Privacy Policy

Unchained

Effective Date: March 7, 2026

Last Updated: March 13, 2026

This Privacy Policy describes how JolleyTech, LLC ("Developer," "we," "us," or "our") collects, uses, discloses, and protects your information when you use the Unchained cryptocurrency monitoring application ("App"), available on iOS, Android, and the web at jolleytech.com. By using the App, you agree to the collection and use of information in accordance with this Privacy Policy.

If you do not agree with the terms of this Privacy Policy, please do not access or use the App.

1. Information We Collect

1.1 Information You Provide Directly

Account Information. When you create an account, we collect your email address and assign a unique user identifier. Authentication is handled through our self-hosted Keycloak identity provider using OAuth2/OpenID Connect. We do not use third-party authentication services.
Alert Configurations. You may configure alerts by specifying blockchain networks (Ethereum, Polygon, Arbitrum, Optimism, Base), event types, contract or wallet addresses to monitor, and price thresholds. These configurations are stored on our servers to deliver the alerting service.
Watchlist Preferences. You may select cryptocurrency tokens to add to your watchlist. These preferences are stored on our servers to personalize your experience.

1.2 Information Collected Automatically

Device Information. When you register a device for push notifications, we collect your device name, platform (iOS, Android, or Web), operating system version, and app version. This information is used for device management and delivering push notifications.
Device Tokens. We collect Firebase Cloud Messaging (FCM) registration tokens to deliver push notifications to your device.
Usage Data. We collect information about how you interact with the App, including alert history (alerts triggered and delivered) and features accessed. This data is used to provide the service and improve the App.

1.3 Information Stored Locally on Your Device

Biometric Authentication Preference. If you enable biometric login (Face ID, Touch ID, or fingerprint authentication), your preference is stored locally on your device. No biometric data is transmitted to or stored on our servers. Biometric authentication is handled entirely by your device's operating system.
Authentication Tokens. Secure session tokens may be stored locally on your device (in the iOS Keychain or Android EncryptedSharedPreferences) to maintain your authenticated session.

1.4 Information We Do Not Collect

We want to be transparent about what we do not collect:

Financial Account Information. We do not collect bank account numbers, credit card numbers, or any financial account credentials.
Wallet Private Keys or Seed Phrases. We never request, collect, or store cryptocurrency wallet private keys, seed phrases, or recovery phrases.
Personally Identifiable Blockchain Addresses. While you may configure blockchain addresses to monitor, these addresses are not linked to your personal identity within our systems. We treat monitored addresses as functional configuration data, not personal identifiers.
Location Data. We do not collect precise or approximate geolocation data.
Advertising Identifiers. We do not collect Apple IDFA, Google Advertising ID, or any other advertising identifiers. The App contains no advertisements.
Contacts, Photos, or Other Device Data. We do not access your contacts, photos, camera, microphone, or other device sensors beyond what is described in this Privacy Policy.

2. How We Use Your Information

We use the information we collect for the following purposes:

Providing the Service. To deliver cryptocurrency monitoring, alerting, and market analysis features, including processing your alert configurations and sending push notifications when alert conditions are met.
AI-Powered Features. To generate market briefings, sentiment analysis, and contextual explanations. AI processing is performed using a combination of self-hosted language models on our own infrastructure and Groq Cloud ("Groq"), a third-party AI inference service. When Groq is used, only prompt content (such as market data summaries and analysis requests) is transmitted — no personally identifiable user data, email addresses, or account information is included in AI prompts. Groq's handling of data is governed by the Groq Privacy Policy. We do not transmit user data to OpenAI, Google AI, or similar providers.
Device Management. To manage your registered devices and deliver push notifications to the correct devices.
Account Management. To maintain your account, authenticate your sessions, and enforce subscription tier limits.
Service Improvement. To understand how the App is used, diagnose technical issues, and improve features and performance.
Communication. To send you service-related communications, including security notices and important updates about the App.

