Privacy Policy

Last Updated: October 2, 2025

Introduction

At Stakefy, we respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and share your data when you use our Service.

By using Stakefy, you consent to the data practices described in this policy.

Information We Collect

1. Information You Provide Directly

Account Information: Email address (optional, for notifications) Display name or username (if you create an account) Communication preferences

Provider Information (for businesses): Business name and contact details Tax identification information (for payment processing) Wallet addresses for yield distribution Service descriptions and access tier configurations

Support Communications: Messages sent to support@stakefy.io Bug reports and feedback Survey responses

2. Blockchain Data (Public Information)

Because we operate on public blockchains, certain information is inherently public:

Wallet addresses Transaction hashes Stake amounts and durations Yield distributions Smart contract interactions Token holdings and transfers

Important: This data is permanently recorded on the blockchain and is publicly accessible to anyone. We do not control this information once it's on-chain.

3. Automatically Collected Information

Usage Data: Pages visited and features used Time spent on the Service Click patterns and navigation paths Error logs and crash reports

Device Information: Browser type and version Operating system Device identifiers Screen resolution Language preferences

Network Information: IP address (anonymized after 90 days) Internet service provider Approximate geographic location (country/region level) Connection type

4. Wallet Connection Data

When you connect your wallet: Wallet provider (Phantom, Solflare, etc.) Public wallet address Wallet balance (queried from blockchain, not stored) Transaction signing requests Wallet connection timestamps

We do NOT: Access your private keys or seed phrases Control your wallet or funds Store your wallet credentials View transactions outside of Stakefy interactions

5. Cookies and Tracking Technologies

We use cookies and similar technologies for:

Essential Cookies: Session management Security and fraud prevention Wallet connection persistence User preferences (theme, language)

Analytics Cookies: Google Analytics (anonymized) Service usage patterns Feature performance metrics Conversion tracking

Marketing Cookies (with consent): Twitter Pixel LinkedIn Insight Tag Campaign attribution Retargeting (where permitted)

You can control cookies through: Browser settings (block all or specific cookies) Our cookie consent banner Opt-out links in our dashboard settings

How We Use Your Information

Primary Uses

To Provide the Service: Process stake transactions Verify access permissions Distribute yield to providers Enable wallet connections Display your stake positions and yield

To Improve the Service: Analyze usage patterns Identify bugs and performance issues Test new features Optimize user experience Conduct A/B testing

To Communicate with You: Send important Service updates Notify about stake status changes Respond to support inquiries Share security alerts Announce new features (if opted in)

To Ensure Security: Detect and prevent fraud Monitor for suspicious activity Protect against attacks Comply with security best practices Investigate violations of Terms of Service

For Legal Compliance: Respond to legal requests (subpoenas, court orders) Comply with AML/KYC regulations (where required) Fulfill tax reporting obligations Protect our legal rights

Secondary Uses (with consent)

Marketing Communications: Newsletter and product updates Educational content about staking Promotional offers Community events and AMAs

You can opt out anytime via: Email unsubscribe links Dashboard notification settings Contact support@stakefy.io

We do NOT sell your personal information.

We may share data with:

1. Service Providers (Data Processors)

We work with trusted third-party vendors who help us operate the Service:

Cloud Hosting: AWS, Google Cloud (server infrastructure) Analytics: Google Analytics, Mixpanel (usage insights) Email: SendGrid, Mailchimp (transactional emails) Customer Support: Intercom, Zendesk (help desk) Payment Processing: Stripe (for enterprise plans, if applicable) Security: Cloudflare (DDoS protection), Sentry (error tracking)

These vendors: Only access data necessary for their function Are bound by confidentiality agreements Must comply with GDPR and similar regulations Cannot use your data for their own purposes

2. Blockchain Networks

When you interact with our smart contracts: Your wallet address and transactions are public on-chain Anyone can view this information via block explorers This is an inherent feature of blockchain technology, not a data sharing choice

3. Providers You Stake With

When you stake for access to a service: The provider sees your wallet address They can verify your stake amount and status They may track your service usage Their own privacy policy governs how they use this data

4. Legal Authorities

We may disclose information if required by law: Court orders or subpoenas Regulatory investigations National security requests Compliance with AML/KYC laws Protection against legal liability

We will: Notify you if legally permitted Challenge overly broad requests Minimize disclosed information Publish transparency reports annually

5. Business Transfers

If Stakefy is acquired or merged: Your data may transfer to the new entity You'll be notified and can opt out The new entity must honor this Privacy Policy

6. Aggregated/Anonymized Data

We may share non-identifiable data publicly: Total Value Locked (TVL) Number of active stakers Average stake amounts Geographic distribution (country-level) Usage statistics

This data cannot be traced back to individuals.

