Wallfacer
Global Privacy Policy

Last modified: December 18, 2024

  1. Introduction

    Wallfacer Labs ("Company," "our," "we") understands the importance of privacy, especially when it comes to your Personal Information. This Privacy Policy applies to:

    • Users of app.vaults.fyi ("App"), which is a front-end interface for interacting with existing smart contract protocols;
    • Users of Wallfacer's APIs and developer services ("API Services"); and
    • Visitors to www.wallfacer.io, www.vaults.fyi, analytics.vaults.fyi and app.vaults.fyi (collectively, the "Websites").

    In this Privacy Policy, we explain what information we collect from you when you use our services, how we will use this information, and the ways in which we may share your information. This Privacy Policy describes your rights under applicable Data Protection Laws, including, for example, the EU General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act ("CCPA").

    Key Points:

    • For App Users: We never hold your funds or private keys. All interactions with smart contracts are made through your chosen wallet software. We collect only the blockchain data necessary to display relevant vault information.
    • For API Users: We may have your email address, API credentials, and related developer information necessary to provide our API Services.
    • For All Users: We collect non-identifiable public on-chain data to provide our services.

    Please read this policy carefully to understand our policies and practices regarding your information.

    Undefined terms shall have the same meaning as they have within the Terms of Service.

  2. Information We Collect About You

    For the purposes of this Privacy Policy, except where a different definition is noted, "Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer/resident or household.

    We collect different types of information depending on how you use our services:

    • App Users (app.vaults.fyi):
      • Browser information (type, version)
      • IP address
      • Public blockchain data necessary for displaying vault information, including:
        • Wallet addresses you connect to the app
        • On-chain transaction data related to vault interactions
        • Token balances and vault positions
    • API Service Users:
      • Authentication credentials (API keys, access tokens)
      • Contact information (email address, telegram username if provided)
      • Billing information where applicable
      • API usage data and analytics
      • Information about your implementation of our APIs
    • Website Visitors:
      • Browser information
      • IP address
      • Analytics data about website usage
    • From All Users:
      • Information about your internet connection
      • Equipment used to access our services
      • Usage details and analytics

    Personal Information does not include:

    • Publicly available blockchain information
    • De-identified or aggregated data
    • Information covered by certain sector-specific privacy laws

    No Special Categories of Personal Information:

    We do not collect any "Special Categories of Personal Information" about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offenses.

    Service-Specific Privacy Considerations

    App Users (app.vaults.fyi):

    Our App is a non-custodial interface. This means:

    • We never hold your private keys or funds
    • All blockchain interactions are conducted through your chosen wallet software
    • We collect only the information necessary to display relevant vault data
    • Any analytics collected are used solely to improve the App interface and performance

    API Service Users:

    Our API Services provide programmatic access to vault data and analytics. This involves:

    • Authentication and access management
    • Usage monitoring and rate limiting
    • Technical support and communication
    • Billing and account management where applicable

    The type and extent of data collection varies based on your service usage. API users should note that while we collect necessary operational data, we maintain the same commitment to privacy and security across all our services.

  3. How We Collect Information From You

    We collect information from you in two ways:

    • First, we collect information directly from you when you provide it to us, such as your ethereum address when you interact with the Websites, or entering Personal Information into the Websites;.
    • Second, we collect generic information about your usage and equipment automatically as you navigate through the Websites, such as usage details, IP addresses, web browser preferences, and information collected through cookies and other tracking technologies. Although we do not correlate tracking information to individuals, some information collected, such as IP addresses, will be unique.

  4. Why We Need Your Data

    From time to time, it is necessary for User to supply us with data in connection with starting or continuing API and developer platform usage and the establishment or continuation of facilities or provision of services or in compliance with any laws or guidelines issued by regulatory or other authorities. We use information that we collect about you or that you provide to us, including Personal Information.

