Privacy Policy
Effective Date: June 1, 2026
What NAYFT Is — and What It Is Not
NAYFT is a public-data aggregation and intelligence platform. We collect and display blockchain information that is already publicly available on distributed ledger networks. We do not operate as a cryptocurrency exchange, broker, custodian, wallet provider, or financial institution of any kind.
NAYFT does not:
- Hold, store, custody, or have any access to user digital assets, funds, or private keys.
- Execute or facilitate trades, swaps, or transfers of any asset.
- Store private keys, seed phrases, or wallet credentials.
- Have the ability to move, freeze, or interact with assets in any connected wallet.
Any wallet address you provide is used solely to retrieve and display publicly available on-chain data for your convenience.
NAYFT (“NAYFT,” “we,” “our,” or “us”) respects your privacy. This Privacy Policy explains what personal information we collect when you use our website, applications, and related services (collectively, the “Services”), why we collect it, how we use and protect it, and the rights available to you.
By using NAYFT, you acknowledge that you have read and understood this Policy. If you do not agree with it, please discontinue use of the Services.
1. Who This Policy Applies To
This Policy applies to:
- Visitors to the NAYFT website and any associated subdomains or landing pages.
- Individuals who join the NAYFT waitlist or wishlist.
- Registered users who create an account, including via Google Sign-In.
- Users who provide or connect a public cryptocurrency wallet address for portfolio viewing purposes.
- Users of NAYFT mobile applications and any related digital services.
This Policy does not apply to third-party websites or services that may be linked to from our platform. We encourage you to review the privacy policies of those services independently.
2. Information We Collect
2.1 Information You Provide
We collect information you voluntarily provide to us, which may include:
- Email address — for account creation, waitlist registration, and service communications.
- Name or display name — for account personalisation.
- Feedback, support messages, and contact form submissions.
- Account preferences and settings.
2.2 Google Authentication Data
If you choose to sign in using Google, we receive the profile attributes made available by Google's identity service, which may include your name, email address, and profile image. We do not receive or store your Google account password. Google processes your authentication data pursuant to its own privacy policy, available at policies.google.com.
2.3 Public Blockchain Data
If you provide a wallet address, NAYFT retrieves and displays publicly available on-chain information associated with that address from public blockchain networks. This may include:
- Token balances and asset holdings (as publicly visible on the blockchain).
- Transaction history (as publicly recorded on the blockchain).
- Portfolio and activity summaries derived from public on-chain data.
Blockchain networks are public and immutable by design. NAYFT does not control the availability of on-chain records and cannot cause their removal from any blockchain network. Our data protection obligations relate solely to information held within our own systems.
2.4 Automatically Collected Technical Data
When you access our Services, we automatically collect certain technical data, including:
- IP address and approximate geolocation (country/region level, derived from IP).
- Device type, operating system, browser type and version, language preferences.
- Usage data: pages visited, features accessed, session duration, referral URLs.
- Security and diagnostic logs: error reports, authentication events.
2.5 Analytics Data (Consent-Based)
Where required by applicable law, we only activate analytics and performance-measurement technologies after obtaining your consent. You may manage your preferences at any time through our Cookie Preference Centre.
2.6 What We Do Not Collect
NAYFT does not collect and has no interest in collecting:
- Private keys, seed phrases, or wallet passwords.
- Funds, assets, or any form of financial holdings.
- Payment card details or bank account information.
- Government-issued identification documents (unless required by law in future regulated contexts, of which you would be separately notified).
- Special categories of personal data (health, biometric, racial/ethnic origin, political opinions, etc.) as part of standard service operations.
3. How We Use Your Information
We use personal data only for the purposes listed below. Where we rely on a legal basis under applicable law, it is indicated alongside each purpose.
