General Provisions
1.1 Purpose and Commitment
This Privacy Policy describes how WeWake Finance collects, uses, stores, shares, and protects personal data when you access or use the WeWake platform, including the website, web application, mobile application, and all associated services. WeWake Finance is committed to handling your personal data responsibly, transparently, and in accordance with applicable data protection laws and regulations.
We believe that privacy is a fundamental right. Our approach to data collection is guided by the principle of data minimization — we collect only what is necessary to provide you with a secure, functional, and personalized experience. We do not sell your data, do not use it for advertising purposes, and do not share it with third parties except as described in this policy.
1.2 Who We Are
WeWake Finance is a protocol and infrastructure provider for blockchain-based smart account interactions. We operate the WeWake L2 network and associated tooling, enabling users to interact with blockchain systems through a familiar, accessible interface. While WeWake Finance provides the platform infrastructure, the non-custodial design of our protocol means that your assets remain under your own control at all times.
1.3 Scope of This Policy
This Privacy Policy applies to all individuals who interact with WeWake Finance services, including but not limited to:
Visitors to the WeWake Finance website
Users who create a smart account on the WeWake L2 network
Participants in the WAKE token presale (ICO)
Users who stake WAKE tokens through WakeStaking
Developers integrating with the WeWake Finance SDK or APIs
Any person who contacts WeWake Finance through official support channels
1.4 Legal Basis for Processing
WeWake Finance processes personal data on the following legal bases depending on the nature of the processing activity:
Contractual necessity: processing required to provide you with the services you have requested
Legitimate interests: processing that serves our legitimate business interests, such as security monitoring and platform improvement, where these interests are not overridden by your rights
Legal obligation: processing required to comply with applicable laws and regulations
Consent: processing based on your explicit consent, such as optional analytics tracking,
Data We Collect
2.1 Information You Provide Directly
When you use WeWake Finance services, you may provide us with the following types of personal data:
Identity and Contact Information:
Email address, collected during account verification and used for recovery and communications
Name or display name, if provided during account setup
Identity documents such as government-issued ID or passport, collected only where KYC verification is required by applicable law or regulatory obligation
Login and Authentication Data:
Identity provider credentials, such as your Telegram or Google account identifier, used to authenticate your session and create your smart account deterministically
OIDC tokens and session data generated during the login flow
Communication Data:
Messages, requests, and feedback you submit through support channels, feedback forms, or community platforms
Survey responses or user research participation, where you have explicitly opted in
2.2 Information Collected Automatically
When you access or use the WeWake Finance platform, certain data is collected automatically through cookies, local storage, and similar technologies:
Technical and Device Data:
IP address and approximate geographic location derived from IP
Device type, model, and operating system version
Browser type, version, and language settings
Screen resolution and device capabilities
Referral URL and entry point to the platform
Usage and Behavioral Data:
Pages visited, features accessed, and actions taken within the platform
Session duration, click patterns, and navigation flows
Error events, failed transactions, and performance metrics
Time and frequency of platform interactions
Transaction and On-Chain Data:
Smart account address associated with your login identity
Transaction hashes and on-chain interactions submitted through the platform interface
Staking positions, claim history, and reward events associated with your account
Please note that all transaction data submitted to the WeWake L2 network and Ethereum is publicly visible on-chain by design. WeWake Finance does not control the visibility of on-chain data and cannot delete, modify, or restrict access to public blockchain records.
2.3 Information from Third Parties
WeWake Finance may receive data about you from third-party sources in the following circumstances:
Identity Providers:
When you log in using a third-party OIDC provider such as Telegram or Google, we receive a unique identifier and basic profile information from that provider as part of the authentication flow. We do not receive your password or payment information from these providers.
KYC Verification Providers:
Where KYC is required, a third-party verification provider may share the results of your identity verification with WeWake Finance, including verification status and any flags raised during the process. Full identity documents are processed by the third-party provider and are not stored on WeWake Finance systems beyond what is necessary for compliance purposes.
Security and Fraud Prevention Services:
Our security infrastructure providers may share signals and risk indicators about IP addresses, device fingerprints, or behavioral patterns to help us detect and prevent fraud and abuse on the platform.
2.4 Data You Choose Not to Provide
You are not obligated to provide all data requested by WeWake Finance. However, choosing not to provide certain data — such as email verification or KYC documentation where required — may limit your access to specific features or services. Core on-chain functionality, such as direct interaction with WeWake Finance smart contracts, does not require you to provide personal data to WeWake Finance.
