⚖️ Privacy + Terms — Wallet Recovery Service

Servicio premium, ticket alto — estos legales son los más robustos del hub. Complementan: el NDA mutuo (templates/NDA-mutuo.md), la Proof of Ownership (templates/proof-of-ownership.md) y el contrato específico por caso (templates/contrato-recovery.md). Jurisdicción: Argentina + internacional (la mayoría de clientes son globales). Versión: 1.0 · 2026-04-18.

📋 PRIVACY POLICY — Wallet Recovery Service

Last updated: 2026-04-18

This policy applies to the wallet recovery service operated by Joshua Sánchez ("we", "us"). Given the sensitive nature of cryptocurrency recovery, we apply maximum confidentiality and data protection standards.

1. Controller

• Controller: Joshua Sánchez.
• CUIT: {{cuit}}.
• Address: {{domicilio}}, Buenos Aires, Argentina.
• Contact (encrypted preferred): {{signal_contact}} or {{proton_email}} (PGP key: {{pgp_fingerprint}}).

2. What we collect

2.1 Initial contact (pre-NDA)

• Your name.
• Email / Signal / Telegram handle.
• Generic case info: wallet type, approximate creation date, what you remember about password/seed.
• NOT collected at this stage: wallet file, seed phrase, public addresses, or any sensitive cryptographic data.

2.2 Post-NDA + Proof of Ownership

• Signed NDA copy.
• Proof of Ownership documentation (see templates/proof-of-ownership.md).
• Password hints with more detail.
• Hash extracted by YOU via our guided helper script (never the wallet file itself).
• Case-specific metadata: wallet type, file format, hash type.

2.3 Post-contract (active recovery)

• GPU computation logs (local, not transmitted).
• Attack progression (local session state).
• Recovered password (transient; deleted after delivery).

2.4 What we NEVER collect

• Your private keys.
• Your seed phrase.
• Your wallet file.
• Your public addresses or balances.
• Transaction history.

3. Data handling principles

3.1 Zero-file policy

• You run our helper script on your machine. The wallet file never leaves your possession.
• Only the hash (mathematical representation of the password complexity) is transmitted.
• The hash alone cannot be reversed to your wallet; it only enables password attempts.

3.2 Encrypted everywhere

• Communications: Signal or PGP-encrypted email.
• Data at rest: LUKS full-disk encryption on case volume.
• Case-specific encryption key rotated per client.

3.3 Air-gapped critical operations

• The password delivery moment is conducted through one-time channels (Signal disappearing messages, PGP-encrypted one-time links, or phone).

4. Retention

• Pre-case inquiries: 30 days. Deleted if no case starts.
• Active case data: duration of the case + 30 days maximum.
• Hash: deleted within 48 hours of case closure (success or failure).
• Recovered password: deleted immediately after client confirmation of receipt.
• Legal documents (NDA, PoO, contract): retained for 5 years for legal defense.
• Billing records: retained for 7-10 years (fiscal legal requirement).
• Certificate of Deletion: issued for every case, regardless of outcome.

5. Sharing with third parties

Default: no sharing. Exceptions:

• Infrastructure providers (GPU hosting, if applicable) under strict NDAs and with case-specific encryption.
• Legal authorities ONLY with:
• Valid, specific court order (not a fishing request).
• Notification to client (unless legally prohibited).
• Legal counsel consulted to assess the validity and scope of the order.

Position on law enforcement

• We do not provide preemptive access to any government.
• We respond to lawful, specific requests with our legal team's involvement.
• If a client is being investigated for unlawful activity, we may be required to preserve data — but this would be noted in our contract with proper safeguards.

6. International transfers

• Primary operations: Argentina.
• Any cross-border data transfer protected by SCCs or equivalent.

7. Your rights

Access, Rectification, Deletion, Opposition, Portability

Standard GDPR + Argentine Law 25.326 rights.

Right to full erasure (atypical for our service)

Even after a case closes, you can request accelerated deletion of the legal documents retained (NDA, PoO, contract) if: - No legal dispute active. - More than 2 years have passed. - You provide a formal written request.

In that case, we'll issue a second Certificate of Deletion.

8. Security

• Communications: Signal (preferred) or PGP-encrypted email.
• Data at rest: AES-256 on encrypted volumes.
• Keys: per-case rotation.
• Physical security: equipment not shared with any other activity.
• No cloud sync for sensitive case data.
• Automated deletion jobs + manual verification with shred -u -n 7.

