Privacy Policy

Version 1.1.0 · Effective June 26, 2026

Key Points

This summary is a reader aid. The full Policy below controls.

We do not have your private keys or recovery phrase. Ever.
We name every third-party processor we use in Section 5.
Delete your account anytime. 30-day grace, then permanent removal.
AI Chat prompts are logged for safety review; default storage is hashed.
No analytics SDK, no advertising SDK, no attribution SDK.
Your GDPR and CCPA rights are described in Sections 8 and 14.

This Privacy Policy describes how Neosis ("Neosis", "we", "us", or "our") collects, uses, shares, and retains personal information when you use the Neosis application, website, or related services (collectively, the "Services"). It is incorporated by reference into our Terms of Service.

Neosis is a non-custodial cryptocurrency wallet and market-analysis tool. Your private keys and recovery phrase are generated and stored on your device. We never receive, store, or have the ability to access, recover, or reset them. This Privacy Policy explains the information we do handle and why.

1. Scope and Definitions

This Privacy Policy applies to the Neosis mobile application (iOS and Android), the public Neosis website, and any related Neosis-operated services. It does not apply to third-party services that you separately interact with through the Services, such as fiat on-ramp providers, market-data providers, or blockchain networks themselves; those providers have their own privacy notices.

"Personal Information" means information that identifies, relates to, or could reasonably be linked with you. It does not include de-identified or aggregated information that cannot reasonably be associated with you.

2. Information You Provide to Us

We collect the following directly from you:

Account identifiers. When you sign in with Apple, we receive an opaque Apple user identifier ("Sign in with Apple" sub claim) and a verified email address if you choose to share one. Your display name, if Apple supplies it on first sign-in, is also stored. Apple-issued private-relay email addresses are treated the same as any other email. When you sign in with Google instead, we receive your Google account identifier together with the name and email address associated with that Google account.
Wallet addresses. When you import or register a public wallet address for watching or sending, we store the address. We do not request, receive, or have the ability to receive your private keys or recovery phrase — those are generated and held exclusively on your device.
Consent records. When you accept the Terms of Service or Risk Disclaimer, we store the version you accepted and the timestamp as audit-trail evidence.
Content you submit to AI features. When you use the in-app AI Chat or related analysis features, the text of your prompts is processed by our AI provider (see Section 5) and an audit log entry is recorded. By default the recorded entry stores a one-way hash of your prompt and a separate one-way hash of the model output. Raw prompt and response text are recorded only when the operator has explicitly enabled raw-input audit logging for incident-investigation or safety-review purposes; this flag is off by default.
Support communications. When you contact us at the address in Section 15, we receive the email address you write from and the contents of your message.

3. Information Collected Automatically

Subscription state. If you purchase a Neosis subscription through the Apple App Store or Google Play Store, we receive a server-to-server snapshot of your subscription plan, status, period, and entitlement from our subscription-management processor (RevenueCat). We do not receive your full payment card details from the app stores.
Push-notification token. If you enable push notifications, the operating system issues a push token that we store in order to deliver price-alert notifications. The token is rotated and revoked by the operating system if you disable notifications or uninstall the app.
Session metadata. When you sign in, we store a session identifier, the IP address your session was first and last seen from, your device's user-agent string, and last-seen and last-used timestamps, so that we can secure your session and revoke compromised sessions. We do not store your wallet credentials in session records.
Wallet activity. For wallet addresses you register, we query public blockchain data on your behalf and cache balance and transaction-history snapshots so that the app can show them efficiently.

We do not enable Firebase Analytics, Firebase Crashlytics, or any third-party advertising or attribution SDK in the iOS build. The app does not request the App Tracking Transparency prompt because it performs no tracking as defined by Apple.

4. How We Use Your Information

We use Personal Information to:

Operate the Services, including creating and maintaining your account, broadcasting the pre-signed transactions you submit, and serving market-data and AI-analysis responses.
Send you the push notifications and emails you have opted in to receive, including price alerts and transactional messages such as receipts and security notices.
Maintain the security of the Services, including detecting and responding to abuse, fraud, and unauthorized access; maintaining audit logs of AI prompts and outputs for safety review; and complying with our legal obligations.
Improve the Services, including diagnosing reproducible errors that you report to us and tuning AI-analysis prompts and guardrails based on aggregated audit-log review.
Comply with applicable law and respond to lawful requests, including from courts, regulators, and law enforcement with valid jurisdiction.

5. Third-Party Processors and Data Recipients

We rely on a small set of third-party processors to operate the Services. The list below is exhaustive as of the effective date of this Policy; we will update this Policy when material changes are made.

