# Privacy Policy

**Last Updated: 01/14/2026**

***

## 1. Who We Are

**ADDU** (hereinafter "ADDU", "we", "us" or "our") is a **French non-profit association** (Association loi 1901) governed by French law, with its registered office at:

**10 rue de la Paix, 75002 Paris, France**

ADDU operates websites and interfaces enabling access to certain functionalities related to digital assets and smart contracts (the "Services"), in particular through:

* fira.money
* app.fira.money

(together, the "Site")

***

## 2. Purpose of This Privacy Policy

This Privacy Policy explains:

* What personal data we collect
* Why and on what legal basis we process it
* With whom we share it
* How long we retain it
* Your GDPR rights and how to exercise them

***

## 3. Definitions

| Term              | Definition                                                                                                                                                                  |
| ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Personal Data** | Any information relating to an identified or identifiable natural person (e.g., email address, IP address, online identifier, a wallet address if it can identify a person) |
| **Processing**    | Any operation performed on personal data (collection, storage, consultation, deletion, etc.)                                                                                |
| **Controller**    | The entity that determines the purposes and means of the processing (ADDU for the processing described here, except for blockchain processing)                              |

***

## 4. Eligibility (Minors)

The Services are not intended for individuals under 18 and we do not knowingly collect personal data from children. If we become aware that a minor has provided us with personal data, we will delete it as soon as reasonably possible, subject to our legal obligations.

***

## 5. What Data Do We Collect?

### 5.1 Data You Provide to Us

* **Identity and contact data:** first and last name, email address, nationality (if provided)
* **Communications:** content of messages sent to our support (e.g., feedback, questions, job applications, requests)

### 5.2 Technical and Usage Data

* **Connection data:** IP address, logs, date/time, browser information
* **Device and configuration data:** version, time zone, settings, language
* **Audience and performance measurement:** technical errors, interactions with the Site, usage events

### 5.3 Web3-Related Data

Depending on how the dApp operates, we may process:

* Wallet address(es) (public key)
* Transaction identifiers (hash)
* Network
* Relevant smart contract(s)
* Data necessary for operations, security, and support

:::note Some of this information may also exist on-chain (see Section 10). :::

### 5.4 Cookies and Trackers

We use cookies and similar technologies (see Section 11).

***

## 6. Why Do We Process Your Data?

In accordance with the GDPR, we process personal data only when we have a legal basis.

### Main Purposes

| Purpose                                           | Data                                     | Legal Basis                                              |
| ------------------------------------------------- | ---------------------------------------- | -------------------------------------------------------- |
| Support and Communications                        | Name, email, communications content      | Performance of contract / Legitimate interests / Consent |
| Providing, Maintaining and Improving the Services | Technical data, logs, usage events       | Legitimate interests / Performance of contract           |
| Security, Fraud and Abuse Prevention              | Logs, IP address, technical signals      | Legitimate interests / Legal obligations                 |
| Legal and Regulatory Compliance                   | Any data necessary                       | Legal obligation                                         |
| Non-Essential Cookies                             | Cookie identifiers, audience measurement | Consent                                                  |

***

## 7. Who Do We Share Your Data With?

### 7.1 Internal Recipients

Access is restricted to personnel who need to know (support, engineering, security).

### 7.2 Processors (Service Providers)

We may share data with service providers acting as processors (hosting, support tools, analytics if enabled, security tooling, communications).

### 7.3 Authorities and Legal Requirements

We may disclose data where required to do so by law.

### 7.4 Partners

If personal data is shared with corporate partners, such sharing must be limited and framed.

***

## 8. International Transfers

Your data may be processed outside the European Economic Area. Where that happens, we implement appropriate safeguards:

* Standard Contractual Clauses approved by the European Commission
* Additional measures where required (encryption, minimization, access controls)

***

## 9. Data Retention

We retain personal data only as long as necessary for the purposes described above.

| Data Type                 | Retention Period                                |
| ------------------------- | ----------------------------------------------- |
| Support/communications    | As long as needed + up to 5 years for archiving |
| Account/relationship data | 5 years after account closure                   |
| Transaction-related data  | 5 years from transaction date                   |
| Security logs             | A few months (unless incident requires longer)  |

:::warning\[Blockchain Data] Data recorded on a public blockchain may be non-erasable. :::

***

## 10. Blockchain-Specific Notice

:::danger\[Important] Public blockchains provide transaction transparency. Some information (e.g., wallet addresses, amounts, transaction hashes) may be recorded **permanently** on-chain. :::

ADDU does not control public blockchains (decentralized networks) and is not responsible for processing carried out by such networks nor for on-chain persistence.

As a result, certain rights (in particular erasure and rectification) may be technically limited for on-chain data.

**Recommendation:** Do not insert directly identifying personal data (e.g., name, email) into public transaction fields or metadata.

***

## 11. Cookies and Similar Technologies

### 11.1 What is a Cookie?

A cookie/tracker is a file or identifier stored/read on your device to enable technical functionality, measure audience, store preferences, etc.

### 11.2 Strictly Necessary Cookies (No Consent Required)

We may use technical cookies essential to operate the Site (e.g., session management, security, load balancing).

### 11.3 Non-Essential Cookies (Consent Required)

Analytics, advanced personalization, or advertising cookies (if used) generally require your prior consent.

***

## 12. Security

We implement reasonable technical and organizational measures to protect your data:

* Access controls
* Minimization
* Logging
* Backups
* Application security

:::note No method provides absolute security, and a residual risk cannot be entirely eliminated. :::

***

## 13. Your GDPR Rights

Subject to legal conditions and limitations, you have the right to:

| Right                        | Description                                        |
| ---------------------------- | -------------------------------------------------- |
| **Access**                   | Access your data                                   |
| **Rectification**            | Rectify your data                                  |
| **Erasure**                  | Erase your data (in certain cases)                 |
| **Restriction**              | Restrict processing                                |
| **Object**                   | Object to processing based on legitimate interests |
| **Portability**              | Data portability (where applicable)                |
| **Withdraw Consent**         | Withdraw consent at any time                       |
| **Post-mortem Instructions** | Under French law                                   |

:::warning\[Blockchain Limitation] The exercise of certain rights may be limited for on-chain data. :::

***

## 14. How to Exercise Your Rights

You may contact us:

**By email:** <support@fira.money>

**By post:** ADDU – 10 rue de la Paix, 75002 Paris, France

***

## 15. Complaints with a Supervisory Authority

If you believe your rights are not respected, you may lodge a complaint with the **CNIL** (France):

**CNIL – 3 Place de Fontenoy – TSA 80715 – 75334 Paris Cedex 07**

***

## 16. Third-Party Links

The Site may contain links to third-party websites. We do not control those sites and this Privacy Policy does not apply to them.

***

## 17. Changes to This Privacy Policy

We may update this Privacy Policy at any time. Where changes are material, we will post a notice on the Site and the updated version will apply as of publication.

***

## 18. Contact

If you have any questions about privacy, please contact:

**<support@fira.money>**


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.fira.money/legal/privacy-policy.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.