Explore DeFi

Legal

Privacy Policy

Last Updated: May 12, 2026

1. Introduction

Philidor Labs LLC, a Wyoming limited liability company ("Philidor," "we," "our," or "us"), publishes this Privacy Policy to describe how we handle information in connection with our websites, applications, APIs, dashboards, data feeds, and other services (collectively, the "Services"), including philidor.io, analytics.philidor.io, api.philidor.io, docs.philidor.io, vaults.philidor.io, agents.philidor.io, mcp.philidor.io, and any other subdomain of philidor.io.

Philidor publishes data and analytics. We do not custody assets, do not provide investment advice, and design our Services to operate with minimal collection of personal information. This Privacy Policy explains what limited information we do collect, why, with whom we share it, how long we keep it, and what choices and rights you have.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, you must not access or use the Services.

2. Relationship to Terms of Service

This Privacy Policy is incorporated by reference into our Terms of Service, which is the legally binding agreement governing your use of the Services. In the event of any conflict, ambiguity, or inconsistency between this Privacy Policy and the Terms of Service, the Terms of Service shall control. All capitalized terms not defined in this Privacy Policy have the meanings given in the Terms of Service.

3. Information We Collect

3.1 Publicly Available On-Chain Data

Our analytics services exclusively analyze data that is already publicly available on blockchain networks, including:

  • Smart contract interactions, transactions, and on-chain events;
  • Liquidity pool dynamics, vault state, and protocol parameters;
  • Protocol-level risk metrics, oracle feeds, and historical on-chain events.

This data is published on public blockchains and is not personal information about you unless it is linked to an identifier such as a wallet address (see Section 7).

3.2 Information You Voluntarily Provide

The information you may voluntarily provide to us includes:

  • Contact form / email correspondence: name, email address, organization, message content, and any other information you choose to include when contacting us;
  • Account registration (when offered): email address, password hash, organization, role, billing details, and tax information;
  • API keys and access credentials: records of issuance, usage metadata, and rotation events;
  • KYB / sanctions screening (if requested under Section 6 of the Terms of Service): business name, jurisdiction of formation, beneficial-owner information, and identity documents.

3.3 Automatically Collected Information

When you access the Services, our hosting and infrastructure providers automatically collect certain technical information, including:

  • IP address and approximate geographic location derived from IP;
  • User-agent string, device type, operating system, and browser;
  • Pages visited, referrer URL, timestamps, and request metadata;
  • API endpoints accessed, response codes, and rate-limit telemetry;
  • Error logs and performance metrics.

This information is used for security, fraud prevention, abuse detection, rate limiting, and service operation.

4. Cookies, Local Storage, and Similar Technologies

We and our infrastructure providers use a minimal set of cookies and browser storage. We currently do not use third-party advertising cookies, behavioral tracking pixels, or analytics tools that build cross-site profiles of individual users.

4.1 Strictly Necessary Cookies

The following cookie is set when you access the Services:

  • philidor-terms-accepted — records the version of our Terms of Service and Privacy Policy that you have affirmatively accepted. Set on the .philidor.io parent domain so that acceptance carries across our subdomains. Lifetime: up to one (1) year. This cookie is strictly necessary to operate the Services in compliance with the Terms of Service and is exempt from cookie-consent requirements under applicable ePrivacy rules.

4.2 Browser Local Storage

We use localStorage as a fallback to record your acceptance of the Terms of Service and Privacy Policy in environments where the parent-domain cookie is unavailable (for example, local development). ThelocalStorage entry stores only the accepted version string.

4.3 Server-Side and Infrastructure Telemetry

Our infrastructure providers (including Vercel, Inc.) may collect server logs, performance traces, and abuse-prevention signals as described in their respective privacy disclosures. These are processed on our behalf as part of operating the Services.

4.4 Future Cookies and Analytics

Should we introduce additional cookies, analytics, or tracking technologies that are not strictly necessary, we will update this Privacy Policy and, where required by applicable law, present an opt-in consent mechanism before such technologies are activated.

5. How We Use Information

We use the information described above for the following purposes:

  • Operating and providing the Services, including computing risk metrics, serving API responses, and rendering the analytics interface;
  • Responding to inquiries submitted through our contact form, email, or support channels;
  • Account management, including authentication, billing, and customer-success communication;
  • Security and abuse prevention, including rate limiting, sanctions screening, fraud detection, and investigation of suspected violations;
  • Compliance with legal obligations, including sanctions, AML, and tax requirements;
  • Improvement of the Services, including methodology refinement, bug fixing, and development of new features (using de-identified or aggregated data wherever practicable);
  • Generation of de-identified or aggregated data as described in Section 8.3 of the Terms of Service.

We do not use your personal information for behavioral advertising, do not engage in automated decision-making with legal or similarly significant effects on you, and do not sell your personal information.

