Privacy Policy

Blitz

Blitz Wallet, LLC created the Blitz app as a free app. The service for the app is provided by Blitz Wallet, LLC at no cost and is intended for use as is. This Privacy Policy explains how Blitz Wallet handles data in both the Blitz Wallet mobile application (“App”) and the Blitz Wallet website (“Website”). These may differ in scope, and each section below makes clear whether it applies to the App, the Website, or both.

Information Collection

The Blitz Wallet App integrates with third-party services to provide features such as swaps, payments, user profiles, or liquidity functions. These services may collect or process personal information as described in their own privacy notices. However, the Blitz Wallet website uses Google Analytics to understand traffic sources and user demographics to better position the website to reach as many people as possible.

Here is a link to Google Analytics' Privacy Policy.

Cookies: None

Below is a list of the types of information that may be stored in the Blitz Wallet database. Not all items are required. We will indicate which items are optional and which are necessary for core functionality.

• Blitz Store Information: This includes purchases such as gift cards, messaging services, VPNs, or generative AI. All data is encrypted with your private key. For generative AI, you can choose whether to save a chat or not. All other purchases are automatically stored. You may delete gift cards, VPNs, and messages from the database at any time.
• Contacts: This includes both your saved contacts and your contact profile. Any added contacts are encrypted with your private key and cannot be viewed by others. Your profile, however, is public. Profile data includes your bio, name, Spark address, Spark identity public key, unique username, and UUID. The name and bio are customizable, while the other fields are automatically stored to enable LNURL addresses and contact lookups.
• Contact Profile Image: Users may optionally store a profile image with Blitz. If provided, the image is saved in our database.
• NIP-05: This includes a username and public key associated with your NIP-05 (Nostr) address. Adding this is completely optional.
• Point-of-Sale: This includes your item list, receiving address, store currency, and store name. Items are optional, the store currency defaults to USD, and the store name is automatically generated when you first load the app. You may customize the name, currency, and items at any time.
• Push Notifications: This includes notification settings and your push token. The push token is encrypted with the notification service’s key, so only your device and the backend can access it. Push notifications are optional and can be disabled at any time.
• Crash Reporting: We use Firebase Crashlytics to monitor app stability and improve reliability. Crashlytics may collect non-personal device information (such as device model, operating system version, and app usage patterns). This data is used only for debugging and app improvement. You can disable Crashlytics at any time in the app settings.

Other Stored Information

• Blitz Contact Payments: To facilitate payments between Blitz users, payment actions (such as sending, requesting, accepting, or declining payments) are temporarily stored on Blitz servers. Payment contents are encrypted using a shared key between the users, ensuring that only the parties involved can decrypt the information. All contact payment data is automatically deleted after 7 days.
• Point-of-Sale Payments: Sales made through the Point-of-Sale feature are temporarily stored so that when the admin wallet comes back online, payment details can be synced with the user. All Point-of-Sale data is encrypted and can only be accessed by the admin. Data is automatically deleted after 7 days.
• LNURL Payments: LNURL payments are temporarily stored until the user opens Blitz, at which point the payment data is deleted from the database and saved locally on the user’s device. This temporary storage is necessary to include payment descriptions.

Security

Blitz Wallet is self-custodial, meaning that only you have access to your funds. When creating an account, you will receive a 12-word seed phrase stored on the iOS Keychain or Android Keystore, depending on your operating system. Because your seed phrase is stored online, Blitz is considered a hot wallet and cannot be guaranteed to be 100% secure.

Blitz Wallet never transmits your seed phrase, private keys, or wallet backup to Blitz servers. You are solely responsible for securing and backing up your seed phrase offline. Transactions made through the Bitcoin, or Spark networks are inherently public, meaning wallet addresses and transaction details may be visible on their respective blockchains.

Third-Party Links & Services

Blitz Wallet links to multiple third-party websites. When you click on a link, you will be redirected to their page. Blitz Wallet does not control these websites. It is recommended that you read their Privacy Policies. Blitz Wallet assumes no responsibility for the content or practices of these third-party sites.

The Blitz Wallet App uses the following third-party services:

• Boltz API – to facilitate swaps between Roostock and Lightning (Privacy Policy)
• The Bitcoin Company – to purchase Gift cards (Privacy Policy)
• LNVPN – to purchase VPNs, eSIMS, cards (Website)
• sms4Sats – to send and receive SMS numbers anonymously (Website)
• Apple Push Notification service (APNs) – to deliver push notifications
• Google Firebase Cloud Messaging (FCM) – to deliver push notifications (Privacy Policy)
• Spark – required for sending and receiving Lightning payments. Because payments are coordinated through Spark, your transactions should not be considered private. Spark may have access to certain transaction data as part of providing this service. If Spark's services are unavailable, users may need to perform a unilateral exit to recover funds. You can learn more here: LightSpark Unilateral Exit Guide .
• Flashnet – reqiured for handling swaps between Bitcoin and USDB. Flashnet may collect certain transaction and usage data in connection with swaps executed through our App. This may include blockchain transaction metadata, wallet identifiers, and usage analytics. Please review Flashnet’s Privacy Notice for details on how it processes this information.(Privacy Policy)

Application Permissions

Camera Access

Blitz requires access to your camera to scan Lightning payment requests, and Blitz contact details.

Network Access

This is necessary for:

• Connection to the Breez SDK
• Connection to Boltz API
• Connection to Spark
• Linking to third-party sites

Microphone

To allow you to use the voice feature with ChatGPT.

Filesystem

To save any purchased VPN configuration files for easy upload into WireGuard.

Notifications

To provide a seamless experience with the Lightning Network, you may occasionally receive push notifications. For example, if your app is in the background or closed. Blitz uses Apple Push Notifications and the Google Firebase Cloud Messaging service to fulfill this functionality.

To enable notifications, Blitz Wallet stores a unique push notification token in our database. This token is linked to your device only and is used solely for delivering notifications. It does not contain personal information and cannot be used to identify you. You may disable notifications at any time in your device settings.

Supplemental Notice for EU/UK GDPR

This Supplemental Notice applies to personal information that you voluntarily provide in connection with your use of Blitz Wallet, including, but not limited to, your name, username, profile image, and bio. No personal information is required to use the core functionality of the App, and you are free to use the Services without providing any optional personal information. By choosing to provide personal information, you consent to the processing of that information as described in this Privacy Policy.

Lawful Bases for Processing

The processing of optional personal information is supported by one or more of the following lawful bases, depending on the context and purpose of the processing:

• Consent - You voluntarily provide personal information, and processing is based on your explicit consent. You may withdraw your consent at any time; withdrawal will not affect the lawfulness of processing carried out prior to such withdrawal.
• Legitimate Interests - Processing may also be necessary for our legitimate interests, such as maintaining user profiles or displaying usernames or profile images provided such interests are not overridden by your rights and freedoms.

Changes to this Privacy Policy

We may update our Privacy Policy from time to time. Any changes will be posted on this page with a revised “Last Updated” date. We encourage you to review this Privacy Policy periodically to stay informed.

Contact Us

If you have any questions regarding our Privacy Policy, please contact us using the Contact form under the contact section of our website.