Privacy Policy
Last updated: March 24, 2026
FlowEscrow is designed to minimize data collection. We do not sell your information. Blockchain transactions are publicly visible by design and are not controlled by us. This policy explains what limited data we handle through the Interface.
1. Scope and Definitions
This Privacy Policy describes how The operator of the FlowEscrow Interface (“the Operator,” “we,” “us”) handles information in connection with the FlowEscrow Interface (the website and associated web applications). This policy does not cover on-chain data, which is governed by the public nature of the Alephium blockchain and is beyond the Operator’s control.
2. Information We Collect
2.1 Information You Provide Voluntarily
| Data | When | Purpose |
|---|---|---|
| Email address | Waitlist registration, proposal creation, escrow creation | Transaction notifications only |
| Wallet address | Wallet connection | Associate Interface state with on-chain identity |
| Display name | User preferences (optional) | Interface personalization |
| Language preference | Settings | Localize Interface |
| Referral code | Waitlist or referral registration | Referral program tracking |
2.2 Information Collected Automatically
| Data | Purpose | Retention |
|---|---|---|
| IP address | Rate limiting, abuse prevention | Server logs: 30 days |
| Browser type | Compatibility, debugging | Server logs: 30 days |
| Page access timestamps | Performance monitoring | Server logs: 30 days |
2.3 Blockchain Data (Not Controlled by Us)
All escrow transactions are recorded on the Alephium public blockchain. This includes wallet addresses, transaction amounts, token types, and smart contract interactions. This data is:
- Publicly visible to anyone, anywhere in the world
- Permanently and irrevocably stored on the blockchain
- Not collected, controlled, stored, or erasable by the Operator
- Created by your direct interaction with the Alephium blockchain through your wallet
The Operator bears no responsibility for the public visibility or permanence of on-chain data. By using the Protocol, you acknowledge and accept the public nature of blockchain transactions.
2.4 Information We Do NOT Collect
- Private keys, seed phrases, or wallet passwords
- Government-issued identification documents
- Bank account, credit card, or traditional financial information
- Physical address, phone number, or date of birth
- Biometric data
- Location data (beyond IP-derived country for rate limiting)
3. How We Use Information
We use collected information solely for:
- Operating the Interface — displaying escrow status, sending email notifications for transaction events
- Preventing abuse — rate limiting, detecting and blocking malicious activity
- Managing the referral and waitlist programs — tracking registrations, calculating referral rewards
- Technical maintenance — debugging, performance monitoring, infrastructure management
We do not use your information for advertising, profiling, credit scoring, automated decision-making, or any purpose not listed above.
4. Data Sharing
We do not sell, rent, trade, or monetize your personal information.
We may share limited data with the following categories of recipients, solely for the purposes described:
- Terminal49 — shipment reference numbers (B/L, container numbers) to retrieve tracking data. Terminal49’s handling of this data is governed by their own privacy policy.
- SMTP provider — email addresses for notification delivery. Our SMTP provider processes emails on our behalf and is contractually prohibited from using email addresses for other purposes.
- Law enforcement or regulatory authorities — when required by applicable law, court order, or legal process. We will comply with the minimum disclosure required.
We do not share data with advertisers, data brokers, analytics companies, or any other third parties not listed above.
5. Data Storage and Security
5.1 Storage
Off-chain data (email addresses, user preferences, proposal details, referral records) is stored in a PostgreSQL database within our server infrastructure.
5.2 Security Measures
We implement reasonable security measures including encrypted connections (TLS), restricted database access, and regular backups. However:
No system is perfectly secure. Despite reasonable security measures, the Operator cannot guarantee that unauthorized access, data breaches, or security incidents will not occur. The Operator shall not be liable for any damages arising from security breaches of the Interface, database, or any third-party systems. By providing information to the Interface, you acknowledge this inherent risk.
5.3 Breach Notification
In the event of a data breach affecting personal information, the Operator will make reasonable efforts to notify affected users through available channels. The Operator does not guarantee the timing or method of such notification and shall not be liable for any delays in notification or any consequences of the breach itself.
6. Data Retention
| Data Type | Retention Period | Basis |
|---|---|---|
| Escrow metadata (off-chain) | Duration of escrow + 1 year | Service operation |
| Proposal records | 1 year after expiration/completion | Service operation |
| Waitlist entries | Until mainnet launch + 6 months | Waitlist program |
| Email notification logs | 90 days | Debugging |
| User preferences | Until deletion request | User convenience |
| Referral data | Duration of referral program | Referral program |
| Server logs (IP, browser) | 30 days | Security, abuse prevention |
On-chain data (blockchain transactions) is retained permanently by the Alephium blockchain and cannot be deleted by the Operator or any other party.
7. Your Rights
Subject to applicable law, you may:
- Access — request a copy of personal data we hold about you
- Correct — update inaccurate information through the Interface settings
- Delete — request deletion of your off-chain data (email, preferences) by contacting us
- Opt out — disable email notifications via user preferences
- Data portability — request your data in a machine-readable format
Important limitations:
- On-chain data (blockchain transactions) cannot be modified or deleted by the Operator or anyone else
- Deletion requests may be refused where retention is required by law or legitimate operational needs
- Deletion of your data does not affect any smart contract on the blockchain
To exercise these rights, submit a request via our contact form. We will respond within 30 days.
8. Cookies and Local Storage
FlowEscrow uses minimal browser storage:
- Language preference — stored in localStorage
- Theme preference — stored in localStorage
- Wallet connection state — managed by the Alephium wallet extension (not by us)
We do not use tracking cookies, advertising pixels, fingerprinting, or third-party analytics services (such as Google Analytics). We do not participate in any advertising network or data exchange.
9. Children’s Privacy
The Protocol and Interface are not directed at individuals under 18 years of age. We do not knowingly collect information from minors. If we become aware that we have collected information from a minor, we will take steps to delete it promptly.
10. International Data Transfers
The Interface may be accessed from various jurisdictions. If you provide information through the Interface, it may be transferred to and processed in a jurisdiction different from your own. By using the Interface, you consent to such transfer and processing. The Operator processes data in accordance with applicable data protection laws.
11. GDPR (European Users)
If you are located in the European Economic Area (EEA), the following additional provisions apply:
- Legal basis: We process your data based on legitimate interest (service operation, security) and your consent (email notifications, waitlist registration).
- Data controller: the Operator, contactable via our contact form.
- Additional rights: You may lodge a complaint with your local supervisory authority.
- Blockchain data disclaimer: On-chain data constitutes a public record on a decentralized network. The Operator is not the data controller for on-chain data, as it cannot modify or delete such data.
12. Limitation of Liability for Data Processing
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE OPERATOR SHALL NOT BE LIABLE FOR ANY DAMAGES ARISING FROM: (A) THE PUBLIC NATURE OF BLOCKCHAIN DATA; (B) SECURITY BREACHES OR UNAUTHORIZED ACCESS TO OFF-CHAIN DATA; (C) ACTIONS OF THIRD-PARTY SERVICE PROVIDERS; OR (D) YOUR DECISION TO PROVIDE PERSONAL INFORMATION THROUGH THE INTERFACE. The Operator’s liability for data-related claims is subject to the limitations set forth in the Terms of Service.
13. Changes to This Policy
We may update this Privacy Policy as the Protocol evolves. Material changes will be indicated by updating the “Last updated” date. Continued use of the Interface after changes constitutes acceptance. If you do not agree, you must stop using the Interface.
14. Contact
For privacy-related inquiries or data requests:
the Operator
Submit a request via our contact form →