Back to Vorliq

Privacy Policy

Vorliq is designed around self-custody. Vorliq servers do not store user private keys, wallet passwords, encrypted wallet backup passwords, or recovery phrases. If a user loses a private key or wallet password, Vorliq cannot recover it.

Public by Design

Blockchain data and public community content are public by design. Blocks, confirmed transactions, public wallet addresses involved in transactions, forum posts, replies, governance proposals and votes, peer community request records, price signals, treasury proposals, public node registry entries, and visible wallet activity may be stored, displayed, copied, indexed, cached, or shared by nodes and users.

Community Content

Forum posts, chat messages, images, screenshots, governance proposals, peer community requests, price signals, lending requests, registry entries, ambassador-related public content, and similar submissions should be treated as public unless the interface clearly says otherwise. Users should not post private information, private keys, passwords, personal documents, financial details, or sensitive identity information in public fields.

The community chat is public and shows only the most recent messages. It is not private messaging and is not a permanent record. The author shown for forum posts and chat messages is a public wallet address, not a verified legal identity.

Public Profiles

If a user creates a Vorliq profile, the profile fields are public and linked to that wallet address. Public profile fields can include display name, bio, location, country, avatar style, website, X link, Telegram link, Discord name, badges, reputation score, and activity summary. Vorliq profiles do not store private keys, wallet passwords, recovery phrases, admin tokens, or email passwords.

Wallet verification stores public verification status, the public challenge message, and a verification timestamp. It proves wallet control only and does not collect government ID or verify legal identity.

Reports and Moderation

Reports can include target identifiers, reason category, optional reporter wallet address, description, timestamp, and moderation status. Reports must not include private keys, passwords, admin tokens, IP addresses, raw user agents, government documents, or sensitive secrets. Moderation dashboards show safe public moderation metadata only.

Third-Party Services

Newsletter signup and ambassador application forms use Formspree. When a user submits an email address, name, location, or application text through those forms, Formspree processes that submission and may transmit it to Vorliq's email account. Users should review Formspree's privacy practices before submitting personal information.

Local Wallet Storage

The web app may store encrypted wallet data in the user's browser localStorage. That local record can include a public wallet address, public key, encrypted private key, encryption salt, initialization vector, and encryption settings. The password used to decrypt it is not stored by Vorliq. The mobile app stores wallet data locally on the user's device.

Manual private key mode is intended for exceptional use. The app does not need to send private keys to the backend to create a transaction; signing happens locally and the submitted transaction contains public transaction fields plus a signature.

Operational Data

Vorliq infrastructure can produce logs for service health, diagnostics, errors, deployment status, rate limiting, and security monitoring. Logs are intended to operate the public node and may include IP addresses, request paths, timestamps, and technical metadata.

First-Party Analytics

Vorliq uses its own self-hosted, privacy-conscious analytics for aggregate product insight. It is not a third-party analytics service, and the data stays on the Vorliq server. Analytics can count safe events such as page views by route, visibility of sections on the landing page, clicks on buttons, navigation links and product cards identified by their on-screen label, dashboard feature clicks, and reliability signals such as frontend errors and failed or timed-out public data requests recorded by endpoint. Analytics may also record a coarse device size bucket of mobile, tablet, or desktop. Events use a random anonymous browser session ID stored in localStorage only when analytics is enabled, and that ID is not linked to any wallet or account.

Analytics does not collect private keys, wallet passwords, recovery phrases, admin tokens, raw IP addresses, raw device fingerprints or user agents, exact device identity, wallet addresses or account identity, message bodies, forum post bodies, private key export data, the contents of forms, or personal identity. Analytics events are retained for up to 90 days and are not required to reconstruct blockchain balances.

Users can opt out from the Analytics and Privacy section in Settings, or from the Account privacy controls. When disabled, the browser stops sending analytics events and removes the anonymous session ID from that device.

User Caution

Users should be careful on shared, borrowed, public, or work-managed devices. Anyone with access to a device, browser profile, backup, malware, screen recording tool, or private key can create serious wallet risk.

About This Page

This page is a plain-language description of how Vorliq handles data. It is not legal advice and is not a compliance certification. It should be reviewed by a qualified lawyer before being relied on as a formal legal or regulatory document.

Contact

Questions can be sent through the community channels listed on the Vorliq website or through GitHub at https://github.com/vorliq/Vorliq.