Privacy Policy

ZapArc

Last updated: May 8, 2026

Overview

ZapArc ("the App") is a self-custodial Bitcoin Lightning wallet. We are committed to your privacy. This policy explains what data the App handles, where it goes, and what stays on your device. The short version: your seed phrase and private keys never leave your device, and we do not run any server that stores your wallet contents.

Data Stored Only on Your Device

• Wallet seed and private keys. Generated on your device and stored in your device's secure storage (iOS Keychain / Android Keystore). They are never transmitted to us or any third party. If you lose access to your device without a backup of your seed, we cannot recover your funds.
• Transaction history. Cached locally for fast display. The underlying Lightning / Bitcoin / Spark transactions are themselves public on their respective networks.
• Contacts you add. Lightning addresses, Spark addresses, and notes you save in the App's address book.
• App settings and preferences. Display currency, theme, biometric-unlock toggle, etc.
• Optional notes and labels you attach to transactions.

Data Sent to Third Parties

For the App to function on the Lightning Network and deliver push notifications, certain non-secret information is shared with the following third parties. We do not run any of these services ourselves; they are operated by independent providers under their own privacy policies.

Breez Technology / Spark / Flashnet (network operators)

The App uses the Breez SDK to send and receive payments on the Bitcoin Lightning Network and the Spark Layer-2 network, and uses Flashnet's automated market-maker for stablecoin swaps. The following is shared with these networks as required to make payments work:

• Your Spark identity public key, transaction signatures, payment amounts, and routing data.
• If you choose to claim a Lightning Address (name@breez.tips), that mapping is registered with Breez's LNURL server. The address itself is intentionally public so others can pay you.
• For receiving notifications about Lightning payments arriving at your Lightning Address, the App registers a webhook URL (which encodes your push token, identity public key, and an optional wallet nickname) with Breez. Breez calls that webhook when a payment arrives.

Apple Push Notification Service (APNs) and Google Firebase Cloud Messaging (FCM)

To deliver push notifications when a payment arrives while the App is in the background, the App registers with Apple's APNs (on iOS) or Google's FCM (on Android). A device-specific push token is generated by the operating system and forwarded to a small backend we operate (see below). We do not associate this token with any personal identifier other than your wallet's identity public key.

21DigitalAI relay (Cloud Functions)

We operate a small Firebase Cloud Functions backend whose only role is to receive payment-arrival webhooks from Breez and forward them to your device via APNs / FCM. The backend stores:

• Your Spark identity public key (so it can route the right notification to the right device).
• Your push token.
• An optional wallet nickname you set in the App (used to identify the wallet in the notification body).

The backend never sees, stores, or has access to your seed, your private keys, or the value of your funds. Source code and infrastructure are operated by 21DigitalAI.

Google Sign-In (optional)

If you choose to sign in with Google for any optional feature in the App, Google receives the standard sign-in request. We receive an OAuth identifier and your basic profile information (name and email). We do not link your Google account to your wallet.

Information We Do Not Collect

• We do not collect your seed phrase, private keys, or any data that would allow us to access your funds.
• We do not run analytics or behavioral tracking inside the App. There are no third-party analytics SDKs.
• We do not show ads or share data with advertisers.
• We do not require you to create an account with us to use the App's core features.

On-Chain Data Is Public by Nature

Bitcoin and Spark transactions are recorded on public ledgers. Once a transaction is broadcast, it is visible to anyone running a node on those networks. This is a property of the underlying networks, not of the App.

Children's Privacy

The App is not directed at children under 13. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be communicated within the App.

Contact

For privacy questions, please open an issue at github.com/21digitalai/policies or contact us via the support URL listed on the App's App Store / Play Store page.

← Back to all policies