    Our data collection and use varies by service:

    • App Users:
      • To display relevant vault information
      • To provide a functional interface for blockchain interactions
      • To maintain and improve the App's performance and user experience
    • API Users:
      • To provide access to our API Services
      • To authenticate and secure API access
      • To monitor usage and ensure service quality
      • To provide technical support and updates
      • To manage billing and account services where applicable
    • For All Users:
      • To meet legal and regulatory requirements
      • To protect against unauthorized access and ensure security
      • To analyze and improve our services
      • To communicate important updates and changes

  5. Our Legal Basis for Processing Your Data

    To the extent applicable, we process your Personal Information under the Data Protection Laws on the following lawful bases:

    • You have consented to the processing of your Personal Information;
    • To perform a contract with you, i.e., to provide you the Services, including customer support and personalized features;
    • In our legitimate interest (which interest is not overridden by your rights), such as for safety and security, research and development, to market and promote the Services and to protect our legal rights and interests; or
    • To comply with legal or regulatory obligations.

  6. California Privacy Policy

    The CCPA provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of Personal Information, as well as rights to access, delete, and restrict the sale of certain Personal Information we collect about them. California residents also have the right not to receive discriminatory treatment by us for exercising their privacy rights under the CCPA. If you are a California resident, you may submit a request to exercise these rights using the information provided in the California Residents subsection found in the California Privacy Rights section below.

    Please note that, as a consumer financial services company, the Company applies privacy and security protections to your Personal Information as required by United States federal law, and as such, most or all of the Personal Information about you that we may collect and use is exempt from the CCPA.

    To the extent that the CCPA may apply, the Company provides the following disclosures and rights to California residents.

    Retention period or criteria

    We retain California resident Personal Information for a period commensurate with the purposes for which the Personal Information was collected or obtained. For example, the criteria used to determine the retention of Personal Information includes any time necessary to complete a transaction or for legal and compliance purposes or security purposes. Personal information may be retained in archival format (e.g., data backups) beyond its retention period so long as it is not subject to further access.

    Sale and sharing of Personal Information

    We do not “sell” or “share” your Personal Information and have not “sold” or “shared” your Personal Information in the preceding 12-months.

    Opt-out preference signals

    At this time, we do not accept opt-out preference signals, including with respect to global privacy controls, from any platform, technology, or mechanism (e.g., web browsers).

    Personal information of minors

    We have no knowledge of having collected the Personal Information of minors under 16 years of age.

    California Privacy Rights

    Under the CCPA, eligible California residents may be entitled to certain privacy rights, including:

    • Right to Know. You may have the right to access the Personal Information collected about you, the sources from which such information was obtained, the categories of information that have been sold or disclosed for a business purpose, and the commercial purpose for which the information was collected or sold, provided to you in a reasonably portable format.
    • Deletion. You may have the right to request that we delete any of the Personal Information we have collected or maintain about you.
    • Correction. You may have the right to correct inaccuracies in your Personal Information.
    • Opt-out of the “Sale” and “Sharing” of Personal Information. You may have a right to opt-out of the “sale” and “sharing” of your Personal Information.
    • Sensitive Personal Information. You may have the right to opt-out of the use and disclosure of your sensitive Personal Information in certain circumstances.
    • Restrict Profiling. You may have the right to restrict the use of your Personal Information for the purposes of profiling.
    • Portability. You may have the right to obtain a copy of certain Personal Information in portable (e.g., machine readable) format.
    • Opt-out of Automated Decision-making. You may have the right to opt-out to certain types of automated decision-making, subject to certain exceptions.
    • Non-Discrimination. You may have the right to not be discriminated against in the event you exercise your California privacy rights, such that you will not be denied goods or services, charged a higher rate, or provided with lower quality products or services.

    Exercising your rights under the California Privacy Laws

    Any request you submit to us is subject to an identification and residency verification process (a “Verifiable Consumer Request”) as permitted by the CCPA. We will not fulfill your request unless you have provided sufficient information that enables us to verify that you are the consumer about whom the Personal Information was collected reasonably. To verify your identity, you must provide us with your full name and email address. These rights are also subject to various exclusions and exceptions under applicable laws.

