Privacy Policy

This Privacy Notice (the “Policy”) explains how Frontera Labs, Inc. (“Frontera Labs”, the “Company”, “we”, “us”, or “our”), together with independent contributors and infrastructure providers acting on its behalf, process limited technical and pseudonymous data when you access www.strata.money or interact with any related front-end components that enable interaction with decentralised smart contracts (the “Interface”). By accessing or using the Interface, you acknowledge that you have read and understood this Policy. If you do not agree, you should not use the Interface.

The Interface is fully non-custodial. We do not create user accounts, custody assets, request KYC documentation, or collect personal identity data.

For clarity, this Privacy Notice applies only to the Interface. It does not apply to the underlying Strata Protocol, which is fully decentralised, autonomous, and operated directly on public blockchain networks outside the control of Frontera Labs. All on-chain transactions and data are public and are not processed, controlled, or governed by this Policy.

1. Personal Data We Collect

We collect limited categories of pseudonymous and technical data, including:

(a) Wallet data such as public blockchain addresses, transaction metadata, and interactions with smart contracts.

(b) Device and usage data such as IP address, browser type and version, operating system information, timestamps, request headers, and error logs.

(c) Access-control data such as high-level IP-derived location signals, network identifiers, autonomous system numbers, and wallet-screening results used solely to enforce sanctions and geo-blocking requirements.

(d) Support communications voluntarily sent to us by email or other contact methods.

(e) Aggregated or de-identified information that cannot reasonably identify any individual.

We do not collect names, government-issued identification, precise geolocation, biometric data, or other sensitive categories of personal data.

2. How We Use Technical Data

We use technical and pseudonymous data strictly for the following purposes:

We do not sell data, conduct behavioural advertising, or engage in automated decision-making with legal or significant effects.

3. Legal Bases For Processing

We process technical and pseudonymous data in accordance with the laws of the State of Delaware and other applicable U.S. privacy and consumer-protection frameworks. To the extent data-protection laws from other jurisdictions apply to a particular user (including, where relevant, the GDPR), we rely on the following bases:

(a) providing technical access to the Interface;

(b) the Company’s legitimate interests, including security, fraud prevention, diagnostics, and improvement;

(c) compliance with legal or regulatory obligations, including sanctions enforcement; and

(d) consent, but only for optional communications explicitly provided by the user.

4. Disclosure Of Data

We may disclose data to the following categories of recipients:

We may share aggregated or de-identified information that cannot reasonably identify you.

5. Cookies and Local Storage

The Interface may use minimal cookies or local storage strictly for technical and functional purposes, such as maintaining user interface preferences or supporting essential features. These cookies are not used for advertising, cross-site tracking, behavioural profiling, or the sale of personal data. You may disable cookies through your browser settings, although certain Interface functions may not operate correctly. The Interface does not respond to “Do Not Track” signals, consistent with U.S. privacy standards.

6. User Rights

The rights that may be available to a user with respect to personal data depend on the laws applicable to that user. As a Delaware corporation, Frontera Labs, Inc. processes only limited technical and pseudonymous data for the operation and security of the Interface, and such data generally does not constitute “personal information” subject to access, deletion, or correction rights under U.S. state privacy laws.

To the extent that foreign data-protection laws apply to a particular user (including, where relevant, the General Data Protection Regulation (GDPR) or comparable legislation), such user may have certain rights with respect to personal data voluntarily provided to the Company, such as the right to request access, rectification, erasure, restriction of processing, or withdrawal of consent where consent was the applicable legal basis. These rights apply solely to information that the Company can reasonably access and control. They do not extend to blockchain addresses, transaction records, or any on-chain data, as such data is publicly available, immutable, and not processed or controlled by the Company.

Any request to exercise applicable rights must be submitted to [email protected]. The Company will assess and respond to such requests in accordance with the laws that govern the specific user and only with respect to data that is within the Company’s possession and control.

