Privacy Policy
This Privacy Policy (“Policy”) for AFX Foundation (“Foundation”, “we”, “our”, or “us”) describes the basis on which we may process personal data we may collect from users of the Foundation’s Interface, available at app.afx.xyz, including any of its subdomains (“Interface”), in accordance with applicable law. For purposes of applicable data protection laws, the Foundation is the controller. For the purposes of this Policy, “you” and “your” refers to you as the user of the Interface.
Read this Policy carefully so that you understand your rights in relation to your personal data and how we might collect, use, and process it. If you do not agree with this Policy, do not use, access, connect to or interact with the Interface, or otherwise provide your information to us. This Policy is incorporated by reference into the Foundation’s Terms of Use, available at https://app.afx.xyz/terms.
HIGH-LEVEL SUMMARY
We value your privacy. Here is a brief overview of our approach:
- AFX Foundation makes available the Interface at app.afx.xyz, an interface that facilitates interaction with the AFX decentralized protocol. Access to and use of the Interface is subject to the Foundation’s Terms of Use, including geographic and eligibility restrictions. The Interface is not available to Restricted Persons, as defined in the Terms of Use.
- We do not sell your personal data to third parties, and we do not share your information with any third parties for marketing purposes.
- We collect minimal personal data — primarily technical and usage data necessary to make available the Interface securely and effectively.
- We do not maintain traditional user accounts. We do not collect or store personally identifiable information such as your full name, street address, date of birth, or government-issued ID, unless you voluntarily provide such data to us (e.g., in a support inquiry).
- We collect publicly available blockchain data (wallet addresses and on-chain transaction history) when you connect your wallet. This information is publicly available by nature of blockchain technology and is not created or assigned by us.
- We use strictly necessary cookies and limited analytics technologies to maintain service quality. We do not use marketing or advertising cookies.
- You have meaningful rights over your personal data, including access, correction, deletion, and portability. Please see the “Your Rights” section for details.
- Any material changes to this Policy will be reflected in an updated version with a revised “Last Updated” date.
1. PERSONAL DATA WE COLLECT ABOUT YOU
When you access, use, connect to, or interact with the Interface, we may collect certain categories of information about you, including personal data, from a variety of sources.
1.1 Information You Provide to Us
Data may include: (i) any digital-asset, smart-contract, or protocol address (“Wallet”) information; and (ii) geolocation data. You provide this data to us when you connect your Wallet to the Interface.
Other data may include transaction data or history, such as your public blockchain transaction history and other information associated with a linked address or Wallet and token holdings. Should you contact us, we will collect the content of the communications we have with you and any personal data contained within, including the email address you used to contact us.
If you participate in a survey, feedback session, or usability study with us, we will record any biographical information you directly provide (for example, your name, email address, and responses). We will not attempt to link any voluntarily provided information to your Wallet address, IP address, or other personal data.
1.2 Support Tools
The Foundation may make available automated chat or AI-assisted support tools (“Support Tools”) to assist with general questions and Interface navigation. Please note that Support Tools are automated systems and you should not submit confidential, personal, or sensitive information through any Support Tool, as stated in the Terms of Use. Any information you submit through a Support Tool may be collected and processed in accordance with this Policy.
1.3 Publicly-Available Blockchain Data
When you connect your non-custodial blockchain Wallet to the Interface, we collect and log your publicly-available blockchain address to learn more about your use of the Interface and to screen your Wallet for any prior illicit activity using intelligence provided by leading blockchain analytics providers. Note that blockchain addresses are publicly-available data that are not created or assigned by us or any central party, and by themselves are not personally identifying.
1.4 Information We Collect Automatically
When you visit certain pages on our Interface, our servers may save each access in a log file. The following data may be collected: (i) the date and time of access; (ii) the country from which the Interface is accessed; (iii) any API endpoints being accessed; (iv) user agent details; (v) the operating system of your computer and the browser you are using (provider, version, and language); and (vi) the transmission protocol used (e.g., HTTP/1.1).
We may use web beacons/clear GIFs, geolocation and tracking technologies, and other applications when you visit the Interface, including technologies collecting certain information about your access to, use of, connection to, or interaction with the Interface (“Usage Data”) that may be integrated with third-party service providers. In our legitimate interests to make the Interface available effectively to you, we may also use this data to create aggregated, anonymized, or de-identified data.
1.5 Information We Receive from Third Parties
We may receive information about your Wallet address or transactions made through the Interface from our service providers in order to comply with our legal obligations and prevent the use of our Interface in connection with fraudulent or other illicit activities. We may combine this information with data we collect directly.
