Version 2026-06-24
ZenFi Privacy Policy
1. General Provisions
1.1. This Privacy Policy (hereinafter — the "Policy") governs the collection, use, storage, disclosure, and other processing of information concerning users of the ZenFi platform (hereinafter — the "Platform").
1.2. The data operator is the company registered in Panama (hereinafter — the "Company").
1.3. ZenFi is built on the principle of data minimization. The Platform does not require registration, the creation of an account via email, passwords, or the provision of personal information for basic use. Interaction with the Platform is carried out through the connection of the User's external non-custodial cryptocurrency wallet (for example, MetaMask, Trust Wallet, and similar).
1.4. This Policy applies to all users interacting with the Platform, including: a) access to the web interface; b) connecting cryptocurrency wallets; c) interaction with smart contracts; d) the use of NFT Keys; e) participation in the affiliate program; f) the use of $INT, internal units of account, and other internal technical records; g) participation in mechanics of accruals, display of statuses, activity, and other internal algorithmic processes; h) the use of other functions of the Platform.
1.5. By using the Platform, the User confirms that they have familiarized themselves with this Policy and understand the nature of data processing.
2. Features of Web3 and Blockchain Infrastructure
2.1. The Platform interacts with public blockchain networks, which are decentralized and not controlled by the Company.
2.2. The User understands that blockchain networks are public distributed ledgers in which information may be accessible to an unlimited range of persons.
2.3. Data recorded on a blockchain, including wallet addresses and transaction details, may be: a) publicly accessible; b) immutable once confirmed; c) accessible to third parties without the Company's involvement.
2.4. The Company does not control blockchain networks and has no technical ability to change, delete, or restrict access to information stored on such networks.
2.5. The Company processes only data within its control and takes reasonable measures to comply with applicable data protection law in respect of such processing.
3. Non-Custodial Model
3.1. The Platform is not a custodial service and does not store Users' digital assets.
3.2. The Company: a) does not store Users' private keys; b) does not have access to Users' cryptocurrency funds; c) does not manage Users' wallets; d) does not initiate transactions on behalf of the User; e) does not act as a custodian, depository, or fiduciary.
3.3. All transactions with digital assets are carried out by the User independently through their external cryptocurrency wallet.
3.4. Any values displayed on the Platform, including internal units of account, accruals, or activity metrics, do not signify that the Company holds the User's funds.
3.5. The User is fully responsible for: a) the security of their wallets; b) the safekeeping of private keys and seed phrases; c) the accuracy of addresses; d) the execution of transactions.
3.6. Loss of access to a wallet means the inability to restore access to the corresponding digital assets, and the Company bears no liability for such consequences.
4. Categories of Processed Data
4.1. General Provisions
4.1.1. Owing to the non-custodial model and the absence of registration, the Company processes the minimum amount of data necessary to provide access to the Platform, ensure its operation, comply with legal requirements, and implement internal compliance procedures.
4.1.2. The scope and composition of processed data depend on the nature of the User's interaction with the Platform, the functions used, and the need to undergo verification.
4.2. Data Related to the Wallet and Blockchain Operations
4.2.1. As part of the operation of the Platform, the Company may process information related to the User's use of the blockchain infrastructure, including: a) cryptocurrency wallet addresses; b) transaction details and hashes; c) data on interaction with smart contracts; d) information about digital assets and NFT Keys; e) information about the blockchain networks involved; f) information about the use of $INT; g) information about internal accruals, statuses, levels, activity, and other metrics displayed in the Platform interface.
4.2.2. The said data may be obtained both from the User and from public blockchain ledgers.
4.3. Technical and Operational Data
4.3.1. When using the Platform, technical data is processed automatically, including: a) IP address; b) information about the device and operating system; c) browser type and version; d) interface language; e) time zone; f) event logs (server logs).
4.3.2. The Platform currently uses basic infrastructure for ensuring security and availability (including protection and traffic distribution services, such as Cloudflare, and standard server logs). This data is used to ensure the operation and security of the Platform and to detect unusual activity.
4.3.3. The Company reserves the right in the future to integrate analytics services to improve product quality, analyze user behavior, and optimize functionality. In the event of such integration, this Policy will be updated accordingly.
4.4. Data Provided by the User During Compliance Verification
4.4.1. In cases provided by law or the Company's internal procedures, when undergoing AML/KYC procedures, the User may provide: a) first and last name; b) date of birth; c) citizenship; d) address of residence; e) identity documents; f) photo and video for verification purposes; g) tax information; h) information about the source of funds or activity.
4.4.2. Such data is requested only where there are grounds (see the AML/KYC procedures in the Terms of Use) and is not collected during ordinary use of the Platform.
