Privacy-First Principles
What Makes Syfra Different
Syfra is designed from the ground up with your privacy as the core principle. Unlike traditional services, we cannot access, view, or recover your cryptocurrency seed phrases or encryption keys—because we never store them.
No Server Storage: We do NOT store seed phrases, private keys, or passwords
Everything is encrypted locally on your device and stored only on your NFC card. Syfra's servers never see or store your crypto data.
No Tracking: We don't track your crypto transactions or wallet activity
Your cryptocurrency transactions happen on the blockchain, not through Syfra. We have no visibility into your wallet balances or transaction history.
Minimal Data Collection: Only what's essential for shipping and support
We only collect customer information through Shopify checkout to fulfill physical NFC card orders. No account creation is required to use Syfra apps.
1. Introduction
This Privacy Policy explains how Syfra ("we," "us," or "our") handles information when you use our Products (as defined in our Terms of Use), including the Syfra Website (www.syfra.io), Syfra mobile applications (Android and iOS), and Syfra NFC Cards.
By using any of our Products, you acknowledge that you have read and understand this Privacy Policy and our Terms of Use.
Our Core Privacy Commitment
Syfra is built on a zero-knowledge architecture. We CANNOT access, view, decrypt, or recover your seed phrases, encryption keys, or passwords. Your crypto data stays with you—on your device and your NFC card—never on our servers.
2. What We Do NOT Collect or Store
Critical Privacy Guarantee
SYFRA DOES NOT COLLECT, STORE, OR HAVE ACCESS TO:
- • Your seed phrases or recovery phrases (12, 18, or 24 words)
- • Your private keys or encryption keys
- • Your encryption passwords or PIN codes
- • Unencrypted cryptocurrency wallet data
- • Your wallet addresses or balances
- • Your cryptocurrency transaction history
- • The contents written to your NFC cards
How This Works Technically
When you use the Syfra mobile app to encrypt and write your seed phrase to an NFC card:
- 1. Local Encryption: Your seed phrase is encrypted using AES-256 encryption entirely on your device. Your password never leaves your device.
- 2. Local Storage: The encrypted data is written directly to your NFC card via NFC communication. No internet connection required.
- 3. No Transmission: Neither the encrypted nor unencrypted data is ever transmitted to Syfra's servers.
- 4. Offline Retrieval: When you read your NFC card, decryption happens locally on your device. Syfra never participates in this process.
3. What We DO Collect
Syfra collects only the minimal information necessary to fulfill NFC card orders and provide customer support. All collection happens through third-party platforms (Shopify) with strict privacy controls.
Shopify Checkout Data (For Physical Card Orders Only)
When you purchase Syfra NFC Cards through our Shopify-powered online store, we receive the following information from Shopify to process and ship your order:
Shipping Information
- • Full name
- • Shipping address
- • Phone number (for delivery)
- • Email address (for order updates)
Order Information
- • Order number and date
- • Products purchased
- • Order total and currency
- • Shipping method selected
Why We Collect This
We use this information ONLY to: (1) ship your NFC cards to the correct address, (2) send order confirmation and tracking information, and (3) handle returns or customer support inquiries related to your order.
Shopify's Role
Payment processing and checkout are handled entirely by Shopify. We never receive or store your credit card information. See Shopify's Privacy Policy for details on how they handle payment data.
Website & E-commerce Analytics
To improve our website, understand customer behavior, and optimize marketing efforts, we use third-party analytics services:
- • Google Analytics: Website traffic, page views, user behavior, and marketing attribution
- • Shopify Analytics: E-commerce data, checkout behavior, conversion tracking, and sales performance
Data collected includes:
- • Pages visited and time spent on site
- • Browser type and device type (mobile, desktop, etc.)
- • Referring website (how you found us)
- • General geographic location (country/region, not precise location)
- • Product views and add-to-cart behavior
- • Marketing campaign performance data
Important: This data is anonymized and aggregated. We cannot identify individual users from this information. This analytics data is used ONLY for business and marketing purposes—we do NOT track your crypto activities.
You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
Mobile App Usage Data (Optional & Anonymous)
With your explicit consent (you can opt out in app settings), we may collect anonymous usage data to improve app performance:
- • App crashes and error logs (anonymized)
- • Feature usage statistics (which features are used most)
- • Performance metrics (app load times, etc.)
- • Device type and OS version
You Control This: You can disable analytics entirely in the app's privacy settings. This will not affect app functionality.
Customer Support Communications
When you contact us for support via email or our contact form:
- • Your email address
- • The content of your message
- • Any attachments you send (screenshots, photos, etc.)
- • Order number (if related to a purchase)
We use this information solely to respond to your inquiry and provide support. Support emails are retained for 2 years for record-keeping purposes.
4. How We Use the Information We Collect
We use the limited information we collect for these specific purposes only:
Order Fulfillment
- • Process and ship NFC card orders
- • Send order confirmations and shipping updates
- • Handle returns and refunds
- • Contact you if there are issues with your order
Customer Support
- • Respond to support inquiries
- • Troubleshoot technical issues
- • Provide product assistance
- • Send important product updates
Product Improvement & Marketing
- • Analyze website and app usage (anonymized)
- • Fix bugs and improve performance
- • Understand which features are most useful
- • Improve user experience
- • Optimize marketing campaigns and measure effectiveness
- • Understand customer acquisition channels
Legal Compliance
- • Comply with legal obligations
- • Respond to law enforcement requests
- • Enforce our Terms of Use
- • Protect rights and safety
What We Don't Do
We do NOT: sell your data to third parties, share personal information for third-party marketing, track your cryptocurrency transactions or wallet activity, or use your information for any purpose not listed above.