How We Use Your Data
3.1 Providing and Operating the Services
The primary purpose of data collection is to provide you with a functional, secure, and personalized experience on the WeWake Finance platform. Specific uses include:
Account Management:
Creating and managing your smart account on the WeWake L2 network
Authenticating your identity during login and session management
Enabling account recovery through email verification and the WakeKey MPC system
Maintaining a record of your platform interactions for support purposes
Transaction Processing:
Submitting UserOperations to the WeWake L2 network on your behalf
Processing staking, unstaking, claiming, and compounding transactions
Facilitating presale token claims through the Merkle-based vested claim contract
Routing transactions through the Paymaster sponsorship system
Communication:
Sending transactional emails related to account verification, security alerts, and service updates
Responding to support requests and technical inquiries
Notifying you of material changes to our Terms of Service, Privacy Policy, or platform features
3.2 Security and Fraud Prevention
WeWake Finance uses data to protect the integrity of the platform and the safety of all users:
Monitoring for unauthorized access attempts, account takeovers, and suspicious login patterns
Detecting and preventing abuse of Paymaster sponsorship budgets, including bot activity and sybil attacks
Generating WakeGuard AI attestations used by Paymasters and rewards contracts to assess transaction risk
Investigating security incidents and coordinating with law enforcement where required by applicable law
Enforcing our Terms of Service and responding to violations
3.3 Platform Improvement and Analytics
We use aggregated and anonymized usage data to continuously improve the WeWake Finance platform:
Analyzing user flows to identify friction points and improve the onboarding experience
Measuring feature adoption and engagement to prioritize development resources
Identifying and resolving performance bottlenecks, errors, and bugs
Conducting A/B testing and experimentation to evaluate new features
Generating internal reports on platform health and growth metrics
Where analytics data is collected through cookies or similar technologies, we obtain your consent before doing so and provide you with meaningful controls to opt out. Please refer to our Cookie Policy for more information.
3.4 Legal and Regulatory Compliance
WeWake Finance processes certain data to meet its legal and regulatory obligations:
Complying with KYC and AML requirements applicable to token presale participation
Responding to lawful requests from government authorities, regulators, or courts
Maintaining records required by applicable financial, tax, or corporate laws
Enforcing our legal rights and defending against claims or disputes
3.5 Research and Development
With appropriate safeguards, we may use anonymized and aggregated data to conduct research into blockchain user behavior, smart account adoption patterns, and the effectiveness of gas sponsorship mechanisms. This research informs the future development of the WeWake protocol and is never used to identify individual users.
Data Sharing and Disclosure
4.1 Our Approach to Data Sharing
WeWake Finance does not sell, rent, or trade your personal data to third parties for any purpose. We share data only where necessary to provide our services, comply with legal obligations, or protect the safety and integrity of the platform. All third parties with whom we share data are required to handle it in accordance with applicable data protection standards and are prohibited from using it for purposes beyond those specified in our agreements with them.
4.2 Service Providers
We work with carefully selected third-party service providers who assist us in operating the WeWake Finance platform. These providers may access personal data only to the extent necessary to perform their specific functions and are bound by contractual data processing agreements. Categories of service providers include:
Cloud infrastructure and hosting providers
Analytics and performance monitoring services
Email delivery and communication platforms
KYC and identity verification providers
Security, fraud detection, and bot prevention services
Customer support and help desk platforms
Legal, accounting, and compliance advisors
4.3 Law Enforcement and Legal Obligations
WeWake Finance may disclose personal data to government authorities, regulators, law enforcement agencies, or courts where required to do so by applicable law, regulation, legal process, or enforceable governmental request. Where permitted by law, we will notify you of such requests before disclosing your data. We may also disclose data where we believe in good faith that disclosure is necessary to protect the rights, safety, or property of WeWake Finance, our users, or the public.
4.4 Business Transfers
In the event of a merger, acquisition, restructuring, or sale of all or part of WeWake Finance's assets, personal data may be transferred to the acquiring entity as part of the transaction. We will notify users of any such transfer through the platform or by email and will require the acquiring entity to honor the commitments made in this Privacy Policy.
4.5 Aggregated and Anonymized Data
We may share aggregated, anonymized, or de-identified data with third parties for research, industry analysis, or public reporting purposes. This data cannot be used to identify individual users and is not subject to the restrictions described in this section.
4.6 With Your Consent
In addition to the circumstances described above, we may share your data with third parties where you have provided explicit consent to do so. You may withdraw such consent at any time by contacting us through our official support channels.
