Flagship.fyi - Docs
  • Welcome
  • About Flagship
    • What is Flagship?
    • Roadmap
    • Whitepaper
    • $FYI Token
    • FAQs
    • Flagship Privacy Policy
    • Terms and Conditions
  • v0.1 - Agent Mining
    • Introduction
    • Meet the Agents
    • How Agent Mining Works
  • More In-App Opportunities
  • Frequently Asked Questions (FAQs)
  • Flagship Ambassador Program
    • Introduction
  • Apply Now
  • 3Rs - Ranks, Rewards, Responsibilities
  • Frequently Asked Questions (FAQs)
Powered by GitBook
On this page
  • 1. INTRODUCTION
  • 2. DATA CONTROLLER
  • 3. SCOPE OF APPLICATION
  • 4. INFORMATION WE COLLECT
  • 5. LEGAL BASIS FOR PROCESSING
  • 6. HOW WE USE YOUR INFORMATION
  • 7. SHARING INFORMATION
  • 8. DATA SECURITY
  • 9. COOKIES AND TRACKING TECHNOLOGIES
  • 10. DATA RETENTION
  • 11. DATA SECURITY
  • 12. USER RIGHTS AND CHOICES
  • 13. INTERNATIONAL DATA TRANSFERS
  • 14. CHANGES TO THIS PRIVACY POLICY
  1. About Flagship

Flagship Privacy Policy

1. INTRODUCTION

1.1. This Privacy Policy (the "Policy") explains how the Flagship FYI Foundation (the "Platform Operator," "we," "our," or "us") collects, uses, shares, stores, and protects personal data of individuals ("you," "your," or "Users") who interact with the FYI Token (the "Token") and the associated decentralized platform (the "Platform").

1.2. This Policy is issued in accordance with applicable data protection and privacy regulations, including the General Data Protection Regulation (EU) 2016/679 ("GDPR") and is designed to promote transparency regarding how your data is handled when engaging with our smart contracts, governance systems, and web interfaces.

1.3. By accessing the Platform, you acknowledge that you have read and understood this Privacy Policy and consent to our practices as described herein. This Policy applies to all interactions with the Platform, including but not limited to web-based services, mobile applications, and associated communication channels.

1.4. The Platform Operator processes personal data of User’s solely where necessary for the provision of services, and only with the User’s valid consent, in accordance with applicable data protection laws.

1.5. This Policy should be read in conjunction with our Terms and Conditions, which further outline the legal framework for your use of the Platform. If you do not agree to this Policy, please refrain from using the Platform.

2. DATA CONTROLLER

The Platform Operator acts as the data controller under this Policy:

The Flagship FYI Foundation

Registration No. F 415

Registered Address: A.L. Evelyn Ltd Building, Suite 1, P.O. Box 258, Main Street, Charlestown, Nevis

Data-Protection@flagship.fyi

As a data controller, we determine the purposes and means of processing personal data in relation to your interaction with the Token and Platform. If we use third-party data processors to handle data on our behalf, we ensure they are contractually bound to comply with strict data protection obligations.

3. SCOPE OF APPLICATION

This Policy applies to personal data collected through:

3.1. The Platform’s user interface and any affiliated subsites;

3.2. Smart contracts associated with the FYI Token and related Web3 features;

3.3. Token issuance, governance, staking, transfer, and burn mechanisms;

3.4. Communications between Users and the Platform Operator, including support requests and feedback;

3.5. Public forums, social media pages, or community tools hosted or moderated by the Platform Operator;

3.6. Any off-chain services or events linked to the Platform (e.g., workshops, educational webinars, or hackathons).

This Policy does not apply to third-party platforms, DApps, or blockchain explorers that may be accessible via links on our Platform. We are not responsible for the privacy practices of those external services.

4. INFORMATION WE COLLECT

4.1. Information You Provide to Us:

4.1.1. We collect the following types of information that you voluntarily provide when you interact with the Platform:

4.1.1.1. Account Information: This includes blockchain wallet addresses and interactions with smart contracts, Telegram app ID or usernames, passwords (where applicable), and profile-related details such as preferences and account settings. These identifiers are pseudonymous but may become identifiable if linked with other data

4.1.1.2. Communications Data: Information shared through customer support inquiries, emails, and social media interactions.

