VFTChain Privacy Policy

Effective Date: January 1, 2026 Last Updated: October 29, 2025 Version: 1.0

1. Introduction

VFTChain Foundation ("VFTChain," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services.

Important: Due to VFTChain's non-custodial, blockchain-based architecture, much of your activity occurs directly on the Solana blockchain. Blockchain transactions are public, permanent, and pseudonymous. We cannot delete, modify, or hide blockchain data.

This Privacy Policy complies with:

GDPR: EU General Data Protection Regulation
CCPA: California Consumer Privacy Act
UK GDPR: UK Data Protection Act 2018
Other applicable data protection laws

2. Information We Collect

2.1 Information You Provide Directly

Account Information (if you create an account):

Email address
Username
Password (encrypted, we never see plaintext)
Profile information (optional)

Communication Data:

Support ticket messages
Email correspondence
Community forum posts
Discord/Telegram messages (if you engage with our communities)

Payment Information (if applicable):

For fiat purchases: payment processor handles payment data (we do not store credit card numbers)
For crypto payments: only wallet addresses (public blockchain data)

2.2 Automatically Collected Information

Technical Data:

IP address
Browser type and version
Device type and operating system
Referring URLs
Pages viewed and time spent
Click data and navigation patterns

Blockchain Data:

Wallet addresses you connect
Transaction hashes
Token balances (public on blockchain)
Smart contract interactions
Compute work submitted and completed

Cookies and Tracking Technologies:

Session cookies (essential functionality)
Analytics cookies (Google Analytics, Plausible, etc.)
Performance cookies
Marketing cookies (with consent)

See our Cookie Policy (Document #3) for details.

2.3 Information from Third Parties

Wallet Providers:

Wallet address and public key (from Phantom, Solflare, etc.)
Wallet connection authorization

Blockchain Data:

Public transaction history from Solana blockchain
Token holdings and balances
Smart contract event logs

Analytics Providers:

Aggregated usage statistics
Performance metrics

Sanctions Screening:

OFAC sanctions list matches
High-risk jurisdiction indicators

2.4 Information We DO NOT Collect

We NEVER collect or have access to:

Private keys or seed phrases
Wallet passwords or PINs
Unencrypted sensitive financial data
Biometric data
Health information
Precise geolocation (beyond country-level)

3. How We Use Your Information

3.1 Providing Services

We use your information to:

Operate and maintain the platform
Process transactions and compute requests
Facilitate wallet connections
Display your account information
Enable airdrop claims and reward distributions

3.2 Security and Compliance

We use your information to:

OFAC Sanctions Screening: Compare wallet addresses against sanctions lists
Geolocation Blocking: Prevent access from prohibited jurisdictions
Fraud Detection: Identify suspicious activities or abuse
Security Monitoring: Detect and prevent attacks, exploits, or unauthorized access
Compliance: Meet legal and regulatory obligations

3.3 Communication

We use your information to:

Send service announcements and updates
Respond to support requests
Notify you of Terms or Privacy Policy changes
Send marketing communications (with consent, opt-out available)

3.4 Analytics and Improvement

We use your information to:

Analyze platform usage and performance
Improve user experience and features
Conduct A/B testing
Generate aggregated, anonymized statistics

3.5 Legal Obligations

We use your information to:

Comply with court orders, subpoenas, or legal processes
Enforce our Terms of Service
Protect our rights, property, or safety
Prevent illegal activities or Terms violations

4. Legal Basis for Processing (GDPR)

For users in the EU/UK, we process your data based on:

Processing Activity	Legal Basis
Providing Services	Performance of contract (Terms of Service)
Security & fraud prevention	Legitimate interests (security)
Sanctions screening	Legal obligation (OFAC compliance)
Analytics	Legitimate interests (service improvement)
Marketing communications	Consent (opt-in required)
Legal compliance	Legal obligation

You have the right to object to processing based on legitimate interests.

