Privacy Policy

Bifrost Software LTD (“we”, “us”, “our” or “Bifrost Software”) values your privacy. We strive to protect your personal data in the best possible way. When you use our non-custodial crypto asset software Bifrost Wallet, we do not process your personal data other than to:

1. Develop, maintain and improve our software and services
2. Respond to your support requests, questions or feedback
3. Provide you with updates and information on our websites
4. To defend ourselves from any claims or complaints

To ensure secure and lawful processing of your personal data, Bifrost Wallet is developed in accordance with the principles of privacy by design and data minimization. It means, in practice, that we are always thinking about your privacy when designing our software and services and that we do not process any personal data not necessary for the specific purpose.

This policy applies to any personal data we collect when you as user uses our mobile application Bifrost Wallet (“Bifrost Wallet”) and/or are visiting our website. Words with capital letters in this Privacy Policy shall have the same meaning as in Bifrost Wallet Terms of Use.

Who is responsible for processing your personal data?

Bifrost Software LTD is responsible for the processing of your personal data that we process (the controller).

Who do we share your personal data with and why?

Your personal data is initially collected and processed by Bifrost Software. As a principle, we do not share your data with third parties other than when we hire suppliers, for example IT-suppliers providing cloud services to us. The suppliers will only get access to your personal data to the extent necessary in order for them to fulfill their obligations in relation to Bifrost Software. The suppliers will only process your personal data on behalf of Bifrost Software as data processors.

Furthermore, your personal data may be controlled and processed by other data controllers, such as but not limited to participants in the relevant blockchain networks and/or third-party service providers that you access within Bifrost Wallet. We are not involved in any transaction you may participate in, meaning we are neither a joint controller nor a data processor in such cases.

Do we transfer your personal data outside of the European Union?

We may transfer your personal data outside of the EU/EEA when necessary for our services, always ensuring appropriate safeguards are in place in accordance with applicable data protection laws.

From whom do we obtain your personal data?

We only obtain your personal data directly from you.

Your Rights

Under applicable data protection legislation, you have various rights including: the right to access, rectify, or erase your personal data; the right to object to or restrict processing; the right to data portability; and the right to lodge a complaint with a supervisory authority. For more information about exercising these rights, please contact us as described below.

Data processing details and data retention

Here you can read more about how and to which extent we process your personal data, which categories of personal data we process and our legal basis for processing your personal data. You can also read for how long we process your personal data for each purpose.

When you use Bifrost Wallet

As a basis, we do not process your personal data when you use our Bifrost Wallet. Bifrost Wallet does not have any user accounts and we do not ask for any user data. Any information in Bifrost Wallet, such as your PIN code, your Private Keys and your Recovery Phrase, are stored on your mobile device and are not processed by us. We can neither access your Bifrost Wallet and Crypto assets nor get hold of your personal data, if any, in any other way. When you are adapting Bifrost Wallet to your settings and preferences, as well as when you customize Bifrost Wallet, such settings are solely stored on your mobile device. You are deciding how to process your personal data. In other words, we are not processing the data in Bifrost Wallet for you, only providing you with the infrastructure.

When we improve Bifrost Wallet and our Services

We may collect anonymized and aggregated data from Bifrost Wallet in order to develop, maintain and improve our Services. Anonymized data are data which are not considered personal data, as we cannot identify you based on the data and/or identify you/your data even if we get additional information from you. The data we process in order to develop and improve Bifrost Wallet and our services may be information about your version of Bifrost Wallet, bug-reporting information, and model of phone or operating system.

When you visit our websites

We may process your personal data when you visit any of our websites bifrostwallet.com or other related subdomains. The purpose is to give you a decent user experience and answer your support requests. Your data may also be used in an aggregated format for the purpose of evaluating, developing and improving our services.

Personal data we process: IP address, user agent, functional cookies, time and date of your visit.

Legal basis: The processing is justified by our legitimate interest to enable you to visit our websites and to provide you with information and necessary features through the websites. The processing of cookies may be based on your consent to our processing. Please note that you may withdraw your consent at any time by contacting us at support@bifrostwallet.com, which will not affect the legality of the processing performed before the withdrawal. The storage of cookies may be directed through your browser settings as well.

Retention time: The personal data is processed during the duration of your visit, and thereafter until the cookies' expiration date, in no case longer than 9 months.

When you contact us for support

We may process your personal data to provide you with support, answer your questions, administrate your request and improve our services.

Personal data we process: e-mail address, other personal data you provide us.

Legal basis: The processing is necessary for performance of contract concerning your use of the Bifrost Wallet and our Services. If the data is not provided to us, we will not be able to give you support and service. If you contact us without having entered into a contract with us by accepting our Terms, we will process your personal data on the basis of our legitimate interest, namely to provide you with answers of your requests.

Retention time: The personal data is processed until you have received the support you need and/or until we have responded to your request, but in no case longer than 90 days. If you have contacted us via the customer chat function at support.bifrostwallet.com, we may process your data longer (see “When you visit our websites” above).

If you complain, make a claim, or want to exercise your rights as a data subject

We may collect your data to handle your rights as a data subject, complaints or other claims.

Personal data we process: Name, postal address, e-mail address, information from our communication with you regarding your complaint or claim, other information which contain your personal data (if any).

Legal basis: The processing is necessary in order for us to act in accordance with law and to comply with a legal obligation. We also have a legitimate interest in being able to defend ourselves against a possible legal complaint or claim.

Retention time: The personal data is processed from the time you submit your complaint or claim and is processed as long as the process of the complaint or claim is in progress.

How do we protect your personal data?

We, and when applicable our partners and suppliers, have taken several security measures to protect the personal data that is processed. For example:

1. Awareness program and employee trainings
2. Encryption at rest and in transit
3. Hardened server configurations
4. Design software in accordance with privacy by design and data minimization principles
5. Continuous system monitoring
6. Independent security audits

Although we are doing our best in order to protect your data (not only your personal data), you remain responsible for keeping your credentials, passwords, PIN code, Private Keys and Recovery Phrase confidential and secure. We cannot access or retrieve any such information for you.

Changes to the Privacy Policy?

We may modify or update this document when necessary, to reflect customer feedback and changes in Bifrost Wallet and our Services. Please review it regularly. If there are material changes to the Privacy Policy or in how we use your personal data, we will inform you by posting a notice of such changes in Bifrost Wallet, prior to them taking place. If you don't like our changes you can always terminate your contract with us.

This privacy policy was adopted by Bifrost Software LTD on November 1, 2025.