Privacy Policy

This Privacy Policy describes how BridgeFlow ("we", "us", "our") handles information when you use the BridgeFlow web application at bridgeflow.tech (the "Service"). It applies to all users worldwide.

By using the Service you acknowledge that you have read and understood this policy. If you disagree with any part of it, you should not use the Service.

2.1 Automatically collected technical data

Our hosting provider (Firebase / Google) logs standard HTTP request data including your IP address, browser type, operating system, referring URL, and pages visited. This is standard infrastructure logging, retained for up to 30 days, and is not used to build a profile of you.

2.2 Wallet address

When you connect your wallet, your public blockchain address becomes visible to the application. It is used solely to read your vault balance and transaction history from the Polygon blockchain. We do not store it in any database we control.

2.3 Browser local storage

The wagmi wallet-connection library stores your wallet state in your browser's local storage so you remain connected between page loads. See our Cookie Policy for the full list.

2.4 On-chain transaction data

Any deposit, withdrawal, or vault interaction is recorded permanently and publicly on the Polygon blockchain. We read this data to display your balances and history. We do not write it — the blockchain does.

• Names, email addresses, phone numbers, or any contact information
• Government-issued identification of any kind
• Payment card or bank account details (your funds are held by smart contracts, not us)
• Precise geolocation data
• Device microphone, camera, or sensor data
• Browsing history across other websites
• Advertising identifiers or cross-site tracking data
• Analytics data — we do not use Google Analytics, Mixpanel, or similar services

The limited information we handle is used exclusively for:

• Service delivery — displaying your vault balance, yield, and transaction history.
• Security — infrastructure logs help detect and respond to attacks or unusual traffic.
• Protocol improvement — aggregate, non-identifiable traffic patterns may inform performance decisions.
• Legal compliance — where legally required to retain or disclose data, we do so with minimum scope.

We do not sell, rent, or trade any information. We do not use it for advertising. We do not profile individual users.

5.1 We do not sell data

We do not sell, license, or exchange user data with any third party for commercial purposes.

5.2 Infrastructure providers

Firebase / Google processes hosting logs as described above. See their privacy policy .

5.3 Legal requirements

We may disclose information if required by law, regulation, or court order. We will notify affected users where legally permitted to do so.

5.4 Business transfers

In the event of a merger, acquisition, or sale of assets, any data we hold may transfer to the successor entity. Users will be notified under the applicable privacy terms.

Your public wallet address, deposit amounts, withdrawal amounts, and timestamps are all stored on-chain and publicly readable. Anyone with your address can view your full transaction history via block explorers such as Polygonscan.

If you require financial privacy, consider the implications of connecting a wallet whose address is publicly linked to your real-world identity.

BridgeFlow integrates the following third-party services, each governed by their own privacy policy:

• Infrastructure logs — retained up to 30 days by Firebase, then automatically deleted.
• Browser local storage — on your device until you disconnect your wallet or clear browser data. We have no server-side copy.
• Blockchain data — permanent. Cannot be deleted from the Polygon network by us or by you.
• No user database — we do not operate one. There is no account record to delete.

9.1 Right to access

We hold no personal database records about you. Your on-chain activity is publicly readable via Polygonscan. Infrastructure logs are held by Firebase under Google's data access procedures.

9.2 Right to deletion

Disconnect your wallet or clear browser local storage to remove all data we touch on your device. Blockchain data cannot be deleted — this is inherent to public blockchains.

9.3 GDPR (EEA users)

The lawful basis for processing the minimal data described here is legitimate interest — specifically, the operational necessity of running a secure web application. You may contact us to exercise any GDPR rights.

9.4 CCPA (California users)

We do not sell personal information. We do not share personal information for cross-context behavioural advertising. California residents have the right to know what data is collected — this document provides that disclosure in full.

BridgeFlow's smart contracts include protections against share inflation attacks, reentrancy, and unauthorised callbacks. The contracts are non-custodial — your funds are held by code, not by us. No employee or system we control can access your funds.

The application is served over HTTPS. We do not store private keys, seed phrases, or wallet credentials of any kind.

No security measure is perfect. Smart contracts may contain undiscovered vulnerabilities. Only deposit amounts you can afford to lose.

The Service is not directed at individuals under 18 (or the age of majority in your jurisdiction, whichever is higher). We do not knowingly collect data from minors. If you believe a minor has used the Service, please contact us.

We may update this policy as the protocol evolves or legal requirements change. We will update the "Last updated" date at the top of this page. For material changes, we will post a notice on the application homepage.

Continued use of the Service after a policy update constitutes acceptance of the revised terms.

Questions about this Privacy Policy or your data rights can be directed to us via:

• GitHub: open an issue at the BridgeFlow repository
• Community channels listed on the BridgeFlow homepage