Skip to main content

Privacy Policy

Last updated: February 7, 2026

1. Introduction

NoNada Wallet (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cryptocurrency wallet service integrated with Telegram.

By using NoNada Wallet, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Non-Custodial Nature

NoNada Wallet is a non-custodial wallet. We do NOT store, have access to, or control your private keys or recovery phrases. Your cryptographic keys are encrypted and stored only on your device.

2.2 Information We Do Collect

  • Telegram User ID: We collect your Telegram user ID to link your wallet to your Telegram account.
  • Transaction Data: Blockchain transaction hashes and public wallet addresses for transaction history display.
  • Usage Analytics: Anonymized data about feature usage to improve our service.
  • Device Information: Basic device and browser information for security purposes.

3. How We Use Your Information

We use the collected information for the following purposes:

  • To provide and maintain our wallet service
  • To display your transaction history and wallet balances
  • To improve and optimize our service
  • To detect and prevent fraud or security threats
  • To communicate important updates about the service
  • To comply with legal obligations

4. Data Security

We implement industry-standard security measures to protect your data:

  • End-to-end encryption for all sensitive communications
  • AES-256 encryption for data at rest
  • Automated security gates on every code change (signer-isolation, secret-scanning, dependency auditing) — note: no formal third-party security audit has been completed; see /security and SECURITY.md for current posture
  • Secure server infrastructure with restricted access
  • No storage of private keys or recovery phrases on our servers

5. Third-Party Data Processors

We route specific categories of your data to the following named third-party processors. Each is a separate data controller bound by its own privacy policy:

  • Sentry (error monitoring) — receives stack traces, browser/device metadata, and redacted error payloads. PII (wallet addresses, amounts, user IDs) is masked client-side before it leaves your device. See sentry.io/privacy.
  • Firebase (Google Cloud, hosting + auth fallback) — receives request logs, anonymized hosting metrics, and Firebase Authentication identifiers when you use the legacy auth path. See firebase.google.com/support/privacy.
  • MoonPay (fiat on-ramp) — receives the email, full name, government ID, and payment-card data you submit directly into MoonPay's iframe when buying crypto with fiat. NoNada does not see this data. See moonpay.com/legal/privacy_policy.
  • Helius (Solana RPC + indexing) — receives your public Solana wallet addresses and the on-chain queries we make on your behalf (balance reads, transaction submissions). No private keys are ever transmitted. See helius.dev/privacy-policy.
  • Stripe (payment processing for partner-facing services) — receives card details when partners pay subscription invoices. End-user wallet data does not flow to Stripe. See stripe.com/privacy.
  • Vercel (web hosting) — terminates HTTPS fornonadawallet.comand serves the Next.js application. Receives request metadata (IP, User-Agent, path) for routing and DDoS protection. See vercel.com/legal/privacy-policy.
  • Upstash (Redis for rate-limiting and anti-replay caches) — receives short-lived hashed identifiers used to enforce per-IP and per-user request limits. Entries auto-expire. See upstash.com/trust/privacy.
  • Telegram (when you use the Telegram Mini App) — we receive your Telegram user ID, username, and theinitDatahash so we can verify the Mini App session. We do not have access to your Telegram messages.
  • Public blockchains (Solana, Ethereum, TON, Tron, Bitcoin) — every transaction you sign is broadcast to a public network and is permanently recorded there. NoNada cannot delete on-chain transactions.

We do not sell your personal data to any third party. If a processor changes, this list will be updated at least 30 days before the change takes effect.

6. Data Retention

We retain your information only as long as necessary to provide our services and comply with legal obligations. Transaction history is stored on public blockchains and cannot be deleted. You can request deletion of your account data by contacting us at privacy@nonadawallet.com.

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Object to data processing
  • Export your data in a portable format
  • Withdraw consent at any time

8. Children's Privacy

NoNada Wallet is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the “Last updated” date. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us: