This Privacy Policy explains how SecondFi (including any parent, subsidiary or affiliate that operates SecondFi in your region) ("SecondFi", "we", "us" or "our") and the service providers that process information on our behalf collect, use and share information when you use our websites, apps, browser extensions, smart contracts and other tools (together, the "Platform").
By creating an account or wallet, accessing, browsing, installing, or using any part of the Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. This Privacy Policy forms part of, and is subject to, the Platform Terms of Use, including their provisions on governing law and jurisdiction. If you do not agree with these Terms, you must not access or use the Platform.
You represent and warrant that you have the legal capacity to enter into this Privacy Pollicy and, if you are accepting this Privacy Pollicy on behalf of a legal entity, that you are authorised to bind that entity.
Some features interact with public blockchains, which are outside our control (see ‘Blockchain and wallet information’).
We may update this Privacy Policy from time to time (see ‘Changes to this Policy’ below).
We provide non-custodial wallet and web3 tools so you can connect a wallet, view balances and interact with dApps, tokens and smart contracts.
We may offer and integrate other services over time (for example card, payment, “neofinance platform” or RWA features) which may be provided by us or our regulated partners.
Different features may have additional terms or privacy notices. If there is a conflict, those specific terms apply for that feature.
We will never ask you to share your private keys, seed phrase or wallet passwords. You must keep these secret and secure. If anyone claims to be from SecondFi and asks for them, do not share and contact us.
We may collect information you choose to provide, for example:
Contact details such as name, email address and phone number.
Profile details, settings and preferences.
Information you send to us in support tickets, feedback forms or community channels.
Information needed for KYC / compliance when you apply for regulated services (for example card or “neofinance platform” features), such as official ID details or proof of address, where required by law or by our partners.
You can choose not to provide certain information, but this may limit your ability to use some features.
If you choose to use card, fiat, RWA (real‑world asset) or other similar features, we and our regulated partners may also process additional personal data (for example identity documents, sanctions and screening results, and transactional data from those partners) where needed to meet legal and regulatory obligations and to provide and operate those features.
If you provide us with personal information about another person, you are responsible for ensuring that you have a lawful basis to do so (for example, their consent or another legal ground) and, where appropriate, for informing them about how we will use their information.
When you use the Platform, we may automatically collect:
Device and app information (device type, operating system, browser type and version, app version).
Log and usage data (IP address, time and date of access, pages and screens viewed, buttons clicked, features used, error logs).
Approximate location from your IP address (for example, country or city level).
Information from cookies and similar technologies (see section 7).
When you connect a wallet or interact with smart contracts:
We may collect your public wallet address and information about on-chain transactions you initiate through the Platform.
Public blockchains may show your wallet address, transaction history, token balances and smart contract interactions. This information is public, may be linked or analysed by others and is generally permanent.
KYC/AML and identity verification providers (when required for regulated services).
Analytics and security providers.
Card issuers, payment processors and other financial partners when you use their services through the Platform.
Public sources (including blockchain explorers and public databases).
We use personal information for the following purposes:
Provide the Platform: to let you connect a wallet, view balances, perform transactions, use web3 features and access any available financial or “neofinance platform” tools.
Operate and improve: to monitor usage, fix bugs, improve performance, develop new features and make the Platform easier to use.
Security and fraud prevention: to detect and prevent fraud, abuse or suspicious activity, to protect accounts and the integrity of the Platform.
On-chain analytics and insights: to analyse public blockchain activity (including transactions linked to wallets you connect or use with the Platform) and combine this with other information we hold, in order to improve security and fraud detection, meet compliance obligations, understand usage patterns and develop and improve features. We do not seek to deanonymise users or link on-chain activity to real-world identities beyond what is reasonably necessary for these purposes or required by law or our regulatory obligations.
Customer support: to respond to your questions, feedback and requests.
Legal and compliance: to meet our legal, regulatory, tax and reporting obligations and to cooperate with regulators and law-enforcement where required.
Marketing and communication: to send you updates, notices and marketing messages about the Platform where allowed by law and your preferences, and to use usage data, approximate location and wallet interactions to tailor which features, products or educational content we highlight to you where permitted by law. You can opt out of marketing at any time and may be able to adjust your marketing and communication settings in the Platform (where available).
Eligibility, risk and geo rules: to use location information, wallet activity and information we receive from partners to apply eligibility criteria, risk scoring, sanctions or geo-blocking and to decide which features, products or yields are available or shown to you, where required for regulatory, compliance or risk-management purposes.
Where required by law, we will rely on your consent or other lawful bases (such as performing a contract with you, complying with legal obligations or pursuing our legitimate interests) to process your information.
We do not sell your personal information.
We may share information in these situations:
Service providers: with companies that help us provide the Platform (hosting, cloud storage, customer support tools, analytics, security, email delivery and similar services). They must protect your information and use it only on our instructions.
Regulated partners: with card issuers, payment providers, banks, KYC providers and other regulated partners when you apply for or use their services through the Platform. Each regulated partner is an independent controller of the personal data it processes for its own regulated services, and its own terms and privacy policy govern that processing. For some integrations we may provide additional notices or links to the relevant partner's privacy information at the point where you activate or use that service.
Blockchain networks: when you send a transaction, the transaction details and your public wallet address are shared with the relevant blockchain network and may be visible to anyone who views that chain.
Group companies: with other entities in our group as needed to provide the Platform and run our business.