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We share information only in the following limited circumstances:

3.1 Third-Party Service Providers

Firebase Cloud Messaging (Google). We transmit FCM device tokens to Google's Firebase Cloud Messaging service solely to deliver push notifications to your device. Google's handling of this data is governed by the Google Privacy Policy. We do not share any other user data with Google through this integration.
Groq Cloud (Groq, Inc.). We use Groq's cloud inference API to process AI-generated content such as market briefings, sentiment analysis, and translations. Only prompt content containing market data and analysis requests is transmitted to Groq — no personally identifiable user data is included. Groq's handling of data is governed by the Groq Privacy Policy.
CoinGecko API. We retrieve publicly available cryptocurrency price data from the CoinGecko API. No user data is shared with CoinGecko in connection with these requests.
Cloudflare. Our services are protected by Cloudflare's CDN and Web Application Firewall. Cloudflare may process your IP address, request headers, and other network-level information in the course of providing security and performance services. Cloudflare's handling of this data is governed by the Cloudflare Privacy Policy.
Apple App Store and Google Play Store. The App is distributed through Apple's App Store and Google's Play Store. Your interaction with these platforms is governed by their respective privacy policies.

3.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal process, including:

A subpoena, court order, or other governmental request;
To protect the rights, property, or safety of the Developer, our users, or others;
To enforce our Terms of Service or other agreements;
To detect, prevent, or address fraud, security, or technical issues.

3.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice within the App of any change in ownership or uses of your personal information.

4. Data Retention

Account Data. Your account information, alert configurations, and watchlist preferences are retained for as long as your account remains active. If you delete your account, we will delete or anonymize your personal data within thirty (30) days, except as required by law.
Alert History. Alert history records are retained based on your subscription tier:
- FREE tier: 30 days
- PRO tier: 90 days
- ENTERPRISE tier: 365 days
Device Tokens. FCM device tokens are retained while the associated device is registered to your account. Tokens are deleted when you unregister a device or delete your account.
Server Logs. Operational server logs that may contain IP addresses or request metadata are retained for no more than ninety (90) days and are used solely for security monitoring and debugging purposes.

5. Data Security

We implement reasonable administrative, technical, and physical security measures to protect your information, including:

All data in transit is encrypted using TLS (HTTPS).
Authentication tokens are stored securely using platform-native secure storage (iOS Keychain, Android EncryptedSharedPreferences).
Authentication is handled through self-hosted Keycloak with OAuth2/OIDC and PKCE (Proof Key for Code Exchange).
Our infrastructure is protected by Cloudflare Web Application Firewall (WAF) rules.
Kubernetes network policies restrict inter-service communication to only what is necessary.
Security contexts are applied to all deployed services following the principle of least privilege.

No method of electronic transmission or storage is 100% secure. While we strive to use commercially reasonable means to protect your personal information, we cannot guarantee its absolute security.

6. Your Rights and Choices

6.1 Account and Data Management

You have the following rights regarding your data:

Access. You may request a copy of the personal data we hold about you.
Correction. You may update your account information through the App or by contacting us.
Deletion. You may request deletion of your account and associated data by contacting us at jolleytech+unchainedlegal@gmail.com. We will process your request within thirty (30) days.
Push Notifications. You may disable push notifications at any time through your device settings or by unregistering your device within the App.
Biometric Authentication. You may enable or disable biometric login at any time through the App's settings.

6.2 Rights Under the General Data Protection Regulation (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following additional rights under the GDPR:

Right of Access (Article 15). You have the right to obtain confirmation as to whether your personal data is being processed and to request a copy of your personal data.
Right to Rectification (Article 16). You have the right to request correction of inaccurate personal data.
Right to Erasure (Article 17). You have the right to request deletion of your personal data, subject to certain exceptions (such as compliance with legal obligations).
Right to Restriction of Processing (Article 18). You have the right to request that we restrict the processing of your personal data under certain circumstances.
Right to Data Portability (Article 20). You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
Right to Object (Article 21). You have the right to object to the processing of your personal data for certain purposes.
Right to Withdraw Consent. Where processing is based on your consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Legal Basis for Processing. We process your personal data on the following legal bases:

Performance of a Contract (Article 6(1)(b)). Processing necessary to provide the App and its features as described in our Terms of Service.
Legitimate Interests (Article 6(1)(f)). Processing necessary for our legitimate interests, such as improving the App, ensuring security, and preventing fraud, provided such interests are not overridden by your data protection rights.
Consent (Article 6(1)(a)). Where you have provided consent, such as opting in to push notifications or biometric authentication.

