Legal

Privacy Policy

WallCard by NodeRails · NodeRails Card Network

Effective date: June 5, 2026

This policy describes what information we collect when you use WallCard, how we use and protect it, and the choices you have. WallCard is a self-custodial wallet product. We design our systems so sensitive credentials such as your PIN are not stored in plaintext in our primary application databases.

1. Introduction

NodeRails ("NodeRails", "we", "us", or "our") operates WallCard, the NodeRails Card Network, and related websites, mobile applications, wallet interfaces, and developer tools (collectively, the "Services").

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you access or use the Services. It also describes the choices available to you regarding your information.

By using the Services, you acknowledge that you have read this Privacy Policy. If you do not agree with our practices, please do not use the Services.

2. Scope

This policy applies to information we process in connection with WallCard accounts, card issuance, wallet activity, signing approvals, push notifications, and integrations with third-party applications that use our SDK.

This policy does not apply to third-party websites, decentralized applications, or services that you may access through WallCard. Those parties operate under their own privacy policies.

For purposes of applicable privacy laws, NodeRails is the controller of personal information described in this policy unless we state otherwise.

3. Information we collect

We collect information in three general ways: information you provide directly, information generated through your use of the Services, and information from third parties where permitted.

3.1 Information you provide

You may provide the following categories of information when registering, verifying your identity, or contacting support:

  • Email address and one-time verification codes used for authentication
  • Legal name, country of residence, and date of birth collected during profile setup
  • Username or display preferences you choose within the app
  • Card credentials you enter for verification flows (such as card number digits and CVV). We use these values to authenticate you and do not display full card numbers in routine interfaces
  • A 6-digit PIN that you create. Your PIN is verified using cryptographic hashing and sealing. We do not store your PIN in plaintext in our primary application databases
  • Communications you send to support, including the content of your message and contact details

3.2 Information collected automatically

When you use the Services, we may automatically collect:

  • Device identifiers, operating system, app version, and general device type
  • Push notification tokens when you enable mobile push approvals
  • Session, refresh, and device registration metadata used to keep you signed in securely
  • IP address, request timestamps, and diagnostic logs needed to operate, secure, and troubleshoot the Services
  • Signing request metadata, including method, chain, request origin, approval status, and high-level payload summaries. We do not need to store full private keys to provide the Services

3.3 Blockchain and public ledger information

Blockchain networks are public by design. Wallet addresses, transaction hashes, token transfers, and smart contract interactions may be visible on-chain and indexed by third-party explorers.

When you use WallCard to sign transactions, the resulting on-chain activity is not private even if your account information is protected on our systems.

3.4 Information from third parties

We may receive information from infrastructure providers that help us deliver email, push notifications, analytics, hosting, key management, and blockchain connectivity. We may also receive information from integrators that embed WallCard in their applications, such as the origin of a signing request.

4. How we use information

We use personal information for the following purposes:

  • Create and administer your WallCard account and wallet references
  • Authenticate you using email codes, card verification, PIN checks, biometric gates on your device, and in-app signing approvals
  • Prepare, route, and record signing requests that you approve
  • Send service messages, security alerts, one-time codes, and push approval notifications
  • Maintain session security, detect abuse, and enforce our Terms and Conditions
  • Improve reliability, performance, and user experience of the Services
  • Comply with law, respond to lawful requests, and protect the rights, property, and safety of NodeRails, our users, and others
  • Communicate with you about product updates, policy changes, and support matters

6. How we share information

We do not sell your personal information. We share information only as described below:

Service providers: we use trusted vendors for hosting, email delivery, push infrastructure, analytics, secrets management, signing infrastructure, and blockchain connectivity. These providers process information on our instructions and under contractual confidentiality and security obligations.

Integrators and merchants: when you approve a signing request initiated by a third-party site or application, that party may receive the signature result and information necessary to complete the interaction. The request origin may be shown to you during approval.

Legal and safety: we may disclose information if we believe in good faith that disclosure is required by law, regulation, legal process, or governmental request, or to investigate fraud, security incidents, or violations of our terms.

Business transfers: if we are involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction subject to standard confidentiality protections.

With your direction: we may share information when you ask us to do so or when you intentionally interact with a third party through the Services.

7. International data transfers

NodeRails may process and store information in the United States and in other countries where we or our service providers operate.

If you access the Services from outside the United States, you understand that your information may be transferred to, stored in, and processed in jurisdictions that may have different data protection laws than your home country.

Where required, we implement appropriate safeguards for cross-border transfers, such as standard contractual clauses or equivalent mechanisms recognized by applicable law.

8. Data retention

We retain personal information for as long as necessary to provide the Services, fulfill the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce our agreements.

Retention periods vary by data type. For example, authentication logs and audit records may be kept for a limited security window, while account profile fields remain until you delete your account or we no longer need them for legitimate business purposes.

On-chain transaction data cannot be deleted by NodeRails because public blockchains are immutable.

9. Security

We use administrative, technical, and organizational measures designed to protect personal information, including encryption in transit, access controls, secrets management, sealed PIN handling, and separation between application and signing infrastructure.

No method of transmission or storage is completely secure. You are responsible for safeguarding your device, email account, and PIN. Notify us promptly if you believe your account has been compromised.

10. Your privacy rights and choices

Depending on where you live, you may have rights to access, correct, delete, restrict, or object to certain processing of your personal information, and to receive a portable copy of information you provided.

You may manage certain choices directly in the WallCard app, including push approval preferences and session security settings on your device.

To exercise privacy rights, contact us using the details in Section 15. We may need to verify your identity before responding. You may also have the right to lodge a complaint with your local data protection authority.

You can request account and data deletion from the WallCard app (Settings) or from our dedicated page at /delete-account on wallcard.noderails.com.

  • Opt out of push notifications through your device or in-app settings
  • Request access to or correction of account profile information
  • Request deletion of account data subject to legal and operational retention needs (see /delete-account)
  • Withdraw consent where processing is based on consent, without affecting prior lawful processing

11. California privacy disclosures

If you are a California resident, you may have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act.

In the preceding 12 months, we may have collected the categories of information described in Section 3, used them for the business purposes described in Section 4, and disclosed them to service providers and integrators as described in Section 6.

We do not sell or share personal information for cross-context behavioral advertising as those terms are defined under California law.

California residents may submit requests by emailing privacy@noderails.com. We will not discriminate against you for exercising privacy rights.

12. Children's privacy

The Services are not directed to individuals under 18 years of age, and we do not knowingly collect personal information from children.

If you believe a child has provided personal information to us, contact privacy@noderails.com and we will take appropriate steps to delete the information where required.

13. Cookies and similar technologies

Our websites and wallet web experiences may use cookies, local storage, and similar technologies to maintain sessions, remember preferences, and measure basic performance.

You can control cookies through your browser settings. Disabling certain cookies may limit functionality of the wallet web experience or developer demos.

14. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page.

If we make material changes, we may provide additional notice through the app, by email, or on our website. Your continued use of the Services after the effective date of an updated policy constitutes acceptance of the changes, subject to applicable law.

15. Contact us

Privacy inquiries: privacy@noderails.com

General support: support@noderails.com

Product: WallCard by NodeRails

For data protection questions, include enough detail for us to identify your account and the nature of your request. We aim to respond within the timeframes required by applicable law.