Privacy Policy

Last Updated: November 12, 2025

AWA Finance ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our DeFi API platform and services.

1. Information We Collect

1.1 Personal Information

When you register for our services, we may collect:

  • Name and contact information (email address, phone number)
  • Company information (business name, tax ID, business address)
  • Account credentials and authentication data
  • Payment information and billing details
  • Identity verification documents (KYC/AML compliance)

1.2 Google OAuth Data

When you sign in using Google OAuth, we collect the following information from your Google account:

  • Email address: Used as your account identifier and for communication
  • Name: Used to personalize your experience
  • Profile picture: Displayed in your account settings (optional)

How we use Google OAuth data:

  • To create and authenticate your AWA Finance account
  • To send you important service notifications and updates
  • To provide customer support

How we share Google OAuth data:

  • We do not sell your Google account data to third parties
  • We do not share your Google account data with advertising networks
  • We may share your email with service providers who assist in operating our platform (e.g., email delivery services) under strict confidentiality agreements
  • We may disclose your information if required by law or to protect our legal rights

1.3 Blockchain and Wallet Data

As a DeFi API platform, we process blockchain-related data:

  • Wallet addresses (public keys)
  • Transaction hashes and blockchain network data
  • Smart contract interactions
  • Token balances and holdings
  • On-chain transaction history

Important: Blockchain data is inherently public and transparent. Any transaction you make through our platform will be recorded on the respective blockchain and may be visible to anyone.

1.4 Custodial vs. Non-Custodial Data Differences

The data we collect and control varies based on your service model:

Custodial Services

When you use our custodial framework (Enterprise Managed Model):

  • We maintain control of private keys on your behalf
  • We store encrypted wallet credentials
  • We process and authorize transactions
  • We maintain detailed transaction records
  • Enhanced KYC/AML data collection applies

Non-Custodial Services (ERC-4337 Smart Accounts)

When you use our non-custodial framework:

  • You maintain control of your private keys
  • We do not have access to your wallet credentials
  • We only process transaction requests you sign
  • Limited data collection (transaction metadata only)
  • You are responsible for key management and security

1.5 Technical and Usage Data

  • API usage statistics and logs
  • Device information (IP address, browser type, operating system)
  • Access times and session duration
  • Error logs and performance metrics
  • Referral source and navigation patterns

2. How We Use Your Information

We use the collected information for:

  • Providing and maintaining our DeFi API services
  • Processing blockchain transactions and smart contract interactions
  • Authentication and account security
  • Compliance with KYC/AML regulations and legal obligations
  • Fraud prevention and risk assessment
  • Customer support and communication
  • Service improvement and analytics
  • Billing and payment processing
  • Sending important service updates and notifications

3. Transaction Privacy and Blockchain Transparency

Understanding privacy in the context of blockchain technology:

3.1 On-Chain Data

All transactions processed through our platform are recorded on public blockchains. This includes:

  • Transaction amounts and token types
  • Sender and receiver wallet addresses
  • Transaction timestamps
  • Smart contract interactions
  • Gas fees and network costs

This information is permanently recorded on the blockchain and is publicly accessible to anyone. We cannot delete or modify this data.

3.2 Off-Chain Data

We maintain private records that are not recorded on the blockchain:

  • Your identity linked to wallet addresses (for custodial services)
  • API request metadata
  • Internal transaction notes and tags
  • Customer support communications

This off-chain data is subject to this Privacy Policy and is protected by industry-standard security measures.

4. Information Sharing and Disclosure

We may share your information with:

  • Service Providers: Third-party vendors who assist in operating our platform (hosting, analytics, customer support)
  • Blockchain Networks: Transaction data is broadcast to decentralized blockchain networks
  • Compliance Partners: KYC/AML verification services and regulatory authorities when required by law
  • Business Partners: DeFi protocols and liquidity providers integrated with our API (with your consent)
  • Legal Obligations: Law enforcement, regulators, or courts when legally required
  • Business Transfers: In connection with mergers, acquisitions, or asset sales

We do not sell your personal information to third parties for marketing purposes.

5. Data Security

We implement institutional-grade security measures:

  • End-to-end encryption for sensitive data
  • Secure key management systems (HSM) for custodial services
  • Multi-factor authentication (MFA)
  • Regular security audits and penetration testing
  • SOC 2 compliance (in progress)
  • Secure API authentication (OAuth 2.0, API keys)
  • 24/7 security monitoring and incident response

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to:

  • Provide our services to you
  • Comply with legal and regulatory obligations (typically 5-7 years)
  • Resolve disputes and enforce agreements
  • Maintain audit trails for financial transactions

Blockchain transaction data cannot be deleted as it is permanently recorded on decentralized networks.

7. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate or incomplete information
  • Deletion: Request deletion of your data (subject to legal obligations)
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to certain data processing activities
  • Restriction: Request limitation of data processing
  • Withdraw Consent: Withdraw previously given consent

To exercise these rights, contact us at privacy@awafinance.com

8. International Data Transfers

Our services operate globally. Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place through standard contractual clauses and compliance with applicable data protection laws (GDPR, CCPA, etc.).

9. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Third-Party Services and Links

Our platform may integrate with third-party DeFi protocols, wallets, and services. We are not responsible for their privacy practices. We encourage you to review their privacy policies before using these services.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on our website and updating the "Last Updated" date. Your continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

AWA Finance

Email: privacy@awafinance.com

Data Protection Officer: dpo@awafinance.com

Website: awafinance.com