Privacy Policy — KYKLOPS

01

Introduction

Kyklops ("we", "us", "our") respects your privacy and is committed to protecting it. This Privacy Policy describes the types of information we may collect when you use our bot on Telegram (the "Services"), and our data handling practices.

This Privacy Policy is part of the Terms of Use applicable to the Services. Please review both documents together.

02

Data Controller

Support: @KyklopsSupport on Telegram

03

Restricted Persons

Our Services are not available to individuals or entities located in, resident in, or subject to the sanctions laws of the United States or any Restricted Jurisdiction as defined in our Terms of Use. We do not knowingly collect or process data from such users.

04

Information We Collect

What we collect

Telegram ID and username
Wallet addresses
Encrypted private keys (AES-256-GCM — unreadable without your password)
Password hash (bcrypt 12 rounds — irreversible)
Transaction history (token, amount, hash, timestamp)
User settings and preferences
Referral data

What we do NOT collect

Your password in plaintext
Your private key in plaintext
Your IP address
Your phone number
Physical location or GPS data
Identity documents
Advertising identifiers
Browser fingerprint data

05

Password and Fund Access

Your password is the ONLY way to access your wallet and authorize transactions.
Your password is hashed using bcrypt (12 rounds). The original password is NEVER stored anywhere — not in our database, not in memory, not in logs.
We CANNOT recover your password. There is no password reset, no recovery email, no backup mechanism.
We CANNOT access your funds. Without your password, the encrypted private keys in our database are computationally impossible to decrypt.
Your private key NEVER appears in the Telegram chat at any point. This is a deliberate security design that distinguishes our service from others.
It is YOUR sole responsibility to store your password securely. We recommend using a password manager.

IF YOU LOSE YOUR PASSWORD, YOUR FUNDS ARE PERMANENTLY AND IRREVERSIBLY LOST. No one — not our team, not any authority, not any service — can recover them.

06

How We Use Your Information

We use the information we collect for the following purposes:

To execute transactions on your behalf when authorized by you
To display your portfolio, wallet balance, and transaction history
To send notifications you have configured (price alerts, whale alerts, AI scanner)
To calculate and process referral earnings
To provide and improve the functionality of the Services
To detect and prevent fraud or abuse
To comply with legal obligations

We do not use your data for advertising, profiling, or user tracking.

07

Third-Party Services

The Services interact with third-party services to function. These services may receive wallet addresses and token addresses to process requests:

Telegram (message delivery and bot interface)
Helius (Solana RPC node)
Jupiter (swap execution and price quotes)
DexScreener (token data, charts, and market information)
CoinGecko (price data and token listings)
RugCheck (token safety analysis)
GoPlus (additional security analysis)
Jito (MEV protection for large trades)

These services NEVER receive your password or private keys. We do not control these third-party services and are not responsible for their data practices.

08

Data Sharing and Disclosure

We do NOT sell your personal information. We will never sell your data.
We do NOT share your personal data with third parties for marketing purposes.
Blockchain transactions are public by nature. Wallet addresses and transaction details are visible to anyone on the blockchain. This is inherent to blockchain technology and is not within our control.
We may disclose your information if required by law, legal process, or governmental request.

09

Data Security

We implement the following technical and organizational measures to protect your data:

AES-256-GCM encryption for all wallet private keys
Unique random salt (32 bytes) per wallet for key derivation
scrypt key derivation combining master key and user password
bcrypt (12 rounds) for password hashing
HMAC-SHA256 signed callbacks with timestamp anti-replay (5 minute expiry)
Progressive lockout: 5 failed attempts = 15 min, 10 = 1 hour, 20 = 24 hours
Rate limiting on all sensitive operations
Server firewall, SSH key-only access, and fail2ban
Sensitive environment variables deleted from disk after startup
All sensitive data automatically redacted from application logs

While we strive for the highest level of security, no system is impenetrable. We make no absolute guarantees regarding the security of your data and disclaim all liability for any breach affecting stored credentials.

10

Data Retention

Account data: retained as long as you actively use the Services
Transaction history: retained permanently for your records and compliance purposes
Encrypted wallet keys: retained as long as the wallet is active
Settings and preferences: retained as long as your account is active

You may request deletion of all your data at any time (see Section 11).

11

Your Rights

Depending on your location and applicable law, you may have certain rights regarding your personal information:

Right to access: request a copy of the data we hold about you
Right to correction: request correction of inaccurate data
Right to deletion: request deletion of your account and all associated data
Right to restriction: request restriction of certain processing
Right to portability: request your data in a portable format
Right to withdraw consent: where processing is based on consent

To exercise any of these rights, contact us at @KyklopsSupport on Telegram.

Please note: if you request deletion of your account, your encrypted wallet keys will be permanently deleted. If you have not backed up your private keys or do not remember your password, your funds will be permanently inaccessible. Deletion of data from blockchain records is not possible due to the immutable nature of blockchain technology.

12

Cookies and Tracking

The Services operate exclusively through the Telegram bot interface. We do not use cookies, web beacons, pixel tags, or browser-based tracking technologies.

13

International Data Transfers

Your data may be processed on servers located outside your country of residence. Where we transfer data internationally, we implement appropriate safeguards consistent with applicable data protection principles.

14

Children

The Services are not intended for persons under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a person under 18, we will take steps to delete such data.

15

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the bot. Your continued use of the Services after changes are posted constitutes acceptance of the updated policy.

16

Support

For questions about this Privacy Policy or to exercise your rights:
Telegram: @KyklopsSupport