5. Data Sharing and Third Parties
WE DO NOT SELL YOUR DATA
We never sell, rent, or trade your personal information to third parties for their marketing purposes. However, we do use third-party analytics tools (Google Analytics, Shopify Analytics) to optimize our own marketing and improve our products.
Limited Sharing with Service Providers
We share data only with trusted service providers who help us operate our business, and only to the extent necessary:
Shopify (E-commerce Platform)
Purpose: Checkout, payment processing, and order management
Data Shared: Name, email, shipping address, order details (provided by you during checkout)
Privacy Policy: Shopify Privacy Policy
Shipping Carriers
Purpose: Physical delivery of NFC cards
Data Shared: Name, shipping address, tracking information
Email Service Provider
Purpose: Send order confirmations, shipping notifications, and support responses
Data Shared: Email address and message content
Analytics and Marketing Tools
To improve our products and understand customer behavior, we use analytics tools. These services may collect anonymized or aggregated data:
Google Analytics
Purpose: Website traffic analysis, user behavior tracking, and marketing optimization
Data Shared: Anonymized browsing data, page views, device information, geographic location (country/region level)
Privacy Policy: Google Privacy Policy
Note: You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.
Shopify Analytics
Purpose: E-commerce analytics, conversion tracking, and marketing campaign performance
Data Shared: Order data, checkout behavior, product views, marketing attribution data
Privacy Policy: Shopify Privacy Policy
How We Use Marketing Analytics
These analytics tools help us understand which marketing channels are most effective, improve our website user experience, and measure the success of our campaigns. The data is used for business intelligence and marketing optimization, NOT to track individual users' crypto activities.
Legal Disclosures
We may disclose information if required by law or to protect rights and safety:
- • In response to valid legal requests (subpoenas, court orders)
- • To comply with applicable laws and regulations
- • To protect Syfra's rights, property, or safety
- • To protect users or the public from harm
- • In connection with a business transfer (merger, acquisition, etc.) with user notification
6. Data Retention
We retain different types of information for different periods, based on legal requirements and business needs:
Order Information
Retention Period: 7 years
Required for tax, accounting, and legal compliance purposes. This includes names, addresses, and order details from Shopify.
Support Communications
Retention Period: 2 years
Email correspondence and support tickets are retained to provide ongoing support and resolve disputes.
Analytics Data
Retention Period: 12 months
Anonymous website and app usage data is retained for up to 12 months for product improvement.
Crypto Data (Reminder)
Retention Period: Never stored
Seed phrases, encryption keys, and passwords are NEVER stored on Syfra servers at any time.
Request Deletion
You can request deletion of your data by contacting us at legal@syfra.io. Note that we may retain certain information as required by law (e.g., order records for tax purposes).
7. Data Security
While we don't store your seed phrases or crypto data, we take the security of the information we DO collect very seriously:
Encryption in Transit
All data transmitted between you and our servers uses industry-standard TLS/SSL encryption.
Secure Infrastructure
Our servers are hosted with reputable cloud providers with enterprise-grade security certifications.
Access Controls
Access to customer data is strictly limited to authorized personnel who need it to perform their jobs.
Regular Audits
We conduct regular security audits and monitor for suspicious activity to protect your information.
No System is 100% Secure
While we implement robust security measures, no data transmission or storage system can be guaranteed to be 100% secure. Use strong passwords and never share your NFC cards or app passwords with anyone.
8. Your Privacy Rights
Depending on your location, you may have certain rights regarding your personal information:
Access
Request a copy of the personal information we hold about you.
Correction
Request correction of inaccurate or incomplete information.
Deletion
Request deletion of your personal information (subject to legal retention requirements).
Opt-Out
Opt out of optional data collection like analytics in app settings.
Portability
Request a copy of your data in a machine-readable format.
Objection
Object to processing of your data for specific purposes.
How to Exercise Your Rights
To exercise any of these rights, contact us at:
Email: legal@syfra.io
We will respond to your request within 30 days as required by applicable privacy laws.
9. International Data Transfers
Syfra operates globally and may transfer data to countries outside your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place:
- • Standard contractual clauses approved by relevant data protection authorities
- • Adequacy decisions (e.g., EU-approved countries)
- • Encryption and security measures during transfer
- • Compliance with applicable data protection laws
10. Third-Party Links and Services
Our website and apps may contain links to third-party websites or services (such as Shopify, GitHub, etc.). We are not responsible for the privacy practices of these third parties.
Review Third-Party Policies
We encourage you to review the privacy policies of any third-party services you use. Their data practices are governed by their own policies, not this one.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:
- • Update the "Effective Date" at the top of this page
- • Post the revised Privacy Policy on our website
- • For material changes, send email notification (if we have your email from an order)
- • Display an in-app notice (for mobile app users)
Your continued use of Syfra Products after changes are posted constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you must stop using the Products.
Notification of Material Changes
We will provide at least 30 days' notice for any material changes that affect how we collect or use your personal information.
12. Contact Us
Privacy Inquiries
For privacy questions, data requests, or concerns about your personal information.
Response Times
Privacy Requests (GDPR, CCPA, etc.)
Within 30 days
General Privacy Inquiries
5-7 business days
Data Deletion Requests
Within 30 days
✓ By using Syfra, you acknowledge that you have read and understand this Privacy Policy
Last updated: January 1, 2025