9. Breach response

In the unlikely event of a security breach:

• Notification to affected clients within 24 hours (not 72h; given the high value at risk).
• Full disclosure: what happened, what data may be affected, recommended actions.
• External forensic review if appropriate.
• Cooperation with affected clients on remediation.
• Report to Argentine AAIP and other applicable authorities.

10. Contact for privacy

• Email (encrypted preferred): {{proton_email}}
• PGP fingerprint: {{pgp_fingerprint}}
• Signal: {{signal_contact}}
• Postal (formal notices): {{domicilio}}, Buenos Aires, Argentina.

📜 TERMS OF SERVICE — Wallet Recovery

Last updated: 2026-04-18

These Terms govern our wallet recovery service. Given the specialized nature and high-stakes involved, a case-specific contract (templates/contrato-recovery.md) will also be signed before active work begins. These Terms set the general framework; the contract governs the specifics.

1. Service description

We provide technical password recovery for cryptocurrency wallets. Our scope:

Supported wallets

• Bitcoin Core (wallet.dat, legacy).
• Bitcoin Core (descriptor wallets, new).
• Electrum (all versions).
• Metamask (keystore).
• Trust Wallet.
• Exodus.
• MyEtherWallet (keystore).
• Atomic Wallet.
• Other EVM-compatible wallets (case-by-case).

Out of scope (we decline)

• Exchange accounts (Coinbase, Binance, etc.) — use their support.
• Wallet files where you're NOT the original owner.
• Cases with zero password information.
• Cases where estimated recovery probability < 15%.

2. Ethical boundaries (non-negotiable)

• Only your own wallets. You must provide Proof of Ownership.
• No recovery of third-party wallets, even with their alleged consent, unless documented with notarized authorization.
• No "scanning top accounts" or any activity that could harm the broader network.
• No illegal activity. If we suspect the wallet involves proceeds of crime, we terminate and may report to authorities.

3. Process stages

Stage 1 · Pre-qualification (free)

• Initial DM/email.
• 4 quick questions to assess viability.
• Feasibility estimate (within 24-48h).
• If viable → proceed to Stage 2. If not → we decline with honest explanation.

Stage 2 · NDA + Proof of Ownership (free)

• Both parties sign the NDA (templates/NDA-mutuo.md).
• You submit Proof of Ownership documents.
• We review. If valid → proceed to Stage 3.

Stage 3 · Technical scoping (free)

• We analyze your hints and estimate:
• Probability of success.
• GPU hours required.
• Expected timeline.
• We quote a success fee (typically 30-40% of recovered value (success fee), USD 2,000 upfront AI Scan).

Stage 4 · Contract signature (free)

• Case-specific contract signed (templates/contrato-recovery.md).
• Clear definition of scope, fees, timeline, stop criteria.

Stage 5 · Hash extraction (on your machine, free)

• You run our helper script on YOUR machine.
• Hash is uploaded to our secure server.
• Wallet file never leaves your machine.

Stage 6 · Active recovery (billed on success only)

• GPU attacks per the agreed plan (dictionary → mask → combinator).
• Status updates every 24-48h.
• If HIT: proceed to Stage 7.
• If STOP CRITERIA reached without HIT: case closed, no charge, Certificate of Deletion issued.

Stage 7 · Delivery + payment

• Password delivered via secure channel (Signal / PGP / one-time link).
• Invoice issued.
• Payment within 24 hours of delivery.
• Upon payment: Certificate of Deletion issued.

4. Fees

Success fee model

• No upfront payment. You pay only if we recover.
• Typical fee: 20-25% of recovered value.
• Minimum: USD 500 per case.
• Maximum: negotiable for very large cases (fixed 30-40% range for all cases (no cap)).

Exceptions requiring upfront retainer

For cases involving extensive GPU time (> 100 hours expected): - Retainer: USD 100-300 upfront, deducted from final fee on success. - Retainer is not refunded if case fails (covers GPU costs). - This is transparent in the scoping.

Payment methods

• USDT BEP20 or TRC20 (preferred for international).
• Bitcoin (if you prefer).
• Bank transfer (for AR clients).
• PayPal (with 5% surcharge).

Invoicing

• Argentine Factura E (export of services) for international clients.
• Argentine Factura B/C for local clients.

