ConsumerFi

Privacy Policy

https://consumerfi.ai

The following privacy policy (Privacy Policy) sets out our policies regarding your personal data, including the website consumerfi.ai (hereinafter: "the Website"). The Privacy Policy is covered by the Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Data Protection Directive) Journal of Laws of the European Union L. of 2016 No. 119, page 1), hereinafter referred to as GDPR.

The data controller of your personal data is Flame Foundation with its registered office in Whitehall Chambers, 2nd Floor, Whitehall House, George Town, Grand Cayman. To contact us, you can write to us at contact@flamefoundation.xyz (hereinafter: "Data Controller" or "Flame Foundation"). This privacy policy contains information on the processing of personal data that you can share with us, including when using the Website and using cookies on our Website. Our goal is to ensure the protection of your personal data.

How we use cookies?

When operating our Website or generally supporting our Service we may use cookies and similar technologies. Specifically, we use these technologies for general analysis of our Website traffic, for marketing analytics and for direct marketing purposes as well as to provide multilingual content to our users. You have control over the use of cookies via settings of your internet browser, where you can disable cookies at any time and via our cookies bar, where you can grant consent for the use of cookies where such consent is required by ePrivacy laws.

You can control and/or delete cookies as you wish. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work. You can change the settings for cookies in your web browser or in the consent management banner.

Google Analytics

Google Analytics from Google Inc. is an analytics tool that stores information in cookies to generate statistics about traffic on our sites. This functionality is not indispensable for browsing and serves to monitor the website's performance and improve it. When using Google Analytics, we do not process any personal information or other identifiers usable for indirect identification (e.g., IP address) of the data subjects. However, this does not mean that your personal data is not processed by Google Inc., the Google Analytics controller. The main cookie used by Google Analytics is the _ga file. More about the types of cookies used by Google Inc. you can learn at https://policies.google.com/technologies/types?hl=en_US or see information above.

In addition to reporting on our website usage statistics, Google Analytics, along with some advertising cookies, can be used to show you more relevant ads from Google Inc. (based on your search and activity history within our website), as well as to measure the interactions with display ads from Google Inc. Google Analytics also uses cookies on our website to analyze your behavior, which are stored on the website's end-user device (computer, tablet, smartphone). Google anonymizes part of the end user's IP address of our website as soon as it is collected, thereby enhancing your privacy. Google Inc. uses the information collected during the use of the website to evaluate your use of our website, to provide us with activity reports on the website and to provide us with other services related to the use of our website and the use of the Internet.

This data processing by Google Analytics can be prevented by appropriately setting up an Internet browser where you can install the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=en. Clicking on this link will save your opt-out cookie to your web browser, which will prevent future data from being accessed when you visit our website (https://consumerfi.ai). For more information on the processing of your personal information by Google Inc. when using Google Analytics, you can read their Privacy Policy available at https://policies.google.com/technologies/partner-sites?hl=en_US.

How to Enable & Disable Cookies in Your Browser

  • Opera
  • Firefox
  • Chrome
  • Internet Explorer
  • Safari

How to Enable & Disable Cookies on Your Mobile Device?

  • Android
  • iOS
  • Windows Phone

The purposes of personal data processing and the legal basis

Categories of personal data

We process the following categories of personal data:

  1. Data provided by you, including identification and contact data such as username, display name, recovery email, login method via Google, X/Twitter or Discord, as well as referral codes and information concerning invited users.
  2. Data collected automatically, including technical identifiers such as IP address, device information, browser details, operating system, cookies or similar identifiers, and usage data such as dashboard interactions, leaderboard rank, Spins and Points earned, and log data.
  3. Blockchain and financial transaction data, including public blockchain addresses and associated deposits and withdrawals, amounts, assets and transaction history including yields generated and rewards allocated, as well as permanent publicly visible data stored on the blockchain which cannot be erased or altered.
  4. Data from third parties, including authentication provider data from Google, X/Twitter, Discord or Privy, transaction metadata and APY allocation data from integrated DeFi protocols, and fiat-to-crypto purchase data from MoonPay subject to their own privacy terms.

In addition to the data you provide directly to us, we may obtain certain personal data from third-party sources, such as: authentication providers (Google, X/Twitter, Discord, Privy) when you use social login. In all such cases the categories of data are limited to what is necessary for the provision of our services.

