Privacy Policy

Last updated: March 2026

This is the privacy policy ("Privacy Policy") for the Blanq Wallet and any related applications or services (collectively the "Platform") owned or operated by Blanq Labs BV, registered at the Dutch Chamber of Commerce with registration number 86844784, with its registered office address at Singel 542, Amsterdam 1017 AZ, The Netherlands ("our", "we", or "Blanq"). The Platform comprises the Blanq App (mobile application), the Blanq Server (server-side application), and, optionally, the Blanq Card (smartcard hardware add-on) — together forming the Blanq Wallet, a self-custody distributed-key wallet secured by a Trusted Execution Environment (TEE). Blanq is the controller of your personal data collected through the Platform and we are committed to protecting and respecting your privacy.

  1. Introduction

    This Privacy Policy explains who we are, why and how we process personal data collected through your use of the Platform and, if you are the subject of any of the personal data concerned, what rights you have and how to get in touch with us if you need to. When you supply any personal data to us we have legal obligations towards you in the way we use that data. We must collect the information fairly and explain to you how we will use it.

    It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice that we may provide at or around the time that we collect or process personal data about you so that you are fully aware of how and why we are using that data.

    This Privacy Policy supplements other notices and legal documents including the Terms of Service ("Terms") and is not intended to override or replace them.

    If, for any reason, you do not agree to the terms of this Privacy Policy, please stop using the Platform.

    We reserve the right to revise or amend this Privacy Policy at any time to reflect changes to our business or changes in the law. Where these changes are significant we will endeavor to email all of our registered users to make sure that they are informed of such changes.

    Please note that the Platform is not intended for use by or directed at anyone under the age of 18 and we do not knowingly collect data relating to children. If you believe we have collected personal information about your child, you may contact us at legal@blanqlabs.com and request that we remove information about them.

  2. What information we collect?

    1. What is personal data?

      Where this Privacy Policy refers to 'personal data' it is referring to data about you from which you could be identified – such as your name, your date of birth, or your contact details.

      By law all organizations who process your personal data in Europe and in the UK are obliged to process your personal data in certain ways and to ensure that you are given an appropriate amount of information about how they use it. You also have various rights to seek information from those organizations about how they are using your data, and to prevent them from processing it unlawfully. For more information about these rights, please see the 'Your Rights' section of this Privacy Policy.

    2. How and what types of data we collect from you when you use the Platform?

      When you use the Platform to register an account, fill in forms provided on the Platform, subscribe to our services or report a problem with the Platform, we may collect, store and use certain personal information that you disclose to us.

      The information we collect from you may include (but is not limited to): your IP address, email address, feedback, and log-in information.

      We shall also collect information about you when you visit and interact with the Platform through the use of functional cookies and similar browser storage technologies. The following are examples of information we may collect:

      • information about your device, browser or operating system
      • time zone setting
      • your IP address
      • information about interactions you have with the Platform (such as scrolling and clicks)
      • information about the way you use and the actions you take within the Platform
      • length of time on the Platform and time spent within certain sections
      • response times
      • download errors

      We use cookies and similar browser storage technologies (including localStorage) solely for functional purposes necessary to operate the Platform, such as maintaining your authenticated session. We do not use advertising or tracking cookies. Please refer to your device's or browser's settings to learn how to manage or clear cookies and local storage. Disabling these technologies may affect your ability to use the Platform.

      We may also partner with third parties who may collect anonymous usage or statistical data through your use of the Platform (including, for example, sub-contractors in technical and payment services, business partners, and analytics providers).

      Wallet and blockchain data. In connection with your use of the Blanq Wallet, we may also collect: your wallet addresses (public keys); transaction data including amounts, network fees, counterparty addresses, and timestamps; and blockchain interaction data. Please note that transactions recorded on public blockchains are public and immutable. Blanq does not store or have access to your private keys or cryptographic seed at any time.

      Guardian and authentication data. If you use the optional guardian recovery service, we collect OAuth2 authentication data derived from your chosen social login provider and store it in a one-way hashed form. This hash cannot be used to identify or retrace your social identity and is used solely to authenticate you for account recovery purposes.

