Privacy Policy

1. Introduction

Welcome to WalletForge's Privacy Policy. This policy explains how WalletForge ("we", "us", or "our") collects, uses, discloses, and protects your personal information when you use our digital pass management platform.

By using WalletForge, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

This Privacy Policy applies to information we collect:

Through our website at walletforge.io
Through our web application and dashboard
Via our API and developer tools
Through email, text, and other electronic communications
When you interact with our advertising and applications on third-party websites

Privacy by Design

We've built privacy into every aspect of WalletForge. We collect only the data necessary to provide and improve our service, and we're transparent about how we use it.

2. Information We Collect

2.1 Information You Provide to Us

Account Information

When you create a WalletForge account, we collect:

Identity data: Name, email address, phone number
Account credentials: Username, password (encrypted)
Profile information: Company name, job title, profile picture (optional)
Communication preferences: Email notification settings, marketing preferences

Payment Information

When you subscribe to a paid plan, we collect:

Billing information: Name, billing address, email
Payment details: Credit card information is collected and processed securely by Authorize.Net (we never store full card numbers)
Transaction history: Invoices, payment amounts, dates

Pass Content and Data

When you create digital passes, we collect:

Pass design data: Images, logos, colors, text, layouts
Pass content: Event details, coupon terms, membership information
Pass metadata: Creation dates, update history, distribution data
Pass analytics: Download counts, scan data, redemption rates

Communications

When you contact us, we collect:

Your name, email address, and contact details
The content of your messages and attachments
Support ticket history and resolution notes

2.2 Information We Collect Automatically

Usage Data

We automatically collect information about how you use WalletForge:

Activity logs: Features used, pages viewed, time spent, click patterns
API usage: API calls made, endpoints accessed, response times
Session data: Login times, session duration, device switching
Performance data: Load times, errors encountered, feature adoption

Device and Technical Information

Device data: Device type, operating system, browser type and version
Network data: IP address, ISP, connection type
Location data: Country and city based on IP address (approximate)
Technical identifiers: Device IDs, browser fingerprints

2.3 Information from Third Parties

We may receive information about you from:

Authentication providers: If you sign in using Google or other SSO providers
Payment processors: Transaction confirmations from Authorize.Net
Analytics providers: Aggregated usage statistics and trends
Public sources: Publicly available business information

Data Category	Examples	Purpose	Legal Basis
Account Data	Name, email, password	Account creation and authentication	Contract performance
Payment Data	Billing address, payment method	Processing subscriptions	Contract performance
Usage Data	Feature usage, click patterns	Service improvement	Legitimate interest
Technical Data	IP address, browser type	Security and fraud prevention	Legitimate interest
Marketing Data	Email preferences	Marketing communications	Consent

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 To Provide and Maintain Our Service

Create and manage your account
Process your digital pass creation and distribution
Provide customer support and respond to inquiries
Send service-related notifications (account updates, security alerts)
Process payments and generate invoices
Enforce our Terms of Service and prevent abuse

3.2 To Improve and Optimize Our Service

Analyze usage patterns and trends
Conduct research and development for new features
Test and monitor service performance
Debug and fix technical issues
Optimize user experience and interface design
Understand customer needs and preferences

3.3 To Communicate With You

Send important updates about your account or service changes
Respond to your comments, questions, and support requests
Provide technical notices and security alerts
Send newsletters and marketing communications (with your consent)
Request feedback and conduct surveys
Notify you about new features and special offers

3.4 For Security and Fraud Prevention

Detect and prevent fraudulent transactions
Monitor for security threats and vulnerabilities
Verify identity and prevent unauthorized access
Investigate and respond to security incidents
Comply with legal obligations and law enforcement requests

3.5 For Legal and Compliance Purposes

Comply with applicable laws and regulations
Respond to legal requests and prevent illegal activity
Enforce our agreements and policies
Protect our rights, property, and safety
Maintain audit trails and records

Purpose Limitation

We only use your data for the purposes described in this Privacy Policy. We will not use your information for other purposes without obtaining your consent first.

