Privacy Policy

1. Scope

This Privacy Policy explains how WeDeFin Labs GmbH ("we", "our", "us", and "WeDeFin") processes information when you use our app and related pages.

2. Controller Identity and Contact

Controller / Operator

WeDeFin Labs GmbH

General and privacy contact

info@wedefin.com

3. Information We Process

• Wallet and blockchain data: public wallet address, selected network, and on-chain transaction metadata.
• Authentication data: data provided through our wallet/auth provider Dynamic (for example connected wallet credentials and, where selected by you, email login information).
• App settings and state: cookie and local storage values used for app preferences and session context (for example role, stage, theme, network name, and wallet address cache).
• Portfolio and assistant inputs: prompts/messages you submit to the in-app assistant plus portfolio context sent to the assistant endpoint.
• Usage and analytics data: technical and interaction data collected if analytics cookies are accepted.

4. Purposes and Legal Bases

We process personal data only where a lawful basis applies. Depending on the feature, one or more of the following GDPR Article 6 legal bases may apply:

• Article 6(1)(b) Contract: to provide requested app features (authentication, wallet connectivity, network handling, portfolio views, and assistant interactions requested by you).
• Article 6(1)(f) Legitimate interests: to operate, secure, and improve the app (for example troubleshooting, abuse prevention, service reliability, and product analytics where legally permitted).
• Article 6(1)(a) Consent: for optional analytics/measurement cookies and related tracking where consent is required.
• Article 6(1)(c) Legal obligation: where processing is necessary to comply with applicable legal obligations.

5. Cookies, Analytics Consent, and Withdrawal

We use cookies and similar browser storage for necessary functionality and (if allowed) analytics/measurement. See the Cookie Notice for categories and examples.

If processing is based on consent, you can withdraw consent at any time through the app's cookie preferences control, without affecting processing performed before withdrawal.

6. Recipients and Third Parties

Depending on your use of the app, data may be processed by or disclosed to categories of recipients such as:

• Authentication/wallet providers (for example Dynamic).
• Analytics/measurement providers (for example Google Analytics and Microsoft Clarity, only when enabled).
• RPC and infrastructure providers (for example Alchemy).
• Assistant API providers used by in-app assistant features.
• Public blockchains and smart contract protocols you interact with.

We may also disclose data where required by law or to protect rights, users, and platform integrity.

7. International Transfers

Service providers may process data in countries outside your residence, including outside the EEA/UK/Switzerland where applicable.

Where required by law, we rely on recognized transfer mechanisms and safeguards, such as adequacy decisions and/or contractual safeguards (for example standard contractual clauses), with supplementary measures where appropriate.

8. Data Retention

Retention depends on data type and purpose. We generally retain:

• Preference/session storage until you clear browser data or it is overwritten.
• Operational logs and analytics for limited periods needed for security, debugging, and service improvement.
• Public blockchain records permanently, because on-chain activity is immutable.

9. Whether Data Is Required

Some data is required to provide core app functionality (for example wallet/account context for requested actions). If you do not provide required data, certain features may be unavailable or limited.

10. Your Rights and Complaints

Depending on your location and applicable law, you may have rights to access, correct, delete, restrict, or object to certain processing, and rights to portability where applicable.

Where processing is based on consent, you have the right to withdraw consent at any time.

If you are in the EEA/UK, you also have the right to lodge a complaint with a supervisory data protection authority.

To request privacy support, email info@wedefin.com and include "Privacy Request" in your message.

11. Automated Decision-Making

We do not currently use solely automated decision-making, including profiling, that produces legal effects or similarly significant effects on individuals through this app.

12. California Notice: Sale/Sharing and GPC

We do not sell personal information for monetary consideration. We may share certain identifiers and technical usage data with analytics providers to measure and improve service performance.

Where required by law, we treat Global Privacy Control (GPC) and related privacy signals as opt-out preferences for analytics/measurement tracking on this site.

13. Children

The app is not directed to children. Do not use the app if you are under the age required by applicable law to use financial and blockchain services in your jurisdiction.

14. Security

We use reasonable technical and organizational measures designed to protect data. No internet or blockchain system can be guaranteed 100% secure.

15. Changes to This Policy

We may update this policy from time to time. Material updates will be reflected by updating the effective date and, where appropriate, additional in-app or website notice.