Privacy Policy

Last modified: June 1, 2025

1. Scope and Definitions

DeFy, Inc., a Delaware corporation doing business as Goblins Cash (“Goblins Cash,” “we,” “us,” or “our”) respects your privacy. This Policy explains how we collect, use, disclose, and safeguard information when you visit or use:

https://goblins.cash, https://app.goblins.cash, and any related sub‑domains,
application‑programming interfaces (APIs), widgets, documentation, and developer tools, and
any other website, mobile application, or service that links to this Policy
(collectively, the “Services”).

This Policy is part of our Terms of Service. Capitalized terms not defined here have the meanings given in the Terms.

2. Information We Collect

Category	Examples	Why We Collect
On‑chain data	Your public blockchain address and associated transaction history.	Provide core functionality; detect illicit activity (e.g., sanctioned addresses).
Connection data	IP address, user‑agent, browser type, device ID, language, referring/exit pages.	Prevent fraud, support security logs, troubleshoot performance.
Cookies / localStorage	Session ID, token lists, interface preferences, analytics identifiers.	Remember settings; analyze usage patterns.
Support & correspondence	Content of emails, Discord or X (Twitter) messages, survey responses, usability‑study recordings.	Respond to inquiries; improve the Services.
Job‑applicant data	Name, contact details, work status, résumé, and any other information you choose to provide.	Evaluate and manage employment applications.

Notes on special categories

IP addresses and blockchain addresses can be personal data under laws such as the GDPR when combined with other information.

We do not intentionally create or require user accounts, nor do we sell or share personal information for cross‑context behavioral advertising (as those terms are defined under the California Privacy Rights Act, “CPRA”).

We use automated blockchain‑analytics tools to screen wallet addresses for sanction or AML risk. You may request human review of any decision that produces legal or similarly significant effects.

3. How We Use Information

We process information:

To provide and improve the Services – operate the interface, remember your settings, develop new features.
To secure the Services – detect, investigate, and prevent fraud, abuse, or security incidents.
To comply with law – satisfy legal, regulatory, or law‑enforcement requests.
For customer support – respond to questions and feedback.
For research and analytics – create irreversibly aggregated or anonymized statistics to understand how users interact with the Services. Aggregated data cannot reasonably be used to re‑identify you.

Our lawful bases under the EU GDPR are: (i) performance of a contract; (ii) our legitimate interests in running a secure, efficient platform; (iii) compliance with legal obligations; and, where required, (iv) your consent.

4. How We Share Information

We may disclose information:

Service providers – cloud‑hosting, security, analytics, and support vendors that help us run the Services and are bound by confidentiality.
Legal or regulatory bodies – when required by subpoena, court order, or lawful request, or to enforce our rights.
Safety and fraud‑prevention partners – to investigate or prevent malicious activity.
Business transfers – if we merge, sell assets, or undergo reorganization, information may transfer as part of the transaction.
With your consent – when you explicitly instruct us to share.

We do not share information with third parties for their own marketing purposes.

5. Cookies and Similar Technologies

We use first‑party cookies/localStorage for core functionality (e.g., remembering token lists) and third‑party cookies for analytics (e.g., Google Analytics). You can:

Block or delete cookies in your browser settings.
Install privacy‑focused extensions or browsers.
Opt‑out of Google Analytics at https://tools.google.com/dlpage/gaoptout.

We honor Global Privacy Control (GPC) signals where technically feasible.

6. Third‑Party Links and Services

The Services may link to third‑party websites or dApps that we do not control. Their privacy practices govern any information you provide to them.

7. International Transfers

Goblins Cash is based in the United States. When you use the Services, your information is transferred to and processed in the U.S. and other countries. DeFy, Inc. is the data controller for EU/EEA and UK residents. We rely on:

Standard Contractual Clauses (“SCCs”) or other approved legal mechanisms for cross‑border transfers; and
additional technical and organizational safeguards (e.g., encryption in transit and at rest).

8. Security

We employ reasonable safeguards such as TLS encryption, least‑privilege access controls, off‑site backups, and vendor security reviews. No internet transmission is 100 % secure. You are responsible for safeguarding your wallet credentials and private keys.

9. Data Retention

We retain personal data only as long as necessary for the purposes described above:

Connection logs and raw analytics data – ≤ 12 months, unless required for security or legal reasons.
Support correspondence – until resolved, then archived for up to 2 years.
Job‑applicant data – up to 3 years or as required by labor laws.

Aggregated or anonymized data may be kept indefinitely.

10. Your Rights and Choices

Region	Rights	How to Exercise
California (CPRA)	Access, delete, correct, and opt‑out of sale/share (we do not sell or share, but you may still submit a request).	Email [email protected] with “California Request” in the subject.
EU / EEA / UK (GDPR)	Access; rectification; erasure; restriction; portability; object; withdraw consent; human review of automated decisions.	Email [email protected] with “GDPR Request” in the subject.

Region

Rights

How to Exercise

California (CPRA)

Access, delete, correct, and opt‑out of sale/share (we do not sell or share, but you may still submit a request).

Email [email protected] with “California Request” in the subject.

EU / EEA / UK (GDPR)

Access; rectification; erasure; restriction; portability; object; withdraw consent; human review of automated decisions.

Email [email protected] with “GDPR Request” in the subject.

We will verify your identity (and, if applicable, your authorized agent) before fulfilling a request.

11. Children

The Services are not directed to children under 18. We do not knowingly collect personal data from anyone under 18. If you believe we have done so, email [email protected] and we will delete the information.

12. Changes to This Policy

We may update this Policy from time to time. Material changes take effect 30 days after we post the revised Policy on the Services. Archived versions are available at https://goblins.cash. Your continued use after that date signifies acceptance.

Privacy Policy

1. Scope and Definitions

2. Information We Collect

3. How We Use Information

4. How We Share Information

5. Cookies and Similar Technologies

6. Third‑Party Links and Services

7. International Transfers

8. Security

9. Data Retention

10. Your Rights and Choices

11. Children

12. Changes to This Policy

13. Contact Us

If you have questions about this Policy or our data practices, please email us at [email protected].

Privacy Policy

1. Scope and Definitions

2. Information We Collect

3. How We Use Information

4. How We Share Information

5. Cookies and Similar Technologies

6. Third‑Party Links and Services

7. International Transfers

8. Security

9. Data Retention

10. Your Rights and Choices

11. Children

12. Changes to This Policy

13. Contact Us

If you have questions about this Policy or our data practices, please email us at [email protected].

1. Scope and Definitions

2. Information We Collect

3. How We Use Information

4. How We Share Information

5. Cookies and Similar Technologies

6. Third‑Party Links and Services

7. International Transfers

8. Security

9. Data Retention

10. Your Rights and Choices

11. Children

12. Changes to This Policy

13. Contact Us