("Relay", "we", "us", or "our") collects, uses, discloses, and protects information when you use the Ciphering platform, website, web application, mobile application, AI agent, and related services (the "Platform").

Last Updated: June 6, 2026

1. Introduction

Ciphering is a non-custodial crypto trading interface and AI assistant. Because we do not custody assets or require traditional account creation in the core non-custodial flow, we collect significantly less personal information than a centralized exchange.

However, we still process certain information to provide the service, power the AI agent, secure the Platform, and comply with legal obligations.

By using the Platform, you consent to the collection and processing of information as described in this Policy.

2. Information We Collect

2.1 Information You Provide Directly

Wallet addresses: When you connect an EVM-compatible wallet (e.g., MetaMask), we record the public wallet address.
AI Conversations: Messages you send to Cipher AI (the "Agent") and the responses generated. These are processed by third-party AI model providers (currently xAI / Grok).
Voice interactions: Audio input (via browser or the realtime voice agent) may be processed for transcription and response generation. Voice synthesis output may be generated using third-party services (e.g., ElevenLabs).
Preferences and settings: Language selection, paper/live mode preferences, pair selections, and other customizations stored via localStorage or similar browser mechanisms.

2.2 Information Collected Automatically

On-chain activity: Public blockchain data associated with your connected wallet address (balances, transactions, token approvals, etc.). This data is inherently public and permanent on the blockchain.
Usage and interaction data: Features used, pages viewed, order previews requested, agent usage frequency, time spent on Platform.
Device and technical information: Browser type and version, operating system, device type, screen resolution, language settings, IP address, and approximate location derived from IP.
Performance and error data: Crash reports, JavaScript errors, latency measurements, and diagnostic information.
Cookies and local storage: We use browser localStorage (via Zustand persist middleware) to remember your preferences, trading state (current pair, paper mode, etc.), and agent chat history across sessions. We may use essential cookies for session management and security.

2.3 Information from Third Parties

Market data, price feeds, and liquidity information from public APIs and third-party providers (CoinGecko, DexScreener, blockchain indexers, etc.).
Authentication-related data if you use optional identity providers (e.g., Netlify Identity or future SIWE enhancements).

3. How We Use Your Information

We use the information we collect to:

Provide and operate the Platform, including wallet connection, order preview, charting, and the AI agent.
Power the Cipher AI agent (your prompts and context are sent to the AI model provider).
Display relevant market data, simulate paper trades, and (when enabled) facilitate live on-chain transaction construction.
Improve the Platform, the quality of AI responses, risk warnings, and user experience.
Detect, prevent, and investigate fraud, abuse, security incidents, and violations of our Terms.
Comply with legal and regulatory obligations (including sanctions screening, record-keeping, and responding to lawful requests).
Communicate with you about the Platform, updates, security alerts, or support requests.
Maintain audit logs of previews, AI interactions, and (in the future) executed trades for compliance and dispute resolution.

We do not sell your personal information.

4. AI Model Providers and Data Sharing with Third Parties

When you interact with Cipher AI:

Your messages (and relevant context such as current pair or connected wallet address when provided) are sent to xAI (or other model providers we may use) to generate responses.
These providers may process this data in accordance with their own privacy policies.
We may log AI interactions on our systems for safety, quality improvement, and abuse prevention.

Voice features may transmit audio or transcripts to ElevenLabs or similar providers.

We may share information with:

Infrastructure and hosting providers (Netlify and its subprocessors).
Analytics and monitoring service providers (if implemented).
Legal, compliance, and security vendors.
Law enforcement or regulators when required by law or to protect our rights.

We require appropriate contractual protections from our service providers.

5. Blockchain Data Is Public and Permanent

Any transaction you sign and broadcast is recorded permanently on public blockchains (Base, Ethereum, etc.).

Wallet addresses, transaction amounts, token movements, and timestamps are publicly visible and can be linked to you by anyone with access to blockchain analytics tools.
We have no ability to delete, alter, or hide on-chain data.
Connecting a wallet to the Platform makes the association between your usage of Ciphering and that wallet address observable.

