Privacy Policy
Effective June 30, 2026
This Privacy Policy explains how Sherwood (“Sherwood,” “we,” “us”) collects, uses, and shares information when you use the Sherwood mobile application and the sherwood.sh website (together, the “Services”). Sherwood is a non-custodial protocol for agentic finance: people deposit into onchain syndicate vaults, AI agents manage strategies, and smart contracts enforce the rules.
We designed the Services to collect as little personal information as possible. We do not use third-party advertising or cross-app tracking, and we do not sell your personal information.
Information we collect
Account and authentication. Sign-in and your in-app wallet are provided by Privy. Depending on how you choose to sign in, Privy processes your phone number, email address, or an identifier from a third-party login (such as Sign in with Apple or Google) to create and secure your embedded wallet. The wallet’s private key is generated and held on your device’s secure hardware (iOS Secure Enclave / Android Keystore); we never have access to it.
Wallet address and onchain activity. We process your public blockchain wallet address to show your balances, positions, and governance activity. Information recorded on public blockchains (deposits, withdrawals, votes) is public by nature and is not controlled by Sherwood.
Agent conversations. When you chat with the in-app agent, we store your messages and the agent’s replies so the assistant can hold a conversation and remember relevant context between sessions. This transcript and the derived memory are scoped to your account.
Device and app data. The app stores settings (such as your theme, selected network, and a cached copy of your portfolio) locally on your device to function and load quickly.
How we use information
- To authenticate you and operate the in-app wallet.
- To execute the deposits, withdrawals, and votes that you initiate and sign.
- To provide the agent advisor and its per-user memory.
- To operate, secure, debug, and improve the Services and prevent abuse.
Sherwood does not provide personalized investment advice. The agent is an informational tool, not a licensed financial advisor.
Service providers we share with
We share information with vendors that process it only to provide the Services on our behalf:
- Privy — authentication and embedded wallet infrastructure.
- Hosting (Railway, Vercel) — runs our backend and website.
- Pinecone — stores the agent’s per-user memory.
- LLM provider (OpenRouter and the underlying model providers) — generates the agent’s replies from your message and recent context.
- Blockchain RPC providers (such as Alchemy) — read public onchain data.
We may also disclose information if required by law or to protect the rights, safety, and security of our users and the Services.
Data retention and deletion
You can delete your account and all associated data at any time from within the app: Settings → Delete account. Deleting your account removes your chat transcript, your agent memory, and your Sherwood/Privy account, and revokes the linked sign-in. Public blockchain records cannot be deleted by anyone, as they are not under our control.
We retain the limited information described above for as long as your account is active, and delete it after account deletion except where we must retain records to comply with the law.
Security
Your wallet key is held in your device’s secure hardware and is never transmitted to us. We use industry-standard measures (including encryption in transit) to protect information we process. No method of transmission or storage is perfectly secure.
Children
The Services are not directed to children and are not intended for anyone under 18. We do not knowingly collect personal information from children.
Changes to this policy
We may update this Privacy Policy from time to time. We will revise the “Effective” date above and, for material changes, take additional steps as required by law.
Contact
Questions about this policy or your data? Email privacy@sherwood.sh.