Privacy Policy
Last updated: June 5, 2026
MeStellar Labs Ltd ("MeStellar Labs", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our products, services, applications, and websites (collectively, "Services").
MeStellar Labs Ltd is registered in the United Kingdom and operates in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Key Principle: Our wallet applications are non-custodial. We do not store, access, or have the ability to view your private keys, recovery phrases, passwords, or digital asset balances. Your cryptographic keys remain exclusively on your device.
1. Information We Collect
1.1 Information You Provide
- Contact Information: When you contact us for support, consulting, or business inquiries, we may collect your name, email address, and any information you choose to provide in your communications.
- Account Information: If you create an account for our web services or developer platforms, we collect your email address and display name.
- User Reports: When you submit scam token reports or feedback through our applications, we collect the information you provide in the report.
1.2 Information Collected Automatically
- Usage Data: We may collect aggregated, anonymized usage data such as feature usage frequency, crash reports, and performance metrics to improve our Services.
- Device Information: Browser type, operating system, and device type may be collected for compatibility and optimization purposes.
- IP Address: IP addresses may be logged for security, rate limiting, and fraud prevention purposes.
1.3 Information We Do NOT Collect
- Private keys, secret keys, or recovery phrases
- Wallet passwords or encryption keys
- Digital asset balances or transaction histories
- Personal identification documents (unless required for specific enterprise services under separate agreement)
2. How We Use Your Information
We use the information we collect for the following purposes:
- To provide, maintain, and improve our Services
- To respond to your inquiries and provide customer support
- To detect, prevent, and address fraud, abuse, and security issues
- To send important service-related notices and updates
- To comply with legal obligations and enforce our Terms of Service
- To analyze usage patterns and improve user experience (using aggregated, anonymized data only)
3. Legal Basis for Processing (UK GDPR)
Under the UK GDPR, we process your personal data based on the following legal bases:
- Contractual Necessity: Processing necessary to perform our Services as agreed in our Terms of Service.
- Legitimate Interests: Processing necessary for our legitimate interests, such as improving our Services, preventing fraud, and ensuring security, where these interests are not overridden by your rights.
- Legal Obligation: Processing necessary to comply with applicable laws and regulations.
- Consent: Where required, we will obtain your explicit consent before processing your personal data. You may withdraw consent at any time.
4. Data Sharing and Disclosure
We do not sell, trade, or rent your personal information to third parties. We may share your information in the following limited circumstances:
- Service Providers: With trusted third-party service providers who assist us in operating our Services (such as cloud hosting and analytics providers), subject to confidentiality agreements.
- Legal Requirements: When required by law, regulation, legal process, or governmental request.
- Protection of Rights: When we believe disclosure is necessary to protect our rights, property, safety, or the rights of others.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.
5. Data Security
We implement appropriate technical and organizational security measures to protect your information, including:
- Encryption of data in transit using TLS/SSL
- Secure server infrastructure with access controls
- Regular security audits and vulnerability assessments
- Minimal data collection practices (data minimization principle)
- Secure authentication mechanisms for administrative access
Our wallet applications use AES-256-GCM encryption with PBKDF2 key derivation (600,000 iterations) to protect locally stored data on your device. All cryptographic operations are performed locally on your device.
6. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. When personal data is no longer needed, we will securely delete or anonymize it. Aggregated, anonymized data that cannot be used to identify you may be retained indefinitely for analytical purposes.
7. Your Rights
Under the UK GDPR, you have the following rights regarding your personal data:
- Right of Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Request correction of inaccurate or incomplete personal data.
- Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.
- Right to Restrict Processing: Request restriction of processing of your personal data.
- Right to Data Portability: Request a copy of your data in a structured, machine-readable format.
- Right to Object: Object to processing of your personal data based on legitimate interests.
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.
8. International Data Transfers
Your information may be transferred to and processed in countries outside the United Kingdom. When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO), or transfer to countries with an adequacy decision.
9. Children's Privacy
Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child under 18, we will take steps to delete such information promptly. If you believe a child has provided us with personal data, please contact us at [email protected].
10. Cookies and Tracking
Our website may use essential cookies for functionality purposes (such as session management). We do not use third-party tracking cookies or advertising cookies. Our browser extension and mobile applications do not use cookies or tracking technologies. We do not engage in cross-site tracking or behavioral advertising.
11. Third-Party Links and Services
Our Services may contain links to third-party websites or services. This Privacy Policy does not apply to those third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access through our Services.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page and, where appropriate, through in-app notifications or email. Your continued use of the Services after changes constitutes your acceptance of the revised Privacy Policy.
13. Data Protection Officer
For any questions or concerns about this Privacy Policy or our data practices, you may contact our data protection team:
MeStellar Labs Ltd
Company No. 17266251
66 Paul Street, London EC2A 4NA, England
Email: [email protected]
Website: mestellar.com
14. Supervisory Authority
If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):
Information Commissioner's Office
Website: ico.org.uk
Helpline: 0303 123 1113