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

4.1 Service Providers

We share information with trusted third-party service providers who help us operate our business:

Payment processors: Authorize.Net (for payment processing)
Cloud hosting: AWS or similar providers (for data storage and computing)
Email services: SMTP providers (for transactional emails)
Analytics: Analytics providers (for usage insights)
Support tools: Customer support platforms

All service providers are contractually required to protect your data and use it only for the purposes we specify.

4.2 Business Transfers

If WalletForge is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

Court orders, subpoenas, or legal processes
Law enforcement or government agency requests
Protection of our legal rights and interests
Prevention of fraud, security threats, or illegal activity
Protection of the safety of users or the public

4.4 With Your Consent

We may share your information with other parties when you explicitly consent to such sharing, such as:

Integrations you enable with third-party services
Marketing partnerships you opt into
Public features you choose to use (testimonials, case studies)

4.5 Aggregated and De-identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you. This includes:

Industry reports and benchmarks
Usage statistics and trends
Research and analysis

No Data Selling

We want to be crystal clear: WalletForge does not and will never sell your personal information to data brokers, advertisers, or any third parties for their marketing purposes.

5. Data Security

We take the security of your data seriously and implement industry-standard security measures to protect your information:

5.1 Technical Security Measures

Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS/SSL (HTTPS)
Encryption at rest: Sensitive data stored in our databases is encrypted using AES-256 encryption
Secure password storage: Passwords are hashed using bcrypt with salt
Regular security audits: Periodic vulnerability assessments and penetration testing
Secure APIs: API authentication using secure tokens and OAuth 2.0
DDoS protection: Protection against distributed denial-of-service attacks

5.2 Access Controls

Role-based access control (RBAC) for internal systems
Multi-factor authentication for administrative accounts
Principle of least privilege for data access
Regular access reviews and audit logs
Immediate access revocation upon employee termination

5.3 Infrastructure Security

Secure cloud hosting with reputable providers
Network segregation and firewall protection
Intrusion detection and prevention systems
Regular security patches and updates
Automated backup systems with encrypted backups
Disaster recovery and business continuity plans

5.4 Organizational Security

Security training for all employees
Confidentiality agreements with all personnel
Incident response plan for security breaches
Regular security policy reviews and updates
Vendor security assessments

5.5 Your Security Responsibilities

While we implement strong security measures, you also play a role in protecting your account:

Choose a strong, unique password
Enable two-factor authentication (2FA)
Keep your login credentials confidential
Log out from shared computers
Report suspicious activity immediately
Keep your contact information up to date

Security Breach Notification

In the unlikely event of a data breach that affects your personal information, we will notify you within 72 hours as required by GDPR and other applicable laws. We will provide information about the breach, the data affected, and steps to protect yourself.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

6.1 Retention Periods

Data Type	Retention Period	Reason
Account Information	Duration of account + 30 days	Service provision and recovery window
Payment Records	7 years	Tax and legal compliance
Pass Content	Duration of account + 90 days	Service provision and backup retention
Usage Logs	2 years	Security and analytics
Support Tickets	3 years	Customer service and legal compliance
Marketing Data	Until consent withdrawn	Marketing communications
Aggregated Data	Indefinitely	Cannot identify individuals

6.2 Data Deletion

When data is no longer needed:

Active data is permanently deleted from production systems
Backup data is automatically purged within 90 days
Data is securely wiped using industry-standard methods
Deletion logs are maintained for audit purposes

6.3 Account Closure

When you close your account:

You have 30 days to export your data before deletion
Active passes may continue to function but cannot be updated
Your account information is anonymized or deleted
Financial records are retained as required by law
Backup copies are purged within 90 days

7. Your Privacy Rights

You have certain rights regarding your personal information. The specific rights available to you depend on your location and applicable laws.