2. HOW WE USE YOUR INFORMATION
We use personal data we collect only as disclosed in this Policy, where we have a contractual relationship or your consent, where it is in our legitimate business interests, or where there is another lawful basis to do so. Specifically, we may use your personal data for the following purposes:
- Providing the Interface and Features: We use the personal data we collect to provide, maintain, customize, measure, and improve the Interface and its features.
- Safety and Security: We use your information to protect against, investigate, and prevent fraudulent, unauthorized, or illegal activity; to monitor and verify identity or service access; to combat spam, malware, or security risks; and to enforce our Terms of Use.
- Legal and Regulatory Compliance: We may use your personal data to enforce compliance with our terms and policies, to defend against legal claims or disputes, for identity verification and sanctions screening purposes, and as required by regulators, government entities, or official inquiries. We may provide your personal data to third-party compliance service providers to confirm whether you are a Restricted Person or are otherwise on any applicable sanctions lists.
- Customer Support: We may use your information to direct questions to appropriate support personnel, to contact you, and to investigate and address concerns.
- Research and Development: We may use your personal data for testing, analytics, research, product development, and to develop new features and products relating to the Interface.
- Personalization: With your consent, we may use Usage Data to tailor features and content to you and to ensure content is presented in the most effective manner for you and your device.
- Aggregated Analytics: We may use some of the data we collect to compile aggregated, anonymized data to better understand how users use the Interface and to improve user experience.
3. LEGAL BASIS FOR PROCESSING
We generally process information we collect when we need to do so to perform our obligations to you or to enable your use of the Interface. This includes processing carried out: (i) to facilitate your connection to the Interface; and (ii) to identify if you are likely to be a Restricted Person, as defined in our Terms of Use, available at https://app.afx.xyz/terms. Each such processing is either necessary for us to perform our contract with you, or is in our legitimate interests to provide access to the Interface.
With your consent, we may use data collected, including Usage Data, to tailor features and content to you. We may also process data in our legitimate interests to assist with system security and stability, to conduct troubleshooting, data analytics, testing, and research, to maintain the safety and security of our users and the Interface, and to improve and develop the Interface.
In addition, we may use your information to comply with any applicable legal obligations, to enforce any applicable Terms of Use, and to protect or defend the Interface, our rights, and the rights of our users or others.
4. COOKIE POLICY
4.1 Types of Cookies We Use
We use cookies and similar technologies to enhance your experience when accessing and using the Interface. The following types of cookies may be used:
- Strictly Necessary Cookies: These cookies are required for the Interface to function and cannot be switched off. They help ensure compliance with our Terms of Use and are otherwise integral to providing the best user experience. These cookies are not used for marketing purposes.
- Analytical or Performance Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of the Interface. They help us understand which pages are most and least popular and how visitors navigate the Interface.
- Functional Cookies: These cookies recognize you when you return to the Interface, enabling us to remember your preferences and personalize content for you.
We do not use marketing or advertising cookies. By continuing to use the Interface, you consent to the placement of strictly necessary cookies. You may configure your browser to block other cookies.
4.2 Other Tracking Technologies
We and our third-party service providers may use the following tracking technologies:
- Pixels: A tracking pixel is a small amount of code on a web page or in an email that typically works in conjunction with cookies to identify users and track user behavior. We may use pixels to learn whether you have interacted with certain web or email content.
- Local Storage: We may use localStorage and similar technologies to remember your preferences and settings across sessions (e.g., tokens you import or star), and to understand how you interact with the Interface.
- Device Identifiers: We may use device identifiers for the purposes set out in this Policy, for example to recognize your device when you return to the Interface.
4.3 Managing Cookies
You have a number of options to control or limit how we and our partners use cookies:
- Blocking cookies in your browser. Most browsers let you remove or reject cookies. Follow the instructions in your browser settings. For more information, visit www.allaboutcookies.org.
- Blocking advertising ID use in your mobile device settings.
- Using privacy plug-ins or browsers. Certain browsers (e.g., Brave) and browser extensions (e.g., PrivacyBadger, uBlock Origin) can block third-party cookies and trackers.
- Advertising industry opt-out tools: http://optout.aboutads.info and http://optout.networkadvertising.org.
4.4 Do Not Track
Do Not Track (“DNT”) is a concept that allows internet users to control tracking of their online activities across websites. Some browsers offer a DNT option in their preferences. When a user’s browser is set to DNT, some cookies and other tracking technologies may become inactive, depending on how the Interface responds to DNT settings. We endeavor to respect DNT browser signals where practicable.
5. THIRD-PARTY WALLET CONNECTIONS
Certain features of the Interface require you to connect a compatible non-custodial third-party digital Wallet. By using such Wallet, you agree that your access to, use of, connection to, and/or interactions with such third-party Wallets are governed by the policy for the applicable Wallet, and that you are using the Wallet in accordance with the terms and conditions of the applicable third-party provider. You are solely responsible for the security of your Wallet and your private keys.
