Privacy policy
Effective Date: 09.12.2025
Last Updated: 09.12.2025
1. Introduction
Welcome to OROKAI. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our software platform and services. We will never sell your personal information to third parties.
What OROKAI Is:
OROKAI is a non-custodial software layer that helps you prepare and authorize blockchain transactions. We do not hold your funds, control your private keys, or execute transactions on your behalf. You maintain full control over your assets at all times.
What This Policy Covers:
This policy applies to information we collect through our website, web application, mobile app, and APIs (collectively, the "Services").
2. Information We Collect
We practice privacy-by-design and collect only the minimum information necessary to provide our Services.
2.1. Information You Provide
Account Information: Email address, display name, language/region preferences
Wallet Addresses: Public blockchain addresses you connect (these are already public on blockchain networks)
User Preferences: Risk tolerance settings, preferred chains/assets, notification preferences
Support Communications: Information you provide when contacting our support team
2.2. Information Collected Automatically
Usage Data: Pages visited, features used, transaction intents created (not finalized transactions)
Device Information: Browser type, IP address, device identifiers, operating system
Performance Metrics: Load times, error rates, feature usage patterns (aggregated and anonymized)
2.3. Information from Third Parties
Blockchain Data: Public transaction data visible on blockchain networks
Partner Services: When you use licensed partners for fiat on/off-ramp or card services, they conduct their own KYC/AML under their privacy policies. We receive only transaction status updates—never sensitive payment data (PAN/CVV)
2.4. What We Do NOT Collect
Private Keys: Never collected, stored, or accessed
Seed Phrases: Never collected or stored
Payment Card Details: PAN/CVV are processed exclusively by licensed partners, never by OROKAI
Transaction Signatures: We prepare transactions; you sign them in your own wallet
3. How We Use Your Information
We use collected information to:
Provide Services: Prepare transaction intents, display routes and costs, generate informational recommendations
Improve User Experience: Optimize interface, personalize content (language, preferences), enhance accessibility
Ensure Security: Detect fraud, prevent abuse, monitor system health, enforce geographic restrictions
Communicate: Send service updates, security alerts, feature announcements (you can opt out of marketing communications)
Comply with Legal Obligations: Respond to lawful requests, enforce Terms of Service, implement sanctions/geo-restrictions
Research & Development: Improve AI recommendations, optimize routing algorithms (using aggregated, anonymized data)
Informational-Only Basis:
AI-generated recommendations are informational suggestions based on your declared preferences. They are not investment advice and do not trigger automatic execution.
4. How We Share Your Information
We do not sell your personal data. We share information only in these limited circumstances:
4.1. With Service Providers
We work with trusted vendors for:
Cloud infrastructure (hosting, databases)
Analytics and monitoring (observability tools)
Customer support platforms
Communication services (email, notifications)
KYC/AML providers (via licensed partners) - where required for unlocking specific platform capabilities
These providers are contractually bound to protect your data and use it only for specified purposes.
4.2. With Licensed Partners
When you use:
Fiat On/Off-Ramp: Licensed payment providers conduct KYC/AML under their own policies
Card Services: Card issuers/processors handle PCI DSS compliance and transaction processing
We share only operational data (transaction status, amounts in aggregate) — never your private keys or payment credentials.
4.3. For Legal Compliance
We may disclose information when required by law or to:
Comply with subpoenas, court orders, or regulatory requests
Enforce our Terms of Service
Protect rights, property, or safety of OROKAI, users, or the public
Implement sanctions and geographic restrictions
4.4. Business Transfers
If OROKAI is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you and ensure continued privacy protection.
4.5. With Your Consent
We may share information for other purposes with your explicit consent.
5. Data Security
We implement industry-standard security measures:
Encryption: Data in transit (TLS/mTLS) and at rest
Access Controls: Role-based access, multi-factor authentication, principle of least privilege
Secrets Management: KMS/HSM for integration credentials (never for user keys)
Regular Audits: Smart contract audits, security assessments, penetration testing
Incident Response: Documented procedures for breach detection and notification
Your Responsibility:
Since OROKAI is non-custodial, you are responsible for securing your wallet, private keys, and seed phrases. We cannot recover lost keys or reverse transactions.
6. Data Retention
Account Data: Retained while your account is active and for a reasonable period afterward for legal compliance
Usage Logs: Aggregated metrics retained for analytics; detailed logs retained per operational needs (typically 90 days)
Transaction History: On-chain data is permanent and public on blockchains; off-chain metadata follows our retention schedule
Deletion Requests: You may request data deletion (see Your Rights below), subject to legal retention requirements
7. Your Rights
Depending on your jurisdiction, you may have rights including:
Access: Request a copy of your personal data
Rectification: Correct inaccurate or incomplete data
Erasure: Request deletion of your data (subject to legal obligations)
Portability: Receive your data in a structured, machine-readable format
Objection: Object to certain processing activities
Restriction: Request limitation of processing
Withdraw Consent: Where processing is based on consent
Exercising Rights:
Contact us at privacy@orokai.com We will respond within applicable legal timeframes.
Limitations:
We cannot delete public blockchain data (which exists outside our control) or data required for legal compliance.
8. International Data Transfers
OROKAI operates globally. Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards through:
Standard contractual clauses
Adequacy decisions by relevant authorities
Other legally compliant transfer mechanisms
9. Children's Privacy
Our Services are not intended for individuals under 18 (or the age of majority in your jurisdiction). We do not knowingly collect data from children. If we learn we have collected such data, we will delete it promptly.
10. Cookies and Tracking Technologies
We use cookies and similar technologies for:
Essential Functions: Authentication, security, preference storage
Analytics: Understanding usage patterns (anonymized/aggregated)
Performance: Monitoring and improving Service reliability
Your Choices:
You can manage cookie preferences through your browser settings. Disabling essential cookies may affect Service functionality.
Do Not Track:
We respect browser DNT signals where technically feasible.
11. Third-Party Links and Services
Our Services may contain links to third-party websites, protocols, or applications (DEX, bridges, lending platforms). We are not responsible for their privacy practices. Review their policies before interacting.
12. Geographic Restrictions and Sanctions Compliance
Certain features may be unavailable in specific jurisdictions due to legal restrictions. We implement:
IP-based geo-blocking
Sanctions screening (OFAC and equivalent lists)
Feature flags based on regulatory requirements
Prohibited Conduct:
Do not use VPNs or other methods to circumvent geographic restrictions. Violations may result in account suspension.
13. Updates to This Policy
We may update this Privacy Policy to reflect:
Changes in legal requirements
New features or Services
Improvements in privacy practices
Notification:
We will notify you of material changes via email or prominent notice in the Services. Continued use after changes indicates acceptance.
14. Contact Us
For privacy questions or to exercise your rights:
Email: privacy@orokai.com
Complaints:
You have the right to lodge a complaint with your local data protection authority.
By using OROKAI, you acknowledge that you have read and understood this Privacy Policy.