Legal

Privacy Policy

Last updated: June 4, 2026

Your privacy matters to us. This policy explains what information we collect across the Topaz marketing site, documentation, analytics, agent services, and decentralized exchange, how we use it, and the choices you have.

Topaz is a non-custodial DeFi protocol. We never hold your assets or private keys. Because we integrate third-party sign-in providers such as Privy, Google, and X, this policy also describes how information flows through those services.

01Who We Are

This Privacy Policy describes how the Topaz project (“Topaz,” “we,” “us,” or “our”) handles information in connection with the Topaz suite of products, which includes:

  • the marketing site and protocol documentation at topazdex.com;
  • the public analytics surface (protocol stats, foundation transparency, and performance dashboards);
  • the Topaz decentralized exchange (“DEX”) web application for swaps, liquidity, voting, and bribes;
  • the Topaz Agent, agent skill, and related AI, API, and developer integrations.

Topaz is a non-custodial decentralized finance (DeFi) protocol. We do not take custody of your assets, control your private keys, or execute transactions on your behalf. Interactions with the underlying smart contracts occur directly between you and public blockchains.

02Blockchain Data Is Public

Topaz is built on public blockchains, primarily BNB Chain. When you transact with the protocol, information including your wallet address, transaction amounts, token balances, and on-chain activity is recorded on a public, immutable ledger that we do not control and cannot alter or delete.

This information is inherently public, may be linked to your identity by third parties, and persists independently of Topaz. Please consider this before transacting.

03Information We Collect

We collect the following categories of information:

Information you provide or connect

  • Wallet address when you connect a wallet to the DEX or use our services.
  • Authentication identifiers when you sign in through a third-party authentication provider (see Third-Party Authentication), which may include an email address, social handle, public profile information, or an embedded-wallet identifier.
  • Communications you send us, such as support requests, bug reports, or messages through community channels.

Information collected automatically

  • Usage and device data such as IP address, browser type, device characteristics, pages viewed, referring URLs, and interaction events.
  • Cookies and similar technologies used for analytics, preferences, and session management (see Cookies & Analytics).
  • On-chain activity associated with wallet addresses that interact with the protocol.

We do not knowingly collect government-issued identifiers, and we do not request your private keys, seed phrases, or recovery codes. No legitimate Topaz service will ever ask for them.

04Third-Party Authentication

Some Topaz services let you sign in or provision an embedded wallet through third-party authentication and identity providers. When you choose to use one of these methods, that provider processes your information under its own privacy policy, and limited information is shared with us to create and secure your session.

Privy

We use Privy for wallet connection, authentication, and embedded-wallet provisioning. Depending on the login method you choose, Privy may process your email address, social login identifiers, wallet address, and authentication metadata. See the Privy Privacy Policy.

Google / Google Cloud OAuth

If you sign in with Google (Google OAuth / Google Cloud), we receive basic profile information you authorize, such as your name, email address, and account identifier. Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. See the Google Privacy Policy.

X (Twitter)

If you sign in with X, we receive your public profile information and account identifier as authorized through X's OAuth flow. See the X Privacy Policy.

We use the information from these providers only to authenticate you, create and secure your account or session, provision wallet functionality where applicable, and provide the services you request. You can revoke access at any time through the respective provider's account settings.

05How We Use Information

We use the information we collect to:

  • Provide, operate, maintain, and secure our services;
  • Authenticate users and manage sessions and embedded wallets;
  • Produce and display protocol analytics, statistics, and transparency dashboards;
  • Monitor, debug, and improve performance, reliability, and security;
  • Detect, prevent, and respond to fraud, abuse, and security incidents;
  • Respond to your inquiries and provide support;
  • Comply with applicable legal obligations and enforce our terms.

We do not sell your personal information. We process information based on our legitimate interest in operating the protocol, your consent (where required, such as for certain cookies), and our need to comply with the law.

06Cookies & Analytics

We use cookies, local storage, and similar technologies to operate the site, remember preferences, and understand how our services are used. We use Google Analytics to collect aggregated usage statistics; this involves cookies and the processing of usage data by Google as described in the Google Privacy Policy.

Most browsers let you refuse or delete cookies through their settings. Disabling cookies may affect the functionality of some parts of our services.

07How We Share Information

We may share information with:

  • Service providers that perform functions on our behalf, such as authentication (Privy), identity providers (Google, X), hosting, database, and analytics vendors;
  • Public blockchains, where on-chain transactions are recorded permanently and publicly;
  • Legal and safety recipients when we believe disclosure is required by law, regulation, legal process, or to protect the rights, property, or safety of users or the public;
  • Successors in connection with a merger, acquisition, financing, or reorganization of the project or its assets.

08Data Retention & Security

We retain information for as long as necessary to provide our services and for legitimate business or legal purposes. On-chain data cannot be deleted because it is stored on public blockchains outside our control.

We use reasonable technical and organizational measures designed to protect information. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

09Your Rights & Choices

Depending on where you live, you may have rights to access, correct, delete, or restrict the processing of your personal information, to object to processing, or to data portability. You may also withdraw consent where processing is based on consent.

To exercise these rights, contact us using the details in Contact. Note that rights generally do not extend to immutable on-chain data, which we cannot modify or erase. We may need to verify your identity before responding.

10International Users & Children

Our services are operated for a global audience, and information may be processed in countries other than your own, which may have different data-protection rules. By using our services, you understand that your information may be transferred internationally.

Our services are not directed to children under the age of majority in their jurisdiction (and in no case under 18). We do not knowingly collect information from children. If you believe a child has provided us information, please contact us.

11Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above. Material changes may be communicated through our services or community channels. Your continued use of our services after an update constitutes acceptance of the revised policy.

12Contact

For privacy questions or requests, reach us through our official channels:

See also our Terms of Service.