🔍 Right to Access

Request a copy of the personal information we hold about you, including details about how we use it.

✏️ Right to Correction

Request that we correct inaccurate or incomplete personal information about you.

🗑️ Right to Deletion

Request that we delete your personal information, subject to certain legal exceptions.

📦 Right to Portability

Request a copy of your data in a structured, machine-readable format to transfer to another service.

⛔ Right to Object

Object to our processing of your personal information based on legitimate interests or for direct marketing.

⏸️ Right to Restriction

Request that we restrict the processing of your personal information in certain circumstances.

🚫 Right to Withdraw Consent

Withdraw your consent to processing at any time where we rely on consent as our legal basis.

📋 Right to Complain

Lodge a complaint with your local data protection authority if you believe we've mishandled your data.

7.1 How to Exercise Your Rights

To exercise any of these rights, you can:

Self-service: Access many options directly in your account settings
Email us: Send a request to admin@echodial.io with "Privacy Rights" in the subject
Contact form: Use our contact form at walletforge.io/contact.html

7.2 Response Timeline

We will respond to your request within:

GDPR (EU): 30 days (extendable to 60 days for complex requests)
CCPA (California): 45 days (extendable to 90 days)
Other jurisdictions: As required by local law

7.3 Verification Process

To protect your privacy, we must verify your identity before processing certain requests. We may ask for:

Email confirmation from your registered account email
Answers to security questions
Government-issued ID (for deletion or portability requests)

7.4 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

Right to know: What personal information we collect, use, disclose, and sell
Right to opt-out: We don't sell personal information, but you can opt out of data sharing
Right to non-discrimination: We won't discriminate against you for exercising your rights
Authorized agents: You can designate an authorized agent to make requests on your behalf

7.5 European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland:

You have all the rights listed in Section 7
We process your data based on legal grounds (consent, contract, legitimate interest)
You can withdraw consent at any time
You can lodge a complaint with your local supervisory authority
Data transfers outside the EEA use Standard Contractual Clauses

No Fees

You will not be charged a fee to exercise any of your privacy rights unless your request is clearly unfounded, repetitive, or excessive.

8. Cookies and Tracking Technologies

8.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. We use cookies and similar tracking technologies to improve your experience, analyze usage, and deliver relevant content.

8.2 Types of Cookies We Use

Essential Cookies (Required)

These cookies are necessary for the website to function and cannot be disabled:

Session cookies: Keep you logged in during your visit
Security cookies: Authenticate users and prevent fraud
Load balancing: Distribute traffic across our servers

Functional Cookies (Optional)

These cookies enhance functionality and personalization:

Preferences: Remember your settings and choices
Language: Store your preferred language
UI state: Remember collapsed/expanded sections

Analytics Cookies (Optional)

These cookies help us understand how you use our service:

Usage tracking: Pages visited, features used
Performance monitoring: Load times, errors
A/B testing: Compare different versions of features

Marketing Cookies (Optional)

These cookies are used for advertising and marketing:

Advertising: Deliver relevant ads on other websites
Campaign tracking: Measure marketing effectiveness
Social media: Enable sharing on social platforms

8.3 Cookie Management

You can control cookies through:

Cookie banner: Accept or reject optional cookies when you first visit
Browser settings: Configure your browser to block or delete cookies
Account settings: Manage analytics and marketing preferences
Opt-out tools: Use industry opt-out tools like NAI or DAA

8.4 Other Tracking Technologies

Web beacons: Small images that track email opens and clicks
Local storage: HTML5 storage for offline functionality
Device fingerprinting: Identify devices for fraud prevention
Analytics SDKs: Track usage in mobile applications

8.5 Do Not Track

Some browsers have "Do Not Track" (DNT) features. Because there is no common understanding of how to interpret DNT signals, we do not currently respond to DNT browser signals. We do respect Global Privacy Control (GPC) signals from California residents.

