Privacy Policy — Connectly AI

01

Overview

Connectly ("we", "our", or "us") operates as a non-custodial digital asset portfolio platform. This Privacy Policy describes how we collect, use, and protect information when you use our platform, including our web application, mobile clients, and APIs.

We are committed to data minimization — collecting only what is strictly necessary to deliver the platform's functionality. We do not sell, rent, or broker your personal data to third parties for marketing or advertising purposes under any circumstances.

Non-custodial architecture: Connectly never has access to your private keys, seed phrases, or the ability to initiate transactions on your behalf. We aggregate and display on-chain data only.

02

Information We Collect

We collect information you provide directly, information generated through your use of the platform, and limited technical signals necessary for security and performance monitoring.

Account data: Email address, display name, and account preferences provided during registration or profile updates.
Wallet addresses: Public blockchain addresses you connect to the platform. We never collect, store, or request private keys or seed phrases.
Usage data: Feature interactions, page views, session duration, and navigation patterns used to understand and improve the product experience.
Device and technical data: IP address (anonymized after 30 days), browser type, operating system, and time zone — used exclusively for security anomaly detection.
Transaction metadata: On-chain transaction records fetched from public blockchain nodes. This data is publicly visible on-chain; we index and display it on your behalf.

03

How We Use Your Data

All data we process serves a specific, documented purpose. We do not use your data beyond the purposes listed here without your prior explicit consent.

Delivering core platform features: portfolio aggregation, real-time P&L tracking, and DeFi analytics.
Detecting and preventing unauthorized access, fraud, and security anomalies through behavioral analysis.
Improving product quality through aggregated, anonymized usage analytics.
Sending transactional communications — security alerts, account notifications, and policy updates.
Meeting applicable legal and regulatory obligations in the jurisdictions where we operate.

We do not use your data to build advertising profiles, sell behavioral insights, or train third-party AI models without your explicit opt-in consent.

04

Data Sharing & Disclosure

We do not sell your personal data. We share data only in the limited circumstances described below, and only with parties bound by appropriate confidentiality and data processing agreements.

Infrastructure providers: Cloud hosting, CDN, and database services operate under strict data processing agreements with data residency controls.
Analytics services: We use privacy-first analytics tools with IP anonymization enabled and no cross-site tracking.
Legal requirements: We may disclose information when required by a valid court order, law enforcement request, or to protect the safety of our users or the public.
Business transfers: In the event of a merger or acquisition, your data may transfer to the acquiring entity under the same protections outlined here.

We will notify you — to the extent legally permissible — before disclosing your data in response to government or law enforcement requests.

05

Security Measures

Security is a core design principle at Connectly, not an afterthought. Our infrastructure and data handling practices are built to exceed industry standards for digital asset platforms.

AES-256 encryption for all data at rest; TLS 1.3 enforced for all data in transit.
Zero-knowledge architecture for sensitive credentials — we store salted hashes, never plaintext.
Regular third-party penetration testing and vulnerability assessments by independent security firms.
SOC 2 Type II compliance audit in progress, with annual review cycles thereafter.
72-hour breach notification commitment to affected users and relevant authorities where required by applicable law.

If you discover a security vulnerability, we operate a responsible disclosure program at security@connectly.ai.

06

Your Rights & Choices

Depending on your jurisdiction, you hold a range of rights over your personal data. We honor these rights regardless of where you are located.

Access: Request a complete export of all personal data we hold about you.
Correction: Request correction of inaccurate or incomplete information in your account.
Deletion: Request permanent deletion of your account and all associated personal data. Note that public blockchain data, by its immutable nature, cannot be deleted from the chain itself.
Portability: Receive your data in a structured, machine-readable format — JSON or CSV.
Opt-out: Disable non-essential analytics and marketing communications at any time from your account settings.

To exercise any of these rights, contact us at privacy@connectly.ai. We respond to all verified requests within 30 days.

07

Cookies & Tracking

We use cookies and similar technologies for authentication, security, and optional product analytics. We do not use third-party advertising or cross-site tracking technologies of any kind.

Strictly necessary: Session cookies required for authentication, CSRF protection, and preference storage. These cannot be disabled without breaking platform functionality.
Performance (optional): First-party analytics cookies measuring feature usage, error rates, and load performance. Disable at any time from your account settings.

We do not use tracking pixels, browser fingerprinting, or any technology designed to identify you across third-party websites or applications.

08

Data Retention

We retain data for the minimum period necessary to fulfill the purposes described in this policy, comply with legal obligations, and resolve disputes.

Active account data is retained for the duration of your account's existence.
IP addresses are anonymized within 30 days of collection.
Usage analytics are aggregated and anonymized, retained for up to 24 months.
Upon account deletion, personal data is purged from production systems within 30 days and from all backup systems within 90 days.

09

Contact Us

For questions, requests, or concerns regarding this Privacy Policy or your personal data, reach our Data Protection team directly.

Privacy Team: privacy@connectly.ai
Response time: within 2 business days for urgent security matters, 30 days for all other requests.

If you are located in the European Economic Area and are dissatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.