4.1.1.3. User-Generated Content: Any content you upload, submit, or share on the Platform, including Profile NFTs, messages, comments, and feedback.

4.1.1.4. Payment Information: When applicable, Users may provide financial details related to transactions carried out on the Platform, subject to applicable laws.

4.2. Information Collected Automatically:

4.2.1. We may collect certain data automatically when you access the Platform, including:

4.2.1.1. Device Information: Technical details about your device, such as device type, operating system, browser type, wallet address, IP address, and unique device identifiers.

4.2.1.2. Usage Data: Information related to how you interact with the Platform, including page visits, features used, referral sources, and navigation paths.

4.2.1.3. Transaction Data: Details about blockchain transactions conducted on the Platform, including login timestamps, Token amounts such as FYI Token holdings and staking status’, and smart contract interactions.

4.2.1.4. Staking and Governance Data: Public votes, staking records, proposal creation, and participation logs, all linked to wallet addresses.

4.2.1.5. Cookies and Tracking Technologies: We utilise cookies, pixel tags, and other tracking mechanisms to collect data and improve user experience.

4.3. Information from Third-Party Sources:

4.3.1. We may obtain information about you from third parties (Third-Party-Sub-Processor) including:

4.3.1.1. Blockchain Networks: Publicly available data related to blockchain interactions.

4.3.1.2. Analytics Providers: Aggregated data insights regarding Platform

usage trends and performance.

4.3.1.3. Customer Due diligence, KYC/AML: Data collected might be privately obtained and refer to personal information of the User.

4.3.1.4. Purpose of Processing: To conduct initial due diligence on prospective customers to ensure compliance with the Token’s risk appetite and regulatory requirements.

4.3.1.5. Marketing Partners: Information provided through promotional campaigns or referral programs.

We do not knowingly collect or process any special categories of data, such as information regarding your racial or ethnic origin, political opinions, religious beliefs, health, or biometric identifiers.

5. LEGAL BASIS FOR PROCESSING

We rely on the following legal grounds under data protection law to process your data:

5.1. Performance of a Contract: Data processing necessary to facilitate your use of the Platform and interact with Token functionalities.

5.2. Legitimate Interests: Including fraud prevention, Platform maintenance, and ensuring an optimal user experience. We ensure that our interests are balanced against your rights.

5.3. Compliance with Legal Obligations: We may be legally required to collect, retain, or share certain data under AML, CTF, tax, or securities regulations.

5.4. Consent: For optional services such as email updates, newsletters, or the placement of analytics cookies. You may withdraw your consent at any time through available interfaces or by contacting us directly.

6. HOW WE USE YOUR INFORMATION

6.1. We process collected information for the following purposes:

6.1.1. To Provide and Maintain the Platform: Ensure seamless operation, access to services, and personalised functionality, including the monitoring of system performance, detecting technical issues, and improving operational efficiency.

6.1.2. Account Management: Facilitating the registration process, wallet ownership and authenticating staking or governance participation, verifying your identity, managing user preferences, and providing administrative notifications.

6.1.3. Transaction Facilitation: Processing on-chain transactions and staking activities, ensuring transparency and compliance with blockchain protocols.

6.1.4. Security and Fraud Prevention: Implementing risk monitoring to prevent unauthorised access, fraudulent activities, and potential cybersecurity threats. This includes monitoring for unusual activity and securing digital assets.

6.1.5. Compliance with Legal Obligations: Meeting regulatory and legal requirements, including financial, tax, and anti-money laundering obligations in accordance with applicable laws.

6.1.6. Marketing and Communication: To respond to support inquiries or complaints submitted via contact forms or email, sending promotional materials, service updates, surveys, and notifications related to Platform features, improvements, and relevant offerings.

6.1.7. Analytics and Performance Monitoring: Collecting data to understand usage trends, user engagement, and functionality preferences to enhance Platform services and ensure scalability.

6.1.8. User Support: Responding to inquiries, resolving technical issues, and improving customer experience by providing accurate and efficient assistance.

6.1.9. Customisation: Tailoring user experiences based on preferences and behavioural data to offer a personalised interface and suggested content.

6.2. Users can manage their communication preferences and opt out of certain communications by adjusting their settings within the Platform.

We will not use your personal data to create user profiles, conduct predictive behavior analysis, or engage in automated decision-making that has legal effects.