Purposes and Legal Bases of Processing

We process personal data for the following purposes and on the following legal grounds:

  • Provision of services, which includes account creation, deposits, withdrawals, swaps, rewards allocation and the referral system (Art. 6(1)(b) GDPR - performance of a contract).
  • Authentication and security, which includes ensuring account integrity, fraud prevention and safeguarding blockchain transactions (Art. 6(1)(c) GDPR - legal obligation and Art. 6(1)(f) GDPR - legitimate interest).
  • Analytics and improvement, which includes monitoring usage patterns, enhancing performance and developing new features (Art. 6(1)(f) GDPR - legitimate interest).
  • Marketing and communication, which includes sending information about services, campaigns or promotions subject to your consent (Art. 6(1)(a) GDPR).
  • Compliance with legal obligations, which includes responding to lawful requests from authorities and maintaining accounting and tax records (Art. 6(1)(c) GDPR).

Providing personal data is generally voluntary, but necessary for the conclusion and performance of the contract for the provision of our services (Art. 6(1)(b) GDPR). Failure to provide data required for account creation, authentication or transactions will make it impossible to use our services. Failure to provide data processed on the basis of consent (e.g. for marketing purposes) will only prevent us from sending you relevant information, without affecting the use of the main services.

Recipients of Data

Your personal data may be disclosed to the following categories of recipients:

  • Service providers, including Privy for authentication as well as hosting, analytics, IT support and cloud providers.
  • Social login providers, including Google, X/Twitter and Discord, when you authenticate via these accounts.
  • Community platforms, including Discord, Telegram and Twitter/X, when you voluntarily interact with us there.
  • Supervisory authorities, courts or law enforcement, where disclosure is required by applicable law.
  • Successors in case of merger, acquisition or reorganization of our business.

Personal data may be transferred to recipients located outside the European Economic Area (EEA), including to the United States, and we ensure appropriate safeguards pursuant to Art. 46 GDPR, in particular Standard Contractual Clauses (SCCs), unless the transfer is made to a jurisdiction subject to an adequacy decision under Art. 45 GDPR. Please note that blockchain transactions are globally distributed and immutable, and by using our Services you acknowledge that certain personal data will be stored outside the EEA and cannot be technically erased.

Data Retention

Personal data processed for account management is retained for the duration of the contractual relationship and for up to five years thereafter for legal defense and compliance. Blockchain data is permanently stored on-chain beyond our control. Referral and rewards history is retained as long as necessary for accounting and transparency, and marketing data is processed until withdrawal of consent.

Rights of Data Subjects

As a data subject, you have the following rights under the GDPR:

  • The right of access pursuant to Art. 15 GDPR.
  • The right to rectification pursuant to Art. 16 GDPR.
  • The right to erasure pursuant to Art. 17 GDPR.
  • The right to restriction of processing pursuant to Art. 18 GDPR.
  • The right to data portability pursuant to Art. 20 GDPR.
  • The right to object pursuant to Art. 21 GDPR.
  • The right to withdraw consent at any time pursuant to Art. 7(3) GDPR.
  • The right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR.

Please note that erasure and modification of blockchain transaction data is technically impossible due to the immutability of distributed ledgers, and in such cases we will restrict further off-chain processing where feasible.

Children's Data

Our Services are intended exclusively for persons aged 18 years or older and we do not knowingly collect personal data of minors; if we become aware of such processing, we will delete associated off-chain data immediately.

Disclaimers and Risk Notes

  • ConsumerFi is not a bank, custodian or regulated financial institution.
  • We do not provide investment advice or guarantee returns.
  • Users are solely responsible for compliance with their local laws and regulations.

For detailed information, please refer to our Risk Disclosures.

Changes to This Policy

We may update this Policy at any time, and substantial changes will be communicated through the Services or by e-mail, with the current version always available at consumerfi.ai/privacy-policy.

Contact

If you have any questions or wish to exercise your rights, please contact ConsumerFi by e-mail at contact@flamefoundation.xyz or through our community channels on Discord, Telegram and Twitter/X, and you may also lodge a complaint with the competent supervisory authority in your Member State.

The current version of this Privacy Policy applies from 10th of October 2025.