6. Data Retention

AI chat history: Retained in your browser (via localStorage) and on our backend systems for as long as necessary to provide the service, improve the agent, and meet legal obligations. You can clear local data by clearing browser storage.
Usage and audit logs: Retained for compliance, security, and dispute resolution purposes, potentially for several years.
On-chain data: Permanent by nature of public blockchains.
Technical logs: Typically retained for 30–90 days unless needed for investigations.

We will delete or anonymize personal information when it is no longer needed for the purposes described, subject to legal retention requirements.

7. Your Rights and Choices

Depending on your jurisdiction (including under the EU General Data Protection Regulation (GDPR), the Danish Data Protection Act, CCPA, or similar laws), you may have rights to:

Access the personal information we hold about you.
Request correction or deletion of your information (subject to blockchain immutability and legal retention needs).
Object to or restrict certain processing.
Withdraw consent (where processing is based on consent).
Request data portability.
Lodge a complaint with a supervisory authority.

To exercise these rights, contact us using the details at the end of this Policy. We may need to verify your identity (e.g., by confirming control of the relevant wallet address).

Browser controls: You can disable JavaScript, clear localStorage/cookies, or use privacy-focused browsers/extensions. Note that this may break core functionality of the Platform.

Wallet disconnection: Simply disconnect your wallet from the dapp. This does not delete on-chain history or data we have already processed.

8. International Data Transfers

We and our service providers (including xAI and cloud infrastructure) may process and store information in countries outside your country of residence, including the United States and other jurisdictions that may have different data protection laws.

Where required, we use appropriate safeguards (such as standard contractual clauses or equivalent mechanisms) for cross-border transfers.

9. Security

We implement reasonable technical and organizational measures to protect the information we process. However:

No system is completely secure.
You are responsible for the security of your own devices, wallets, and internet connections.
We cannot guarantee the security of information transmitted over public networks or stored on public blockchains.

In the event of a security incident affecting your personal information, we will notify you and relevant authorities as required by applicable law.

10. Children's Privacy

The Platform is not directed to children under 18 (or the applicable age of digital consent). We do not knowingly collect personal information from children. If you believe we have collected such information, please contact us so we can take appropriate action.

11. Changes to This Privacy Policy

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or the Platform. The "Last Updated" date indicates the most recent revision.

Material changes will be communicated through the Platform or other reasonable means. Your continued use of the Platform after changes take effect constitutes acceptance of the updated Policy.

12. Contact Us

For questions, requests, or complaints regarding this Privacy Policy or our data practices, please contact:

Relay

Privacy / Data Protection

ceo@ciphering.io

Relay

If you are located in the EU/EEA or a jurisdiction with a data protection authority, you may also have the right to lodge a complaint with the relevant supervisory authority (in Denmark, the Danish Data Protection Agency / Datatilsynet).

13. Additional Disclosures for Specific Jurisdictions

European Union / Denmark: We aim to comply with the EU General Data Protection Regulation (GDPR) and the Danish Data Protection Act (Databeskyttelsesloven).
European Economic Area / UK / Switzerland: If GDPR or equivalent applies, we act as a data controller for the personal information described above. Our legal bases include contract performance, legitimate interests (security, product improvement, fraud prevention), and consent (where applicable, e.g., for certain AI processing or marketing).
California / United States: If CCPA/CPRA applies, see additional rights regarding access, deletion, and opt-out of "sales" (we do not sell personal information as defined under CCPA).

Important Note: This Privacy Policy is a template drafted for the current non-custodial version of the Ciphering Platform. It must be reviewed and customized by qualified legal counsel before use in production, especially if the Platform begins collecting more personal data, implements KYC, offers custodial services, or targets users in highly regulated jurisdictions.

On-chain activity is public forever. Think carefully before connecting your wallet or interacting with any DeFi protocol.