Privacy Policy

Last Updated: 01/14/2026

1. Who We Are

ADDU (hereinafter "ADDU", "we", "us" or "our") is a French non-profit association (Association loi 1901) governed by French law, with its registered office at:

10 rue de la Paix, 75002 Paris, France

ADDU operates websites and interfaces enabling access to certain functionalities related to digital assets and smart contracts (the "Services"), in particular through:

fira.money
app.fira.money

(together, the "Site")

2. Purpose of This Privacy Policy

This Privacy Policy explains:

What personal data we collect
Why and on what legal basis we process it
With whom we share it
How long we retain it
Your GDPR rights and how to exercise them

3. Definitions

Term

Definition

Personal Data

Any information relating to an identified or identifiable natural person (e.g., email address, IP address, online identifier, a wallet address if it can identify a person)

Processing

Any operation performed on personal data (collection, storage, consultation, deletion, etc.)

Controller

The entity that determines the purposes and means of the processing (ADDU for the processing described here, except for blockchain processing)

4. Eligibility (Minors)

The Services are not intended for individuals under 18 and we do not knowingly collect personal data from children. If we become aware that a minor has provided us with personal data, we will delete it as soon as reasonably possible, subject to our legal obligations.

5. What Data Do We Collect?

5.1 Data You Provide to Us

Identity and contact data: first and last name, email address, nationality (if provided)
Communications: content of messages sent to our support (e.g., feedback, questions, job applications, requests)

5.2 Technical and Usage Data

Connection data: IP address, logs, date/time, browser information
Device and configuration data: version, time zone, settings, language
Audience and performance measurement: technical errors, interactions with the Site, usage events

Depending on how the dApp operates, we may process:

Wallet address(es) (public key)
Transaction identifiers (hash)
Network
Relevant smart contract(s)
Data necessary for operations, security, and support

:::note Some of this information may also exist on-chain (see Section 10). :::

5.4 Cookies and Trackers

We use cookies and similar technologies (see Section 11).

6. Why Do We Process Your Data?

In accordance with the GDPR, we process personal data only when we have a legal basis.

Main Purposes

Purpose

Data

Legal Basis

Support and Communications

Name, email, communications content

Performance of contract / Legitimate interests / Consent

Providing, Maintaining and Improving the Services

Technical data, logs, usage events

Legitimate interests / Performance of contract

Security, Fraud and Abuse Prevention

Logs, IP address, technical signals

Legitimate interests / Legal obligations

Legal and Regulatory Compliance

Any data necessary

Legal obligation

Non-Essential Cookies

Cookie identifiers, audience measurement

Consent

7.1 Internal Recipients

Access is restricted to personnel who need to know (support, engineering, security).

7.2 Processors (Service Providers)

We may share data with service providers acting as processors (hosting, support tools, analytics if enabled, security tooling, communications).

7.3 Authorities and Legal Requirements

We may disclose data where required to do so by law.

7.4 Partners

If personal data is shared with corporate partners, such sharing must be limited and framed.

8. International Transfers

Your data may be processed outside the European Economic Area. Where that happens, we implement appropriate safeguards:

Standard Contractual Clauses approved by the European Commission
Additional measures where required (encryption, minimization, access controls)

9. Data Retention

We retain personal data only as long as necessary for the purposes described above.

Data Type

Retention Period

Support/communications

As long as needed + up to 5 years for archiving

Account/relationship data

5 years after account closure

Transaction-related data

5 years from transaction date

Security logs

A few months (unless incident requires longer)

:::warning[Blockchain Data] Data recorded on a public blockchain may be non-erasable. :::

10. Blockchain-Specific Notice

:::danger[Important] Public blockchains provide transaction transparency. Some information (e.g., wallet addresses, amounts, transaction hashes) may be recorded permanently on-chain. :::

ADDU does not control public blockchains (decentralized networks) and is not responsible for processing carried out by such networks nor for on-chain persistence.

As a result, certain rights (in particular erasure and rectification) may be technically limited for on-chain data.

Recommendation: Do not insert directly identifying personal data (e.g., name, email) into public transaction fields or metadata.

11. Cookies and Similar Technologies

A cookie/tracker is a file or identifier stored/read on your device to enable technical functionality, measure audience, store preferences, etc.

We may use technical cookies essential to operate the Site (e.g., session management, security, load balancing).

Analytics, advanced personalization, or advertising cookies (if used) generally require your prior consent.

12. Security

We implement reasonable technical and organizational measures to protect your data:

Access controls
Minimization
Logging
Backups
Application security

:::note No method provides absolute security, and a residual risk cannot be entirely eliminated. :::

Subject to legal conditions and limitations, you have the right to:

Right

Description

Access

Access your data

Rectification

Rectify your data

Erasure

Erase your data (in certain cases)

Restriction

Restrict processing

Object

Object to processing based on legitimate interests

Portability

Data portability (where applicable)

Withdraw Consent

Withdraw consent at any time

Post-mortem Instructions

Under French law

:::warning[Blockchain Limitation] The exercise of certain rights may be limited for on-chain data. :::

14. How to Exercise Your Rights

You may contact us:

By email: [email protected]

By post: ADDU – 10 rue de la Paix, 75002 Paris, France

15. Complaints with a Supervisory Authority

If you believe your rights are not respected, you may lodge a complaint with the CNIL (France):

CNIL – 3 Place de Fontenoy – TSA 80715 – 75334 Paris Cedex 07

16. Third-Party Links

The Site may contain links to third-party websites. We do not control those sites and this Privacy Policy does not apply to them.

17. Changes to This Privacy Policy

We may update this Privacy Policy at any time. Where changes are material, we will post a notice on the Site and the updated version will apply as of publication.

18. Contact

If you have any questions about privacy, please contact:

[email protected]

PreviousTerms of Use

Last updated 15 days ago

Good night

hashtag1. Who We Are

hashtag2. Purpose of This Privacy Policy

hashtag3. Definitions

hashtag4. Eligibility (Minors)

hashtag5. What Data Do We Collect?

hashtag5.1 Data You Provide to Us

hashtag5.2 Technical and Usage Data

hashtag5.3 Web3-Related Data

hashtag5.4 Cookies and Trackers

hashtag6. Why Do We Process Your Data?

hashtagMain Purposes

hashtag7. Who Do We Share Your Data With?

hashtag7.1 Internal Recipients

hashtag7.2 Processors (Service Providers)

hashtag7.3 Authorities and Legal Requirements

hashtag7.4 Partners

hashtag8. International Transfers

hashtag9. Data Retention

hashtag10. Blockchain-Specific Notice

hashtag11. Cookies and Similar Technologies

hashtag11.1 What is a Cookie?

hashtag11.2 Strictly Necessary Cookies (No Consent Required)

hashtag11.3 Non-Essential Cookies (Consent Required)

hashtag12. Security

hashtag13. Your GDPR Rights

hashtag14. How to Exercise Your Rights

hashtag15. Complaints with a Supervisory Authority

hashtag16. Third-Party Links

hashtag17. Changes to This Privacy Policy

hashtag18. Contact