Privacy Policy

This Privacy Policy describes how goBlink ("we", "us", or "our") collects, uses, and protects your information when you use our Service at goblink.io.

Core Privacy Principles:

• Non-Custodial: We never have access to your private keys, seed phrases, or funds.
• Minimal Data Collection: We only collect data necessary to provide and improve the Service.
• No Data Sales: We do not sell, rent, or trade your personal information.
• Transparency: We are transparent about what data we collect and how we use it.

GDPR Compliance: For users in the European Union (EU) and the United Kingdom (UK), we process personal data in accordance with the EU General Data Protection Regulation (GDPR) and UK GDPR. This Privacy Policy explains your rights and how we comply with GDPR requirements.

By using the Service, you consent to the collection and use of information as described in this Privacy Policy.

We collect the following types of information:

2.1 Wallet and Transaction Data

• Wallet Addresses: Your public wallet addresses when you connect your wallet to the Service. This is necessary to display balances, transaction history, and facilitate transfers.
• Transaction Hashes: Blockchain transaction hashes to track transfer status and provide confirmations.
• Transaction Metadata: Token types, amounts, source and destination chains, and timestamps for transactions you initiate through the Service.

Important: We never collect or have access to your private keys, seed phrases, or passwords. All transactions are signed in your wallet, not on our servers.

2.2 Usage and Analytics Data

• IP Address: Your IP address is collected for fraud prevention, security, and to determine your approximate geolocation (country/region level only). We do not track precise location.
• Device Information: Browser type, operating system, screen resolution, and device type.
• Usage Metrics: Pages visited, features used, buttons clicked, and time spent on the Service.
• Log Files: Server logs may temporarily contain IP addresses, browser information, timestamps, and requested URLs for debugging and security purposes.
• MAC Address: In limited cases, device identifiers may be collected by analytics providers. We do not directly collect or store MAC addresses.
• Referral Source: The website or source that referred you to goBlink.

This data is collected through analytics services and is anonymized or pseudonymized wherever possible.

2.3 Voluntarily Provided Information

• Support Inquiries: If you contact us for support, we may collect your email address, name (if provided), and the content of your inquiry.
• Feedback: Feedback or suggestions you voluntarily submit about the Service.

2.4 Blockchain Data Transparency Warning

⚠️ Important: Blockchain transactions are inherently public, transparent, and permanent.

• All blockchain transactions you initiate through the Service are permanently recorded on public, distributed ledgers.
• Your wallet addresses, transaction amounts, timestamps, and transaction history are publicly visible on blockchain explorers (e.g., Etherscan, Solscan).
• This blockchain data is NOT controlled by goBlink and cannot be deleted, modified, or hidden. It is permanent and publicly accessible.
• Third parties may be able to correlate your wallet address with other information (such as IP addresses from other services, social media profiles, or exchange accounts) to potentially identify you.

2.5 Data We Do NOT Collect

• ❌ Private keys or seed phrases
• ❌ Wallet passwords or authentication credentials
• ❌ Know-Your-Customer (KYC) information such as government IDs or photos
• ❌ Financial account information (bank accounts, credit cards)
• ❌ Precise geolocation data (GPS coordinates)

For users in the EU and UK, we process personal data based on the following legal grounds under GDPR:

3.1 Contract Performance

Processing is necessary to provide the Service you have requested, including facilitating cross-chain transfers, displaying transaction history, and providing customer support.

3.2 Legitimate Interest

We process data based on our legitimate interests in:

• Security and fraud prevention: Detecting and preventing fraudulent activity, abuse, and security threats.
• Service improvement: Analyzing usage patterns to improve Service functionality, performance, and user experience.
• Technical operations: Maintaining and optimizing our infrastructure, debugging errors, and ensuring system reliability.

We have balanced these interests against your privacy rights and have implemented appropriate safeguards.

3.3 Consent

We rely on your consent for:

• Non-essential cookies and analytics tracking (you can manage these preferences).
• Marketing communications (if you opt in, though we do not currently engage in marketing).

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

3.4 Legal Obligation

We may process data where necessary to comply with legal obligations, such as responding to lawful requests from authorities or complying with applicable regulations.

We use the collected data for the following purposes:

• Provide the Service: To facilitate cross-chain transfers, display transaction history, track transfer status, and provide account features.
• Improve the Service: To analyze usage patterns, identify bugs, optimize performance, and develop new features.
• Security and Fraud Prevention: To detect and prevent fraudulent activity, abuse, and security threats.
• Customer Support: To respond to your inquiries, resolve issues, and provide assistance.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
• Analytics: To measure and understand how users interact with the Service using anonymized data.