5. Data Sharing and Disclosure

5.1 We DO NOT Sell Your Data

We do NOT sell, rent, or trade your personal information to third parties for their marketing purposes.

5.2 Service Providers

We share data with trusted service providers who assist our operations:

Infrastructure Providers:

AWS (hosting, storage, CloudFront CDN)
Solana blockchain infrastructure

Analytics Providers:

Google Analytics (with IP anonymization)
Plausible Analytics (privacy-focused alternative)

Communication Tools:

Email service providers (SendGrid, AWS SES)
Support ticketing systems

Security Services:

Cloudflare (DDoS protection)
Security monitoring and threat intelligence

All service providers are contractually obligated to protect your data and use it only for specified purposes.

5.3 Legal Requirements

We may disclose your information when required by law:

Subpoenas or court orders
Government investigations
OFAC or sanctions compliance
Law enforcement requests (evaluated for validity)
National security demands (with legal review)

We will notify you of legal requests unless legally prohibited.

5.4 Business Transfers

If VFTChain is acquired, merged, or undergoes a business transition, your information may be transferred to the successor entity. You will be notified of any such change.

5.5 Blockchain Disclosure

IMPORTANT: When you interact with blockchain smart contracts:

Your wallet address is PUBLIC on the Solana blockchain
Your transaction history is PUBLIC and permanent
Token balances are PUBLIC and visible to anyone
This data CANNOT be deleted by us or anyone

This is inherent to blockchain technology, not a privacy policy choice.

5.6 Aggregated Data

We may share aggregated, anonymized statistics that do not identify individuals:

"1,000 users claimed airdrop tokens"
"Average compute job completion time: 5 minutes"
"Platform processed 50,000 transactions this month"

6. Data Retention

6.1 Retention Periods

Data Type	Retention Period	Reason
Account information	Until account deletion + 90 days	Service provision, legal compliance
Transaction logs	7 years	Tax compliance, fraud prevention
Support communications	3 years	Legal defense, quality assurance
Analytics data	26 months	GDPR compliance
Security logs	1 year	Security monitoring
Marketing consent	Until withdrawal + 30 days	Compliance verification

Blockchain Data: Blockchain transactions are permanent and cannot be deleted.

6.2 Data Deletion

When you delete your account:

We delete or anonymize your personal data within 90 days
Some data may be retained for legal compliance (transaction logs, tax records)
Blockchain data remains on public ledger indefinitely

7. Your Privacy Rights

7.1 GDPR Rights (EU/UK Users)

You have the right to:

Access: Request a copy of your personal data
Rectification: Correct inaccurate or incomplete data
Erasure: Request deletion of your data ("right to be forgotten")
Restriction: Limit how we process your data
Portability: Receive your data in a structured, machine-readable format
Object: Object to processing based on legitimate interests
Withdraw Consent: Withdraw consent for marketing or optional processing
Lodge a Complaint: File a complaint with your national data protection authority

Limitations:

We cannot delete blockchain data (technically impossible)
We may retain data required for legal compliance
Some rights may conflict with our legal obligations

Exercise Rights: Email Thomas@vftchain.com

7.2 CCPA Rights (California Users)

You have the right to:

Know: What personal information we collect and how we use it
Access: Request disclosure of collected data
Delete: Request deletion of your data (with exceptions)
Opt-Out: Opt out of "sale" of personal information (we don't sell data)
Non-Discrimination: Not receive discriminatory treatment for exercising rights

Exercise Rights: Email Thomas@vftchain.com or call our toll-free number (when available) Response Time: 45 days (may extend to 90 days with notice)

7.3 Other Jurisdictions

Users in other jurisdictions may have similar rights under local law. Contact us to exercise available rights.

