PandaWallet 隐私政策 PandaWallet Privacy Policy

第一条 适用范围与版本优先级 Article 1: Scope of Application and Version Priority

本政策适用于 PandaWallet 官网、移动应用与相关支持服务（统称"本服务"）。本政策以中文发布；如平台另行提供多语言版本，仅为阅读便利之用。如不同语言出现不一致，以本中文版本为准，除非您所在法域的强制性隐私规则另有规定。

This policy applies to PandaWallet's official website, mobile applications and related support services (collectively "the Services"). This policy is published in Chinese; if the platform provides multilingual versions, they are for reading convenience only. In case of inconsistency between different languages, the Chinese version shall prevail, unless otherwise required by mandatory privacy rules in your jurisdiction.

第二条 控制者与联系渠道 Article 2: Controller and Contact Channels

控制者：BITHD Limited。统一联系邮箱（含数据权利请求/投诉）：[email protected]。如我们指定数据保护负责人（DPO），将于官网或应用内另行公布。

Controller: BITHD Limited. Unified contact email (including data rights requests/complaints): [email protected]. If we appoint a Data Protection Officer (DPO), it will be announced separately on the official website or within the application.

第三条 我们处理的数据类别（最少必要） Article 3: Data Categories We Process (Minimum Necessary)

• 本地机密：不收集、不存储您的私钥、助记词或钱包 PIN（保存在您的本地设备）。
• Local Confidential: We do not collect or store your private keys, mnemonic phrases or wallet PIN (stored on your local device).
• 使用与设备数据：设备型号、系统/应用版本、崩溃日志、性能指标、语言/时区等。
• Usage and Device Data: Device model, system/application version, crash logs, performance metrics, language/timezone, etc.
• 网络与安全日志：限期处理 IP 地址（防滥用/安全、合规/制裁），服务器时间戳、错误码。
• Network and Security Logs: Time-limited processing of IP addresses (anti-abuse/security, compliance/sanctions), server timestamps, error codes.
• 钱包交互元数据：支持的链与地址类型、签名/交易状态、Gas 估算、授权状态（不读取您的私钥）。
• Wallet Interaction Metadata: Supported chains and address types, signature/transaction status, Gas estimation, authorization status (without reading your private keys).
• 可选通信：您主动提交的客服邮件、工单或反馈。
• Optional Communication: Customer service emails, tickets or feedback that you actively submit.
• 站点/SDK：如使用分析/崩溃 SDK，仅收集最少必要事件（详情见"受托处理者"）。
• Site/SDK: If analytics/crash SDKs are used, only the minimum necessary events are collected (see "Data Processors").

第四条 处理目的与法律依据 Article 4: Processing Purposes and Legal Basis

• 提供与维护服务：功能交付、稳定性与安全（履行合同/合法权益）。
• Providing and Maintaining Services: Function delivery, stability and security (contract performance/legitimate interests).
• 通信与支持：回复咨询、发送重要变更与安全通知（履行合同/合法义务/合法权益）。
• Communication and Support: Responding to inquiries, sending important changes and security notices (contract performance/legal obligations/legitimate interests).
• 风险与合规：防欺诈与滥用、安全事件响应、制裁与执法配合（法定义务/公共利益/合法权益）。
• Risk and Compliance: Fraud and abuse prevention, security incident response, sanctions and law enforcement cooperation (legal obligations/public interest/legitimate interests).
• 改进与研究：去标识化/匿名化统计分析以优化体验与性能（合法权益）。
• Improvement and Research: De-identified/anonymized statistical analysis to optimize experience and performance (legitimate interests).
• 营销（如适用）：在不违反当地限制的前提下推送产品或活动（同意/合法权益；英国/新加坡等地区遵守本地限制）。
• Marketing (if applicable): Promoting products or activities without violating local restrictions (consent/legitimate interests; complying with local restrictions in UK/Singapore, etc.).

第五条 数据最少化与不收集声明 Article 5: Data Minimization and Non-Collection Statement

第六条 共享与披露 Article 6: Sharing and Disclosure

我们不出售您的个人信息。基于上述目的，我们可能与以下第三方共享：

We do not sell your personal information. Based on the above purposes, we may share with the following third parties:

• 受托处理者：云托管/内容分发、错误与性能监测、反滥用/安全、客服工单、邮件发送等（签署数据处理协议并实施相应保障）。
• Data Processors: Cloud hosting/content distribution, error and performance monitoring, anti-abuse/security, customer service tickets, email sending, etc. (with data processing agreements and appropriate safeguards).
• 顾问与专业机构：律师、审计、会计、合规顾问。
• Advisors and Professional Institutions: Lawyers, auditors, accountants, compliance advisors.
• 执法与监管：根据法律要求或为保护用户、平台或公共利益所必需时。
• Law Enforcement and Regulation: When required by law or necessary to protect users, platforms or public interests.
• 公司交易：并购/重组/资产转让等必要场景，要求受让方继续遵守本政策。
• Corporate Transactions: Necessary scenarios such as mergers/reorganizations/asset transfers, requiring transferees to continue complying with this policy.

