Last updated: July 4, 2026
The controller responsible for data processing described in this policy is:
Hadamard Corporation
8206 Louisiana Blvd NE, Ste A #2316, Albuquerque, New Mexico 87113, USA (Entity ID 7388314)
German branch (Zweigniederlassung): c/o Matteo Ludwig, Rudolf-Hahn-Straße 67A, 53225 Bonn, Germany —
registered AG Bonn, HRB 29251, VAT ID DE449785620
Contact: info@hadamard.com
This policy covers bb84.com, the BB84 Wallet app (iOS, Android, and the web app at bb84.com/app), and the services described below. It does not cover hadamard.com, which has its own privacy policy.
BB84 Wallet is a self-custodial, non-custodial cryptocurrency wallet application. This policy explains what data the app and its supporting backend services collect, how it is used, and your rights.
BB84 Wallet does not collect, transmit, or store any of the following:
There is no account registration and no server-side user database for the wallet itself.
The following data is stored exclusively on your device — in the iOS Keychain or the Android Keystore (hardware-backed secure storage where available):
This data never leaves your device except as described below, and is never transmitted to any server we operate in a form that would let us reconstruct your keys.
When you perform transactions, your wallet address and transaction data are submitted to the BB84 L2 blockchain network (Chain ID: 42069422) and, for bridging, the Ethereum network. Blockchain transactions are public and permanent by nature — once broadcast, we cannot alter, hide, or reverse them.
The app connects to:
These connections log your IP address as part of standard server operation, for abuse prevention and rate limiting. We do not correlate these logs with your on-chain identity.
If you send funds to an email address via the "Send to Email" feature, the app generates a one-time claim address and its secret entirely on your device, funds it on-chain, and calls our Claims API (bb84.com) so we can email the claim link to the recipient via our email provider, Resend (a US-based transactional email processor). We transmit the recipient's email address, the claim amount, an optional memo, and the claim link to Resend solely to deliver that one email. The claim secret in the link (the URL fragment) is used only to compose the email and is never written to our persistent claim records or logged.
We retain, for status-tracking purposes only: the claim ID, the public one-time address, the recipient email address, amount, memo, status (sent/claimed/expired), and timestamps. We do not retain the claim secret. See the Terms of Service for how these claim links function as bearer instruments.
If you resolve or use a hadamard.eth subdomain, the request is served by our self-hosted ENS gateway. Like any web server, it logs requesting IP addresses for operational and abuse-prevention purposes.
If you use the in-app option to buy crypto with a card or bank transfer, you are redirected to MoonPay, a separate, independently regulated financial services provider. MoonPay — not Hadamard Corporation — collects and processes any identity verification (KYC) and payment data you provide to it, under its own privacy policy and terms. We do not receive your KYC documents or full payment details; we only receive the destination wallet address and transaction status needed to complete your purchase.
If you use the WalletConnect feature to connect to decentralized applications (dApps), session metadata is relayed through the WalletConnect protocol. This is subject to WalletConnect's Privacy Policy.
The app requests camera access solely to scan WalletConnect QR codes. No images are stored or transmitted.
| Processing | Legal basis |
|---|---|
| Sending claim-link emails via Resend | Art. 6(1)(b) GDPR — performance of the contract you request by initiating a send |
| Server logs (RPC, ENS gateway, claims API) | Art. 6(1)(f) GDPR — legitimate interest in operating, securing, and rate-limiting the service |
| Redirect to MoonPay | Art. 6(1)(b) GDPR — at your request; MoonPay is an independent controller for its own processing |
Resend and MoonPay are used as described above and may process data outside the EU/EEA (including in the United States). Where this occurs, transfers rely on the providers' own compliance mechanisms (e.g. Standard Contractual Clauses); please refer to their respective privacy policies for details.
Claim records (Section 6) are retained for as long as needed to show claim status to the sender, and are deleted or anonymized once a claim is claimed, reclaimed, or has been expired for an extended period. Server access logs are rotated on a routine schedule for operational purposes.
Subject to applicable law, you have the right to request access to, rectification of, or erasure of personal data we hold about you (e.g. entries in claims records), to restrict or object to processing, and to data portability. To exercise these rights, contact us at info@hadamard.com. You also have the right to lodge a complaint with a supervisory authority — for our German branch, the competent authority is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW).
Private keys are stored in the iOS Keychain / Android Keystore, which provide hardware-backed encryption on supported devices. We recommend keeping a secure backup of your wallet export file and storing it in a safe location offline. Because BB84 Wallet is non-custodial, we have no ability to recover lost wallets or reverse transactions.
BB84 Wallet is not intended for users under the age of 18. We do not knowingly collect information from minors.
We may update this policy as the app evolves. Material changes will be reflected by updating the "Last updated" date above. Continued use of the app after changes constitutes acceptance of the updated policy.
For questions about this privacy policy or to exercise your rights, contact: info@hadamard.com