7.4 Verifying Your Identity

To protect your privacy, we must verify your identity before processing rights requests. We may request:

Email confirmation
Account authentication
Government ID (for sensitive requests)

8. Data Security

8.1 Security Measures

We implement industry-standard security measures:

Technical Safeguards:

Encryption: TLS/SSL for data in transit, AES-256 for data at rest
Access Controls: Role-based access, principle of least privilege
Authentication: Strong password requirements, 2FA support
Monitoring: 24/7 security monitoring and intrusion detection
Penetration Testing: Regular security audits and testing

Organizational Safeguards:

Employee training on data protection
Background checks for employees with data access
Confidentiality agreements
Incident response plan

Infrastructure Security:

AWS security best practices
DDoS protection via Cloudflare
Regular security patches and updates
Isolated production environments

8.2 No Guarantee

IMPORTANT: No security system is 100% secure. We cannot guarantee absolute security of your data. Risks include:

Hacking or unauthorized access
Data breaches
Smart contract exploits
Phishing attacks targeting users
Employee error or misconduct

Your Responsibility:

Use strong, unique passwords
Enable 2FA when available
Protect your private keys and seed phrases
Be cautious of phishing attempts
Keep software updated

8.3 Data Breach Notification

If a data breach occurs, we will:

Investigate: Assess scope and impact within 72 hours
Notify Authorities: Report to data protection authorities as required
Notify Users: Inform affected users without undue delay
Remediate: Take steps to prevent future breaches

Notification will include:

Nature of the breach
Data affected
Likely consequences
Measures taken to mitigate harm
Contact information for questions

9. International Data Transfers

9.1 Data Locations

VFTChain operates globally. Your data may be transferred to and processed in:

United States (primary infrastructure: AWS US-East)
European Union (CloudFront edge locations)
Other countries where our service providers operate

9.2 Transfer Mechanisms

For transfers from EU/UK to other jurisdictions, we rely on:

Standard Contractual Clauses (SCCs):

EU Commission-approved SCCs with service providers
Supplementary measures for adequate protection

Adequacy Decisions:

Transfers to countries with EU adequacy decisions (when available)

Your Consent:

For transfers where no other mechanism applies

9.3 Your Acceptance

By using the Services, you consent to international data transfers as described.

10. Children's Privacy

VFTChain does NOT knowingly collect data from children under 18.

Our Services are not directed to individuals under 18 years of age. If you are under 18, you may not use the Services.

If we learn we have collected data from a child under 18:

We will delete such data immediately
We will terminate any associated accounts
We will notify parents/guardians if feasible

Parents: If you believe your child has provided data to us, contact Thomas@vftchain.com immediately.

11. Third-Party Links and Services

11.1 External Links

Our platform may contain links to third-party websites:

Social media platforms
Partner services
Educational resources
Blockchain explorers

We are NOT responsible for the privacy practices of third-party sites. Review their privacy policies before providing information.

11.2 Wallet Providers

When you connect a wallet (Phantom, Solflare, etc.):

The wallet provider's privacy policy applies to their services
We only receive your wallet address and connection authorization
We do not have access to your private keys or wallet password

11.3 Social Media

If you engage with our social media accounts:

The platform's privacy policy applies (Twitter, Discord, Telegram, etc.)
Your interactions may be public
We may use your public comments for marketing (with attribution)

12. Cookies and Tracking Technologies

12.1 What We Use

Essential Cookies: Required for platform functionality (cannot be disabled)
Analytics Cookies: Track usage statistics (can be opted out)
Marketing Cookies: Target ads and measure campaigns (requires consent)

See our Cookie Policy (Document #3) for complete details.

12.2 Your Choices

Browser Settings: Configure cookie preferences in your browser
Cookie Banner: Use our cookie consent tool to manage preferences
Opt-Out Tools: Use industry opt-out tools (NAI, DAA)
Do Not Track: We honor DNT signals where technically feasible

13. Marketing Communications

13.1 What We Send

With your consent, we may send:

Product updates and new features
Airdrop announcements
Platform news and blog posts
Special offers or promotions

13.2 Opt-Out

You can opt out at any time:

Unsubscribe Link: Click "unsubscribe" in any marketing email
Account Settings: Manage email preferences in your account
Email Us: Contact Thomas@vftchain.com

Note: You cannot opt out of essential service communications (security alerts, Terms changes, etc.).