6. How We Share Information; No Sale

6.1 No Sale or Behavioral-Advertising Sharing

We do not sell your personal information, and we do not share your personal information for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA/CPRA").

6.2 Service Providers and Processors

We share information with a limited set of third-party service providers (processors) that perform functions on our behalf and that are contractually bound to use that information only for those purposes. These currently include:

  • Hosting and edge infrastructure: Vercel, Inc.;
  • Transactional email delivery: Resend, Inc.;
  • Blockchain RPC and data providers: public and private RPC endpoints, indexing services, and oracle feeds used to retrieve on-chain data;
  • Customer support tooling we may engage from time to time.

6.3 Legal and Regulatory Disclosures

We may disclose information when we believe in good faith that disclosure is:

  • Required by applicable law, regulation, court order, subpoena, or legal process;
  • Necessary to comply with sanctions, AML, or law-enforcement obligations;
  • Necessary to enforce our Terms of Service, protect our rights or property, or investigate potential violations or threats;
  • Necessary to protect the safety of any person or to prevent fraud, abuse, or other harm.

6.4 Business Transfers

If Philidor is involved in a merger, acquisition, financing, reorganization, sale of assets, or insolvency proceeding, information may be transferred as part of that transaction, subject to confidentiality obligations and consistent with this Privacy Policy.

6.5 Aggregated and De-Identified Data

We may publish, distribute, or otherwise use aggregated, anonymized, or de-identified data that does not identify you or any individual. Such data is not considered personal information and may be used for any lawful business purpose, consistent with Section 8.3 of the Terms of Service.

7. Wallet Addresses and On-Chain Identifiers

Some of our Services accept wallet addresses, transaction hashes, contract addresses, or other on-chain identifiers as input parameters (for example, our portfolio and position-analysis endpoints). On-chain identifiers may, in some cases, be considered personal information under applicable law because they can be linked to a natural person.

When you submit a wallet address to our Services, we use it solely to retrieve publicly available on-chain data associated with that address and to render the requested analysis. We do not attempt to identify the natural person behind a wallet address. We may retain request metadata (for security, abuse prevention, and rate-limit enforcement) but do not maintain long-term profiles linking wallet addresses to individuals.

You should not submit a wallet address to our Services if you do not have the legal right to do so or if doing so would violate any duty owed to the owner of that wallet.

8. Data Retention

We retain personal information only for as long as is necessary for the purposes set out in this Privacy Policy, including to comply with our legal, accounting, or reporting obligations:

  • Contact-form submissions: typically retained for up to twenty-four (24) months after the last interaction, then deleted or de-identified, unless a longer period is required by law or to defend legal claims.
  • Account data: retained for the duration of the account plus such period as is reasonably necessary thereafter to resolve billing, enforcement, or legal matters (typically up to seven (7) years for tax and accounting records).
  • Server logs and request metadata: typically retained for up to twelve (12) months for security and operations.
  • KYB and sanctions-screening records: retained for the period required by applicable AML and sanctions laws (typically five (5) years after account closure).
  • Aggregated or de-identified data: may be retained indefinitely.

Where we are required to keep data longer to comply with law, defend or assert legal claims, or as permitted under Section 14.4 of the Terms of Service, we will do so.

9. Security

We implement administrative, technical, and organizational measures designed to protect personal information from unauthorized access, disclosure, alteration, or destruction. These include access controls, encryption in transit (TLS), least-privilege production access, secrets management, and routine audits of our infrastructure providers.

However, no method of transmission over the internet or method of electronic storage is one hundred percent secure. We cannot guarantee absolute security, and you submit information to us at your own risk. Our liability for any security incident is limited as set forth in Section 11 of the Terms of Service.

10. Your Rights and Choices

Depending on where you reside, you may have rights with respect to your personal information. We honor the rights described below to the extent required by applicable law:

  • Access: request a copy of the personal information we hold about you;
  • Correction: request that we correct inaccurate or incomplete information;
  • Deletion: request that we delete your personal information, subject to legal exceptions;
  • Restriction or objection: request that we restrict or stop certain processing of your personal information;
  • Portability: request a copy of your information in a machine-readable format;
  • Withdrawal of consent: withdraw any consent you previously gave, without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at contact@philidor.io. We may need to verify your identity before fulfilling a request. We will respond within the timeframes required by applicable law. You will not be discriminated against for exercising any of these rights.

If we are unable to resolve your concern, you may have the right to lodge a complaint with a privacy or data-protection regulator in your jurisdiction.

11. US State Residents (CCPA/CPRA and Similar Laws)

This Section provides notice required by the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA), and similar US state privacy laws (including those of Virginia, Colorado, Connecticut, Utah, and others).