We do not use your data for targeted advertising or marketing purposes.

goBlink does not sell, rent, or trade your personal information to third parties.

However, we may share limited data with trusted third-party service providers for the following purposes:

5.1 Service Providers

• Cross-Chain Infrastructure: Third-party execution services and networks. We share transaction parameters (tokens, amounts, addresses) necessary to execute transfers.
• Reown AppKit (WalletConnect): Wallet connection and authentication service. Your wallet address is shared to enable wallet connectivity.
• Blockchain Networks: Transaction data is broadcast to public blockchain networks (Ethereum, Solana, NEAR, etc.) as part of the on-chain execution process.
• Analytics Providers: We may use services like Vercel Analytics, Google Analytics, or similar tools to analyze anonymized usage data.
• Hosting Providers: Our website is hosted on Vercel and may use cloud infrastructure providers (e.g., AWS, Google Cloud) to store anonymized data.

5.2 Third-Country Transfers

Your data may be processed and stored in countries outside the European Economic Area (EEA) and the United Kingdom, including:

• United States: Our hosting and analytics providers may process data in the U.S.
• Canada: goBlink is based in Canada and may process data locally.
• Other countries: Third-party service providers may operate in various jurisdictions.

Where data is transferred to countries that do not provide an adequate level of data protection as determined by the European Commission:

• We rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure appropriate safeguards.
• We may rely on adequacy decisions where the destination country has been deemed to provide adequate protection (e.g., Canada for commercial organizations under PIPEDA).
• We implement additional technical and organizational measures to protect your data during cross-border transfers.

5.3 Advertising and Analytics Pixels

We may use analytics tools and services that employ tracking pixels or similar technologies. These may include:

• Vercel Analytics: First-party analytics for traffic and performance monitoring.
• Google Analytics: (If used) Anonymized analytics for usage patterns. You can opt out using browser settings or Google's opt-out tools.

We do not use advertising pixels for targeted advertising or retargeting. Analytics tools are used solely for Service improvement and anonymized metrics.

5.4 Legal Requirements

We may disclose information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders)
• Requests from law enforcement or government agencies
• Protection of our legal rights or compliance with applicable laws
• Prevention of fraud, security threats, or illegal activity

5.5 Public Blockchain Data

Important: All blockchain transactions are public and permanently recorded on distributed ledgers. Your wallet addresses and transaction history are publicly visible on blockchain explorers. This data is not controlled by goBlink and cannot be deleted or modified. See Section 7 (Blockchain Data) for more details.

We use cookies and similar tracking technologies to enhance your experience and collect usage data.

Types of Cookies We Use:

• Essential Cookies: Required for the Service to function properly (e.g., wallet connection state, theme preferences). These cannot be disabled without affecting Service functionality.
• Analytics Cookies: Used to measure website traffic and user behavior through tools like Vercel Analytics or Google Analytics. These are anonymized and help us improve the Service. You can opt out through browser settings.
• Local Storage: Browser local storage is used to save user preferences (e.g., dark mode, recent transfers) locally on your device.

Third-Party Services:

• Social Media Plugins: We do not currently use social media plugins (e.g., Facebook Like buttons, Twitter embeds) that would allow third parties to track you across websites. If we add such features in the future, we will update this policy and provide opt-out mechanisms.
• Analytics Tools: We may use Vercel Analytics (first-party) and/or Google Analytics (third-party) for anonymized usage metrics. These tools may set cookies to track sessions and user behavior.

Managing Cookies:

You can control cookies through your browser settings. Note that disabling essential cookies may affect the functionality of the Service.

Most browsers allow you to:

• View and delete cookies
• Block third-party cookies
• Block all cookies (may affect Service functionality)
• Clear cookies when you close your browser

For third-party analytics cookies (e.g., Google Analytics), you can opt out using:

• Browser privacy settings (e.g., "Do Not Track" signals)
• Google Analytics Opt-out Browser Add-on: tools.google.com/dlpage/gaoptout

⚠️ Blockchain Transactions Are Public, Permanent, and Beyond Our Control

When you use the Service to execute blockchain transactions, it is critical to understand the following:

7.1 Inherent Transparency

• All blockchain transactions are public. Blockchain networks (Ethereum, Solana, NEAR, etc.) are distributed, public ledgers. Every transaction is permanently recorded and visible to anyone.
• Wallet addresses and transaction history are publicly visible on blockchain explorers (e.g., Etherscan, Solscan, NEAR Explorer).
• Anyone can view your wallet balance, transaction amounts, token types, timestamps, and counterparties without restriction.