14. California "Shine the Light" Law

California residents may request information about disclosures of personal information to third parties for direct marketing purposes.

Request: Email Thomas@vftchain.com with subject "California Shine the Light Request" Response: We will provide a list of categories shared (if any) within 30 days. Note: We do NOT share personal information for third-party direct marketing.

15. Nevada Privacy Rights

Nevada residents may opt out of the "sale" of personal information.

Current Status: We do NOT sell personal information as defined by Nevada law. Opt-Out: Email Thomas@vftchain.com if you wish to submit an opt-out request.

16. Changes to This Privacy Policy

16.1 Updates

We may update this Privacy Policy to reflect:

Changes in our data practices
New legal requirements
Platform feature updates
User feedback

16.2 Notification

Material Changes:

30 days advance notice via email
Website banner notification
Continued use = acceptance

Minor Changes:

Updated policy posted on website
"Last Updated" date changed
No separate notification

16.3 Your Rights on Changes

If you disagree with changes:

Stop using the Services
Request data deletion (subject to limitations)
Exercise your data protection rights

17. Contact Information

17.1 General Privacy Inquiries

Email: Thomas@vftchain.com Response Time: 5 business days

17.2 Data Protection Officer (DPO)

Email: Thomas@vftchain.com For: GDPR requests, data protection questions EU Representative: VFTChain EU Limited Dublin, Ireland

17.3 CCPA Requests

Email: Thomas@vftchain.com Subject Line: "CCPA Request"

17.4 Mailing Address

VFTChain Foundation c/o Corporation Service Company 251 Little Falls Drive Wilmington, DE 19808 United States

18. Supervisory Authorities

18.1 EU/UK Users

If you believe we have violated data protection laws, you may lodge a complaint with:

Your National Data Protection Authority:

Ireland: Data Protection Commission (our EU lead authority)
UK: Information Commissioner's Office (ICO)
Your country: Contact your local DPA

Ireland DPC: https://www.dataprotection.ie/ UK ICO: https://ico.org.uk/

18.2 California Users

California Privacy Protection Agency: https://cppa.ca.gov/

19. Data Protection Impact Assessment (DPIA)

We have conducted a DPIA for high-risk processing activities, including:

Sanctions screening and geolocation blocking
Large-scale processing of transaction data
Automated decision-making (fraud detection)

Results: Measures implemented to mitigate identified risks.

20. Blockchain Privacy Considerations

20.1 Public Nature of Blockchain

IMPORTANT UNDERSTANDING:

When you use blockchain-based services:

Wallet addresses are pseudonymous, NOT anonymous
All transactions are public on Solana blockchain explorers
Token balances are visible to anyone who knows your address
Transaction history is permanent and cannot be deleted

Examples of Public Data:

59yrSpYndCYYur672UV4mQ1wtVP4KShXpZvXiK6q7ray → VFTC token mint address (public)
Your wallet address → Anyone can see your VFTC balance
Airdrop claims → Publicly visible on-chain

20.2 Protecting Your Privacy

To enhance blockchain privacy:

Use multiple wallets for different purposes
Don't link wallet addresses to your real identity publicly
Be cautious about sharing wallet addresses on social media
Consider privacy tools like mixers (check legal status in your jurisdiction)

20.3 Our Limitations

We CANNOT:

Delete blockchain transactions
Hide your wallet address from public view
Modify transaction history
Make blockchain data private

This is a fundamental characteristic of blockchain technology, not a limitation of our privacy policy.

Acknowledgment

BY USING THE SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY.

Last Updated: October 29, 2025 Version: 1.0 Effective: January 1, 2026

This Privacy Policy was drafted to comply with GDPR, CCPA, and other applicable data protection laws while acknowledging the unique characteristics of blockchain-based services.