Grofty Labs

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal information.

Last updated: January 2025Version 1.0
Data We Collect
We only collect essential information needed to provide our wallet and DeFi services.

Personal Identity Information

Name, email address, and contact identifiers for account management and support.

Authentication Information

Encrypted passwords, security credentials, and authentication tokens.

Personal Identity Information
How we handle your personal identification data

Email Address

What we collect:

  • Your email address for account creation and login
  • Email preferences and communication settings

How we use it:

  • Account verification and password recovery
  • Important security notifications and updates
  • Customer support and technical assistance
  • Optional product updates and announcements (with your consent)

Protection measures:

  • Encrypted storage using industry-standard AES-256 encryption
  • Access restricted to authorized personnel only
  • Regular security audits and monitoring
  • Never shared with third parties without explicit consent

Contact Information

Additional identifiers we may collect:

  • Display name or username (optional)
  • Profile information you choose to provide
  • Communication preferences
Authentication Information
Security credentials and authentication data protection

Password Security

Password handling:

  • Passwords are hashed using Argon2id algorithm
  • We never store plain text passwords
  • Salt-based hashing prevents rainbow table attacks
  • Password reset requires email verification

Security credentials:

  • Two-factor authentication tokens (when enabled)
  • Session tokens with automatic expiration
  • API keys for wallet integration (encrypted)
  • Biometric authentication data (stored locally on device)

Authentication Tokens

Token management:

  • JWT tokens for secure API authentication
  • Automatic token rotation and expiration
  • Secure token storage using HTTP-only cookies
  • Immediate token revocation on logout
Data Protection & Your Rights
How we protect your data and what rights you have

Security Measures

  • End-to-end encryption for all data transmission
  • Regular security audits and penetration testing
  • SOC 2 Type II compliance standards
  • 24/7 security monitoring and incident response
  • Data backup and disaster recovery procedures

Your Rights

  • Access your personal data at any time
  • Request correction of inaccurate information
  • Delete your account and associated data
  • Export your data in a portable format
  • Opt-out of non-essential communications
Data Retention
How long we keep your information

Active accounts:

We retain your personal identity and authentication information as long as your account remains active and for up to 90 days after account deletion to comply with legal requirements.

Deleted accounts:

After account deletion, we permanently remove all personal data within 30 days, except where required by law for fraud prevention or regulatory compliance.

Contact Us
Questions about this privacy policy or your data

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Email: wallet@grofty.cc

Support: wallet@grofty.cc

Address: Grofty Labs, Privacy Officer

This privacy policy is effective as of January 2025 and may be updated from time to time. We will notify you of any material changes via email or through our platform.