Apple, Inc. — Sign in with Apple identity verification, Apple App Store payments, and Apple server-to-server account-deletion notifications. We receive your opaque Apple sub identifier and, on first sign-in only, the email address you choose to share.
Google LLC (Sign in with Google) — Google identity verification when you choose that sign-in method. We receive your Google account identifier and the name and email address associated with that account.
Google LLC (Firebase Cloud Messaging) — Push notification delivery. We send your FCM token and the alert payload.
Google LLC (Vertex AI / Gemini) — In-app AI analysis. We send the text of your AI Chat prompts and a summary of the public portfolio composition you have asked about. We do not send your private keys, recovery phrase, wallet credentials, or signing material — those never leave your device.
Google LLC (Cloud Run, Cloud SQL, Memorystore, Cloud Logging) — Backend hosting, database, caching, and logging infrastructure for the Services.
RevenueCat, Inc. — Subscription-state management. We forward Apple/Google receipts and receive webhook events plus a REST snapshot of your subscription plan, status, and period.
Tatum.io — Blockchain RPC and transaction-broadcast provider. We send the pre-signed transaction bytes you produced on your device, balance queries, and history queries. We do not send private keys.
TronGrid — TRON-network RPC, transaction construction, and broadcast. For TRON and TRC-20 transfers we send your TRON address to assemble the unsigned transaction and to broadcast the version you signed on your device. We do not send private keys.
CoinGecko — Market-data provider. We send symbol and contract-address queries; we do not send account identifiers.
Twilio SendGrid — Transactional email delivery. We send the recipient address and the email body for verification, receipts, and security notices.
Onramper B.V. — Fiat on-ramp / off-ramp provider. When you initiate a fiat purchase, you are redirected to Onramper; your transactional relationship is with Onramper and its payment processors. We do not receive your card details.
Jupiter — Solana-network swap routing and quotes. When you swap on Solana, we send your wallet (taker) address and the input and output token mints and amounts so Jupiter can return a route and build the unsigned swap transaction you sign on your device. We do not send your private keys, which never leave your device.
0x — EVM-network swap routing and quotes. When you swap on an EVM chain, we send your wallet (taker) address and the input and output token addresses and amounts so 0x can return a price and route and the unsigned swap transaction you sign on your device. We do not send your private keys, which never leave your device.

Each processor named above acts on our behalf and is contractually limited to using your information for the purposes described in this Policy. When you separately and independently interact with a third-party service through the Services (for example, when a fiat on-ramp redirects you to its own checkout), your interaction with that service is governed by its own privacy notice, not by this Policy.

6. Information We Do Not Collect

The following are not collected, transmitted, or accessible to us:

Your private keys, recovery phrase, or signing material. These are generated on your device using the BIP-39 standard and stored in your device's secure storage (the iOS Keychain or Android Keystore), configured to remain on that device only so they are never synced to iCloud or any other cloud backup. They are never transmitted to our servers, and an automated check runs on every backend build to confirm our servers contain no code that could receive, store, or reconstruct them.
Biometric templates. The app uses the platform biometric APIs only to receive a yes/no authentication result; no biometric template ever crosses the platform boundary.
Precise or coarse location. The app does not request location permission.
Contacts, photos, microphone, or files outside the app sandbox. The app does not request these permissions.
Camera content, except for QR-code scanning of wallet addresses, which happens on-device and does not record or transmit images.
Advertising or attribution identifiers. The iOS build does not link or integrate any advertising or attribution SDK and does not present the App Tracking Transparency prompt.

7. Retention

Account record. We retain your account record for as long as your account is active. When you delete your account, it is first marked as deleted (a soft delete) and a 30-day grace window begins. During the grace window, your account is treated as deleted for all access purposes but is not yet permanently erased. After 30 days, an automated daily job permanently erases it and the remaining data described below.
Operational records. The following are hard-deleted immediately when you delete your account: alerts, alert trigger events, notification deliveries, device push tokens, wallet addresses, your subscription mirror, user devices, user sessions, and any founding-member enrollment record.
Transaction history. The transaction-history records we maintain for your registered addresses are retained through the 30-day grace window so that an authorized restore (if any is offered in the future) can be serviced, and are then permanently deleted by the same automated daily job that removes the account record.
AI Chat audit logs. AI Chat audit entries (prompt hash, output hash, and metadata) are retained for thirteen (13) months from creation and then permanently deleted by an automated job, regardless of account state. This retention exists to support incident investigation and safety review of AI behavior. If you delete your account during this period, entries tied to your account are removed on day 30 of the deletion grace window or at the thirteen-month mark, whichever comes first.
Consent evidence. Records of which version of the Terms of Service and Risk Disclaimer you accepted, and when, are retained as append-only legal evidence for the life of the account row. They are deleted on day 30 along with the rest of the account row.
Backups. Encrypted database backups are retained for up to thirty-five (35) days. Backups containing deleted records are aged out on the same schedule as live backups; we do not perform targeted record deletion within backups.
Logs. Operational logs may contain pseudonymous identifiers and are retained for up to thirty (30) days for incident-investigation purposes.

8. Your Privacy Choices and Rights

You can exercise the rights described below at any time, subject to verification of your identity and to the exceptions provided under applicable law.