7. Security

The Company implements commercially reasonable administrative, technical, and physical safeguards designed to protect the limited technical data processed through the Interface. Such measures are appropriate to the non-custodial, pseudonymous, and web-based nature of the Interface and may include, where applicable, encryption in transit, access-control mechanisms, monitoring of critical systems, segregation of infrastructure environments, and periodic technical assessments carried out in accordance with U.S. industry standards.

The Company does not custody digital assets, cannot access private keys, seed phrases, recovery credentials, or wallet passwords, and does not collect or store user authentication data. Users are solely responsible for the security of their wallets, private keys, devices, and any credentials associated with their use of the Interface.

The Company makes no representation or warranty regarding the security of blockchain networks, third-party wallets, or smart contracts, which operate independently of the Interface and remain outside the Company’s control.

8. Data Retention

The Company retains data only for periods that are reasonably necessary for the operation, security, and integrity of the Interface, or as required to comply with applicable laws, regulations, or legitimate business purposes. Retention periods vary depending on the nature of the data and the context in which it is processed.

On-chain data is permanent, publicly available, and outside the Company’s possession or control.

Technical logs generated by access to the Interface are generally retained for up to 30 days, unless a longer period is required for security, fraud-prevention, sanctions-enforcement, abuse mitigation, or other lawful investigative purposes. These logs consist solely of technical information and do not include user-identifying data.

Access-control records used to enforce geographic, sanctions-related, or security restrictions are retained only for the duration necessary to apply such restrictions and to meet legal or regulatory obligations, after which they are deleted or anonymised.

Support communications voluntarily provided by users may be retained for up to three years from the date of last contact, or longer if necessary to establish, exercise, or defend legal claims, comply with record-keeping obligations, or resolve disputes.

Aggregated or anonymised information that cannot reasonably identify any individual may be retained indefinitely, as such information falls outside the scope of personal-data regulation.

The Company does not undertake obligations to retain data beyond these operational or legal requirements and may delete or anonymise data at any time at its discretion, provided no applicable law requires continued retention.

9. Age Eligibility

The Interface is not directed to, and should not be used by, individuals under the age of 18. The Company does not knowingly collect or process personal information from individuals under 13 years of age in accordance with applicable U.S. federal law (including the Children’s Online Privacy Protection Act, “COPPA”). If we become aware that information relating to a minor has been collected unintentionally, the Company will take reasonable steps to delete such information from its systems. Any concerns regarding minors’ data may be directed to [email protected].

10. Third-Party Wallets and External Links

The Interface may reference or enable connections to third-party wallets, websites, applications, or services that operate independently of the Company. Any interaction with such third-party tools is governed exclusively by the terms, privacy practices, and policies of those third parties.

The Company does not endorse, monitor, validate, or control the data-handling, security measures, or privacy practices of any third-party provider and makes no representations or warranties regarding their compliance with applicable laws or industry standards.

The Company disclaims all responsibility and liability for any data processed, collected, transmitted, or stored by third-party wallets or external services, which remain entirely outside the Company’s possession, custody, and control. Users are solely responsible for reviewing and understanding the applicable terms and policies of any third-party services they choose to access through or in connection with the Interface.

11. Transfer of Operator Entity

The Company may at any time assign this Policy or transfer the operation of the Interface to any affiliated or successor entity, including any newly formed foundation or other governance vehicle. Such entity will automatically replace the Company as the operator, and all references to “Frontera Labs”, the “Company”, “we”, or “us” will thereafter refer to that entity. Your continued use of the Interface after any such transfer constitutes acceptance of the updated operator and of this Policy as so transferred.

12. Changes to This Policy

We may update this Policy from time to time. The “Last Updated” date indicates the current version. Continued use of the Interface after any update constitutes acceptance of the revised Policy.

13. Contact

For any questions regarding this Policy, the operation of the Interface, or to submit a data-related request permitted under applicable law, you may contact the Company at: [email protected].

Communications sent to this address will be reviewed by the appropriate personnel at Frontera Labs, Inc. and handled in accordance with the laws applicable to the user and with the scope of data under the Company’s possession and control. The Company may request additional information as reasonably necessary to verify and process any request, and will respond within the timeframes required by applicable law, if any.