Privacy Policy
Last updated: 18 June 2026
This Privacy Policy explains how SoftSphere LLC ("CryptoRoute", "we", "us") processes personal data when you use the CryptoRoute interface (the "Interface"). CryptoRoute is non-custodial: we never hold your funds or private keys, and we do not require an account.
For the purposes of the EU/UK GDPR, the data controller is SoftSphere LLC (registration no. 3982 LLC 2025), Suite 305, Griffith Corporate Centre, Kingstown, Saint Vincent and the Grenadines. Contact: [email protected].
1. Data we process
We minimise the data we collect. Depending on how you use the Interface, we may process:
| Data | Why | How it is handled |
|---|---|---|
| Wallet / recipient / refund addresses | To request a quote and route your swap to the right destination, and to support and track the transaction | Stored as a one-way keyed hash for abuse-prevention and, where needed for status/support, encrypted at rest. We do not store them in plain text. |
| IP address | Security, abuse prevention, and to determine your country for compliance (sanctions/geo-restrictions) | Stored only as a one-way keyed hash; the country code (e.g. via Cloudflare) may be retained. |
| Device / browser (user-agent) | Security and abuse prevention | Stored only as a one-way keyed hash. |
| Usage / funnel events (e.g. page views, widget interactions, language/country selection) | Product analytics to understand and improve the Interface | Only collected if you consent to analytics cookies. Aggregated where possible. |
| Cookies / local storage | Operating the Interface and remembering your consent and language | See the Cookie Policy. |
We do not collect your name, email, or government ID, and we do not sell personal data.
2. Legal bases (GDPR)
- Performance of a contract / your request — to provide quotes and route swaps you initiate.
- Legitimate interests — securing the Interface, preventing fraud and abuse, and maintaining service integrity.
- Legal obligation — complying with sanctions, anti-money-laundering, and other applicable laws (including geo-restrictions).
- Consent — non-essential analytics and any non-essential cookies. You may withdraw consent at any time via the cookie settings.
3. Who we share data with
We share data only as needed to operate the Interface:
- Swap and routing protocols (including NEAR Intents / 1Click and the underlying liquidity providers) — to execute the swap you request. On-chain transactions are public by nature.
- Infrastructure providers (hosting, database, content-delivery/security such as Cloudflare) — acting as processors under appropriate agreements.
- Authorities — where required by law, regulation, or valid legal process.
We do not sell or rent personal data, and we do not use it for third-party advertising.
4. International transfers
Our providers may process data outside your country, including in jurisdictions with different data-protection laws. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses).
5. Retention
We keep data only as long as necessary for the purposes above or as required by law. Hashed identifiers and transaction records used for security, support, and compliance are retained for 24 months, after which they are deleted or further anonymised. Consent-based analytics are retained for 24 months.
6. Security
We apply technical and organisational measures including one-way hashing of identifiers, encryption of sensitive fields at rest and data in transit (TLS), access controls, and rate limiting. No method of transmission or storage is completely secure, and you remain responsible for the security of your own wallet and keys.
7. Your rights
Subject to applicable law, you may have rights to access, rectify, erase, restrict, or object to processing of your personal data, and to data portability. Because most identifiers we hold are irreversibly hashed and we do not maintain accounts, we may be unable to identify data relating to you without additional information. To make a request, contact [email protected]. You also have the right to lodge a complaint with your local supervisory authority.
8. Children
The Interface is not directed to children under 18, and we do not knowingly process their data.
9. Changes
We may update this Policy from time to time. Material changes take effect when posted; we will update the "Last updated" date.
10. Contact
Privacy questions or requests: [email protected]. Data Protection Officer: [email protected].
Controller: SoftSphere LLC, Suite 305, Griffith Corporate Centre, Kingstown, Saint Vincent and the Grenadines (registration no. 3982 LLC 2025).
This document is a template provided for development purposes and is not legal advice. Have it reviewed and finalized by qualified legal counsel before production use.