4.4.3. The User is responsible for the accuracy of the data provided.
4.5. Referral Source Data
4.5.1. The Company may process data about the source of a visit to the Platform, including information about the website, channel, advertising campaign, referral parameters (including UTM tags), or affiliate link from which the User came to the Platform. This data is used for the operation of the affiliate program and the analysis of the effectiveness of marketing channels.
4.6. Communications Data
4.6.1. In the event of interaction between the User and the Company, the following may be processed: a) support requests; b) correspondence; c) requests and complaints; d) other messages from the User.
4.7. Scope of Processing
4.7.1. The Company does not collect data beyond the amount necessary to achieve the purposes of processing specified in this Policy.
4.7.2. The Company has the right to combine data obtained from various sources, including public blockchain data, information from third parties, and information provided by the User, for the purposes of: a) conducting compliance checks; b) risk assessment; c) fraud prevention; d) ensuring the security of the Platform.
5. Sources of Data Collection
5.1. The Company obtains the User's data from the following sources: a) automatically — technical and operational data when using the Platform; b) from blockchain networks — public data from distributed ledgers, including wallet addresses and transaction information; c) from the User — when undergoing compliance procedures or contacting support; d) from third parties — KYC/AML providers, blockchain analytics services, technical and infrastructure partners; e) from compliance sources — sanctions lists, anti-fraud databases, and other sources for preventing unlawful activity; f) from external platforms — when following referral links, campaign identifiers, or advertising materials from external platforms (including, without limitation, Telegram, YouTube, X (Twitter), and similar).
5.2. Data from public blockchain ledgers is public in nature and may be accessible independently of the Company.
5.3. The Company does not control the processing of data by the said external platforms and bears no liability for their actions.
6. Purposes of Data Processing
6.1. Operation of the Platform. Providing access to the Platform, administering sessions, supporting interaction with the interface, technical processing of operations, including interaction with smart contracts.
6.2. Security and Prevention of Abuse. Monitoring activity, detecting suspicious behavior, preventing fraud, unauthorized access, and other forms of abuse.
6.3. Compliance and Legal Obligations. Compliance with applicable legal requirements, including AML/CFT, identification and verification of users, risk assessment, interaction with competent authorities where required by law.
6.4. Analytics and Development of the Platform. Analysis of the operation of the Platform, assessment of user behavior, and development of functionality in order to improve the stability of the service, eliminate technical problems, and optimize the user experience.
6.5. Communication with the User. Processing support requests, sending notices related to the use of the Platform, informing about material changes to the service.
6.6. Affiliate Program. Processing data on referral sources and referral activity to ensure the operation of the affiliate program, track referral links, prevent fraud, and analyze the effectiveness of marketing channels. Such processing is not aimed at profiling the User for the purpose of making legally significant decisions and is used solely for technical, analytical, and operational purposes.
6.7. Protection of Rights and Legitimate Interests. Resolving disputes, considering claims, and ensuring legal protection in the event of conflicts.
7. Legal Grounds for Processing
7.1. The Company processes the User's data only where there is a valid legal ground.
7.2. Performance of a Contract. Where processing is necessary to provide access to the Platform, ensure its functionality, or perform obligations under the Terms of Use.
7.3. Compliance with Legal Obligations. Where processing is required by applicable law, a request from a competent authority, or mandatory compliance procedures.
7.4. Legitimate Interests. Where processing is necessary to protect the Platform, prevent abuse, ensure security, develop the service, or protect the rights of the Company, provided that such interests do not override the rights and freedoms of the User.
7.5. User Consent. Where required by applicable law. The User may withdraw consent at any time; such withdrawal does not affect the lawfulness of processing carried out prior to withdrawal and may restrict access to certain functions of the Platform.
8. Transfer and Disclosure of Data
8.1. The Company does not sell Users' personal data as an independent commercial asset.
8.2. Disclosure of data to third parties is permitted only to the extent necessary for the operation of the Platform, compliance with the Company's legal obligations, and protection of its legitimate interests.
8.3. To Service Providers. The Company may engage third parties to provide services related to the operation of the Platform, including identification and verification providers, analytics and technical solutions, cloud and infrastructure providers, blockchain analytics providers, anti-fraud solutions, and transaction monitoring services. Such persons process data only to the extent necessary to perform their functions and are obliged to comply with applicable confidentiality and security requirements.
8.4. For Compliance Purposes. The Company may disclose data to comply with applicable laws, including AML/CFT and sanctions regulation.
8.5. To Competent Authorities. The Company may disclose data at the request of authorized governmental authorities, including law enforcement, judicial, and regulatory authorities, in accordance with applicable law.
8.6. Corporate Transactions. In the event of reorganization, sale of business, transfer of assets, or other corporate restructuring, the Company may transfer data to a successor or acquirer in compliance with applicable confidentiality requirements.