    We will respond to your request within forty-five (45) days after receipt of a Verifiable Consumer Request for a period covering twelve (12) months and up to twice in twelve months. We reserve the right to extend the response time by an additional forty-five (45) days when reasonably necessary and provided you receive notification of the extension within the first forty-five (45) days.

    You may send us an email at gm@wallfacer.io to request access to, correct, or delete any Personal Information that you have provided to us. Should you feel that your data is processed in breach of data protection law or other legislation, you can report your concern to us by emailing us at gm@wallfacer.io.

    California “Shine the Light” Law

    We do not share Personal Information, as defined by Cal. Civ. Code § 1798.83, with third parties for their direct marketing purposes.

    U.S. STATE CONSUMER PRIVACY RIGHTS

    Residents of the U.S. states of Colorado, Connecticut, Utah, and Virginia may have the following rights:

    • Access. You may have the right to access the Personal Information collected about you.
    • Deletion. You may have the right to request that we delete any of the Personal Information we have collected or maintain about you.
    • Correction. You may have the right to correct inaccuracies in your Personal Information.
    • Opt-out of the “Sale” of Personal Information, Profiling, and/or Targeted Advertising. You may have a right to opt-out of the “sale” of your Personal Information, profiling, and/or the use of your Personal Information for targeted advertising.
    • Sensitive Personal Information. You may have the right to consent (opt-in) prior to the use and disclosure of your sensitive Personal Information in certain circumstances.
    • Portability. You may have the right to obtain a copy of certain Personal Information in portable (e.g., machine readable) format.
    • Opt-out of Automated Decision-making. You may have the right to opt-out to certain types of automated decision-making, subject to certain exceptions.
    • Non-Discrimination. You may have the right to not be discriminated against in the event you exercise your privacy rights.

  7. Disclosure of Your Information with Third Parties

    Any Personal Information you provide will be held securely and processed in accordance with data protection and other relevant legislation. We may share your Personal Information with our business partners and service providers, but only to the extent that they each need to know specific information to continue to provide the Websites or services to you. This includes:

    • Our contractors, employees, service providers, and other third parties that we use to support our business and improve the Websites;
    • To a buyer or other successor in the event of a merger or reorganization if the Personal Information of our users is part of the assets transferred;
    • To comply with any court order, law, or legal process, including to respond to any government or regulatory request; when we believe in good faith that the disclosure of Personal Information is necessary to prevent harm to another person; or to report suspected illegal activity;
    • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Websites, our users, or others; or
    • For any other purpose disclosed by us when you provide the information.

    We may disclose aggregated information about our users, which means information that does not identify any individual, without restriction. For example, we may include in our marketing materials that a certain percentage of our users are female, but we will not share a list of all female users in these materials.

    We will not sell, rent, or lease your data to third parties.

    We may transfer Personal Information to third countries, including the United States. By providing Personal Information to us, you consent to the transfer of your Personal Information to such third countries. To the extent applicable, we have adopted appropriate transfer mechanisms to safeguard the transfer of your Personal Information in accordance with applicable laws, including, the EU Standard Contractual Clauses.

  8. Marketing

    Where we have not received consent from you, we will not use your Personal Information for marketing purposes.

  9. Your Data Protection Rights

    To the extent applicable under the Data Protection Laws may entitle you to the following rights:

    • The right of access - you can request a copy of your Personal Information, and other information related to our processing.
    • The right to rectification - you have a right to request that we correct any information you believe is inaccurate, including to ensure it is complete or up to date.
    • The right to request erasure of your Personal Information - you have the right to ask us to delete or remove your Personal Information.
    • The right to stop or restrict processing - you have the right to request that we cease the processing of your Personal Information, under certain conditions.
    • The right to object to processing - you have the right to object to the processing of your Personal Information where the Personal Information is used for direct marketing, scientific, or historical research purposes.
    • The right to withdraw your consent – you have the right to withdraw your consent where our processing of your Personal Information is based upon your consent.
    • The right to data portability - you have the right to request your Personal Information be transferred to another organization, or directly to yourself when the processing is: (1) based on your consent, or contract; and (2) is carried out by automated means.
    • The right to complain - you have the right to complain to us or the relevant supervisory authority of your EU jurisdiction if you believe we are processing your Personal Information in a way that breaches the GDPR.

