Privacy Policy

TEMPLATE — awaiting review by counsel. Last updated: 2026-04-16.

1. Controller

The data controller for this Platform is [LEGAL ENTITY NAME], [REGISTERED ADDRESS]. For any question about this policy, or to exercise your rights below, contact privacy@magneta.finance.

2. What we collect and why

We intentionally collect as little personal data as possible.

  • Public blockchain data — wallet addresses, transaction hashes and on-chain events triggered by your use of the Platform. This information is permanently public on the underlying blockchain and cannot be deleted from it.
  • Technical logs — IP address, User-Agent, request path and timestamp. Used to operate the service, detect abuse and comply with legal obligations. Retained 30 days. Legal basis: legitimate interest (art. 6(1)(f) GDPR).
  • Error tracking (Sentry) — uncaught errors, stack traces, a masked session replay on errors, URL, browser locale. No form input is captured (maskAllTextis on). Retained per Sentry's default (90 days). Legal basis: legitimate interest.
  • Product analytics (PostHog) — anonymous page views and feature-usage events, used to understand product usage. Disabled when the environment key is not set. Legal basis: consent where required, otherwise legitimate interest.
  • Support conversations — if you contact support@magneta.finance we retain your email and the content of the conversation for up to 3 years to handle follow-up and disputes.

We do not sell or rent personal data to anyone, and we do not use it for advertising.

3. Third-party processors

  • RPC providers (Helius, Alchemy, Infura, public endpoints) — receive the wallet address and transaction payload required to relay your request to the blockchain.
  • Sentry — error tracking. Data stored in the EU/US depending on project configuration.
  • PostHog — product analytics (EU or US region).
  • Stripe (if you pay with card) — receives payment details directly; we do not store your card number.

4. Cookies

We use strictly necessary cookies (session, CSRF, consent preferences). Analytics cookies are loaded only after you grant consent via the cookie banner. You can withdraw consent at any time from the footer link.

5. Your GDPR rights

Where GDPR applies to you, you have the right to access, rectify, erase, restrict the processing of, and receive a copy of your personal data, and to object to processing based on legitimate interest. You may exercise these rights by emailing privacy@magneta.finance. We will reply within 30 days.

You also have the right to lodge a complaint with your local supervisory authority (in France: CNIL, cnil.fr).

Please note that on-chain data (wallet addresses, transaction hashes) cannot be deleted from the blockchain — erasure requests only concern the off-chain data we hold.

6. Security

All traffic is served over HTTPS with HSTS. The Platform sets strict security headers (CSP, X-Frame-Options, Referrer-Policy) and rate-limits sensitive API endpoints. Secrets are stored in environment variables, never in source code. Production databases are backed up daily with 14-day retention.

7. Changes

Material changes to this policy will be announced on the Platform and via the footer. The “Last updated” date at the top reflects the current version.