Privacy Policy
coin flow Protocol operates in a decentralized, permissionless manner. While we may collect and process information about users of coin flow or its Interface pursuant to this Privacy Policy, we do not otherwise maintain personal data about all protocol participants beyond what is publicly recorded on the blockchain.
This Privacy Policy (“Policy”) explains how Coin Flow Labs (“we,” “us,” or “our”) collects, uses, and shares information in connection with our website and Interface (collectively, the “Service”), and describes your rights under applicable data-protection laws, including the Cayman Islands Data Protection Act (as amended) (together, “Data Protection Laws”).
By using our Service, you consent to the practices described herein. If you do not agree, please do not access or use the Service.
If you are an individual whose personal data we process, this Policy applies directly to you. If you are an entity providing personal data about others, you must inform them of this Policy and ensure you have all necessary consents.
1. Information We Collect
A. Information You Provide
Communications & Support Requests. When you contact us for help or information, you may provide your contact details and contextual data (e.g., wallet type, token or transaction details, device type, error codes). We use this to respond and improve our Service.
Voluntary Submissions. You may choose to share additional information; you bear full responsibility for doing so.
B. Information We Collect Automatically
Wallet Address. We collect the public address you use to connect, to block banned addresses and to analyze usage patterns for product improvement.
Device Information. We collect device type, operating system, browser type, and screen dimensions to optimize compatibility and troubleshoot issues.
Usage Data. We track how and when you use the Interface—pages visited, features interacted with, assets viewed, links clicked, search queries—to understand user behavior and enhance the user experience.
We do not use purely automated processing of personal data to make legally binding or similarly significant decisions about you without first evaluating compliance under applicable laws.
2. How We Use Your Information
We process data for legitimate business purposes, including:
Service Operations. To provide and maintain the Service, fulfill your requests, respond to inquiries, send updates and security alerts, detect and prevent fraud or abuse, and comply with law.
Product Improvement. To analyze usage trends and optimize features.
Corporate Transactions. For potential or actual business combinations, asset sales, or reorganizations.
Security & Compliance. To protect our systems, investigate incidents, enforce our Terms, and comply with legal obligations.
Your Requests. To honor your specific instructions or consents.
We may also use de-identified or aggregated data for any purpose not prohibited by law.
3. Information Sharing & Disclosure
We may share data with:
Affiliates. Our parent company, subsidiaries, and related entities.
Professional Advisors. Auditors, lawyers, and consultants for compliance and legal advice.
Service Providers. Third parties performing fraud detection, security monitoring, analytics, hosting, or blockchain monitoring—strictly under our instruction.
Regulators & Authorities. As required by law or legal process.
We may also disclose anonymized or aggregated data for any lawful purpose.
4. Third-Party Services
Our Service may integrate or link to third-party platforms (e.g., wallet providers, data feeds). Those parties may collect data under their own terms. We recommend reviewing their privacy policies before interacting.
5. Cookie Policy
We do not use cookies.
(If we enable them in the future, cookies will be used solely for aggregated traffic analysis to improve user experience.)
6. Analytics
We use Amplitude in the Interface and Fathom Analytics on our website to track user interactions. You may opt out via our “Manage Analytics” feature, your browser settings, or privacy extensions.
7. Data Security
We maintain reasonable administrative, technical, and physical safeguards to protect your information. However, no internet transmission is fully secure—we cannot guarantee absolute protection.
8. Data Retention
We retain personal data only as long as necessary to fulfill the purposes outlined here or as required by law. Upon request for deletion, we will erase your data unless retention is legally or contractually required.
9. International Transfers
Your data may be transferred to and processed in the Cayman Islands, the European Economic Area, the United Kingdom, and other jurisdictions with differing data-protection standards. We will implement appropriate safeguards—such as contractual commitments—to ensure lawful cross-border transfers.
10. Your Rights
Depending on your jurisdiction, you may have the right to:
Access or obtain a copy of your personal data.
Correct inaccurate or incomplete data.
Delete your personal data.
Restrict or object to processing.
Receive your data in a portable format.
Withdraw consent where processing is based on consent.
Lodge a complaint with a supervisory authority.
To exercise any rights, please contact us as described below. We may require identity verification.
11. Children
Our Service is intended for general audiences and not for minors under applicable law. If you believe we have collected data from a child in violation of law, please contact us at wecare@coinflow.com for removal.
12. California Residents
Under the CCPA/CPRA, California residents have additional rights, including notice of data collection categories, the right to delete personal data, and the right to opt out of “sale” (as defined under California law). We do not sell personal information. To exercise your rights, please email wecare@coinflow.com with your request.
13. EEA & UK Data Subjects
As the data controller, we process personal data under these legal bases:
Consent (where obtained)
Contract performance (to fulfill our Terms)
Legal obligation
Legitimate interests (balanced against your rights)
EEA/UK residents may exercise GDPR rights—access, rectification, erasure, restriction, portability, objection, and withdrawal of consent—except for on-chain transaction data, which cannot be altered once recorded. Contact us to submit a request; we will respond within 30 days.
14. Changes to This Policy
We may update this Policy at any time. Changes become effective upon posting. Continued use of the Service constitutes acceptance of the updated Policy.