      Biometric data. The Blanq App may use biometric authentication features (such as Face ID or fingerprint recognition) available on your device. Biometric data is processed entirely on your device by your operating system and is never transmitted to or stored by Blanq.

      Optional regulated services. Certain optional services, including virtual bank accounts and crypto exchange services, may be offered through our regulated third-party partners and vendors. Where you choose to use such services, the collection and processing of your personal data in connection with those services — including any identity verification (KYC) or anti-money laundering checks — will be governed by a separate agreement and privacy notice provided by the relevant partner or vendor at the time of enrolment.

    3. Updating your information

      If you want to update the information you have previously given to us, you can contact us at legal@blanqlabs.com.

  3. How and why we use/share your information?

    1. Lawful basis for processing your information

      We will only use your personal data when the law allows us to. Most commonly we will use your personal data in any of the following circumstances:

      • Where you have asked us to do so, or consented to us doing so.
      • Where we need to do so in order to perform a contract we have entered into with you.
      • Where it is necessary for our legitimate interests (or those of a third party) and your fundamental rights do not override those interests.
      • Where we need to comply with a legal or regulatory obligation.

    2. Marketing

      You will receive marketing messages from us if you have given us your consent to do so or if you have provided feedback on our Platform and have not opted out of receiving marketing messages (and it is within our legal rights, when balanced against your rights and freedoms as an individual, to serve you with marketing).

      To unsubscribe from marketing emails at any time, please click on the unsubscribe link at the bottom of any marketing email and update your account preferences. You may also contact us to inform us if you do not wish to receive any marketing materials from us.

    3. Sharing your information

      Depending on how and why you provide us with your personal data, we may share it in any of the following ways:

      • Where you have asked us to do so, or consented to us doing so.
      • We may share your personal information with any member of our group where there is a valid and lawful reason to do so, which means our subsidiaries, our ultimate holding company and its subsidiaries.
      • With selected third parties including business partners, suppliers and subcontractors for the performance of any contract we enter into with them or you (see "Service Providers" section of this Privacy Policy).
      • With analytics that assist us in the improvement and optimisation of the Platform.

      We may also disclose your personal information to third parties in any of the following events:

      • If we were to sell or buy any business or assets, in which case we might disclose your personal information to the prospective seller or buyer of such business or assets.
      • If Blanq or substantially all of its assets are acquired by a third party, in which case personal information held by us about our customers will be one of the transferred assets.
      • If we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply the Terms; or to protect the rights, property, or safety of our company, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

    4. Service Providers

      Our service providers provide us with a variety of administrative, statistical, and technical services. We will only provide service providers with the minimum amount of personal data they need to fulfill the services we request, and we stipulate that they protect this information and do not use it for any other purpose. We take these relationships seriously and oblige all of our data processors to sign contracts with us that clearly set out their commitment to respecting individual rights, and their commitments to assisting us to help you exercise your rights as a data subject. Our third party service providers, grouped by function, currently include:

      • Infrastructure: Amazon Web Services, Google Cloud, Cloudflare, Vercel, Supabase, Messagebird
      • Blockchain: Alchemy, Helius
      • Fintech: Stripe, Bridge

      Our use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

    5. Other Disclosures

      During your use of the Platform, your app store provider, mobile network operator, third party APIs or others may also collect personal information about you regarding your use of the Platform such as your identity, your usage and location.

      These third parties shall act as separate and independent controllers of that personal data and shall process it in accordance with their own privacy policy.

    6. Links to third party sites

      The Platform may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. We may also provide links to third party websites that are not affiliated with the Platform. Third party websites are out of our control and are not covered by this Privacy Policy. If you access third party sites using the links provided, the operators of these sites may collect information from you that could be used by them, in accordance with their own privacy policies. Please check these policies before you submit any personal data to those websites.

  4. Security

    Blanq takes the protection of your information very seriously. We have put in place appropriate physical, electronic and managerial security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed, including use of secure servers, passwords and industry standard encryption for data both in transit and at rest (for data in transit we use up-to-date versions of SSL and for data at rest we use AES-256).