Access your account information by viewing your profile and subscription state in Settings.
Delete your account through Settings → Delete Account. Deletion triggers the cascade described in Section 7, including detaching your subscription mirror at our subscription processor and invalidating your sessions. A 30-day grace window applies before permanent deletion.
Cancel a subscription through the App Store or Google Play Store account that purchased it. Subscription cancellation through your platform is independent of account deletion.
Withdraw consent for, or object to, particular processing where required by applicable law by contacting us at the address in Section 15.
Correct or restrict the processing of your personal information where required by applicable law by contacting us at the address in Section 15. Note that your name and email are supplied by your Apple or Google sign-in; corrections to those values may also need to be made with that provider.
Portability. You may request a machine-readable export of the personal information you provided to us by contacting us at the address in Section 15.
Lodge a complaint with the data-protection authority in your country of residence if you are in the European Economic Area, the United Kingdom, or Switzerland.

9. Account Deletion in Detail

You can delete your account at any time by tapping Settings → Delete Account. Doing so will:

Soft-delete your account record, beginning a 30-day grace window. During the grace window your account is treated as deleted: you cannot sign back in, your subscription is detached from our records, and incoming subscription-renewal events from the platform are ignored.
Hard-delete, immediately, your alerts, alert trigger events, notification deliveries, device push tokens, wallet addresses, your subscription mirror, user devices, sessions, and any founding-member enrollment record.
Detach your subscriber record at our subscription processor (RevenueCat). Cancelling the underlying subscription with the App Store or Google Play Store is a separate action you take through your platform account.
Invalidate all active sessions across all your devices.

On day thirty (30) of the grace window, an automated daily job permanently deletes your account row, your transaction-history records, and any remaining AI Chat audit entries tied to your account.

If you have used Sign in with Apple, you may also revoke Neosis through the Apple Settings → Apple ID → Sign in with Apple workflow. Apple will notify our server, and we will treat the revocation as an account-deletion request. The same cascade above applies.

10. International Data Transfers

Our backend infrastructure is operated in the United States. If you access the Services from outside the United States, your information will be transferred to, processed in, and stored in the United States or other jurisdictions where our processors operate.

For transfers of personal information from the European Economic Area, the United Kingdom, or Switzerland to the United States, we rely on Standard Contractual Clauses approved by the European Commission (and the UK Addendum / Swiss equivalents where applicable) as a transfer mechanism.

11. Security

We use commercially reasonable administrative, technical, and physical safeguards to protect Personal Information, including encryption in transit (TLS), encryption at rest for our database, revocable session identifiers, hashed identifiers in logs, and least-privilege access controls on our production infrastructure.

No system is perfectly secure. The single most important security control for your wallet is your sole custody of your recovery phrase. We cannot recover or reset it, and we cannot reverse a transaction once it is broadcast.

If a security incident affects your Personal Information in a way that triggers a legal notification obligation, we will notify you and the relevant authorities consistent with applicable law (including, where applicable, within 72 hours under Article 33 of the GDPR).

12. Children

The Services are not directed to children under 18 and are not intended for use by children under 13 under any circumstance. We do not knowingly collect Personal Information from children. If you believe a child has provided Personal Information to us, contact us at the address in Section 15 and we will delete it.

13. Changes to this Policy

We may update this Privacy Policy from time to time. The "effective date" at the top of this Policy indicates when this version became effective. We will revise this Policy when our practices change in a way that affects how we collect, use, share, or retain Personal Information. We encourage you to review this Policy periodically.

When changes are material, we will use commercially reasonable efforts to notify you, including by posting a notice within the Services and, where required by law, requesting your renewed consent before applying the changed practices to you.

14. Additional Regional Disclosures

(a) California residents.

Categories of personal information we collect, the purposes for which they are used, and the categories of processors with which they are shared are described in Sections 2 through 5 above.
We do not sell or share your personal information for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
You have the right to know, delete, correct, and limit the use of sensitive personal information, and to opt out of certain sharing. Exercise these rights by contacting us at the address in Section 15. We will not discriminate against you for exercising your rights.

(b) Residents of the EEA, the United Kingdom, and Switzerland.

Controller. Neosis is the controller of the Personal Information described in this Policy.
Legal bases. We rely on the following legal bases: performance of a contract (Article 6(1)(b)) for operating the Services you request; legitimate interests (Article 6(1)(f)) for security, fraud prevention, audit logging, and product improvement (balanced against your fundamental rights); consent (Article 6(1)(a)) where we ask for it (for example, before sending non-transactional marketing email, which we do not currently do); legal obligation (Article 6(1)(c)) where applicable.
Rights. You have the rights of access, rectification, erasure, restriction, portability, and objection under Articles 15-22 of the GDPR, exercisable as described in Section 8. You may lodge a complaint with your local supervisory authority.
International transfers. See Section 10.

15. Contact

Questions, opt-out requests, or rights requests under this Privacy Policy should be directed to:

Neosis — Privacy
Email: admin@ckslabs.com
Mail: 202 N Cedar Ave, Suite #1, Owatonna, Minnesota 55060, United States