Privacy Policy
Last updated: June 2025
You can view our privacy policy document below or download it for reference.
Download PDF1. Introduction
This Privacy Policy sets forth the principles and practices by which Fibrous Finance ("Fibrous," "we," "our," or "us") collects, uses, and protects personal data when a user interacts with our web application (the "Interface") and associated services (the "Services").
Fibrous adheres to the principle of data minimization. The Fibrous Interface is a client-side application that enables users to interact directly with decentralized protocols using their non-custodial Web3 Wallet. The protection of user privacy and transparency in data processing are fundamental commitments of Fibrous.
2. About This Policy & Your Data Controller
The data controller responsible for personal data pertaining to users of the Services is:
Nixtech B.V.
John M. Keynesplein 10, 1066EP Amsterdam, The Netherlands
Inquiries concerning this policy or the exercise of data protection rights should be directed to: contact@fibrous.finance
3. Our Lawful Basis for Processing Data
In accordance with the EU General Data Protection Regulation (GDPR), the processing of personal data is conducted based on the following legal grounds:
- Performance of a Contract (Art. 6(1)(b) GDPR): When a user utilizes the Services to execute a transaction, the processing of necessary information, such as their public wallet address and transaction parameters, is undertaken to fulfill our contractual obligations to the user.
- Legitimate Interest (Art. 6(1)(f) GDPR): The processing of certain technical data is necessary for the purposes of the legitimate interests pursued by Fibrous, namely the operation, security, and improvement of the Interface. These activities include securing our infrastructure from abuse, collecting aggregated analytics to enhance the service, and monitoring application performance. We ensure that our legitimate interests do not override the fundamental rights and freedoms of the user.
- Consent (Art. 6(1)(a) GDPR): Where processing is not essential for the core functionality or security of the Interface, Fibrous shall rely on the explicit consent of the user. This applies to the use of third-party cookies for non-essential purposes, such as customer support chat persistence. A user may withdraw their consent at any time.
4. Categories of Information Processed and Purposes of Processing
4.1. Information Provided by the User
- Public Wallet Address: Required to connect to the Interface and as an identifier for blockchain transactions.
- Transaction Parameters: Information entered by the user, such as token addresses, amounts, and optional recipient addresses, is processed to construct and facilitate the user's requested transaction.
- Support Communications: Should a user initiate contact via the Intercom widget or email, we will process the provided contact details and the content of the communications to render assistance.
4.2. Information Collected Automatically (Technical Data)
- Onchain Data: All transactions executed by the user are recorded on public blockchains. Such data is public by nature and is not controlled by Fibrous.
- Technical & Usage Data: To ensure the functionality, security, and performance of the Interface, the following technical data is processed:
- IP Address: Processed ephemerally by our backend infrastructure for the purposes of rate-limiting, DDoS protection, and request routing.
- Device & Browser Information: Anonymized data, such as browser type and operating system, is collected via Vercel Analytics for service improvement. This data is aggregated and cannot be used to identify an individual user.
5. Cookies and Local Storage
The Interface utilizes browser storage technologies to provide and optimize the user experience.
- Strictly Necessary Cookies:
NEXT_LOCALE: This cookie is utilized exclusively to store the user's language preference between sessions and is essential for a localized experience.
- Local Storage & Session Storage: The Interface uses
localStorageandsessionStorageto preserve user interface preferences and maintain session state. This includes parameters such as the selected network, UI theme, favorite tokens, and slippage tolerance. This data is stored exclusively within the user's browser and can be cleared at any time via the "Clear Storage" function in the Interface settings. - Third-Party Cookies:
- Intercom: In the event a user utilizes the customer support chat widget, Intercom may place cookies to maintain conversation history. These cookies are not essential for the core swapping functionality. The user's consent will be solicited prior to the placement of such cookies.
6. Third-Party Services and Data Sharing
Fibrous does not sell personal data. Limited information is shared with vetted third-party service providers ("sub-processors") who are engaged to deliver, maintain, and secure the Services.
| Provider / Service | Purpose | Data Processed | Privacy Policy |
|---|---|---|---|
| Blockchain RPC Providers (Alchemy, BlastAPI) | Connecting the Interface to public blockchains to read onchain data and submit transactions. | IP Address, Wallet Address, JSON-RPC Request Data. | Alchemy, BlastAPI |
| Amazon Web Services (AWS) | Hosting the backend API which provides token lists, swap routes, transaction history, and other computed data. | Wallet Address, Token Addresses, IP Address. | AWS |
| Vercel Hosting | Hosting the public-facing web interface (frontend). | End-user IP addresses, device/browser metadata (as part of standard web server logs). | Vercel |
| Vercel Analytics | Privacy-first, cookieless analytics to understand aggregated usage patterns and improve the Interface. | Aggregated, anonymized usage metrics. No PII. | Vercel |
| Dynamic Labs | Multi-wallet connection SDK to enable users to connect various wallets to the Interface. | Wallet Address, Chain ID, Connection Status, IP Address. | Dynamic |
| Intercom | Real-time customer support chat widget. | IP Address, Browser Metadata, and any PII voluntarily shared by the user in chat. | Intercom |
| GoPlusLabs | Smart contract security analysis to display risk information about tokens. | Token Contract Address, IP Address. | GoPlus Security |
7. Data Retention
Fibrous adheres to data minimization and does not retain personal data longer than necessary for its specified purpose.
- Technical Logs: Data such as IP addresses are retained for a limited duration (typically not exceeding 72 hours) for security and debugging purposes, unless a longer period is required for an ongoing security investigation.
- Support Communications: Data is retained for the duration required to resolve an inquiry and for a reasonable period thereafter for quality assurance.
- Browser Storage: Data stored locally on a user's device remains until it is cleared by the user.
8. International Data Transfers
As certain service providers are based outside the European Economic Area (EEA), personal data may be transferred to and processed in other countries, including the United States. Fibrous ensures the lawfulness of such transfers and that personal data remains protected to the standards required by GDPR. This is effectuated through the implementation of Standard Contractual Clauses (SCCs) with the relevant third-party service providers.
9. Your Data Protection Rights (GDPR)
In accordance with the GDPR, data subjects have the following rights concerning their personal data:
- Right of Access: To request a copy of the personal data we hold about them.
- Right to Rectification: To request the correction of inaccurate or incomplete data.
- Right to Erasure ('Right to be Forgotten'): To request the deletion of their data under certain conditions.
- Right to Restrict Processing: To request a limitation on the processing of their data.
- Right to Data Portability: To receive their data in a structured, commonly used, and machine-readable format.
- Right to Object: To object to the processing of their data where such processing is based on legitimate interest.
- Right to Withdraw Consent: To withdraw consent at any time for processing activities where consent is the lawful basis.
Data subjects wishing to exercise these rights may do so by contacting us at contact@fibrous.finance.
10. Security
Fibrous implements and maintains robust technical and organizational security measures designed to protect personal data, including HTTPS encryption, strict internal access controls, and regular security assessments.
11. Children's Privacy
The Services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children.
12. Amendments to This Policy
Fibrous reserves the right to amend this Privacy Policy from time to time. Users will be notified of any material changes by posting the new policy on our website or through other appropriate communication channels.
13. Contact Information
For any questions, comments, or concerns regarding this Privacy Policy, please contact Fibrous at contact@fibrous.finance.