第七条 国际传输 Article 7: International Transfers

若发生跨境传输，我们将采用适用的标准合同条款（SCCs）、英国 IDTA/ATC 或其他合法机制，并在必要时开展传输影响评估。

In case of cross-border transfers, we will adopt applicable Standard Contractual Clauses (SCCs), UK IDTA/ATC or other lawful mechanisms, and conduct transfer impact assessments when necessary.

第八条 保留期限 Article 8: Retention Period

仅在为实现收集目的、履行法定义务或处理争议所必需的期间内保留；到期后删除或匿名化。不同数据类别可能适用不同的保留周期（如安全日志的短期轮转）。

Retained only for the period necessary to achieve collection purposes, fulfill legal obligations or handle disputes; deleted or anonymized after expiration. Different data categories may apply different retention periods (e.g., short-term rotation of security logs).

第九条 安全措施与数据泄露通知 Article 9: Security Measures and Data Breach Notification

• 采取加密、访问控制、最小权限、日志审计、渗透测试与应急响应等措施。
• Adopting measures including encryption, access control, minimum privileges, log auditing, penetration testing and emergency response.
• 如发生可能对个人权利与自由造成高风险的数据泄露事件，我们将依法及时通报监管机构与受影响用户，并采取补救措施。
• In the event of a data breach that may pose a high risk to personal rights and freedoms, we will promptly notify regulatory authorities and affected users in accordance with law and take remedial measures.

第十条 您的权利与行使方式 Article 10: Your Rights and How to Exercise Them

• GDPR/UK GDPR（如适用）：访问、更正、删除、限制/反对处理、数据可携、撤回同意、向监管机构投诉。
• GDPR/UK GDPR (if applicable): Access, rectification, deletion, restriction/objection to processing, data portability, withdrawal of consent, complaint to regulatory authorities.
• 新加坡 PDPA：访问/更正、可携带、撤回同意。
• Singapore PDPA: Access/rectification, portability, withdrawal of consent.
• 美国州法（如加州等）：访问、删除、更正、限制定向广告"共享"、退出"出售"（我们不出售；如涉及广告归因之共享，将提供"不要出售/共享"入口）。
• US State Laws (e.g. California): Access, deletion, rectification, restriction of targeted advertising "sharing", opt-out of "sale" (we do not sell; if advertising attribution sharing is involved, a "Do Not Sell/Share" option will be provided).
• 行使路径：应用内"设置—隐私"或邮件 [email protected]，我们将在法定或合理期限内答复。
• Exercise Path: In-app "Settings—Privacy" or email [email protected], we will respond within the statutory or reasonable period.

第十一条 未成年人保护 Article 11: Protection of Minors

本服务不面向未满18周岁的未成年人；在美国辖区不面向13岁以下儿童。如发现误收集，将尽快删除。

This service is not intended for minors under 18 years of age; in US jurisdictions, not intended for children under 13. If inadvertent collection is discovered, it will be deleted as soon as possible.

第十二条 第三方与 DApp Article 12: Third Parties and DApps

您接入第三方 DApp 后，将适用该第三方的隐私政策与条款。我们不控制其数据处理，您应自行审阅与评估其安全与合规。

After you access third-party DApps, the privacy policy and terms of that third party will apply. We do not control their data processing, and you should review and evaluate their security and compliance on your own.

第十三条 政策更新 Article 13: Policy Updates

我们可不时更新本政策并在官网或应用内标示"最后更新"日期；对重大变更将以显著方式提示。您继续使用即视为接受更新。

We may update this policy from time to time and indicate the "last updated" date on the official website or within the application; significant changes will be prominently notified. Your continued use will be deemed as acceptance of the update.

第十四条 投诉与申诉 Article 14: Complaints and Appeals

如我们未能妥善解决您的问题，您可向所在地监管机构投诉。

If we fail to properly resolve your issue, you may file a complaint with the regulatory authority in your jurisdiction.