    Where we have given you a password that enables you to access certain parts of our Platform, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

    In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

    We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

    Self-custody architecture. The Blanq Wallet is built on a self-custodial architecture. Your cryptographic master key (seed) is never held by Blanq — it is distributed as encrypted shares stored across multiple independent factors secured by the TEE. Blanq does not have the ability to initiate transactions on your behalf, nor can we unilaterally recover your assets. This design ensures that only you can authorise transactions, but it also means that Blanq cannot restore access to your blockchain assets without your active participation in the Blanq protocol.

  5. How long we keep your information?

    We only keep your data for the time necessary to fulfill the purpose of collection. We are able to store personal data for longer periods with a valid legal ground, or when the data is sufficiently (for example) pseudonymised or anonymised.

  6. International data transfers

    Please note that some of our service providers may be based outside of the European Economic Area (the "EEA") and the United Kingdom ("UK"). These service providers may work for us or for one of our suppliers and may be engaged in, among other things, the fulfillment of your request for information, products and services, the processing of your payment details and the provision of support services.

    Where we transfer your data to a service provider that is outside of the EEA and/or the UK we seek to ensure that appropriate safeguards are in place to make sure that your personal data is held securely and that your rights as a data subject are upheld. Transfers of personal data are either made:

    • to a country recognised by the European Commission and/or the UK Secretary of State as providing an adequate level of protection; or
    • to a country which does not offer adequate protection but whose transfer has been governed by the standard contractual clauses of the European Commission, the UK International Data Transfer clauses or by implementing other appropriate cross-border transfer solutions to provide adequate protection.

    By submitting your personal information, you agree to this transfer, storing or processing. If you would like more information about the mechanism via which your personal data is transferred please contact legal@blanqlabs.com.

  7. Your rights

    As a data subject you have a number of rights in relation to your personal data. Below, we have described the various rights that you have as well as how you can exercise them.

    1. You have the right to be informed (article 13 GDPR)

      We provide you with the necessary information regarding the collection and usage of your personal data. We do this by means of this Privacy Policy.

    2. You have the right to access the personal data we hold about you (article 15(1) GDPR)

      If you file a data access request, we will provide you with a copy of all the personal data we have collected about you. You also have the right to receive this information in a way that is structured, commonly used and machine-readable.

    3. You may request that we delete your personal data (article 17(1) GDPR)

      We will delete the personal data we have collected about you. We will only delete your data if you are no longer an active user with us. Furthermore, Dutch law requires us to keep certain information for up to 10 years.

      Please note that transaction data recorded on public blockchains is immutable and outside of our control. We are unable to delete or alter on-chain records. The right to erasure applies only to personal data held in our own systems.

    4. You may request that we rectify incorrect or incomplete information about you (article 16(1) GDPR)

      If you spot anything in your personal information that is either incorrect or incomplete, please contact us and we will correct it as soon as possible.

    5. You may object to the processing of your personal data by us (article 21(1) GDPR)

      We process certain data on the basis of legitimate interest. In this case, you can object to the processing.

      We will consider your request and determine whether we have an overriding reason to process the data you are objecting to. If this is the case, we will refuse your request.

    6. You may ask us to restrict the processing of your personal data (article 18 GDPR)

      Restriction of processing means that we will temporarily suspend processing of your personal data. You can ask us to do so if:

      • you contest the accuracy of the information;
      • our processing is unlawful but you do not want us to delete the data;
      • our processing is unlawful, but you need us to maintain the information in connection to a legal claim; or
      • you have objected to the processing and we are evaluating your request.

    7. You also have the right not to be subject to a decision that was made solely on the basis of automated processing, including profiling, which produces legal effects that concern you or that similarly significantly affect you (Article 22 GDPR)

      Furthermore, you may lodge a complaint with the data protection supervisory authority responsible for you (in the member state where you commonly reside, where your place of work is located or where the alleged infringement took place) in accordance with Article 77 of the GDPR if you are of the opinion that the processing of your personal data violates the GDPR.

  8. Contact details

    If you have any queries regarding this Privacy Policy, if you wish to exercise any of your rights set out above or if you think that the Privacy Policy has not been followed, please contact us by emailing at legal@blanqlabs.com.

    In case you disagree with the handling of your complaint, you are able to file a complaint at the Autoriteit Persoonsgegevens.