Data Retention

We retain your data only as long as necessary:

After retention periods:

Data is securely deleted or anonymized
Backups are purged within 90 days
On-chain data remains (cannot be deleted)

You can request deletion anytime by contacting privacy@stakefy.io (subject to legal obligations).

Your Privacy Rights

Depending on your location, you may have the following rights:

For All Users

Access:

Request a copy of your personal data
Receive data in a structured, machine-readable format (data portability)

Correction:

Update inaccurate or incomplete information
Edit your profile and preferences

Deletion ("Right to be Forgotten"):

Request deletion of your personal data
Close your account permanently
Note: Blockchain data cannot be deleted

Opt-Out:

Marketing communications
Non-essential cookies
Analytics tracking

Additional rights:

Object to processing for specific purposes
Restrict processing in certain circumstances
Lodge a complaint with your data protection authority
Withdraw consent at any time (doesn't affect prior processing)

Our GDPR compliance:

We minimize data collection
We process data lawfully and transparently
We implement privacy by design
We conduct Data Protection Impact Assessments (DPIAs)

EU Representative: [To be appointed if needed]

For California Users (CCPA/CPRA)

You have the right to:

Know what personal information we collect and why
Request deletion of your personal information
Opt out of "sales" of personal information (we don't sell data)
Non-discrimination for exercising your rights

California disclosures:

Categories of data collected: See "Information We Collect"
Sources: Directly from you, automatically, and from blockchain
Business purposes: See "How We Use Your Information"
Third parties we share with: See "How We Share Your Information"

Verification: We may ask for additional information to verify your identity before fulfilling requests.

How to Exercise Your Rights

Contact us via:

Email: privacy@stakefy.io
Dashboard: Privacy settings
Mail: Stakefy LLC, Privacy Department, [Address TBA]

We will respond within:

30 days (GDPR)
45 days (CCPA)

Data Security

We implement industry-standard security measures:

Technical Safeguards

Encryption: HTTPS/TLS for all data in transit
Database Encryption: AES-256 for data at rest
Access Controls: Role-based permissions, 2FA for team
Regular Audits: Third-party security assessments
Penetration Testing: Annual security reviews
Bug Bounty: Up to $500k for critical vulnerabilities

Organizational Safeguards

Employee Training: Regular privacy and security education
Background Checks: For team members with data access
Confidentiality Agreements: All staff sign NDAs
Incident Response Plan: Documented breach procedures
Data Minimization: We only collect what's necessary

Smart Contract Security

Audited Contracts: External security audits before deployment
Multi-sig Controls: 3-of-5 for critical functions
Time Locks: 48-hour delay on protocol upgrades
Emergency Pause: Circuit breaker for security events
Bug Bounty: Ongoing vulnerability rewards program

Despite our efforts, no system is 100% secure. You are responsible for:

Keeping your wallet private keys secure
Using strong, unique passwords
Enabling 2FA on your email and accounts
Avoiding phishing attempts

International Data Transfers

Our servers are primarily located in the United States.

If you're accessing from outside the US:

Your data may be transferred to and processed in the US
We use Standard Contractual Clauses (SCCs) for EU transfers
We comply with applicable data transfer regulations

For EU users:

We rely on SCCs approved by the European Commission
We conduct transfer impact assessments
We implement supplementary security measures

Children's Privacy

Stakefy is not intended for users under 18.

We do not knowingly collect data from children. If you believe we've collected data from a minor:

Contact privacy@stakefy.io immediately
We will delete the data promptly
We may terminate the account

Parents/Guardians: Please monitor your children's internet usage.

Third-Party Links and Services

Our Service may contain links to third-party websites:

Wallet providers (Phantom, Solflare, etc.)
DeFi protocols (Marinade, Jito, etc.)
Block explorers (Solscan, Etherscan)
Social media platforms

We are NOT responsible for:

Privacy practices of third-party sites
Content or security of external links
Data collected by connected wallets

Please review their privacy policies before use.

Blockchain-Specific Privacy Considerations

Public Blockchain Data:

When you use Stakefy, you interact with public blockchains (Solana, Ethereum, etc.):

What's Public:

Your wallet address
All transaction amounts and timestamps
Smart contract interactions
Token balances and transfers

What's Private:

Your real-world identity (unless you choose to link it)
Your email or personal details (stored off-chain by us)
Your private keys (only you have access)

Privacy Risks:

Wallet addresses can sometimes be linked to individuals (via exchanges, doxxing, etc.)
Blockchain analysis firms may track transactions
Once data is on-chain, it cannot be deleted

Privacy Best Practices: