Privacy Policy

Last updated: 2026-05-31. Read alongside our Terms of Service and Disclaimer.

1. Controller

The Platform is currently operated as a sole proprietorship pending the formation of a limited entity (see the Terms of Service). The data controller for the Platform is the operator. For any question about this policy, or to exercise your rights below, contact privacy@magneta.finance.

2. What we collect and why

We intentionally collect as little personal data as possible.

  • Public blockchain data— wallet addresses, transaction hashes and on-chain events triggered by your use of the Platform. This information is permanently public on the underlying blockchain and cannot be deleted from it.
  • Technical logs— IP address, User-Agent, request path and timestamp. Used to operate the service, detect abuse, comply with legal obligations and produce aggregate metrics. Retained 30 days. Legal basis: legitimate interest (art. 6(1)(f) GDPR for EU/EEA visitors; Sections 7.3 and 7(b)(ii) of PIPEDA for Canadian visitors).
  • Error tracking (Sentry)— uncaught errors, stack traces, masked session replay on errors, URL and browser locale. We configure Sentry with text masking enabled so your form inputs (token names, wallet labels, amounts) are not captured. Retained per Sentry’s default (90 days). Legal basis: legitimate interest.
  • Product analytics (PostHog)— anonymous page views and feature-usage events, used to understand product usage. Analytics are disabled when the environment key is not configured. Legal basis: consent where required, otherwise legitimate interest.
  • Support conversations — if you contact support@magneta.finance we retain your email and the content of the conversation for up to 3 years to handle follow-up and disputes.

We do not sell or rent personal data to anyone, and we do not use it for advertising or to build profiles for third parties.

3. Third-party processors

The processors below receive only the data strictly necessary to deliver their part of the service:

  • RPC providers(Alchemy, Helius, Infura, and the public endpoints of supported chains) — receive your wallet address and the transaction payload required to relay your request to the blockchain.
  • Sentry— error tracking. Data is stored in the EU or US region depending on project configuration.
  • PostHog— product analytics (EU or US region).
  • Hosting and CDN— we self-host the application on a dedicated server in the EU and use Cloudflare as DDoS-protection and edge cache, which receives connection metadata (IP, User-Agent).

Note: if and when a fiat on-ramp (Stripe, MoonPay, Ramp, etc.) is integrated, its provider will be added to this list and processes the payment details directly. We do not store card numbers.

4. Cookies

We use strictly-necessary cookies only (session, CSRF). We do not currently use advertising or third-party tracking cookies. Product analytics (PostHog) and error tracking (Sentry) operate via first-party JavaScript and do not write tracking cookies; they record events in memory and ship them to the processor over HTTPS.

If, in a future release, the Platform introduces non-essential cookies (e.g. via a fiat on-ramp or a marketing tag), a consent banner will be added here with opt-in and opt-out controls. Until then, the strictly-necessary cookie set does not require consent under GDPR or PIPEDA.

5. Your rights

Depending on your jurisdiction you may have the following rights in respect of your personal data:

  • EU / EEA / UK (GDPR / UK GDPR)— access, rectification, erasure, restriction, portability, objection to processing based on legitimate interest, and the right to lodge a complaint with your national supervisory authority.
  • Canada (PIPEDA, Quebec Law 25)— access to your personal information, correction of inaccuracies, and the right to file a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca) or, for Quebec residents, the Commission d’accès à l’information du Québec (cai.gouv.qc.ca).
  • California (CCPA / CPRA)— right to know what is collected, right to deletion (subject to legal exceptions), right to non-discrimination, and right to opt out of any sale or sharing (we do neither).
  • Other jurisdictions— we try to honour equivalent rights under your local law. Contact us and tell us which framework you rely on.

To exercise any right, email privacy@magneta.finance from the address associated with your request or include enough information for us to identify the wallet or interaction. We reply within 30 days.

On-chain data limitation. Wallet addresses, transaction hashes and events that have been broadcast to a public blockchain are immutable and cannot be deleted from the blockchain by us or by anyone. Erasure requests only concern the off-chain data we hold.

6. Security

All traffic is served over HTTPS with HSTS. The Platform sets security headers (CSP, X-Frame-Options, Referrer-Policy) and rate-limits sensitive API endpoints. Secrets are stored in environment variables, never in source code. Production data (off-chain token registry, support inbox) is backed up daily with 14-day retention. Smart-contract security is described separately in the Disclaimer and on /security-audits.

7. Data transfers outside your country

Some processors (Sentry, PostHog, Cloudflare) are headquartered outside the EEA / Canada and may store data in the United States or other jurisdictions. Transfers rely on either the EU–US Data Privacy Framework (where the processor is certified), Standard Contractual Clauses, or equivalent legal mechanisms. We minimise the data transferred and avoid sending content of communications cross-border whenever possible.

8. Changes

Material changes to this policy will be announced on the Platform and via the footer. The “Last updated” date at the top reflects the current version.