To exercise any of these rights, please contact us at jolleytech+unchainedlegal@gmail.com. We will respond to your request within thirty (30) days. If we require additional time, we will inform you of the reason and the expected timeline. You also have the right to lodge a complaint with a supervisory authority in your jurisdiction.

6.3 Rights Under the California Consumer Privacy Act (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Right to Know. You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected personal information, the business or commercial purpose for collecting personal information, and the categories of third parties with whom we share personal information.
Right to Delete. You have the right to request that we delete the personal information we have collected from you, subject to certain exceptions.
Right to Correct. You have the right to request that we correct inaccurate personal information that we maintain about you.
Right to Opt-Out of Sale or Sharing. We do not sell or share your personal information as defined under the CCPA/CPRA. Because we do not engage in the sale or sharing of personal information, there is no need to opt out.
Right to Non-Discrimination. We will not discriminate against you for exercising any of your CCPA/CPRA rights.

Categories of Personal Information Collected (preceding 12 months):

Category	Examples	Collected
Identifiers	Email address, unique user ID, device tokens	Yes
Internet or network activity	Alert history, feature usage, IP address (via Cloudflare)	Yes
Geolocation data	Precise or approximate location	No
Biometric information	Fingerprint, facial recognition data	No (stored on-device only)
Professional or employment information	Job title, employer	No
Financial information	Bank account, credit card numbers	No
Characteristics of protected classifications	Race, gender, religion	No
Audio, electronic, visual, or similar information	Photos, recordings	No
Sensitive personal information	SSN, driver's license, precise geolocation	No

Sources of Personal Information: Directly from you (account creation, alert configuration) and automatically from your device (device information, usage data).

Business Purpose for Collection: Providing the cryptocurrency monitoring service, delivering push notifications, account management, and service improvement.

Third Parties with Whom Information Is Shared: Firebase Cloud Messaging (device tokens for push notifications), Cloudflare (IP addresses for security), Groq Cloud (AI prompt content containing market data only — no personal information). We do not sell personal information to any third party.

To exercise your CCPA/CPRA rights, contact us at jolleytech+unchainedlegal@gmail.com. We will verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf.

7. International Data Transfers

Our servers are located in the United States. If you access the App from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. By using the App, you consent to the transfer of your information to the United States.

For users in the EEA, UK, or Switzerland, we will ensure that any transfer of personal data is carried out in accordance with applicable data protection law. Where required, we will implement appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission.

8. Children's Privacy

The App is not directed to children under the age of thirteen (13). We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at jolleytech+unchainedlegal@gmail.com. If we become aware that we have collected personal information from a child under 13 without verification of parental consent, we will take steps to delete that information within a reasonable timeframe. This policy is in compliance with the Children's Online Privacy Protection Act (COPPA).

9. Third-Party Links and Services

The App may contain links to third-party websites or services, such as blockchain explorers (e.g., Etherscan, Polygonscan). We are not responsible for the privacy practices of these third-party services. We encourage you to review the privacy policies of any third-party services you access through or in connection with the App.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

Posting the updated Privacy Policy within the App with a revised "Last Updated" date;
Sending a notification through the App or via email for significant changes.

Your continued use of the App after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. We encourage you to review this Privacy Policy periodically.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

JolleyTech, LLC Helena, MT, United States Email: jolleytech+unchainedlegal@gmail.com Website: jolleytech.com

We will respond to all privacy-related inquiries within thirty (30) days.

12. Supplemental Disclosures

12.1 Do Not Track Signals

The App does not track users across third-party websites and therefore does not respond to Do Not Track (DNT) signals. We do not engage in cross-site tracking.

12.2 Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you in accordance with applicable law. Where required, we will notify the relevant supervisory authority within seventy-two (72) hours of becoming aware of the breach, and we will notify affected individuals without undue delay.

12.3 Automated Decision-Making

The App uses automated processing to generate market briefings, sentiment analysis, and alert classifications using a combination of self-hosted AI models and third-party AI inference (Groq Cloud). These automated processes provide informational outputs only and do not make decisions that produce legal effects or similarly significant effects concerning you. You are not subject to decisions based solely on automated processing that would affect your legal rights.