International Data Transfers
5.1 Cross-Border Processing
WeWake Finance operates globally and may process your personal data in countries other than the one in which you reside. These countries may have data protection laws that differ from those in your jurisdiction. Where we transfer personal data internationally, we implement appropriate safeguards to ensure that your data receives an equivalent level of protection regardless of where it is processed.
5.2 Transfer Mechanisms
For transfers of personal data from the European Economic Area, United Kingdom, or Switzerland to countries not recognized as providing adequate data protection, WeWake Finance relies on appropriate transfer mechanisms such as Standard Contractual Clauses approved by relevant data protection authorities or other lawful transfer mechanisms as applicable.
5.3 Blockchain Data
Please be aware that data recorded on public blockchain networks — including the WeWake L2 network and Ethereum — is inherently global and cannot be restricted to specific geographic regions. Transaction data, smart account addresses, and on-chain events are publicly accessible worldwide by the nature of blockchain technology. This is an inherent characteristic of decentralized networks and is outside the control of WeWake Finance.
Data Retention
6.1 Retention Principles
WeWake Finance retains personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. We regularly review our data holdings and delete or anonymize data that is no longer needed.
6.2 Retention Periods by Data Category
Account and Authentication Data:
Retained for the duration of your active account relationship with WeWake Finance. If you request account deletion, account data is removed within 30 days, except where retention is required by law.
Transaction and On-Chain Data:
On-chain data is permanently recorded on the blockchain and cannot be deleted. Off-chain records of your platform interactions are retained for up to 3 years for security, fraud prevention, and dispute resolution purposes.
KYC and Compliance Data:
Identity verification documents and KYC records are retained for the period required by applicable AML and financial regulations, typically 5 years from the date of the last transaction or account closure.
Support and Communication Data:
Records of support interactions and communications are retained for up to 2 years to enable consistent and informed customer support.
Analytics Data:
Aggregated and anonymized analytics data may be retained indefinitely. Individual-level analytics data is retained for up to 6 months before being aggregated or deleted.
Security and Fraud Prevention Data:
Security logs and fraud prevention records are retained for up to 12 months to support incident investigation and pattern detection.
6.3 Deletion Requests
If you request deletion of your personal data and no legal obligation requires us to retain it, we will process your request within 30 days. Please note that deletion of off-chain data does not affect data recorded on public blockchain networks, which is permanent and outside our control.
Your Rights and Choices
7.1 Overview of Your Rights
Depending on your jurisdiction and applicable data protection law, you may have the following rights with respect to your personal data held by WeWake Finance. We are committed to honoring these rights and will respond to all legitimate requests within the timeframes required by applicable law.
7.2 Right of Access
You have the right to request a copy of the personal data we hold about you, along with information about how it is used, where it comes from, and with whom it is shared. We will provide this information in a structured, commonly used format within 30 days of receiving your request.
7.3 Right to Rectification
If you believe that any personal data we hold about you is inaccurate, incomplete, or outdated, you have the right to request that we correct it. You can update certain account information directly within the platform settings. For other corrections, please contact us through our official support channels.
7.4 Right to Erasure
You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you have withdrawn consent, or where processing is unlawful. As noted above, this right does not extend to data recorded on public blockchain networks, which is permanent by design.
7.5 Right to Restriction of Processing
You may request that we restrict the processing of your personal data in certain circumstances, for example while we investigate a dispute about the accuracy of your data or the legitimacy of our processing.
7.6 Right to Data Portability
Where processing is based on your consent or contractual necessity, you have the right to receive your personal data in a structured, commonly used, machine-readable format, and to transmit that data to another service provider where technically feasible.
7.7 Right to Object
You have the right to object to processing of your personal data where we rely on legitimate interests as our legal basis. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or where processing is necessary for legal claims.
7.8 Rights Related to Automated Decision-Making
WeWake Finance may use automated systems, including the WakeGuard AI attestation system, to assess risk and make policy decisions regarding Paymaster sponsorship and rewards eligibility. You have the right to request human review of any decision that significantly affects you and that was made solely on an automated basis.
7.9 Right to Withdraw Consent
Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal. You can manage consent for optional processing activities such as analytics through the Cookie Settings panel or by contacting us directly.
7.10 How to Exercise Your Rights
To exercise any of the rights described above, please contact WeWake Finance through the official support channels listed on our website. We may need to verify your identity before processing your request. We will respond to all verified requests within 30 days, or within the timeframe required by applicable law where this differs.
7.11 Right to Lodge a Complaint
If you believe that WeWake Finance has processed your personal data in violation of applicable data protection law, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.