5. Client obligations

You agree to:

• Provide truthful information at every stage.
• Submit valid Proof of Ownership.
• Cooperate with information requests during scoping.
• Not pressure us to skip verification steps.
• Not contact us anonymously (name and reachable contact required).
• Pay within 24h of successful recovery.

6. Our obligations

We agree to:

• Never access your wallet or its funds.
• Apply professional effort using industry-standard tools (hashcat, custom rule sets).
• Communicate regularly (updates every 24-48h).
• Deliver securely via encrypted channel.
• Maintain absolute confidentiality indefinitely.
• Issue Certificate of Deletion at case closure.
• Decline honestly when case is infeasible (no false hope, no charge for effort on infeasible cases).

7. Stop criteria

Before starting, we agree with you on:

• Time limit (calendar days): usually 30.
• GPU hours limit: usually 500h.
• Technical limit: broader charset expansion after N hours.

When any limit is hit, the case is declared unsuccessful. Certificate of Deletion issued. No charge.

8. Confidentiality (covered in NDA)

The NDA (templates/NDA-mutuo.md) governs confidentiality in detail. Key points:

• Indefinite confidentiality.
• No marketing references without your explicit consent.
• No publication of case details even anonymized without consent.
• Breach = legal liability per Argentine law + arbitration clause.

9. Liability limitation

• Our maximum liability: the fee paid for this case (or USD 500 if no fee paid).
• We are NOT liable for:
• Loss of wallet access during your own hash extraction (if you make a copy first as we recommend, this is zero risk).
• Third-party actions (network issues, exchange freezes, etc.).
• Changes in cryptocurrency value between recovery and your subsequent actions.
• Any indirect damages.
• Exception: gross negligence or willful misconduct on our part.

10. Dispute resolution

• First: informal negotiation, 30 days.
• Second: arbitration under ICC rules (for international cases) or Buenos Aires Civil and Commercial Arbitration Court (for AR cases).
• Last: court of Buenos Aires, Argentina.
• Applicable law: Argentine + international private law principles.

11. Termination

• You: can cancel at any stage before hit. If we've already done scoping work, retainer (if any) may be partially retained per scoping agreement.
• Us: may terminate if:
• You provide false information.
• Proof of Ownership insufficient.
• Case involves third-party file.
• We discover evidence of illegal activity.
• Both: if the case becomes technically infeasible (automatic stop per criteria).

12. Post-case behavior

After case closure (success or failure):

• Certificate of Deletion is THE closure marker.
• We maintain confidentiality forever.
• You're welcome to start a new case later (e.g., if you find new hints), but it's a new contract from scratch.
• You're welcome to refer others to us (we pay 15-20% referral commission in some cases — ask).

13. Ethical review clause

We reserve the right to decline any case — even after initial acceptance — if at any stage we discover:

• The wallet isn't yours.
• The purpose is unlawful (money laundering, sanctions evasion, etc.).
• The client is misrepresenting basic facts.

In such cases: - We issue an immediate Certificate of Deletion. - Any retainer is retained only to the extent covering costs incurred. - No further contact unless legally required.

14. Changes

These Terms are version-controlled. Material changes apply only to new cases, not active ones. You receive the current version of the Terms at case start (Stage 3-4).

15. Contact

• Signal: {{signal_contact}}
• PGP email: {{proton_email}} (fingerprint: {{pgp_fingerprint}})
• WhatsApp (less sensitive queries): {{whatsapp}}
• Postal (formal): {{domicilio}}, Buenos Aires, Argentina.

📎 Related docs

• templates/NDA-mutuo.md — Mutual NDA (signed before Stage 2).
• templates/proof-of-ownership.md — PoO framework.
• templates/contrato-recovery.md — Case-specific contract.
• dm-primera-respuesta.md — First contact template.
• scoping-tecnico-template.md — Stage 3 scoping.
• playbook-cliente-desaparece.md — Protocol for non-payment.

⚖️ Legal audit recommendation

Given the sensitive and high-stakes nature of this service, we strongly recommend:

• Having a specialized lawyer (crypto + data protection) review these documents before going live with international clients.
• Jurisdictional advice for major new markets (especially US, EU, UK — which have specific FinCEN / AMLD / FCA requirements).
• Keeping all signed documents in an encrypted offline backup in addition to primary storage.

Budget for a legal review: USD 300-600 one-shot. Worth every dollar given the exposure.