Legal / safety reasons: when we believe it is necessary to comply with law, regulation, court orders or requests from authorities, to enforce our terms, or to protect our rights, users or the public.
Business transactions: in connection with a merger, acquisition, restructuring, financing or sale of our business or assets.
With your consent: where you have agreed that we may share information for a particular purpose.
We keep personal information only as long as needed for the purposes described in this Policy or as required by law (for example for tax, accounting, regulatory or dispute-resolution purposes).
Certain records, such as KYC documentation, identity checks, sanctions and screening results, and card or payment usage logs we receive from partners, may be retained for longer periods where needed to meet anti-money laundering, financial crime, tax, accounting or other legal and regulatory obligations, even if you close your profile or stop using the Platform.
When we no longer need personal information, we will delete or anonymise it, or if that is not possible (for example in backup systems) we will securely store it and isolate it from further use until deletion is possible.
Information recorded on public blockchains is generally permanent and cannot be changed or deleted by us.
We may use cookies, SDKs and similar technologies to:
Run core Platform functions (for example, keeping you signed in and securing your session).
Understand how the Platform is used and improve performance.
Remember your settings and preferences.
Provide or measure marketing where allowed by law and your preferences.
Some cookies and SDKs may track interactions across browsers or devices, or across SecondFi’s web and app properties, to help us understand how users move between them and to measure analytics and attribution, with opt-out options where required by law.
You can usually control cookies through your browser or device settings. If you disable cookies, some features of the Platform may not work properly.
We may also use third-party analytics tools (for example, services like Google Analytics or similar). These providers use their own cookies and identifiers and handle data according to their own privacy policies.
We may transfer, store and process your information in countries other than where you live. These countries may have different data-protection laws.
Where required, we take steps to protect your information when it is transferred, for example by using standard contractual clauses or other recognised safeguards.
By using the Platform, you understand that your information may be processed in other countries.
We use reasonable technical and organisational measures designed to protect personal information from unauthorised access, use or disclosure. These may include encryption, access controls, secure development practices and regular security reviews.
No system is perfectly secure. You are responsible for keeping your devices, wallet credentials, private keys and seed phrase safe and for using strong security practices.
Depending on where you live, you may have rights such as:
Accessing the personal information we hold about you.
Asking us to correct inaccurate information.
Asking us to delete certain information, or to restrict or object to certain processing.
Withdrawing consent where we rely on your consent (this will not affect past processing).
Receiving a copy of certain information in a portable format.
To exercise your rights, please contact us at the address below. We may need to verify your identity before responding. Local laws may also give you the right to complain to a data-protection authority.
You can opt out of marketing emails by using the unsubscribe link in those emails or updating your settings (where available). We may still send you important service or legal messages.
The Platform is not intended for use by children under 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it where required.
We may amend this Privacy Policy from time to time. The updated policy will be posted on the Platform or otherwise notified to you.
We may also provide additional notice of material changes (for example by email or in-app notice), where required by law.
Unless otherwise stated, the updated policy will take effect when posted. Your continued access to or use of the Platform after the effective date constitutes your acceptance of the updated policy.
We do not need your prior approval to change this Privacy Policy.
To the maximum extent permitted by law, our total aggregate liability arising out of or in connection with this Privacy Policy or our handling of personal information will be limited to the higher of either (a) fees you have paid to us for use of the Platform in the six (6) months immediately before the event giving rise to the claim or (b) USD10,000. This limitation does not apply where it is prohibited by applicable law (for example, in relation to liability for fraud or for death or personal injury caused by our negligence).
If you are located in the EEA or Switzerland, SecondFi will normally act as a data controller when we decide how and why your personal information is processed.
Legal bases: We process your personal information on one or more of the following legal bases:
to perform a contract with you and provide the Platform;
to comply with our legal obligations (for example in relation to financial regulations, sanctions, tax or accounting);
for our legitimate interests (for example to secure and improve the Platform, prevent fraud and protect our users), provided that these are not overridden by your rights and interests; and
with your consent, where this is required (for example for certain marketing or analytics activities). You can withdraw your consent at any time.
Your rights: In addition to the rights described in section 10, under the GDPR you may have the right to object to processing based on our legitimate interests, ask us to restrict processing in certain circumstances, and lodge a complaint with your local data protection authority.
If you are located in the UK, the information above for the EEA also applies to you under UK data protection law, including the right to lodge a complaint with the ICO.
If you are located in Singapore, we process your personal data in accordance with the Personal Data Protection Act 2012 (PDPA).
We may collect, use and disclose your personal data for the purposes described in this Policy. This may include relying on deemed consent, consent by notification or other grounds permitted under the PDPA.
You have rights of access and correction in respect of your personal data. You may also withdraw your consent to our collection, use or disclosure of your personal data, subject to legal and contractual restrictions and reasonable notice. If you withdraw consent, this may affect our ability to provide some or all of the Platform.
For certain features, including card, fiat or similar payment rails, some personal data will be collected and processed by Singapore or foreign regulated entities in accordance with their own legal and regulatory obligations. SecondFi may be required to disclose your information to these entities or to competent authorities to support compliance with applicable laws (for example, financial regulation, anti-money laundering and sanctions requirements).
If you have questions about this Privacy Policy or our privacy practices, or you wish to exercise your privacy rights, you can contact us at:
Email: info@secondfi.io