Security
8.1 Our Security Approach
WeWake Finance takes the security of your personal data seriously and implements a comprehensive set of technical and organizational measures to protect it against unauthorized access, disclosure, alteration, loss, or destruction. Our security program is informed by industry best practices and is regularly reviewed and updated to address emerging threats.
8.2 Technical Measures
Our technical security measures include:
Encryption of data in transit using TLS 1.2 or higher for all communications between your device and our servers
Encryption of sensitive data at rest using industry-standard encryption algorithms
Access controls and role-based permissions limiting employee access to personal data on a need-to-know basis
Multi-factor authentication for all internal systems and administrative interfaces
Regular security assessments, penetration testing, and vulnerability scanning
Automated monitoring and alerting for anomalous access patterns or security events
Secure development practices including code review, dependency auditing, and security testing in the development lifecycle
8.3 Organizational Measures
Our organizational security measures include:
Security training and awareness programs for all employees with access to personal data
Formal data classification and handling policies
Incident response procedures for detecting, containing, and reporting data security incidents
Vendor security assessments for all third-party service providers with access to personal data
Regular review and audit of access rights and permissions
8.4 Limitations
While WeWake Finance implements robust security measures, no system is completely secure. We cannot guarantee that unauthorized third parties will never be able to defeat our security measures or that your data will never be accessed, disclosed, altered, or destroyed as a result of a breach. In the event of a data security incident that poses a significant risk to your rights and freedoms, we will notify you and the relevant data protection authorities as required by applicable law.
8.5 Your Role in Security
You play an important role in keeping your data secure. We encourage you to use a strong, unique password for any accounts associated with your login providers, enable two-factor authentication where available, verify your email address and set up recovery options as soon as possible after creating your WeWake Finance account, keep your WakeKey recovery shares secure and never share them with anyone, and notify us immediately if you suspect unauthorized access to your account.
Children's Privacy
9.1 Age Restriction
WeWake Finance services are not directed at or intended for use by individuals under the age of 18. We do not knowingly collect personal data from children under 18. If you are a parent or guardian and believe that your child has provided personal data to WeWake Finance, please contact us immediately through our official support channels and we will take steps to delete the data as soon as reasonably practicable.
9.2 Age Verification
By using WeWake Finance services, you represent and warrant that you are at least 18 years of age. WeWake Finance may implement age verification measures where required by applicable law or where we have reason to believe a user may be under the minimum age.
Cookies and Tracking Technologies
WeWake Finance uses cookies and similar tracking technologies to operate and improve our services. We use strictly necessary cookies to enable core platform functionality, functional cookies to remember your preferences, analytics cookies to understand how users interact with the platform, and security cookies to detect and prevent fraudulent activity. We do not use advertising or cross-site tracking cookies. For full details on the cookies we use, how long they are retained, and how to manage your preferences, please refer to our Cookie Policy.
Third-Party Links and Services
The WeWake Finance platform may contain links to third-party websites, services, or resources. This Privacy Policy applies only to WeWake Finance services and does not cover the data practices of third parties. We encourage you to review the privacy policies of any third-party services you access through links on our platform. WeWake Finance is not responsible for the privacy practices or content of third-party services.
Changes to This Policy
12.1 Updates
WeWake Finance may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or platform features. All changes will be posted on this page with a revised date at the top of the document.
12.2 Material Changes
Where changes are material — meaning they significantly affect your rights or how we process your data — we will provide prominent notice through the platform interface or by email to the address associated with your account, with reasonable advance notice before the changes take effect.
12.3 Continued Use
Your continued use of WeWake Finance services after the effective date of any updated Privacy Policy constitutes your acceptance of the updated terms. If you do not agree to the updated Privacy Policy, you should discontinue use of the platform and may request deletion of your personal data as described in Section 7.
Contact Us
13.1 Questions and Requests
If you have any questions, concerns, or requests related to this Privacy Policy or WeWake Finance's data practices, please contact us through the official support channels listed on our website. We are committed to responding to all inquiries promptly and to working with you to address any concerns about how your personal data is handled.
13.2 Data Protection Inquiries
For inquiries specifically related to data protection rights, data access requests, or complaints about our data practices, please indicate clearly in your communication that your inquiry relates to data protection so that it can be directed to the appropriate team.
13.3 Response Timeframe
We aim to respond to all privacy-related inquiries within 5 business days. For formal data subject rights requests, we will respond within 30 days as required by applicable data protection law, or within any shorter timeframe required by the laws of your jurisdiction.