Wallets are not maintained or supported by, or associated or affiliated with, the Foundation. The Foundation does not have access to your recovery phrase, private key(s), or other Wallet credentials, and will never request them. We expressly disclaim any and all liability for actions arising from your use of third-party Wallets, including but not limited to actions relating to the use and/or disclosure of personal information by such third-party Wallets.
6. SHARING OF PERSONAL DATA
We do not share your information with any third parties for marketing purposes whatsoever. In certain circumstances, we may share your information with third parties with your consent, as necessary, or as otherwise required or permitted by law, including:
- Service Providers and Vendors: We may share your personal data with third parties who process it on our behalf. Such third parties could include blockchain analysis service providers, sanctions screening providers, content delivery networks, and data analytics providers. For example, we may use services to perform geo-blocking based on IP addresses and to collect anonymized device information for analytics purposes.
- Legal and Regulatory Compliance: We may share your information: (a) to cooperate with government or regulatory enquiries or investigations; (b) when compelled by a subpoena, court order, or similar legal procedure; (c) when we believe in good faith that disclosure is necessary to prevent harm to you, us, or another person; or (d) to report suspected illegal activity or investigate violations of our Terms of Use.
- Professional Advisors: We may share your data with legal counsel, auditors, and other professional advisors in our legitimate interests or as required by law.
- Business Changes: If we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of assets or stock, or other business transaction, some or all of your personal data may be shared or transferred as part of that transaction.
- With Your Consent: We may share your information any other time you provide us with your consent to do so.
7. INTERNATIONAL DATA TRANSFERS
As a globally accessible Interface (except areas specified in Section 1.5 of the Foundation's Terms of Use), the Foundation and its third-party service providers operate across multiple jurisdictions. Your personal information may be transferred to, stored in, or processed in any country in which the Foundation or its service providers maintain operations, which may include countries other than your country of residence. These countries may have data protection laws that differ from, and in some cases may be less protective than, the laws of your home jurisdiction.
Regardless of where your personal information is processed, we will take steps reasonably necessary to ensure that it is treated securely and in accordance with this Policy and applicable data protection laws. The specific safeguards we apply will depend on the jurisdiction from which your data originates:
- For transfers of personal data from the European Economic Area (“EEA”): we will rely on adequacy decisions, Standard Contractual Clauses (“SCCs”) approved by the European Commission, or other lawful transfer mechanisms as required under EU data protection law.
- For transfers of personal data from the United Kingdom (“UK”): we will rely on UK adequacy regulations, the International Data Transfer Agreement or addendum to the SCCs approved by the UK Information Commissioner’s Office (“ICO”), or other lawful transfer mechanisms as required under UK data protection law.
- For transfers of personal data from other jurisdictions, we will comply with applicable local data protection laws and implement appropriate safeguards as required, which may include contractual protections or other mechanisms recognized under local law.
If you have questions about the specific safeguards applied to the transfer of your personal data, please contact us at privacy@afx.xyz.
8. DATA RETENTION
We will retain your personal data only for so long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements, or as otherwise required by law. The length of time we retain your data will depend on the nature of the data and the purpose for which it was processed.
Personal information required to establish proof of a right or contract, or to comply with a legal obligation, will be kept for the period stipulated by applicable law. When your personal data is no longer required, we will take steps to delete or anonymize it.
9. YOUR RIGHTS
Under applicable data protection laws, you may have the following rights in relation to your personal data:
- Access: You have the right to access personal information we hold about you and to ask that your personal information be corrected.
- Correction: You have the right to request correction of inaccurate or incomplete personal data we hold about you, which we may verify as necessary before making changes.
- Deletion: You have the right to request deletion or removal of your personal data, in certain circumstances. Please note that we cannot edit or delete information that is stored on a public blockchain (such as your transaction data, Wallet address, and on-chain assets), as this information is beyond our control.
- Objection: You have the right to object to the processing of your personal data, in certain circumstances, including to object to direct marketing.
- Restriction: You have the right to request that we restrict the processing of your personal data, in certain circumstances.
- Portability: You have the right to data portability. We will endeavor to provide you, or a third party of your choice, with a copy of your personal data in a structured, commonly used, machine-readable format.
- Withdrawal of Consent: Where we rely on consent to process personal data, you have the right to withdraw that consent at any time. This will not affect processing carried out before consent is withdrawn or processing on other legal bases.
- Data Breach Notification: You have the right to be informed of a personal data breach, unless the breach is unlikely to be prejudicial to you.