8.7. Protection of Rights. The Company may disclose data where necessary to protect the rights, legitimate interests, or security of the Company, its Users, or third parties, including the prevention of fraud and the resolution of disputes.
8.8. Public Nature of Blockchain Data. The User understands that information related to the use of blockchain networks may be accessible to third parties independently of the Company. The Company does not control the dissemination of such information and bears no liability for its use by third parties.
9. International Data Transfer
9.1. Owing to the international nature of the operation of the Platform, data processing may be carried out in several jurisdictions, including countries other than the User's country of residence.
9.2. By using the Platform, the User acknowledges that their data may be transferred, stored, and processed in such jurisdictions to the extent necessary for the operation of the Platform and the performance of the Company's obligations.
9.3. International data transfer may occur in connection with the use of cloud and server infrastructure, identification and verification services, analytics and security tools, and other technical solutions.
9.4. The Company takes reasonable measures to ensure an adequate level of data protection during international transfer, including contractual mechanisms, technical safeguards, and organizational procedures.
9.5. The User understands that in certain jurisdictions the level of data protection may differ from that provided by the laws of their country of residence, and, to the extent permitted by law, consents to such cross-border processing.
10. Data Retention Periods
10.1. The Company retains the User's data only for the period necessary to achieve the purposes of processing, comply with applicable law, and protect its legitimate interests.
10.2. The retention period is determined taking into account the nature of the data, the purposes of processing, applicable legal requirements (including AML/CFT obligations), and the need to prevent fraud and resolve possible disputes.
10.3. Data obtained as a result of identification procedures and other compliance checks may be retained after the end of the use of the Platform to the extent necessary to comply with legal requirements.
10.4. Cessation of the use of the Platform does not entail the automatic deletion of data where its retention is required to comply with legal obligations, prevent abuse, or protect the rights of the Company.
10.5. Blockchain Data. Data recorded on blockchain networks is not controlled by the Company and cannot be deleted or changed.
11. Data Security
11.1. The Company applies reasonable technical and organizational measures aimed at protecting the User's data from unauthorized access, loss, alteration, or disclosure.
11.2. Such measures may include access control, the use of information security tools, activity monitoring, and other procedures.
11.3. The User acknowledges that no method of transmitting or storing data can guarantee absolute security, and the Company cannot fully exclude the risk of unauthorized access, including as a result of actions of third parties.
11.4. The User is solely responsible for the security of their devices, means of access, and communication channels, in particular for the confidentiality and security of their cryptocurrency wallet, including private keys and seed phrases.
12. User Rights
12.1. To the extent provided by applicable data protection law, the User has the right to contact the Company on matters related to the processing of their data.
12.2. The User may request information about the existence and nature of the processing of their data, as well as request its correction, updating, restriction of processing, or deletion in cases provided by law.
12.3. Restrictions on Rights. The exercise of the said rights may be restricted where the processing of data is necessary to comply with the Company's legal obligations, prevent unlawful activity, prevent abuse, or protect the rights and legitimate interests of the Company. In particular, a request to delete, restrict, or change data cannot be granted to the extent that such data is necessary for the Company to verify the history of transactions, the use of $INT, NFT Keys, the affiliate program, accruals, compliance checks, fraud prevention, or the protection of the Company's rights.
12.4. Blockchain Data. The User acknowledges that data recorded on blockchain networks is not within the Company's control and cannot be changed or deleted. Accordingly, the exercise of certain User rights may be objectively restricted in respect of such data.
12.5. When processing a User's request, the Company may require additional information to verify the User's identity and prevent unauthorized access to data. Requests are processed within a reasonable period, taking into account their nature, complexity, and applicable legal requirements.
13. Cookies and Tracking Technologies
13.1. The Platform may use cookies and other technical means to ensure its proper functioning, analyze the use of services, and detect and prevent abuse.
13.2. The use of such technologies may involve the processing of technical and operational data related to the User's device, their activity on the Platform, and their interaction with its functionality.
13.3. Detailed information about the types of cookies used, their purposes, and how to manage them, where applicable, is set out in a separate Cookie Policy.
14. Changes to the Policy
14.1. The Company may make changes to this Policy in connection with changes to the functionality of the Platform, applicable legal requirements, or internal data processing procedures, including upon the integration of new analytics or technical services.
14.2. The updated version of the Policy takes effect from the moment of its publication on the Platform, unless a different effective date is specified.
14.3. Continued use of the Platform after the publication of the updated version signifies the User's acceptance of such changes.
15. Contact Information
15.1. On matters related to data processing, as well as to send requests under this Policy, the User may contact the Company using the contact details specified on the Platform.
15.2. The Company predominantly interacts with Users in electronic form and may use such means of communication to process requests and provide responses.