    If you use the API and developer platform, you can review and change your Personal Information by logging into the Website and visiting your account page. You may also send us an email at gm@wallfacer.io to request access to, correct, or delete any Personal Information that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

    We will process your request within 30 days after receipt of the request. We reserve the right to request additional identification information to confirm your identity. We reserve the right to extend the response time by an additional 60 days when reasonably necessary provided you receive notification of the extension within the first 30 days.

    You may send us an email at gm@wallfacer.io to request access to, correct, or delete any Personal Information that you have provided to us. Should you feel that your data is processed in breach of data protection law or other legislation, you can report your concern to us by emailing us at gm@wallfacer.io.

  10. Data Security

    We have implemented measures designed to secure your Personal Information from accidental loss and unauthorized access. For example, access by a user to their Personal Information is available through a unique customer ID and password selected by the user that should be regularly updated. This information is encrypted through the Websites with Transport Layer Security (TLS). This information is also encrypted when it is stored by us to prevent unauthorized parties from viewing such information. Also, we perform regular malware scanning of the Websites and all servers and computers used by us to support the Websites. All Company employees are required to adhere to our security and confidentiality procedures and undergo training related to maintaining the security of user Personal Information.

    The safety and security of your information also depends on you. Where you have chosen a password for access to certain parts of the Websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone and be careful about giving out information to other users on the Websites if requested.

    Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to the Websites. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Websites.

  11. How Long Do We Keep Your Data?

    We may retain your Personal Information for as long as:

    • It is needed for the purposes set out in this Privacy Policy,
    • Required in accordance with approved Disposal Schedules.
    • Your account is active,

    This may include keeping your Personal Information after you have deactivated your account for a period of time needed for us to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

  12. What Types of Cookies Do We Use?

    Cookies are small text files that collect standard Internet log information and visitor behavior information. Cookies are stored in your web browser and allow certain websites to retrieve stored information later. When you visit our Websites, we may collect information from you automatically through cookies or similar technology (collectively "Cookies").

    There are a variety of different types of cookies. Our Websites uses:

    • Strictly Necessary or Essential Cookies: These cookies are necessary for the Websites to function and cannot be switched off. We have to load essential Cookies to deliver our Websites’ necessary functionality to you.
    • Functionality Cookies: These cookies are optional and are used to enable additional functionality on our Websites, such as storing your preferences (e.g., username) and assisting us in providing support or services.
    • Performance and Analytics Cookies: These cookies are optional and allow us to count visits and traffic sources to measure and improve our Websites’ reliability and performance. Performance cookies help us with our analytics, including compiling statistics and analytics about your use of and interaction with the Websites, and monitoring for errors.

    Our Websites have a pop-up feature allowing you to opt-out of certain types of Cookies. If you wish to disable any Cookies please use the pop-up. If you do choose to disable Cookies, your ability to use or access certain parts of our Websites and Services may be affected. You can learn more about Cookies at https://allaboutcookies.org/.

  13. Users Under Age 18

    The Websites are only intended for adults eighteen (18) years of age and older. You are not allowed to use the Websites or provide information on it if you are under eighteen (18) years of age.

  14. Do Not Track Settings

    We do not track, plant Cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

  15. Third Party Links

    Our Websites may contain links that lead to third party websites, and we are not responsible for the privacy practices, content, and/or activities of these linked websites. Please review the privacy statements of any such third parties for further information about their privacy practices.

  16. Changes to Our Privacy Policy

    We will post any changes we make to our privacy policy on this page and you will be notified of any material changes on the Websites home page and/or in an email to the most recent email address that you provided to us, if any. If your consent is required for any such changes, we will obtain your consent before such changes are applied to you.

  17. Contact Information

    Please direct any privacy related questions and concerns to us at gm@wallfacer.io.

    You can also file complaint to your respective Data Protection Authority in the EU or California.