Ledger Cold Wallet Privacy Policy describes how personal data is collected, processed, stored, and protected when users interact with Ledger cold storage services, hardware wallets, companion applications, and related security resources. This policy applies comprehensively to all platforms where cold wallet functionality operates, including hardware wallet devices, desktop applications for Windows, macOS, and Linux, mobile applications for iOS and Android, and web properties providing cold storage documentation and support.
This Privacy Policy was last updated in January 2026. Periodic review is recommended as updates may occur reflecting changes in data handling practices, regulatory requirements, or service capabilities across jurisdictions where users access services. Continued use of Ledger services after policy updates constitutes acceptance of revised terms governing ongoing data processing.
Data Collection
Ledger Cold Wallet services collect limited categories of personal data necessary for providing cold storage functionality while maintaining the security and privacy expectations of cryptocurrency users who specifically choose hardware wallet protection for their assets.
Device security data includes device model identifiers, firmware versions, secure element attestation results, and genuine check verification records. This data enables device authenticity confirmation and counterfeit detection without transmitting private keys or recovery phrases.
Cold storage usage data includes anonymized information about wallet operations, connection patterns, and feature usage when users opt into analytics. This data supports software improvement without identifying individual users or their specific holdings.
Transaction construction data includes public addresses and proposed transaction parameters needed to build transactions for hardware signing. This data is processed during active transaction construction and is not retained after transactions complete. Private keys never leave the secure element.
Support interaction data includes information users provide when submitting cold storage inquiries through official channels. This data is necessary for providing accurate guidance and resolving reported issues.
Website visitor data comprises standard server logs including IP addresses, browser types, pages visited, and timestamps. This data supports security monitoring, abuse prevention, and content improvement analysis.
Cookies and Tracking Technologies
Ledger websites use cookies and similar technologies for functionality and analysis purposes with user control over non-essential categories.
Essential cookies enable core website functions including navigation, session management, download initiation, and security features. These cookies are strictly necessary for proper website operation and cannot be disabled without affecting functionality. Essential cookies do not track users across websites or collect information for advertising purposes.
Security cookies support fraud detection, suspicious activity monitoring, and protection against automated attacks targeting cold wallet users. These cookies help protect both the platform and users from malicious activity.
Analytics cookies collect anonymized website usage data including cold storage documentation page visits, security guide engagement patterns, and navigation sequences. These cookies support content improvement and user experience optimization. Analytics cookies can be disabled through the consent interface without affecting cold storage functionality.
Preference cookies remember user selections including display preferences, language settings, and interface configurations. These cookies improve user experience by reducing repetitive selections and can be managed through browser settings.
Cookie consent preferences persist for 13 months before requiring renewal in compliance with applicable regulations. Users can modify preferences at any time through settings links available in website footers.
Analytics and Performance Monitoring
Ledger Cold Wallet uses analytics to understand documentation effectiveness and feature usage while maintaining user privacy through aggregation and anonymization practices.
Cold storage analytics track anonymous patterns of device connection frequencies, firmware update adoption, and feature usage across the user community. This data helps prioritize development and identify usability improvements without tracking individual users.
Security analytics aggregate anonymous patterns of genuine check completion, threat report submissions, and security documentation access. This information improves protection resources for the user community.
Application analytics operate through opt-in telemetry that users enable or disable during initial setup. Enabled telemetry collects anonymized events while users declining analytics transmit no telemetry data whatsoever, with no functional penalties or feature restrictions.
Analytics data retention follows a 26-month rolling period aligning with typical product development cycles. After this period, aggregated trend data archives for historical comparison while raw event data undergoes permanent deletion.
Third-Party Tools and Services
Ledger Cold Wallet integrates with third-party services for specific functions with data sharing governed by respective service privacy policies and data processing agreements.
Genuine check services verify hardware wallet authenticity through secure attestation protocols. This verification communicates with Ledger security infrastructure to confirm device integrity without transmitting private keys, recovery phrases, or balance information.
Blockchain network nodes receive transaction data when users broadcast signed transactions through companion software. This data is inherently public on blockchain networks and is required for transaction processing across all supported coins.
Content delivery networks distribute cold storage documentation and software downloads globally through distributed infrastructure. These services process requests without accessing security-sensitive data beyond standard server logs.
Cloud infrastructure providers host backend services under data processing agreements requiring compliance with applicable data protection regulations including GDPR requirements.
Data Security
Ledger Cold Wallet implements comprehensive technical and organizational security measures protecting user data throughout collection, processing, and storage operations.
Security measures include TLS 1.3 encryption for all data transmission, hardware secure element protection preventing private key extraction, genuine check verification detecting counterfeit devices, firmware signature validation blocking unauthorized code, access controls restricting employee data access to authorized personnel, regular security audits by independent third-party firms, and incident response procedures for addressing potential breaches.
We never ask for your recovery phrase or private keys. The Ledger architecture ensures recovery phrases and private keys exist exclusively inside hardware wallet secure elements, isolated from all connected systems including companion software, computers, and mobile devices. These cryptographic secrets are never transmitted to Ledger servers, companion applications, or third parties during any operation. Any request for recovery phrases or private keys through any channel should be immediately recognized as a phishing attempt and reported to official support.
Data Retention
Ledger Cold Wallet retains personal data only for durations necessary to fulfill stated purposes, applying appropriate deletion schedules to different data categories.
Website server logs are retained for 90 days supporting security monitoring and abuse investigation, then permanently deleted. Analytics data follows 26-month rolling retention for product improvement, with subsequent archival of aggregated trends and deletion of raw event data.
Genuine check records are retained for 18 months supporting security verification and counterfeit tracking. Support tickets are retained for 3 years following last interaction. Cookie consent records follow 13-month retention per regulatory guidelines.
Users can request data deletion subject to legal retention requirements through the support portal. Deletion requests require identity verification before processing.
User Rights
Depending on jurisdiction, users may exercise rights regarding personal data including access to data held about them, correction of inaccurate data, deletion subject to legal requirements, restriction of processing, data portability, objection to processing based on legitimate interests, and withdrawal of consent without affecting prior processing legality.
Rights requests can be submitted through the support portal at support.ledger.com. Identity verification may be required before processing. Responses are provided within 30 days or shorter timeframes required by applicable law.
International Transfers
Data may be transferred internationally for processing by service providers located outside the user's jurisdiction. Such transfers are protected by appropriate safeguards including Standard Contractual Clauses, adequacy decisions, and binding corporate rules where applicable.
Children Privacy
Ledger services are not directed at individuals under 18 years of age. Personal data from minors is not knowingly collected. If such collection is discovered, the data will be deleted promptly upon notification.
Policy Changes
This policy may be updated to reflect changes in data handling practices or regulatory requirements. Material changes will be communicated through application interfaces, website notices, or direct communication where appropriate.
Privacy Inquiries
Privacy questions can be directed to the support portal at support.ledger.com using the privacy category. Privacy inquiries receive priority handling within applicable regulatory timeframes. For general cold storage support, visit our Contact page.