- Complaint: You have the right to file a complaint regarding our data protection practices with your relevant data protection authority.
You may submit a written request concerning the processing of your personal data to privacy@afx.xyz. Please note that, prior to any response to such request, we will require you to verify your identity. We may have valid legal reasons to refuse your request and will inform you if that is the case. To the extent required under applicable data protection laws, we will respond to your request without undue delay and at least within one month (which may be extended by a further two months in certain circumstances).
Note that these rights apply only in certain circumstances and may be limited by law. Such limitations may apply, for example, where fulfilling your request would adversely affect other individuals or our trade secrets or intellectual property, where there are overriding public interests, or where we are required by law to retain your personal data.
10. BLOCKCHAIN DATA AND LIMITATIONS
You acknowledge that certain information may be stored on a public blockchain and is therefore beyond our control. Information such as your transaction data, blockchain Wallet address, and assets held by your address may be related to data we collect but cannot be altered or deleted by us, as this data is permanently recorded on the blockchain by its inherent nature. Please be aware of this limitation when connecting your Wallet and transacting on-chain.
11. CHILDREN’S PRIVACY
The Interface is not directed at persons under the age of majority in their jurisdiction (including persons under eighteen (18) years of age), consistent with the eligibility requirements of the Terms of Use. We do not knowingly collect or solicit personal data from any such persons. If we become aware that we have unknowingly collected information from an ineligible person, we will make commercially reasonable efforts to delete such personal data from our records. If you believe we have received personal information about a child, please contact us at privacy@afx.xyz.
12. SECURITY
We implement and maintain reasonable administrative, physical, and technical security safeguards to help protect personal data from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. Despite our efforts to protect your personal data, we cannot guarantee perfect security of information transmitted through the Interface. Any transmission is at your own risk.
You are responsible for all of your activity on the Interface, including the security of your blockchain network addresses, cryptocurrency Wallets, and their cryptographic keys. The Foundation does not have access to your recovery phrase, private key(s), or other credentials, and will never request them.
13. THIRD-PARTY LINKS, SERVICES, AND SOCIAL MEDIA
The Interface may be integrated with, or otherwise give access to, applications, services, sites, technology, data, and resources provided by third parties (“Third-Party Services”). The Foundation has no control over Third-Party Services and accepts no responsibility for them or for any loss or damage that may arise from your use of them. Any integration or inclusion of Third-Party Services does not imply an endorsement or recommendation by the Foundation. Your access and use of Third-Party Services is subject to the additional terms, conditions, and privacy policies of such third parties.
We may also provide links on the Interface to social media platforms operated by third parties such as X (formerly Twitter) or Discord. When you open a link to any social media platform from the Interface, a direct connection may be established between your browser and that platform’s server. This provides the platform with information that you visited the Interface and accessed the link. If you access a link to a social media platform while logged in to your account on that platform, the content of the Interface may be linked to your profile. If you want to prevent this, you should log out before clicking on the relevant links.
14. DISCLOSURES FOR UK AND EU DATA SUBJECTS (GDPR)
The Terms of Use are governed by the laws of England and Wales. This Policy takes into account the requirements of the UK General Data Protection Regulation and the EU General Data Protection Regulation 2016/679 (collectively, the “GDPR”). Individuals located in the United Kingdom and the European Union may have rights under the GDPR as further described in Section 9 (“Your Rights”).
Our bases for processing your personal data include: (i) you have given consent to the processing for one or more specific purposes; (ii) processing is necessary for the performance of a contract with you; (iii) processing is necessary for compliance with a legal obligation; and/or (iv) processing is necessary for the purposes of the legitimate interests pursued by us or a third party, provided that your interests and fundamental rights and freedoms do not override those interests.
You may file a complaint with the data protection supervisory authority in the EEA country in which you live or work, or where you think we have infringed data protection laws, or with the UK Information Commissioner’s Office, as applicable to you. To exercise any of your rights under the GDPR, please contact us at privacy@afx.xyz.
15. UPDATES TO THIS POLICY
We may review and update this Policy from time to time. Updates to this Policy will apply only to information collected after the date of the change. If we make material changes, we will update the “Last Updated” date at the top of this Policy and may provide additional notice (for example, by publishing a statement on the Interface or by sending you an email where we have your contact information). Your continued use of the Interface after any such changes have been posted constitutes your acceptance of the updated Policy. If you do not agree to the updated Policy, you must cease using the Interface immediately.
16. CONTACT
Should you have any questions, requests, or complaints about our privacy or data-protection practices, your personal data, or this Policy, please contact us at:
AFX Foundation
Interface: app.afx.xyz
Privacy enquiries: privacy@afx.xyz
Legal / disputes: legal@afx.xyz