| Purpose | Legal Basis | Details |
|---|---|---|
| Providing and operating the Services | Performance of contract / Legitimate interests | Core functionality including account management, portfolio display, and watchlists. |
| Authentication and account security | Performance of contract / Legitimate interests | Verifying your identity and keeping your account secure. |
| Personalisation of content and intelligence feeds | Performance of contract | Tailoring displayed data to your connected wallet addresses and preferences. |
| Responding to support requests | Performance of contract / Legitimate interests | Handling enquiries sent to support@nayft.com. |
| Service-related communications | Performance of contract / Legitimate interests | Transactional messages about your account or our Services. |
| Marketing communications | Consent (opt-in) | Product updates, feature announcements. You may unsubscribe at any time. |
| Analytics and service improvement | Consent (for cookie-based) / Legitimate interests | Understanding how users interact with our Services to improve them. |
| Fraud prevention and security | Legitimate interests / Legal obligation | Detecting and preventing abuse, security threats, and unauthorised access. |
| Legal compliance | Legal obligation | Complying with applicable laws and responding to lawful authority requests. |
4. Cookies and Tracking Technologies
We use cookies, web storage, and similar technologies. These fall into the following categories:
| Category | Purpose |
|---|---|
| Strictly Necessary | Essential for the platform to function (session management, security). These cannot be disabled. |
| Functional / Preference | Remember your settings and preferences. Disabled by default where consent is required. |
| Analytics | Measure usage and performance. Activated only with your explicit consent where required by law. |
| Marketing | Deliver relevant promotional content. Activated only with your explicit consent. |
You may update your cookie preferences at any time using the Cookie Settings link in the footer of our website. Most browsers also allow you to block or delete cookies through their settings. Disabling certain cookies may affect the functionality of our Services.
5. Sharing and Disclosure of Personal Data
5.1 Service Providers
We engage trusted third-party service providers to operate our Services. These providers process data only on our instructions and are contractually bound to protect it. Categories include:
- Cloud hosting and infrastructure providers.
- Third-party authentication providers (e.g., Google Identity Services).
- Email delivery providers (for transactional and marketing communications).
- Analytics and performance measurement tools.
- Customer support tools.
- Security and fraud-prevention providers.
5.2 Legal and Regulatory Disclosure
We may disclose personal data where required or permitted by law, including in response to a valid legal order, court process, or request from a competent regulatory or law enforcement authority, or where necessary to protect the rights, property, or safety of NAYFT, our users, or others.
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website before your data is transferred and becomes subject to a different privacy policy.
5.4 No Sale of Personal Data
NAYFT does not sell personal data to third parties. We do not share personal data for cross-context behavioural advertising without providing you the right to opt out.
6. International Data Transfers
NAYFT may use infrastructure and service providers located in countries other than your own. Some of those countries may not have data protection laws equivalent to your jurisdiction. Where transfers of personal data originating from the EU, UK, or other jurisdictions with transfer restrictions occur, we implement appropriate safeguards, which may include:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- The UK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs.
- Adequacy decisions issued by relevant data protection authorities.
You may request information about the transfer mechanisms we apply by contacting us at support@nayft.com.
7. Data Retention
We retain personal data only for as long as necessary for the purposes described in this Policy, or as required by applicable law.
| Data Category | Retention Period |
|---|---|
| Account data | For the duration of your account, plus a reasonable period thereafter to handle disputes or legal obligations. |
| Support communications | Up to 3 years from the date of resolution. |
| Security and access logs | Up to 12 months unless required for ongoing security investigations. |
| Marketing consent records | Until consent is withdrawn, plus a compliance record-keeping period. |
| Analytics data | Aggregated or anonymised; retained indefinitely (no personal data retained). |
| Blockchain-derived data | Retained in our systems while your account is active. Note: underlying on-chain records cannot be deleted by NAYFT. |
Upon expiry of the applicable retention period, or upon a valid erasure request, personal data will be securely deleted or irreversibly anonymised using industry-standard methods.
8. Security
We implement reasonable administrative, technical, and organisational safeguards to protect personal data from unauthorised access, disclosure, alteration, or destruction. Our measures include encryption of data in transit (TLS), access controls, and security monitoring.
No method of electronic transmission or storage is completely secure. We cannot guarantee absolute security. In the event of a personal data breach that poses a risk to your rights, we will notify you and the relevant supervisory authority as required by applicable law.
9. Your Privacy Rights
Depending on your jurisdiction, you may have rights with respect to your personal data. We aim to respond to all verified requests within 30 days (or within the period required by applicable law).
