CUSTODI | Your finances. Guarded.Request early access →
LEGAL

Privacy Policy

Your financial data belongs to you. This policy explains what we collect, what we deliberately do not collect, and how our architecture makes privacy a structural guarantee — not just a promise.

Last updated: April 5, 2026

01 — INTRODUCTION

Built for privacy from the ground up.

Custodi is an AI governed financial execution platform where safety is mandatory and privacy is preserved. Unlike traditional financial applications, Custodi's core evaluation engine runs entirely on your device. Your transaction activity, behavioral signals, and financial history are never transmitted to our servers — because our architecture never needs them to be.

This Privacy Policy describes the limited personal information we collect in order to operate the service (such as a billing relationship and communications), and clearly documents what we do not collect by design.

02 — ARCHITECTURE

Privacy as a structural guarantee.

Custodi's Personal Safety Agent operates entirely on your machine. Before any transaction is broadcast to a blockchain network, it is evaluated locally using on-device machine learning — no behavioral data is sent to external servers during this process.

This is an architectural guarantee, not a policy commitment. The system is designed so that evaluation cannot occur remotely. There are no API calls to Custodi servers during transaction evaluation. Your financial activity does not leave your device until you authorize a transaction and it is cleared for broadcast.
  • Transaction history and financial activity remain on your device
  • Behavioral signals and trust graph computations are evaluated locally
  • ML model inference runs on-device — no cloud scoring
  • No telemetry, usage analytics, or financial metadata is transmitted
  • Private keys are stored exclusively in Tauri Stronghold on your local machine
03 — DATA COLLECTION

The limited information we do collect.

Custodi collects only the minimum information necessary to provide the service and communicate with you.

Early Access Waitlist

When you request early access via our waitlist form (hosted on Google Forms), we collect your email address. This is used solely to notify you of product updates, your access status, and Custodi release announcements. We do not sell, rent, or share waitlist data with third parties for marketing purposes.

Payment Information

Subscription payments are processed by Stripe, Inc. When you subscribe to a Custodi plan, Stripe collects and processes your payment card details directly in a PCI-compliant environment. Custodi does not receive, store, or have access to your full card number, CVV, or bank account details.

We receive only a Stripe customer ID, subscription tier, and subscription status — the minimum required to manage your account and enforce access to paid features.

Account Data

If you create a Custodi account, we store your email address and encrypted account credentials necessary for authentication. We do not link your account identity to any on-chain wallet addresses or transaction history.

04 — WHAT WE DO NOT COLLECT

Your financial life stays yours.

The following data is never collected, transmitted to, or stored by Custodi:

  • Transaction history, amounts, or destinations
  • Wallet addresses or on-chain identifiers linked to your identity
  • Behavioral signals, risk scores, or ML evaluation outputs
  • Trust graph data or social engineering detection results
  • Private keys or seed phrases (stored exclusively in Tauri Stronghold on your device)
  • Zero-knowledge proof inputs or outputs from Unlink private transfers
  • USDC balances or on-chain portfolio data
  • App usage patterns, session recordings, or crash telemetry
05 — BLOCKCHAIN ACTIVITY

On-chain data is public by nature.

Custodi facilitates USDC transactions on Base L2 and Monad blockchain networks. Blockchain transactions are, by their nature, publicly recorded on an immutable distributed ledger once broadcast. Custodi has no control over the public visibility of confirmed on-chain transactions.

The Unlink feature uses zero-knowledge proofs to preserve privacy at the transfer layer, obscuring the connection between sender and recipient. However, Custodi cannot guarantee the anonymity of on-chain data in all circumstances, and we make no representations about the privacy properties of public blockchain infrastructure.

Unlink transfers are only activated after a transaction receives a GREEN or AMBER (post-cooling-off) verdict from the Personal Safety Agent.

06 — THIRD PARTIES

Services we rely on.

Custodi uses a minimal set of third-party services. We do not use advertising networks, behavioral analytics platforms, or data brokers.

ServicePurposeData Shared
StripeSubscription payment processingBilling info only
Google FormsEarly access waitlistEmail address only
Base L2USDC transaction broadcastSigned transaction data (public)
MonadUSDC transaction broadcastSigned transaction data (public)
07 — SECURITY

How we protect what we do hold.

Account credentials and subscription metadata are protected using industry-standard TLS 1.3 encryption in transit and AES-256 encryption at rest. Access to production systems is restricted and logged.

Your private keys are stored in Tauri Stronghold — an encrypted, memory-safe vault on your local device. They are never transmitted to Custodi servers under any circumstances. If Custodi's servers were compromised, your keys and financial assets would remain unaffected.

08 — YOUR RIGHTS

Control over your personal data.

Depending on your jurisdiction, you may have the following rights regarding the limited personal data we hold (email address and subscription status):

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate or incomplete data
  • Deletion — request erasure of your personal data (subject to legal obligations)
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing where we rely on legitimate interests
  • Withdrawal of consent — unsubscribe from communications at any time

To exercise any of these rights, contact us at privacy@custodi.app. We will respond within 30 days.

09 — CHILDREN'S PRIVACY

Not for minors.

Custodi is a financial platform intended for users aged 18 and older. We do not knowingly collect personal information from individuals under 18. If you believe a minor has provided us with personal data, please contact us immediately at privacy@custodi.app and we will promptly delete it.

10 — POLICY CHANGES

How we handle updates.

As Custodi evolves, this Privacy Policy may be updated. Material changes — such as new data collection practices — will be communicated via the email address associated with your account or waitlist entry before they take effect.

The "Last updated" date at the top of this page reflects the most recent revision. Continued use of Custodi after the effective date of any changes constitutes acceptance of the updated policy.

11 — CONTACT

Questions about your privacy.

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please reach out:

Custodi Privacy

privacy@custodi.app
← Back to Custodi