9. Third-Party Services

9.1 Third-Party Service Providers

WalletForge integrates with and uses several third-party services:

Payment Processing

Authorize.Net: Payment processing and credit card storage
Privacy Policy: authorize.net/privacy
Data shared: Billing information, payment details

Digital Wallet Platforms

Apple Wallet: Pass distribution for iOS devices
Google Wallet: Pass distribution for Android devices
These platforms have their own privacy policies and terms

Email Services

SMTP providers: Transactional and marketing emails
Data shared: Email address, name, email content

Cloud Infrastructure

Hosting providers: Server hosting and data storage
Data shared: All data stored on our platform
Protected by: Data processing agreements and encryption

9.2 Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies.

9.3 Social Media Integration

If you use social media features on our site:

Social networks may track your interactions
Your social media activity is governed by their privacy policies
We may receive basic profile information if you connect accounts

9.4 API and Developer Tools

If you use our API to integrate with third-party services:

You are responsible for complying with privacy laws
You must have appropriate consent from end users
You must protect API credentials and data
Your privacy policy must disclose the integration

10. International Data Transfers

10.1 Where We Store Data

WalletForge is based in the United States. Your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

10.2 Data Protection Safeguards

When we transfer data internationally, we use appropriate safeguards:

Standard Contractual Clauses (SCCs): EU-approved contracts for data transfers
Data Processing Agreements (DPAs): Contracts with service providers
Adequacy decisions: Transfers to countries with adequate protection
Encryption: Data is encrypted in transit and at rest

10.3 European Economic Area (EEA)

For users in the EEA:

Data transfers outside the EEA are protected by SCCs
You can request a copy of the safeguards we use
We comply with GDPR requirements for international transfers

10.4 International Privacy Laws

We comply with privacy laws in jurisdictions where we operate, including:

GDPR (European Union)
CCPA (California)
PIPEDA (Canada)
Privacy Act (Australia)
LGPD (Brazil)

11. Children's Privacy

11.1 Age Restrictions

WalletForge is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.

11.2 Parental Notice

If you believe we have collected information from a child under 18:

Contact us immediately at admin@echodial.io
We will investigate and delete the information promptly
We will take steps to prevent future collection

11.3 COPPA Compliance

We comply with the Children's Online Privacy Protection Act (COPPA) in the United States. Our service is designed for adults and businesses, not children.

11.4 School and Educational Use

If you are using WalletForge in an educational setting:

Educators are responsible for obtaining necessary parental consent
Schools must comply with FERPA and other educational privacy laws
Student data should be handled in accordance with school policies

12. Changes to This Privacy Policy

12.1 Updates

We may update this Privacy Policy from time to time to reflect:

Changes in our practices or services
Legal, regulatory, or security requirements
User feedback and improvements
New features or technologies

12.2 Notification of Changes

When we make material changes to this policy, we will:

Update the "Last Updated" date at the top of this page
Send you an email notification to your registered email address
Display a prominent notice on our website or dashboard
Provide at least 30 days' notice before changes take effect

12.3 Your Acceptance

By continuing to use WalletForge after changes become effective, you accept the updated Privacy Policy. If you don't agree with the changes, you should stop using the service and close your account.

12.4 Version History

Previous versions of this Privacy Policy are available upon request. Contact us at admin@echodial.io to request historical versions.

13. Contact Us

13.1 Privacy Questions

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: admin@echodial.io (put "Privacy" in subject line)
Website: https://walletforge.io
Contact Form: https://walletforge.io/contact.html

13.2 Data Protection Officer

For GDPR-related inquiries, you can contact our Data Protection Officer at admin@echodial.io with "DPO" in the subject line.

13.3 Response Time

We aim to respond to all privacy inquiries within:

General questions: 5 business days
Privacy rights requests: 30 days (as required by law)
Security concerns: 24 hours

13.4 Regulatory Authorities

You have the right to lodge a complaint with a data protection authority. Contact information for EU supervisory authorities can be found at edpb.europa.eu.