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you. |
| Correction / Rectification | Request that inaccurate or incomplete data be corrected. |
| Erasure / Deletion | Request deletion of your personal data where no overriding legal basis for retention exists. Note: we cannot delete data from public blockchain networks. |
| Restriction | Request that we limit processing of your data in certain circumstances. |
| Portability | Receive your data in a structured, machine-readable format (where applicable). |
| Object | Object to processing based on legitimate interests or for direct marketing. |
| Withdraw Consent | Withdraw any consent you have given at any time (does not affect prior lawful processing). |
| Non-Discrimination | Not receive discriminatory treatment for exercising your rights (CCPA/CPRA — California). |
| Opt Out of Sale/Sharing | Direct us not to sell or share your personal information (California CCPA/CPRA). |
| Grievance Redressal | Lodge a grievance under applicable law (e.g., DPDPA 2023 — India). |
To exercise any of these rights, please contact us at support@nayft.com. We will verify your identity before acting on your request. If you are dissatisfied with our response, you have the right to lodge a complaint with the data protection authority in your jurisdiction.
10. Jurisdiction-Specific Notices
10.1 European Economic Area and United Kingdom (GDPR / UK GDPR)
We process personal data as a data controller. Our legal bases for processing are described in Section 3. You have the full rights set out in Section 9. Where we rely on legitimate interests, you may request details of our balancing assessment. As NAYFT formalises its corporate structure, we will appoint an EU/UK representative and Data Protection Officer as required, and update this Policy accordingly. Supervisory authority: your national EU DPA or the UK Information Commissioner's Office (ico.org.uk).
10.2 California, United States (CCPA / CPRA)
California residents have the right to know what personal information is collected, to delete it, to correct it, to opt out of its sale or sharing, and to non-discrimination. NAYFT does not sell personal information. Categories of personal information collected in the preceding 12 months: identifiers (email, IP address), internet/network activity, and inferences from public blockchain data. To submit a request: support@nayft.com. Supervisory authority: California Privacy Protection Agency (cppa.ca.gov).
10.3 India (Digital Personal Data Protection Act, 2023)
For Data Principals in India, NAYFT acts as a Data Fiduciary. We process personal data only for the purposes described in this Policy and with a valid basis under the DPDPA 2023. You have the rights of access, correction, erasure, grievance redressal, and nomination. We will appoint a Grievance Officer as required when formally registered in India. Contact: support@nayft.com. Supervisory authority: the Data Protection Board of India (once constituted).
10.4 Canada (PIPEDA / Quebec Law 25)
We handle personal information in accordance with PIPEDA and applicable provincial legislation including Quebec's Law 25. You have the right to access, correct, and withdraw consent for the use of your personal information. Quebec residents have additional portability and de-indexing rights. Contact: support@nayft.com. Supervisory authority: Office of the Privacy Commissioner of Canada (priv.gc.ca).
10.5 Brazil (LGPD)
Personal data of individuals in Brazil is processed in accordance with Lei Geral de Proteção de Dados (Law No. 13,709/2018). You have the rights set out in Article 18 of the LGPD. Contact: support@nayft.com. Supervisory authority: Autoridade Nacional de Proteção de Dados (ANPD).
10.6 Australia (Privacy Act 1988)
We handle personal information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles. You have the right to access and seek correction of your personal information. Supervisory authority: Office of the Australian Information Commissioner ( oaic.gov.au). Contact: support@nayft.com.
11. Marketing Communications
We send marketing communications only where you have opted in or where applicable law permits. Every marketing message includes a clear unsubscribe link. You may also opt out by emailing support@nayft.com or updating your preferences in your account settings. Opt-out requests are processed within 10 business days. Opting out of marketing does not affect transactional or service-related communications.
12. Children's Privacy
NAYFT is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you are a parent or guardian and believe a minor has provided us with personal data without your consent, please contact us at support@nayft.com and we will promptly delete it. In jurisdictions where a higher age of digital consent applies (e.g., 16 in certain EU Member States), we will apply the applicable local threshold.
13. Changes to This Policy
We may update this Policy from time to time. When we do, we will update the Effective Date at the top of this document. For material changes, we will notify you by email and/or a prominent notice on our website. Where applicable law requires fresh consent for new processing purposes, we will seek it before those changes take effect. Continued use of our Services after the effective date of an updated Policy constitutes acceptance of the revised terms, to the extent permitted by law.
14. Contact Us
For any questions, requests, or concerns about this Privacy Policy or the handling of your personal data, please contact:
| support@nayft.com | |
| Response Time | We aim to respond to all privacy-related enquiries within 10 business days. |
| Supervisory Authority | If you are not satisfied with our response, you have the right to contact the relevant data protection authority in your jurisdiction (see Section 10 for details). |
NAYFT Privacy Policy — Effective June 1, 2026
