Last updated: 22th January 2026

This privacy policy (“Policy”) explains how the IOTA Ecosystem DLT Foundation (“we”, “us” or “our”) processes data in connection with your use of the IOTA Wallet (the “App”).

The IOTA Ecosystem DLT Foundation is a distributed ledger technology foundation established in the Abu Dhabi Global Market, United Arab Emirates, with registration number 15533 and registered address at Office No. 1301 & 1302, Floor 13, Tamouh Tower, Tamouh, Al Reem Island, Abu Dhabi, UAE.

The App is a non-custodial software wallet. We do not collect or process personal data for the purpose of identifying individual users through the normal use of the App. This Policy is provided for transparency purposes and to describe the limited technical data processing that may occur when using the App.

We may use cloud-based infrastructure and third-party service providers to operate and maintain certain technical components related to the App (for example, distribution, diagnostics, analytics, and error monitoring). Where personal data is transferred or processed outside the United Kingdom or the European Economic Area, we ensure appropriate safeguards are in place in accordance with Articles 44–49 GDPR, such as the Standard Contractual Clauses and, where applicable, the UK Addendum.

This Policy may be amended or updated from time to time to reflect changes in technology, legal requirements, or our operations. The latest version will be made available through the App or via our official communication channels. Your continued use of the App after any changes constitutes your acceptance of the updated Policy.

1. Data Controller and Contact

The data controller responsible for any data processing described in this Policy is:

IOTA Ecosystem DLT Foundation
Office No. 1301 & 1302
Floor 13, Tamouh Tower
Tamouh
Al Reem Island
Abu Dhabi
UAE

Email: contact@iota.org

2. General Principles of Data Processing

The App is designed in a privacy-preserving manner. We do not collect, store or process personal data for the purpose of identifying individual users of the App.

The App may process limited technical and usage-related data for operational, statistical and diagnostic purposes, including to monitor performance, detect errors and improve the functionality and security of the App. Such data processing is strictly limited to what is necessary for these purposes and is not used to identify users or to track them across different services.

Any analytics or monitoring data processed in connection with the App is evaluated only in aggregated or pseudonymised form. We do not create user profiles, do not engage in behavioural advertising and do not associate analytics data with wallet addresses, private keys, recovery phrases or transaction data.

Where data processing is subject to applicable data protection laws, such processing is carried out in accordance with those laws and limited to the stated purposes.

3. Processing Activities

3.1 Use of the App and Technical Data

When you install, access or use the App, certain technical information may be processed automatically by the App or by third-party service providers integrated into the App for operational and diagnostic purposes. Such information may include device and system-related data, such as operating system type and version, application version, device model, language settings, timestamps, and technical error or performance data.

The processing of this information is necessary to ensure the stability, security and proper functioning of the App, to detect and resolve technical issues, and to improve the App’s performance and reliability. This data is not used to identify individual users.

We do not create user accounts and do not require registration to use the App. Technical data processed in connection with the use of the App is not combined with other data sources and is not used to create user profiles or to track users across different services.

Technical data is retained only for as long as necessary to fulfil the purposes described above or to investigate and resolve technical or security-related incidents, after which it is deleted or aggregated.

3.2 Analytics (Amplitude)

We use Amplitude, Inc., 201 Third Street, Suite 200, San Francisco, CA 94103, USA (“Amplitude”) to analyse how the App is used and to improve its stability, performance and user experience.

Amplitude may process limited technical and usage-related data generated in connection with your use of the App. Depending on the device and configuration, this may include information such as app version, device model, operating system version, language settings, timestamps, and in-app interaction events (for example, navigation and feature usage).

We configure analytics to minimise the collection of personal data and do not use analytics data to identify individual users. We do not intentionally process wallet addresses, private keys, recovery phrases, passwords, or transaction content for analytics purposes.

Analytics data is processed solely in aggregated or pseudonymised form and is not used to create user profiles or for behavioural advertising.

Where required under applicable law, we rely on your consent for analytics processing. You may withdraw your consent at any time by discontinuing use of the App.

Where Amplitude processes data outside the United Kingdom or the European Economic Area, such transfers are protected by appropriate safeguards in accordance with Articles 44–49 GDPR, such as Standard Contractual Clauses and, where applicable, the UK Addendum.

For more details on how Amplitude processes personal data, please refer to Amplitude’s Privacy Policy.

3.3 Error and Performance Monitoring (Sentry)

We use Sentry, a monitoring service provided by Functional Software, Inc., to detect and fix technical errors and to ensure the stability and security of the App.

In the event of an error, Sentry may process limited technical information such as device and operating system details, app version, time of occurrence, and diagnostic details (for example, stack traces). This information is processed solely for troubleshooting, security and performance monitoring purposes.

We do not intentionally collect personal data through Sentry. However, depending on the circumstances, an indirect link to an individual cannot be fully excluded. We therefore configure error monitoring to minimise data collection and do not use such information to identify users.

4. Your Rights

Where we process personal data, you may have rights under the GDPR, including the right to request access to your personal data, rectification, erasure, restriction of processing, or data portability, as well as the right to object to certain processing activities.

Where processing is based on your consent, you may withdraw your consent at any time with future effect. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

Please note that we do not control data recorded on the IOTA network. Due to the decentralised and immutable nature of blockchain technology, it is not technically possible to modify or delete data once it has been recorded on-chain.

To exercise your rights, you may contact us at privacy@iota.org (or contact@iota.org). You also have the right to lodge a complaint with a competent data protection authority if you believe that the processing of your personal data violates applicable law.

5. Data Security

We take appropriate technical and organisational measures to protect the App and any limited data processing against unauthorised access, misuse, loss, or destruction. These measures may include encryption, restricted access controls, and security monitoring. The App is a non-custodial wallet. We do not have access to users’ private keys, recovery phrases, passwords or digital assets and cannot recover such information on behalf of users. Users are solely responsible for securing their devices, credentials and backups. Due to the decentralised and public nature of blockchain networks, we cannot guarantee the deletion or modification of data once it has been recorded on-chain. Users are therefore advised not to associate personal data with blockchain addresses or transactions.

6. Changes to this Privacy Policy

We may update this Policy from time to time to reflect changes in technology, legal requirements, or our operations. The latest version will be made available through the App or via our official communication channels. Your continued use of the App after any changes to this Policy become effective constitutes your acceptance of the updated Policy.