Privacy Policy

This Privacy Policy ("Policy") governs how Tensyre LLC ("we", "us", "our") collects, processes, stores, and discloses information in connection with the Botwallet platform, including the web dashboard, REST API, CLI, SDK, and MCP server (collectively, the "Service").

By accessing or using the Service, you acknowledge that you have read and understood this Policy. If you do not agree with our data practices, please discontinue use of the Service.

We collect only the information reasonably necessary to provide the Service. The categories of data we process include:

We process the information described above for the following purposes:

• Service delivery — to authenticate users, process transactions, evaluate guard rails, and co-sign authorized operations
• Operational communications — to deliver transaction confirmations, approval requests, security alerts, and service-related notices
• Service maintenance and improvement — to monitor system health, diagnose issues, and develop new features based on aggregated usage data
• Security and fraud prevention — to identify and address unauthorized access, suspicious activity, and potential violations of our Terms of Service
• Legal obligations — to comply with applicable laws, regulations, or enforceable governmental requests

We do not sell, rent, or otherwise disclose your personal information to third parties for their marketing or advertising purposes.

We share data with third parties only to the extent necessary to operate the Service:

• Infrastructure providers — for database hosting, authentication, and server-side compute
• Email delivery services — for transactional email (login links, notifications)
• Blockchain RPC providers — for submitting and querying on-chain transactions

These service providers are contractually bound to process data only on our behalf and in accordance with our instructions.

• Product analytics — Amplitude processes page views, feature usage, and session recordings to help us understand and improve the product. Amplitude does not sell or share your data with third parties.

We do not integrate advertising networks or data brokers.

We may disclose information if required to do so by law, regulation, legal process, or governmental request, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

We implement commercially reasonable administrative, technical, and physical safeguards designed to protect the information we process:

• Data encrypted in transit (TLS) and at rest
• API keys hashed prior to storage using one-way cryptographic functions
• Key Share 2 stored with encryption and access restricted to co-signing operations
• Row-level database security policies limiting data access to authorized services

While we strive to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee the absolute security of data transmitted to or stored by the Service. In the event of a security incident affecting your personal data, we will notify affected users in accordance with applicable law.

The Service settles transactions on the Solana blockchain. Blockchain networks are public, distributed ledgers. As a result:

• Wallet addresses and on-chain transaction history are publicly accessible
• Transaction amounts and counterparty addresses are recorded as public data
• On-chain records are immutable and cannot be modified or deleted by any party, including us

Off-chain data — including your email address, agent configurations, guard rail settings, and internal logs — is maintained privately and is subject to the data rights described in Section 8.

We send the following types of communications:

• Transactional messages — authentication links, transaction confirmations, approval requests, and security alerts. These are integral to the operation of the Service and cannot be opted out of while your account remains active.
• Service announcements — material changes to Terms or this Policy, planned maintenance, and feature updates. These are sent on an as-needed basis.

We do not send promotional or marketing communications. Should we introduce optional communications in the future, they will require your affirmative consent.

Subject to applicable law, you may exercise the following rights regarding your personal data:

• Access — request confirmation of whether we process your personal data, and obtain a copy of the data we hold
• Correction — request that we rectify inaccurate or incomplete personal data
• Deletion — request deletion of your account and associated off-chain data, subject to any legal retention obligations. On-chain records cannot be deleted due to the inherent properties of blockchain technology.
• Data portability — request a machine-readable export of the personal data you have provided to us

To exercise any of these rights, submit a request to info@botwallet.co. We will acknowledge your request and respond within 30 days. We may request verification of your identity before processing certain requests.

We retain personal data for as long as reasonably necessary to fulfill the purposes for which it was collected, or as required by applicable law. Upon account deletion:

• Account data (email, agent configurations, guard rail settings) is removed within 30 days
• API and diagnostic logs are retained for up to 90 days for security and operational purposes, then purged
• Certain records may be retained beyond these periods where required by law or to resolve disputes
• On-chain transaction data persists indefinitely as an inherent property of blockchain technology

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected data from a person under 18, we will take reasonable steps to delete such data promptly.

Your information may be processed and stored in jurisdictions outside your country of residence, including the United States. These jurisdictions may have data protection laws that differ from those in your jurisdiction. By using the Service, you acknowledge and consent to such transfers. We take reasonable steps to ensure that your data receives an adequate level of protection in the jurisdictions in which we process it.

We may revise this Policy from time to time to reflect changes in our practices, the Service, or applicable law. For material changes, we will provide notice via email to your registered address or through a prominent notice on the Service prior to the changes taking effect. The "Last Updated" date at the top of this page indicates when this Policy was most recently revised.

Your continued use of the Service following any update constitutes your acceptance of the revised Policy.

If you have questions about this Policy, wish to exercise your data rights, or have concerns about our data practices, please contact: