Privacy Policy

---

Welcome to Cointrol Limited (“Cointrol”, “we”, “our”, “us”).
We are committed to upholding privacy, security, and transparency across all of our platforms — including our QuantumAccount wallet, Paymaster services, Bundler infrastructure, and related websites, APIs, and digital tools (collectively, the “Services”).

Cointrol Limited is a UK-registered company developing post-quantum, non-custodial wallet infrastructure built on Ethereum ERC-4337 Account Abstraction, using Falcon (fips 206) for quantum-resistant digital signatures.

We take privacy seriously. This document explains our policy regarding the collection, use, and protection of information when you interact with our Services.

Cointrol is built on the principle of user sovereignty.
Our architecture is designed so that no personal data is collected, stored, or processed by default.
Your keys, identities, and transactions remain entirely under your control and are managed locally on your device or via your connected wallet.

We will only collect or process data if:

1. It is legally required (e.g. by financial regulations or compliance obligations), or
    
2. You have explicitly consented to its collection for a specific purpose (e.g. participation in a token sale, account verification, or support request).
    

When data collection is required, we will:

• Clearly inform you of what data is being collected and why.
   
• Request your informed consent before processing.
   
• Handle data securely and in accordance with applicable privacy laws including the UK GDPR and the Data Protection Act 2018.

While our Services are designed to operate without collecting personal data, certain interactions may require limited information.
Examples include:

Contact or Support Enquiries

     Name, email address, organisation name, message content

     To respond to your enquiry

Regulatory Compliance

     Identity verification documents, proof of address

     Only if legally required (e.g. AML/KYC)

Website Analytics (optional, if consented)

     Anonymous usage metrics

     To improve system performance only 

Technical

     IP address, device information, browser type, application logs

Blockchain Identifiers

     Wallet addresses, transaction hashes and network metadata.

     Blockchain data is public and not controlled by Cointrol.

All on-chain transactions (including UserOperations, Paymaster deposits, and QuantumAccount deployments) are public by design and stored on the Ethereum blockchain or compatible networks.
Such data — wallet addresses, transaction hashes, and smart contract interactions — are immutable and beyond our direct control.

Public blockchain data is globally replicated and cannot be deleted nor modified.

Cointrol does not link any blockchain addresses to real-world identities unless required by regulation and supported by user consent.

Our website may use minimal local storage to maintain functionality (for example, session preferences or authentication tokens).
We do not use tracking cookies, third-party advertising scripts, or analytics platforms that profile users.
Where optional analytics are used (e.g. self-hosted performance metrics), they will be anonymised and clearly disclosed.

Where we are legally required to process data, we do so under one or more of the following lawful bases:

• Consent: You have clearly agreed to the processing for a specific purpose.

• Legal Obligation: Processing is required to comply with applicable laws (e.g. AML/KYC, taxation, or regulatory reporting).

• Contract Performance

• Legitimate Interests: Security, fraud prevention, service improvement.

Security is central to our mission.
We employ post-quantum cryptography (Falcon-512 and Falcon-1024), end-to-end encryption, and strict access controls for any system components that might process user-submitted data.

When we engage service providers (e.g. cloud hosting, email, or payment gateways), we ensure that they meet or exceed industry security standards and comply with applicable data protection laws.

We use data to:

• operate and secure services
• provide support
• comply with legal obligations
• detect fraud or abuse
• improve platform functionality
   

We do not sell personal data.

We retain information only for as long as necessary to fulfil its intended purpose or to meet legal requirements, operational requirements, or for dispute resolution.
Once the purpose expires, data is securely deleted or anonymised in compliance with GDPR retention guidelines.

Blockchain data cannot be deleted, but we will not associate any personal identifiers with it unless explicitly required by law.

We may share data with:

• infrastructure providers
• analytics providers
• professional advisors 
• regulators (where legally required)
   

All processors are contractually bound to confidentiality.

If you have provided data to us under consent, you retain full rights under the UK GDPR, including the right to:

• Access your information
• Correct inaccuracies
• Request deletion of your data (off-chain only)
• Withdraw consent at any time
• Restriction
• Objection
• Portability
   

Requests can be made by contacting us using the details below.

We use technical and organisational safeguards including encryption, access controls, and monitoring.  However, no system is completely secure.

If any data is processed outside the United Kingdom, we will ensure that such transfers are made in compliance with applicable data protection laws and appropriate safeguards.

Where applicable, we use UK adequacy regulations and standard contractual clauses.

We may occasionally update this Privacy Policy to reflect changes in regulation or operational practices.
All updates will be published on our website with a revised “Last Updated” date.

For questions, requests, or concerns regarding this Privacy Policy, please contact us at:

Cointrol Limited
Registered in the United Kingdom
Email: info@cointrol.co.uk
Address: 21 Tressillian Crescent, London, SE4 1QJ (mail enquiries only)