7. SHARING INFORMATION

7.1. Public Ledger: All on-chain transactions, including voting and staking, are permanently and publicly visible on the blockchain. This is an inherent feature of blockchain technology.

7.2. With Service Providers:

7.2.1. In the course of operating and maintaining the Platform, we engage trusted third-party service providers to support various operational functions, including, but not limited to, application hosting, communication services, email infrastructure, and event management. These providers are selected based on their expertise, reliability, and compliance with applicable data protection standards.

7.2.2. Where necessary, and strictly limited to what is required to enable these services, we may share certain personal data with these third parties. All such data sharing is carried out in accordance with the safeguards and principles outlined in this Privacy Policy.

7.2.3. If you register to attend an event organized or hosted by us, we may share your name, and contact information with event sponsors. Where legally permissible, such sponsors may use this information to inform you about their own products and services. You may opt out of such communications at any time.

7.2.4. In cases where personal data is transferred to a third party located outside the European Economic Area (EEA), and where such jurisdiction is not recognized as offering an adequate level of protection, we conduct a risk assessment and ensure appropriate safeguards are in place. These include executing binding agreements incorporating the European Commission’s Standard Contractual Clauses (SCCs), supplemented as needed by the GDPR or other legally recognized mechanisms.

7.2.5. All cross-border data transfers are subject to encryption and, as a general practice, do not involve the transmission of special categories of personal data. We regularly review and monitor our international data transfer arrangements to ensure ongoing compliance.

Third-Party Sub-Processor

Description of the Process

Location of Services

Google Cloud Platform (GCP)

Hosting infrastructure

EU - based

Amazon Web Services (AWS)

Additional hosting

Global

Cloudflare

CDN, security, and DDoS protection

Global

Docker

Containerization

(self-managed, no data processing)

US

GitHub

Source code management

US

Firebase Auth

User authentication

Global

WalletConnect

Wallet connections

Global

Privy.io

Wallet login/authentication, logs wallet addresses and possibly social login identifiers - ISO

27001-compliant

US

Telegram (Bots & MiniApps)

Logs Telegram usernames, IDs, wallet addresses, IP

N/A

addresses for bot detection (Telegram-operated)

SendGrid

Transactional emails

US

Sentry

Error monitoring

Global

Linum Labs

Smart contract development/auditing

N/A

Google Gemini

Internal AI model

Global

TrendMoon

Provides anonymized Telegram sentiment data (third-party operated)

N/A

Fiat On/Off Ramp Providers

Evaluating Ramp Network, MoonPay, or Stripe

N/A

Cross-Chain Bridges

Evaluating LayerZero, Wormhole

N/A

KYC / AML Providers

Evaluating Sumsub, Toggle, or others

N/A

7.3. Legal and Regulatory:

7.3.1. We may disclose your information if required by applicable laws, regulations, legal processes, or government requests. Such disclosures may occur in cases involving:

7.3.1.1. Compliance with court orders or subpoenas;

7.3.1.2. Enforcement of our legal rights;

7.3.1.3. Prevention of fraud or illegal activities;

7.3.1.4. Protection of the safety and security of our Users and Platform.

7.4. Aggregated or Anonymised Data:

7.4.1. We may share aggregated or anonymised data that cannot reasonably identify you with third parties for purposes such as research, analytics, and business development.

8. DATA SECURITY

8.1. Security Measures:

8.1.1. We take appropriate technical and organisational measures to safeguard your personal information from unauthorised access, disclosure, alteration, and destruction. These measures include:

8.1.1.1. Encryption: Encrypting sensitive information during transmission and storage.

8.1.1.2. Access Controls: Restricting access to personal data to authorised personnel only.

8.1.1.3. Regular Security Audits: Conducting periodic assessments of our security infrastructure.

8.1.1.4. Incident Response Plans: Implementing strategies to respond promptly to potential data breaches.

8.2. User Responsibilities:

8.2.1. While we take reasonable measures to protect your data, Users are responsible for maintaining the security of their accounts by:

8.2.1.1. Using strong and unique passwords;

8.2.1.2. Enabling multi-factor authentication (if available);

8.2.1.3. Avoiding sharing sensitive login credentials with others;

8.2.1.4. Regularly reviewing account activity.

8.3. Security Breaches:

8.3.1. In the event of a personal data breach, the Platform Operator will take all appropriate technical and organizational measures to mitigate its impact and protect affected Users. In compliance with the General Data Protection Regulation (GDPR), the Platform shall notify the relevant National Competent Authority (NCA) without undue delay and, where feasible, no later than 72 hours after becoming aware of the breach, unless a reasoned justification exists for a delay (ongoing investigations, efforts to neutralize the breach or need to verify the impact).

