Applies to the safe.officeforge.co website, the installable PWA and the Kaspa Safe Android app. Effective: July 5, 2026. Operator: OfficeForge (contact: sales@officeforge.co).
Kaspa Safe is non-custodial and account-less. Private keys are generated and used only on your device and are never transmitted anywhere. There is no sign-up, no email requirement, no advertising, no third-party analytics SDKs in the app. The server only ever sees the public parameters needed to watch your vault on the public Kaspa blockchain.
Vault parameters (public keys, delays, the service token, and — if you enter them during an action — nothing: private keys are used in memory for signing and are not persisted by us). This data lives in your browser's / the app's local storage and can be wiped with "Forget this vault in this browser". Your recovery sheet is a file you download and keep yourself.
If you register a vault for monitoring: the vault's public parameters (address, public keys, delay settings), a random service token, and — if you connect alerts — your Telegram chat ID. If you choose to set an heir email, we store that address for one purpose only: to notify the heir when the inheritance window opens; you can change or erase it in the vault panel at any time. On withdrawals the destination public key is stored so the panel can show an active withdrawal on any device. Standard web-server logs (IP address, request path, user agent) are kept briefly for abuse protection and are not used for profiling. All balances and transactions are public data on the Kaspa blockchain by design.
Private keys, seed phrases or recovery sheets (we will never ask for them); names or documents (there are no accounts — the only email we ever store is the optional heir contact you set yourself); contacts, location, files or any other device data; advertising identifiers. The Android app requests no permissions beyond network access.
Website fonts are loaded from Google Fonts (your IP is visible to Google when the site loads them; the Android app works without them). The website chat widget is protected by Cloudflare Turnstile (Cloudflare processes the challenge). Telegram delivers alert messages if you opt in. The Kaspa network itself is public infrastructure. We do not sell or share data with anyone else.
Monitoring records exist so your vault can be watched; to remove a vault from monitoring and delete its record (including the Telegram link), write to sales@officeforge.co from any address, naming the vault address. On-chain data cannot be deleted by anyone — that is the nature of a blockchain.
Updates to this policy are published on this page with a new effective date.