Target1M logo Target1M ← Home
Legal · Privacy

Privacy Policy

Effective: May 11, 2026  ·  Last updated: May 11, 2026

1. Overview

This Privacy Policy describes how Target1M (“Target1M,” “we,” “us,” or “our”) collects, uses, shares, and protects personal data in connection with our websites, including target1m.io, and the Spectra self-custody wallet application (collectively, the “Services”).

We are committed to data minimisation. Spectra is a non-custodial wallet — we cannot access your private keys, recovery phrase, or on-chain assets, and we do not collect them.

2. Who we are

Target1M is an independent software studio that designs and operates the Services. For privacy-related matters you can contact us at [email protected].

3. Data we collect

We collect the following categories of data:

  • Account & contact data — email address, name (optional), and communication preferences you provide when you sign up for waitlists, support, or product newsletters.
  • Wallet identifiers — public wallet addresses and transaction hashes that you choose to connect to Spectra. Public blockchain data is, by nature, already public.
  • Device & technical data — IP address, browser type, operating system, device identifiers, app version, crash logs, and approximate location (country-level) derived from your IP.
  • Usage data — pages viewed, features used, session timestamps, referring URLs, and similar interaction metrics.
  • Support data — content of messages you send to us, including screenshots or attachments you choose to share.

4. Data we do not collect

We do not collect, store, or have access to:

  • Your seed phrase or private keys.
  • Your wallet password, PIN, or biometric data.
  • Your custody of crypto assets — Spectra is self-custodial.
  • KYC documents (government ID, selfies, proof of address) — those are collected and held directly by our fiat on-ramp partner, MoonPay, under their own privacy policy (see Section 8).

5. How we use data

We use personal data to:

  • Provide, operate, and improve the Services.
  • Authenticate access to waitlists, beta releases, and support.
  • Respond to your inquiries and provide customer support.
  • Detect, prevent, and investigate fraud, abuse, and security incidents.
  • Comply with applicable laws, including anti-money-laundering (AML) and sanctions screening.
  • Send product updates and transactional emails (with opt-out).
  • Aggregate analytics to understand usage trends — never to identify individuals.

If you are in the European Economic Area or the United Kingdom, we process your personal data under one or more of the following legal bases:

  • Contract — to deliver the Services you request.
  • Legitimate interests — to secure the Services, prevent fraud, and improve our product.
  • Consent — for optional marketing communications and non-essential cookies.
  • Legal obligation — to comply with AML, sanctions, tax, and other applicable laws.

7. Third parties & processors

We share personal data only with vetted processors who are bound by data-processing agreements. Categories include:

  • Fiat on-ramp — MoonPay (see Section 8).
  • Cloud infrastructure — Amazon Web Services, Cloudflare.
  • Email & transactional messaging — Postmark / Resend.
  • Product analytics — privacy-respecting analytics providers configured with IP truncation.
  • Crash reporting — Sentry (or equivalent) for diagnostic logs.
  • Customer support tooling — for processing inbound messages.

We do not sell personal data, and we do not share it with third parties for cross-context behavioural advertising.

8. MoonPay & the fiat on-ramp

When you choose to purchase cryptocurrency with fiat (card, Apple Pay, bank transfer, etc.) inside Spectra, the transaction is processed by MoonPay, a third-party regulated payment provider. MoonPay independently collects and processes the personal data required to complete the purchase, including:

  • Identity verification documents (KYC).
  • Payment instrument details.
  • Billing and shipping information, where applicable.
  • Transaction history with MoonPay.

MoonPay acts as an independent data controller for the data it collects during the on-ramp flow. Target1M does not receive your KYC documents or payment instrument details. We may receive limited confirmation data (such as transaction status and recipient wallet address) to display the result of your purchase inside the app. Please review MoonPay's privacy policy at moonpay.com/legal/privacy_policy before initiating a transaction.

9. Cookies & similar technologies

Our websites use a minimal set of cookies. Strictly necessary cookies enable core functionality and cannot be disabled. Optional analytics cookies are loaded only with your consent (where required by law). You can manage your preferences from your browser settings.

10. Data retention

We retain personal data only as long as necessary for the purposes described in this policy:

  • Account & waitlist data — until you request deletion.
  • Support correspondence — up to 24 months after resolution.
  • Crash and diagnostic logs — up to 90 days.
  • Records required by AML / tax law — for the period mandated by applicable law (typically 5–7 years).

11. International data transfers

Personal data may be transferred to and processed in countries outside your country of residence, including the United States and the European Union. Where required, we rely on Standard Contractual Clauses (SCCs), Adequacy Decisions, or other appropriate safeguards recognised under applicable data protection laws.

12. Your rights

Depending on your jurisdiction (e.g., GDPR, UK GDPR, CCPA / CPRA), you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Request deletion of your personal data.
  • Restrict or object to certain processing.
  • Receive a copy of your data in a portable format.
  • Withdraw consent at any time (without affecting prior processing).
  • Lodge a complaint with your local data protection authority.
  • (California residents) Opt out of any “sale” or “sharing” of personal data — we do not sell or share.

To exercise any of these rights, contact us at [email protected]. We will respond within the timeframe required by applicable law.

13. Security

We implement industry-standard administrative, technical, and physical safeguards designed to protect personal data, including encryption in transit (TLS 1.2+), encryption at rest, scoped access controls, and continuous monitoring. No system is completely secure; you remain responsible for safeguarding your seed phrase, recovery materials, and device credentials.

14. Children

The Services are not directed to individuals under the age of 18, and we do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us so we can delete it.

15. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will revise the “Last updated” date above and, where appropriate, provide additional notice through the Services or by email.

16. Contact

For questions, complaints, or to exercise your data rights, write to:

Target1M
Email: [email protected]
Web: target1m.io