11.1 Categories of Personal Information Collected

In the preceding twelve (12) months we may have collected:

  • Identifiers (name, email, IP address, wallet address);
  • Commercial information (records of inquiries, service usage, billing data);
  • Internet activity information (pages visited, request metadata, telemetry);
  • Geolocation (approximate, derived from IP);
  • Professional information (organization, role, jurisdiction, when voluntarily provided);
  • Inferences drawn from the above (limited to operational and abuse-prevention purposes).

11.2 Sources and Purposes

Sources: directly from you, automatically through your use of the Services, and from our service providers. Purposes: as described in Section 5.

11.3 No Sale; No Sharing for Cross-Context Behavioral Advertising

We do not sell your personal information for monetary or other valuable consideration, and we do not share your personal information for cross-context behavioral advertising.

11.4 Sensitive Personal Information

We do not collect or process "sensitive personal information" as defined under CCPA/CPRA for the purpose of inferring characteristics about you.

11.5 Your California Rights

California residents have the right to know, delete, correct, opt out of sale or sharing (not applicable, as we do neither), limit use of sensitive personal information (not applicable), and be free from retaliation for exercising any of these rights. Submit requests via contact@philidor.io. We will verify your request through a process appropriate to the sensitivity of the data.

11.6 Authorized Agents

You may designate an authorized agent to make requests on your behalf. We will require written authorization and reasonable verification of identity.

12. EU, UK, and Swiss Residents (GDPR, UK GDPR, FADP)

This Section applies if you are in the European Economic Area, the United Kingdom, or Switzerland and provides information required under the General Data Protection Regulation (GDPR), the UK GDPR, and the Swiss Federal Act on Data Protection (FADP).

12.1 Controller

Philidor Labs LLC, 30 N Gould St, STE R, Sheridan, WY 82801, USA, acts as data controller for personal information processed in connection with the Services, except where we act as a processor under a written agreement with a controller.

12.2 Lawful Bases for Processing

  • Performance of a contract (Art. 6(1)(b)) — to provide the Services to you under the Terms of Service;
  • Legitimate interests (Art. 6(1)(f)) — to operate, secure, and improve the Services, prevent abuse, and develop new features;
  • Legal obligation (Art. 6(1)(c)) — to comply with sanctions, AML, tax, and other applicable laws;
  • Consent (Art. 6(1)(a)) — where we rely on consent (for example, certain non-essential cookies if introduced).

12.3 Your Rights

In addition to the rights listed in Section 10, you have the right to access, rectify, erase, restrict, object to processing, and request portability of your personal information, and to lodge a complaint with your local supervisory authority. To exercise these rights, contact contact@philidor.io.

12.4 Automated Decision-Making

We do not make decisions based solely on automated processing that produce legal or similarly significant effects on you.

12.5 EU/UK Representative

Philidor does not currently maintain an Article 27 GDPR representative or UK GDPR representative. EU and UK residents may contact us directly at contact@philidor.io for any data protection inquiry.

13. International Data Transfers

Philidor is established in the United States. By using the Services, you understand that your personal information may be transferred to, stored in, and processed in the United States and in any other country in which our service providers maintain facilities. The data-protection laws of those countries may differ from those of your country of residence.

Where personal information is transferred from the European Economic Area, the United Kingdom, or Switzerland to the United States or another third country, we rely on appropriate safeguards (including the European Commission's Standard Contractual Clauses and the UK's International Data Transfer Addendum) to the extent required by applicable law. Copies of applicable safeguards may be requested at contact@philidor.io.

14. Children's Privacy

The Services are not directed to children, and we do not knowingly collect personal information from individuals under the age of eighteen (18). Customer represents under Section 6.1 of the Terms of Service that Customer is at least 18 years of age. If you become aware that a child has provided us personal information without parental consent, please contact contact@philidor.io and we will delete such information.

15. Do Not Track and Global Privacy Control

Because we do not engage in cross-context behavioral advertising or sell personal information, "Do Not Track" (DNT) and "Global Privacy Control" (GPC) signals from your browser do not have practical effect on our processing. We treat any such signal as a request to refrain from any future sale or cross-context behavioral-advertising sharing, both of which we already do not do.

16. Changes to This Privacy Policy

We may modify this Privacy Policy from time to time. The "Last Updated" date at the top of this Privacy Policy reflects the date of the most recent modification. Material changes affecting your rights or obligations are governed by the notice procedures set forth in Section 15 of the Terms of Service. Your continued use of the Services after the effective date of any modification constitutes acceptance of the modified Privacy Policy.

17. Contact Us

For privacy-related questions, requests, or complaints, please contact us at contact@philidor.io or by mail at:

Philidor Labs LLC
30 N Gould St, STE R
Sheridan, WY 82801
United States of America

By accessing or using the Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy, our Terms of Service, and our Disclaimer. If you do not agree, you must not access or use the Services.