Privacy Policy

1. Introduction & Data Controller

MUWPay ("we", "us", or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard information when you access or use the Muwpay platform, website, and associated services (collectively, the "Services").

This policy is issued in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the General Data Protection Regulation, "GDPR") and applicable French data protection law.

2. Data We Collect

Muwpay is a non-custodial, decentralised finance (DeFi) platform. We do not require identity verification (KYC) or the submission of government-issued documents to use the core Services. The categories of data we may process are:

2.1 Blockchain & On-Chain Data

When you connect a wallet and interact with our smart contracts, your public wallet address and the details of transactions you initiate (token types, amounts, origin and destination chains, transaction hashes, timestamps) are recorded on the relevant public blockchains. This information is inherently public and accessible to anyone. We do not control blockchain data and cannot delete or alter it.

2.2 Technical & Usage Data

When you visit muwpay.xyz, our servers and analytics tools may automatically collect:

• IP address (may be truncated or anonymised before storage)
• Browser type and version, operating system, device type
• Referring URL, pages visited, time spent, clicks, and navigation paths
• Preferred language and time zone
• Error logs and performance metrics

2.3 Contact & Communication Data

If you submit a contact form, send us an email, or reach us through official support channels, we collect the information you voluntarily provide: your email address, any name or pseudonym you choose to share, and the content of your message.

2.4 Cookies & Similar Technologies

We use cookies and similar tracking technologies as described in our Cookie Policy. You can manage your cookie preferences at any time through the cookie banner or your browser settings.

3. How We Use Your Data

We use the data we collect for the following purposes:

• Service provision: To operate, maintain, and deliver the Muwpay cross-chain swap and bridge aggregator, including routing transactions and displaying wallet balances and history.
• Platform improvement: To analyse usage patterns, identify bugs, test new features, and improve the overall user experience.
• Security & fraud prevention: To detect, investigate, and prevent malicious activity, bot attacks, or abuse of the platform.
• Customer support: To respond to your enquiries and resolve technical issues.
• Legal compliance: To meet our obligations under applicable laws and regulations, respond to lawful requests by public authorities, and enforce our Terms of Service.
• Communications: To send you service-related notifications (e.g., material changes to the platform or this policy). We do not send unsolicited marketing emails without your explicit consent.

4. Legal Basis for Processing (GDPR Article 6)

Where GDPR applies to the processing of your personal data, we rely on the following legal bases:

5. Data Sharing

We do not sell, rent, or trade your personal data to third parties for commercial purposes. We may share data in the following limited circumstances:

• Public blockchains: Any transaction you submit through our interface is broadcast to public blockchain networks. Wallet addresses, transaction amounts, and related metadata are permanently visible to anyone who queries the chain. This is an inherent property of decentralised blockchain systems, not a disclosure by MUWPay.
• Service providers: We engage trusted third-party providers (infrastructure, cloud hosting, analytics, RPC node providers) who process data on our behalf under data processing agreements and with equivalent data protection obligations.
• Legal requirements: We may disclose data if required to do so by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, investigate fraud, or ensure user safety.
• Business transfers: In the event of a merger, acquisition, or sale of all or part of our assets, personal data may be transferred to the acquiring entity, subject to the same privacy protections described in this policy.

6. Cookies & Tracking Technologies

We use cookies, local storage, and similar technologies to enable core functionality, remember your preferences, and analyse how our Services are used.

For full details on the cookies we use, their purposes, and how to manage your preferences, please refer to our dedicated Cookie Policy.

You can withdraw or modify your cookie consent at any time. Disabling non-essential cookies will not prevent you from using the core swap and bridge functionality of the platform.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy, or as required by applicable law.

• Analytics data: Typically retained in anonymised or aggregated form for up to 26 months, or until consent is withdrawn.
• Contact and support data: Retained for up to 3 years after the last interaction, unless a longer retention period is required for legal or dispute-resolution purposes.
• On-chain data: Permanently stored on public blockchains; we have no ability to delete this data.
• Log files: Technical server logs are generally retained for 12 months for security and debugging purposes, then deleted or anonymised.

When personal data is no longer required, we delete or anonymise it securely.

8. International Data Transfers

MUWPay is based in France (EU). Some of our service providers and infrastructure partners may be located outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions issued by the European Commission for the recipient country
• Other lawful transfer mechanisms under GDPR Chapter V

You may request further information about the safeguards applicable to specific transfers by contacting us at contact@muwpay.com.

9. Your Rights Under GDPR

If you are located in the European Economic Area, you have the following rights with respect to your personal data:

To exercise any of these rights, please contact us at contact@muwpay.com. We will respond within 30 days as required by GDPR. We may need to verify your identity before processing your request.

10. Security Measures

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, alteration, or disclosure. These measures include:

• Encryption of data in transit using TLS/HTTPS
• Restricted access controls and role-based permissions for internal systems
• Regular security audits and vulnerability assessments of smart contracts and infrastructure
• Incident response procedures for detecting and managing data breaches
• Pseudonymisation and minimisation of data where technically feasible

However, no system is entirely immune to risk. We encourage you to take appropriate precautions with your own wallet credentials and private keys. MUWPay never requests your seed phrase or private key.

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority (CNIL) as required by GDPR Articles 33 and 34.

11. Third-Party Services

Our Services interact with or rely upon third-party systems, each of which has its own privacy practices:

• RPC providers & node infrastructure: To query on-chain data and broadcast transactions, we connect to Remote Procedure Call (RPC) endpoints. These providers may receive your wallet address and IP address as part of standard JSON-RPC requests.
• Bridge and liquidity aggregators: Routing transactions across chains involves interaction with third-party bridge protocols and DEX aggregators. Their processing is governed by their own terms and privacy policies.
• Analytics tools: We may use privacy-respecting analytics solutions to understand platform usage. Where such tools collect data, they are configured to comply with GDPR (e.g., IP anonymisation, data residency in the EU).
• Cloud infrastructure: Our website and backend services are hosted on cloud providers who act as data processors under appropriate contractual safeguards.

We encourage you to review the privacy policies of any third-party services you interact with through our platform.

12. Children's Privacy

The Muwpay platform is intended solely for users who are 18 years of age or older. We do not knowingly collect personal data from individuals under the age of 18. If you are a parent or guardian and believe that a minor has provided us with personal information, please contact us immediately at contact@muwpay.com and we will take steps to delete such data.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you via a notice on our website or by email.

We encourage you to review this policy periodically. Your continued use of the Services after any changes take effect constitutes your acknowledgement of the updated policy.

14. Contact & Supervisory Authority

For any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us:

You also have the right to lodge a complaint with the competent data protection supervisory authority. In France, this is the Commission Nationale de l'Informatique et des Libertés (CNIL):

We would, however, appreciate the opportunity to address your concerns directly before you contact the supervisory authority. We commit to responding to all legitimate requests within 30 days.