7.2 Permanence and Immutability

• Blockchain data is permanent and cannot be deleted. Once a transaction is confirmed on-chain, it becomes part of the permanent historical record.
• goBlink has no control over blockchain data. We cannot delete, modify, hide, or redact transactions, wallet addresses, or transaction history.
• GDPR's "right to erasure" (right to be forgotten) does not apply to blockchain data because it is stored on decentralized, public networks beyond any single entity's control.

7.3 Correlation Risk and De-Anonymization

• Wallet addresses may be linked to your identity. While wallet addresses are pseudonymous (not directly tied to your name), third parties may correlate your wallet address with other information to identify you, including:
  • IP addresses or metadata from other services (e.g., centralized exchanges, wallet providers)
  • Social media profiles where you've shared your wallet address
  • On-chain analysis tools that track transaction patterns and link wallets
  • KYC information from exchanges or other services
• Once your wallet address is linked to your identity, all past and future transactions associated with that address become publicly attributable to you.

7.4 What You Can Do

• Use separate wallets for different purposes to limit correlation.
• Avoid publicly sharing your wallet addresses on social media or forums.
• Be aware that blockchain data is permanent and public before initiating transactions.
• Understand that privacy on public blockchains is limited and transactions are traceable.

By using goBlink to execute blockchain transactions, you acknowledge and accept that blockchain data is public, permanent, and beyond our control.

We retain your data only as long as necessary to provide the Service and comply with legal obligations.

• Transaction Data: Retained for as long as you use the Service to provide transaction history and support. You can request deletion of transaction history stored by goBlink at any time (note: blockchain data remains public and permanent).
• Analytics Data: Anonymized analytics data may be retained indefinitely for statistical and research purposes.
• Support Inquiries: Retained for a reasonable period (typically 1-2 years) to resolve your inquiry and prevent abuse.
• Legal Requirements: Some data may be retained longer if required by law or to resolve disputes.

Note: Blockchain transaction data is permanent and cannot be deleted by goBlink as it is stored on public, decentralized networks beyond our control.

We take reasonable measures to protect your information from unauthorized access, disclosure, alteration, or destruction.

Security Measures:

• HTTPS Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL.
• Non-Custodial Architecture: We never store private keys or have access to your funds, eliminating the risk of custodial breaches.
• Secure Hosting: Our infrastructure is hosted on secure cloud platforms (Vercel, AWS, etc.) with industry-standard security practices.
• Access Controls: Internal access to data is restricted and monitored.
• Regular Audits: We periodically review our security practices and infrastructure.

However: No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Your Responsibility:

• Protect your wallet private keys and seed phrases.
• Use strong passwords and enable two-factor authentication (2FA) where available.
• Beware of phishing attempts. goBlink will never ask for your private keys or seed phrases.
• Verify you are on the correct domain (goblink.io) before connecting your wallet.

Depending on your jurisdiction, you may have certain rights regarding your personal data.

10.1 GDPR Rights (EU and UK Users)

If you are located in the EU or UK, you have the following rights under GDPR:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data. Note: This does not apply to blockchain data, which is permanent and beyond our control.
• Right to Restrict Processing: Request that we limit how we process your data in certain circumstances.
• Right to Data Portability: Request a copy of your data in a machine-readable format to transfer to another service.
• Right to Object: Object to certain types of data processing, such as processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Withdraw consent for data processing where consent is the legal basis (e.g., analytics cookies). This does not affect the lawfulness of processing before withdrawal.
• Right Not to Be Subject to Automated Decision-Making: Request human review of decisions made solely by automated processing that significantly affect you. Note: goBlink does not engage in automated decision-making that produces legal or similarly significant effects.

10.2 Filing a Complaint with a Supervisory Authority

If you are located in the EU or UK, you have the right to file a complaint with a data protection supervisory authority if you believe we have violated your privacy rights:

• EU Users: Contact your national data protection authority. A list is available at edpb.europa.eu.
• UK Users: Contact the Information Commissioner's Office (ICO) at ico.org.uk.

10.3 Other Jurisdictions

Users in other jurisdictions may have similar rights under local privacy laws (e.g., CCPA in California, PIPEDA in Canada). Contact us to exercise your rights.

10.4 How to Exercise Your Rights

To exercise any of the above rights, please contact us at support@goblink.io.

We will respond to your request within 30 days (as required by GDPR). We may ask you to verify your identity before processing your request to ensure the security of your data.

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

If you believe we have inadvertently collected information from a child under 18, please contact us immediately at support@goblink.io, and we will take steps to delete such information.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service features.

When we make changes:

• We will update the "Last Updated" date at the top of this page.
• Significant changes will be communicated through the Service or via email (if you have provided one).
• Your continued use of the Service after changes are posted constitutes acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

Email: support@goblink.io

We will respond to your inquiry as soon as reasonably possible, typically within 30 days.