8.3.2. Furthermore, where the breach is likely to result in a high risk to the rights and freedoms of affected data subjects, the Platform Operator will also notify those individuals without undue delay, in accordance with applicable legal obligations and exemptions.

8.4. No Absolute Security Guarantee:

8.4.1. Despite our efforts to protect your data, no system can guarantee absolute security. Users acknowledge the inherent risks of online interactions and blockchain-based transactions.

9. COOKIES AND TRACKING TECHNOLOGIES

9.1. Cookies are small text files that are stored on your device when you visit a website. They help websites function properly, remember your preferences, and provide information for analytics and advertising.

9.2. Why we use Cookies:

9.2.1. Enable secure user login and account functionality;

9.2.2. Improve performance and user experience;

9.2.3. Provide analytics on site traffic and user interactions;

9.2.4. Enable social media sharing; and

9.2.5. Embed content (e.g., YouTube)

9.3. Types of Cookies:

9.3.1. Essential Cookies: Enable core site functionality and authentication mechanisms;

9.3.2. Performance Cookies: Collect aggregated statistics about user behavior and site performance;

9.3.3. Functional Cookies: Remember user preferences and settings for a personalized experience;

9.3.4. Analytics Tools: Such as Google Analytics or open-source equivalents to track session behavior and optimize site functionality.

SERVICE PROVIDER

Key cookies

Purpose

Google, Inc.

NID

_ga

_gid

_gat gat_gtag_UA_68491880_5

Hotjar

Behavioral analytics

We use Hotjar to analyze user behavior on our website and improve usability. Hotjar cookies help us understand how visitors navigate the site through anonymized heatmaps, session recordings, and feedback tools. These cookies do not collect personal data and are used solely for performance and analytics purposes.

9.4. You can configure your browser to block or delete cookies. Please note that disabling cookies may affect your ability to access certain Platform features.

10. DATA RETENTION

10.1. Retention Period:

10.1.1. We retain your personal data for as long as necessary to fulfill the purposes outlined in this Policy; comply with legal and regulatory obligations, resolve disputes, and enforce our agreements.

10.1.1.1. Data is stored for as long as the User has Tokens available in their airdrip.

10.1.1.2. For Users interacting with the Platform, their data will be retained for up to 1 year following their last activity.

10.1.1.3. Users who do not agree to data storage will not be eligible to receive airdrip Tokens or interact with the Platform features.

10.1.2. The retention period may vary depending on the type of data and the purposes for which it is processed. The criteria used to determine the retention period include:

10.1.2.1. Regulatory and Legal Requirements: Compliance with applicable laws and industry regulations that require certain records to be maintained for a specific duration (max 5 years).

10.1.2.2. Business Needs: Fulfilling operational, contractual, and performance obligations (e.g., staking records).

10.1.2.3. Security Considerations: Preventing fraud, ensuring data integrity, and addressing security vulnerabilities.

10.2. Data Minimisation and Anonymisation:

10.2.1. We take measures to ensure that personal data is only retained as long as necessary. Where possible, data is anonymised or pseudonymised to minimise exposure. Anonymised data, which no longer identifies a User, may be retained indefinitely for analytical and statistical purposes.

11. DATA SECURITY

We take your privacy seriously and implement the following protective measures:

11.1. Secure HTTPS communication;

11.2. Blockchain-level cryptographic protections;

11.3. Firewalls, DDoS mitigation, and multi-region redundancy for our infrastructure;

11.4. Access controls based on roles and business necessity;

11.5. Ongoing monitoring and threat detection systems.

We encourage you to secure your own access credentials, update wallets regularly, and avoid sharing private keys or personal identifiers on-chain.

