Loading…
Last updated: April 2026
Privacy is our principle, not just our product.
FreeNatoCash is built on the conviction that financial privacy is a fundamental right. This policy describes what data is and is not collected when you interact with the Protocol and its web interface. We collect the absolute minimum necessary to operate the service.
This Privacy Policy describes how the FreeNatoCash Protocol ("Protocol," "we," "us," or "our") collects, uses, and shares information when you use our website, smart contracts, services, and associated applications (collectively, the "Services").
Data Controller: For the purposes of applicable data protection laws (including GDPR and CCPA), the data controller for information collected through the web interface is the operator of the FreeNatoCash frontend interface. The Protocol's smart contracts operate autonomously on the blockchain and do not have a data controller — on-chain data processing occurs through decentralized infrastructure that no single party controls.
By using the Services, you acknowledge that you have read and understood this Privacy Policy and the collection and use of information as described herein. This Privacy Policy is incorporated into and forms part of our Terms of Service. See also our Risk Disclosure and Platform Rules.
As a privacy-first protocol, we are committed to minimizing data collection. We do NOT collect:
Generated and encrypted entirely client-side. Never transmitted to any server, API, or third party.
Never accessed. Wallet interactions use standard Web3 signing flows through your chosen wallet provider.
No KYC, no account registration, no name, no email, no phone number, no government ID. Zero personal data collection.
No analytics cookies, no advertising trackers, no third-party tracking scripts, no fingerprinting.
The frontend does not log, store, or correlate IP addresses with wallet addresses or on-chain activity.
We do not maintain a database linking your identity to your deposits, withdrawals, or mixer usage.
The following information is inherently public on the blockchain and visible to anyone with access to a block explorer. This data exists on the blockchain itself and is not controlled by us:
The zero-knowledge proof system ensures that the link between deposits and withdrawals remains private, even though individual transactions are visible on-chain. This is the core privacy guarantee.
When you access the web interface, our server infrastructure may automatically collect limited technical information:
Collected by the web server and CDN (Cloudflare) for DDoS protection and rate limiting. Not correlated with wallet addresses.
User agent string, operating system, browser type and version. Used for compatibility and security purposes.
URLs accessed, timestamps, HTTP status codes, referrer headers. Standard web server access log data.
This data is collected automatically by standard web server and CDN infrastructure. It is retained only as needed for operational security and is subject to the retention policy described in Section 10.
The Protocol operates an event indexer that reads publicly available blockchain data (deposit events, withdrawal events, Merkle tree updates) to provide API endpoints for the frontend. This indexer processes only public on-chain data that is already available to anyone through a block explorer or RPC node. The indexer does not store any private user information, does not correlate on-chain data with IP addresses or identities, and does not create user profiles.
The web interface is served via a private VPS with Cloudflare for DNS and TLS termination.
Server logs are NOT correlated with wallet addresses or on-chain activity. They exist solely for infrastructure monitoring, security incident investigation, and abuse prevention.
The frontend stores the following data locally in your browser's localStorage. This data never leaves your device:
fnc-themeYour light/dark mode preference
fnc-terms-acceptedWhether you've accepted the Terms of Service
wagmi.*Wallet connection state (managed by wagmi library)
No sensitive data (private keys, deposit notes, passwords) is stored in localStorage. Deposit notes should be backed up externally by you — they are not persisted by the application.
We do not use cookies for tracking, analytics, or advertising purposes.
The only cookie-like storage used is:
No advertising cookies, no analytics cookies, no cross-site tracking cookies are ever set by our application.
The Protocol integrates with third-party services that have their own data collection practices. You should be aware that these services may collect data that we do not control:
Connection state, transaction signing requests, device fingerprints, browser metadata. Governed by each provider's own privacy policy.
Your IP address, wallet addresses queried, transaction data submitted, request timestamps. RPC providers log your IP address and wallet interactions — this means your IP may be associated with your wallet address by the RPC provider, even though we do not perform this correlation. This is a fundamental aspect of how blockchain access works.
Traffic metadata, anonymized analytics, email routing metadata. Governed by Cloudflare's privacy policy.
Swap parameters, wallet addresses, token types, amounts, transaction data. Governed by the swap provider's privacy policy.
We do not control the data practices of third-party services. We strongly recommend reviewing the privacy policies of any wallet provider, RPC node, or other service you use in conjunction with the Protocol.
We retain the minimal data we collect for the shortest period necessary:
Nginx access logs are automatically rotated and deleted after 72 hours unless a security investigation requires extended retention.
In-memory counters that reset automatically. Not persisted to disk.
Deleted when the browser session ends or after the session timeout period.
Data written to the blockchain is permanent and immutable. This is inherent to blockchain technology and outside our control.
The indexer caches public blockchain data for API performance. This is publicly available data and can be re-derived from the blockchain at any time.
The limited technical data we collect is used solely for:
We do NOT use any collected data for: advertising, marketing, profiling, selling to third parties, creating user profiles, or tracking your on-chain activity.
Where applicable data protection laws require a legal basis for processing personal data, we rely on the following:
We do not sell, rent, or trade any user data. We may disclose the limited data we hold in the following circumstances:
The Services are not directed toward individuals under the age of 18 (or the age of majority in the applicable jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a minor, we will take prompt steps to delete such information. If you are a parent or guardian and believe your child has provided data to the Protocol, please contact us at [email protected].
The Protocol's infrastructure may be located in jurisdictions different from your own. By using the Services, you acknowledge that any limited technical data collected may be processed in the jurisdiction where our servers are located. We take reasonable measures to ensure that data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:
To exercise any CCPA rights, email [email protected] with the subject line "CCPA Request." We will verify your identity and respond within 45 days.
Important limitation: On-chain transaction data — including wallet addresses, transaction hashes, amounts, timestamps, and smart contract interactions — is permanently recorded on the blockchain and cannot be modified, deleted, or erased by any party. This is an inherent, fundamental property of blockchain technology and is outside our control.
We treat on-chain data (wallet addresses, transaction data) as pseudonymous technical data rather than directly identifying personal data, as it does not inherently identify a natural person without additional information. However, we acknowledge that data protection authorities in certain jurisdictions may take a different view.
Where the right to erasure applies (GDPR Article 17, CCPA deletion requests), we will delete all off-chain personal data we hold (server logs, contact form submissions). We cannot delete on-chain data, and by using the Protocol, you acknowledge and accept this inherent limitation of blockchain-based systems. The Protocol's zero-knowledge proof system is specifically designed to minimize the personal data exposed on-chain by breaking the link between deposit and withdrawal addresses.
We implement industry-standard security measures to protect the limited data we process:
We may update this Privacy Policy from time to time. Material changes will be reflected in the "Last updated" date at the top of this document. Your continued use of the Services after changes are posted constitutes acceptance of the revised policy. We encourage you to review this page periodically.
For questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:
We will respond to privacy-related inquiries within 30 days.
This document has been drafted with reference to industry standards for privacy-preserving DeFi protocols. External legal review by qualified counsel is recommended before mainnet deployment.