Privacy Policy
We hold as little as we can.
Liquid is a non-custodial wallet with an AI agent, Lucy. Your private keys never leave your device. This page explains, in plain English, the limited data we do touch — including what Lucy sees when she acts on your behalf — and why.
1. Who we are and what this covers
Liquid is a non-custodial, multi-chain crypto wallet — a mobile app (iOS and Android) and a Chrome extension — with an AI assistant called Lucy layered on top. This policy covers the apps, Lucy (the in-app agent and Lucy Pay), and the marketing site at liquidoc.xyz. It explains what personal data we process, why, and the choices you have. “We”, “us”, and Liquid refer to the team that operates Liquid.
2. The short version
- Your keys and seed phrase live only on your device. We never see them.
- We hold as little data as we can to run the product, and we never sell it.
- Lucy turns your words into proposed actions. Nothing moves until you approve it on your device.
- Anything you sign and broadcast to a blockchain is public and permanent — that is how blockchains work, and we can’t change it.
3. What we never collect
- Your private key or seed phrase. Generated and stored on-device in the operating system’s secure storage (iOS Keychain, Android Keystore, or the equivalent secure storage in the browser extension). It never touches our servers, our logs, or Lucy.
- Your wallet password or biometrics. Unlocking happens entirely on your device. We never receive your passcode, PIN, or fingerprint/face data.
4. What we process, and our legal basis
App telemetry
Anonymized usage and crash data so we can fix bugs and prioritize features. We don’t link telemetry to your wallet address. You can opt out in Settings. Legal basis: our legitimate interest in keeping the product working, balanced against your privacy.
Marketing site and newsletter
If you sign up for the newsletter, we store your email address and the timestamp of your signup — that’s it — and use it to send product updates and security advisories. Unsubscribe any time using the link in any email. Legal basis: your consent.
Card program (if you opt in)
Issuing a payment card is a regulated activity. To order a card, our issuing partner collects KYC information (name, address, ID document, date of birth) directly from you. Liquid receives only the minimum metadata needed to show your card status and transactions; sensitive identity documents stay with the issuer. Legal basis: performance of a contract and the issuer’s legal obligations.
Support requests
When you email us, we keep the message and any attachments long enough to resolve your issue, and we delete support tickets that have been closed for more than 12 months. Legal basis: our legitimate interest in supporting you.
5. Lucy and AI
Lucy is the AI assistant that turns natural language into structured, user-approved actions. To do that, she needs context about your wallet.
When you use Lucy, the following is sent to third-party AI model providers to generate her responses:
- the messages you send her;
- your wallet addresses and the tokens you hold;
- your address-book entries (the names and addresses you’ve saved); and
- which external vendors or services you’ve linked.
We never send your private key, seed phrase, or wallet password to any AI provider. Because these providers may operate in other countries, this context may be processed outside your region (see §11).
Crucially, Lucy’s output is a proposed action only. The model suggests intent; your device builds a human-readable confirmation, and nothing happens until you explicitly approve it. Lucy never holds your keys and can’t move money on her own. You can disable Lucy and clear your chat history in Settings.
6. Lucy Pay and agentic commerce
Lucy Pay lets Lucy buy real products and settle the payment in USDC (a US-dollar–pegged stablecoin). When you approve a purchase:
- the order details, and any shipping and contact information you provide, are shared with the merchant and the commerce platform so the order can be fulfilled and verified;
- settlement is an on-chain USDC transfer, which is public and permanent (see §7); and
- if a purchase is funded via your card, that flow routes through the card issuer described in §4.
As with everything else, Lucy proposes the purchase and you approve it on your device before any payment is signed.
7. What is on-chain is on-chain
Everything you sign and broadcast — sends, swaps, perp trades, bridges, card top-ups, and commerce settlements — is recorded on a public blockchain forever, by design. Liquid does not control that data and cannot remove it. Treat your wallet address as semi-public.
8. The third parties we rely on
We use a small set of service providers to operate the product. We describe them by category rather than by name, because specific vendors change over time; in every case we choose providers that let us share as little as possible, and we never sell your data.
- AI model providers — to generate Lucy’s responses from the context in §5.
- RPC providers — to read on-chain balances and history and to broadcast your transactions.
- Swap and bridge aggregators — to route trades and cross-chain transfers.
- Price-data providers — to show prices and market data.
- Transaction-simulation providers — to preview a transaction’s effects and warn you about malicious calls before you sign.
- Commerce platforms — to fulfil and verify Lucy Pay orders.
- Card issuing partner — for the card program, if you opt in.
- Email delivery — for the newsletter and account-level notifications.
- Analytics and crash reporting — for the anonymized telemetry in §4.
Some of these providers operate outside your region; where that involves a cross-border transfer, §11 applies.
9. How long we keep data
- Newsletter email: until you unsubscribe.
- Support tickets: deleted 12 months after the ticket is closed.
- Telemetry: retained in aggregated, anonymized form.
- On-chain data: permanent and outside our control.
10. Your rights
Subject to applicable law (including the GDPR, UK GDPR, and CCPA), you can ask us to provide a copy of the limited data we hold about you, correct it, delete it, port it, or object to certain processing. Email legal@liquidoc.xyz and we’ll respond within 30 days. (Note that we cannot alter or delete on-chain data — see §7.)
11. International transfers
We and our providers may process data in the United States, the European Union, and other countries. When we transfer personal data across borders, we rely on appropriate safeguards — such as standard contractual clauses — where required by law.
12. Cookies and the marketing site
liquidoc.xyz uses strictly necessary cookies only — for example, to remember a preference. We do not run third-party advertising trackers on the marketing site.
13. Children
Liquid is not directed at children under 18. If we learn we have collected data from a child, we delete it.
14. Changes and contact
We’ll update this page when our practices change; the “last updated” date in the sidebar reflects the most recent revision. Questions about privacy? Email legal@liquidoc.xyz.
Questions? Email legal@liquidoc.xyz.