12. USER RIGHTS AND CHOICES

Considering the inherent characteristics of blockchain technology, particularly its immutability and decentralized nature, access, correction, erasure, and portability of user data may not always be technically feasible. However, where such actions can be reasonably implemented, the Platform Operator will take all appropriate steps to facilitate the exercise of these rights. In general, the Platform processes user data in anonymised or pseudonymised form, meaning it cannot directly identify an individual. Nonetheless, in specific cases where the Platform collects or processes identifiable personal data (such as for Know-Your-Customer (KYC) or Anti-Money Laundering (AML) purposes), Users retain the right to exercise the following rights, in accordance with applicable data protection laws:

12.1. Access and Correction:

12.1.1. Users have the right to request access to their personal data and verify its accuracy. You may request corrections to any inaccurate or incomplete personal information that we hold about you.

12.2. Right to Erasure:

12.2.1. Subject to applicable laws, Users have the right to request the deletion of their personal data under the following circumstances:

12.2.1.1. When the data is no longer necessary for the purposes for which it was collected;

12.2.1.2. When consent is withdrawn (if processing was based on consent);

12.2.1.3. When the data was processed unlawfully.

12.2.2. We will comply with such requests unless retention is necessary to comply with legal obligations.

12.3. Data Portability:

12.3.1. Users have the right to receive their personal data in a structured, commonly used, machine-readable format, and to transmit that data to another data controller where technically feasible.

12.4. Right to Object:

12.4.1. Users may object to the processing of their data in cases where processing is based on legitimate interests or direct marketing purposes. Upon receiving an objection, we will assess whether compelling legitimate grounds override the User's interests and act accordingly.

12.5. Right to Restriction of Processing:

12.5.1. Users have the right to request restrictions on the processing of their personal data if they contest the accuracy of the data, object to its processing, or require data for legal claims while the request is being reviewed.

12.6. Withdrawal of Consent:

12.6.1. Where processing is based on user consent, Users have the right to withdraw their consent at any time. Withdrawal of consent does not affect the lawfulness of processing conducted prior to such withdrawal.

12.7. Lodging a Complaint:

12.7.1. If Users believe their rights under applicable data protection laws have been violated, they have the right to lodge a complaint with the appropriate data protection authority at the St Kitts and Nevis Ministry of Justice and Legal Affairs website

The Platform will respond to such requests within one month, unless doing so would infringe upon the rights or freedoms of others (e.g., intellectual property rights or confidentiality obligations). In such cases, the Platform will provide a justified explanation for any limitations on the request.

13. INTERNATIONAL DATA TRANSFERS

13.1. Cross-Border Transfers:

13.1.1. We may transfer personal data to jurisdictions outside of the User’s country of residence where data protection laws may differ. When such transfers occur, we implement safeguards to ensure adequate protection, including:

13.1.1.1. Standard Contractual Clauses approved by regulatory authorities;

13.1.1.2. Privacy Shield frameworks (where applicable);

13.1.1.3. Binding corporate rules adopted by affiliated entities.

13.1.1.4. Technical safeguards such as encryption;

13.1.1.5. Verification of third-party compliance with recognized data protection frameworks.

By using the Platform, you agree to the transfer of your data across borders as necessary for the services.

13.2. Security Measures for International Transfers:

13.2.1. In all international transfers, we implement encryption, access controls, and secure communication protocols to ensure personal data remains protected regardless of jurisdiction.

14. CHANGES TO THIS PRIVACY POLICY

14.1. We reserve the right to modify this Policy at any time to reflect changes in legal requirements, operational needs, or technological advancements. In the event of significant changes, we will notify Users through:

14.1.1. Posting updates on the Platform;

14.1.2. Sending notifications via email (if applicable);

14.1.3. Providing a summary of key changes.

14.2. Continued use of the Platform after any updates to this Policy signifies acceptance of the changes.

Registration No. F 415

Registered Address: A.L. Evelyn Ltd Building, Suite 1, P.O. Box 258, Main Street, Charlestown, Nevis

PreviousFAQsNextTerms and Conditions

Last updated 5 hours ago

Google Analytics uses cookies to see information on the activities of visitors to our website and users of our service, including page views, source and time spent on the Platform. The information is anonymised and is displayed as numbers, meaning it cannot be tracked back to individuals. This will help to protect your privacy. Anonymous tracking (Opt-out available via

)

The Flagship FYI Foundation

Data-Protection@flagship.fyi
Google Analytics
Opt-out