TokenFlight Privacy Policy

Last updated: Nov 4, 2025

This Privacy Policy explains how TokenFlight (together with our affiliates, "TokenFlight," "we," "us," or "our") collects, uses, and discloses information about you when you access or use our cross-chain swap and token trading products, including: (i) our website(s) and user interface(s) (the "Interface"), and (ii) our application programming interface and related developer tools (the "API," and together with the Interface, the "Services").

This Privacy Policy applies to information we collect through the Services and through our communications with you.

Important note about blockchain activity

The Services help you prepare, route, and submit transactions to public blockchain networks and related infrastructure. Information recorded on a blockchain (e.g., wallet addresses and transaction data) is generally public and may be permanent. TokenFlight does not control public blockchains or the data recorded on them.

Acceptance of this Privacy Policy

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, you should not use the Services.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make changes, we will revise the "Last updated" date above and post the updated policy on the Interface. If changes are material, we may provide additional notice (for example, via a notice on the Interface or by other means we reasonably determine).

1. Information We Collect

As a general matter, TokenFlight aims to collect and process only the information reasonably necessary to operate, secure, and improve the Services. Certain information is collected automatically when you use the Services, and additional information may be collected if you choose to provide it (for example, by contacting us or opting in to receive updates).

1.1 Information you provide to us

We may collect information you provide directly to us, including:

  • Wallet and transaction information (public and/or necessary to facilitate your use of the Services), such as:
    • Public wallet address(es)
    • Transaction hashes and blockchain identifiers
    • Token names, symbols, contract addresses, and chain IDs
    • Trade/swap parameters you submit (e.g., amount, slippage settings, destination address, source/destination chain, routing preferences)
  • Communications and support information, such as your email address and the content of messages you send us (e.g., support requests, bug reports, feedback).
  • Developer / API information (if applicable), such as organization name, contact details, API credentials (where issued), and integration details you share with us.

We do not request your seed phrase or private keys. Do not share seed phrases or private keys with anyone.

1.2 Information we collect automatically when you use the Services

When you access or use the Services, we may automatically collect information such as:

  • Log and usage information, including your IP address, browser type, access times, pages or screens viewed, links clicked, error logs, and the page you visited before navigating to the Interface.
  • Device information, including device type, operating system and version, and unique device identifiers (where available).
  • Approximate location information, which may be derived from IP address.
  • API request metadata (for API users), such as request timestamps, endpoints accessed, request/response sizes, status codes, user agent, and rate-limit or abuse-prevention signals.

We use this information to operate the Services, maintain security, debug issues, and understand usage patterns.

1.3 Cookies and similar tracking technologies

We and our service providers may use cookies, pixels, web beacons, local storage, and similar technologies to:

  • enable core functionality (e.g., keep the Interface working reliably),
  • remember preferences,
  • understand usage and performance,
  • help detect and prevent abuse and fraud.

You can typically configure your browser to remove or reject cookies. If you remove or reject cookies, some features of the Services may not function properly.

1.4 Information from third parties and public sources

We may receive or obtain information from third parties and public sources in connection with operating the Services, including:

  • Public blockchain data, such as transaction status, confirmations, token metadata, and other on-chain information obtained through blockchain networks or infrastructure providers.
  • Wallet providers when you connect a wallet to the Interface (subject to the wallet provider's terms and privacy policy).
  • Infrastructure, analytics, and security providers that help us host, monitor, secure, and analyze the Services.

2. How We Use Information

We may use information we collect for purposes such as to:

  • Provide, operate, and maintain the Services, including generating quotes, routing swaps, facilitating API responses, and displaying transaction status.
  • Improve and develop the Services, including troubleshooting, testing, research, analytics, and product development.
  • Communicate with you, including responding to your inquiries and sending technical notices, updates, security alerts, and administrative messages.
  • Monitor and protect the Services, including detecting, investigating, and preventing fraud, abuse, suspicious activity, and other unlawful or harmful activity.
  • Personalize the Services, such as remembering preferences or providing localized experiences (where supported).
  • Comply with legal obligations and enforce applicable agreements and policies.

Use for new purposes. If we intend to use information for a purpose that is materially different from the purpose for which it was collected, we will provide notice as required by applicable law and, where necessary, obtain your consent.

3. How We Disclose Information

We may disclose information as described below or as otherwise disclosed to you at the time of collection.

3.1 Vendors, service providers, and advisors

We may share information with third-party vendors, consultants, and service providers that need access to information to perform services for us, such as hosting, analytics, monitoring, security, customer support tooling, and infrastructure providers (including RPC/node providers). We may also share information with professional advisors (e.g., legal counsel, auditors, insurers) as necessary.

3.2 Blockchain networks and public ledgers

When you initiate a transaction through the Services, transaction data may be broadcast to blockchain networks and recorded on public ledgers. This information may be publicly accessible and persistent.

3.3 Liquidity sources, bridges, protocols, and related infrastructure

To provide cross-chain swap and token trading functionality, the Services may interact with third parties such as liquidity sources, aggregators, decentralized exchanges, bridges, relayers, and RPC providers. These third parties may process certain information (e.g., wallet address, transaction parameters, and network metadata) under their own terms and privacy practices.

3.4 Compliance, law enforcement, and safety

We may disclose information if we believe disclosure is necessary or appropriate to comply with applicable law, regulation, or legal process; respond to lawful requests; protect the rights, property, and safety of TokenFlight, our users, or others; or enforce our agreements and policies.

Optional (include only if applicable): We may also disclose information to meet compliance requirements (which may include sanctions compliance, anti-fraud measures, or other regulatory obligations). If we implement identity verification processes in the future, we will update this Privacy Policy accordingly.

3.5 Affiliates

We may disclose information between and among TokenFlight and our current or future parents, affiliates, subsidiaries, and other companies under common ownership or control.

3.6 Business transactions

We may share information in connection with, or during negotiations of, a merger, acquisition, financing, reorganization, bankruptcy, dissolution, or sale of some or all of our business or assets.

3.7 With your consent or at your direction

We may share information when you direct us to do so or otherwise consent.

3.8 Aggregated or de-identified information

We may share aggregated or de-identified information that cannot reasonably be used to identify you.

4. Analytics and Advertising

4.1 Analytics services

We may allow third parties to provide analytics services to help us understand how the Services are used. These providers may use cookies or similar technologies to collect information about your use of the Services (e.g., pages viewed, time spent, clicks, and device/browser information).

5. International Data Transfers

TokenFlight may process and store information in the United States and other countries where we or our service providers operate. Data protection laws in those countries may differ from those in your place of residence. By using the Services or providing information to us, you understand that information may be transferred to, processed in, and stored in those jurisdictions.

6. Your Choices

6.1 Access, correction, and deletion

You may request access to, correction of, or deletion of certain information we maintain about you by contacting us as described in Section 11.

Please note:

  • We may retain certain information as required by law or for legitimate business purposes.
  • We generally cannot delete or alter information recorded on a public blockchain.

6.2 Cookies

Most browsers accept cookies by default. You can configure your browser to remove or reject cookies, but doing so may affect functionality.

6.3 Promotional communications

If you opt in to receive marketing emails, you may opt out at any time by following the unsubscribe instructions in those emails. Even if you opt out, we may continue to send non-promotional communications (e.g., service notices, security updates).

7. Data Security

We implement reasonable administrative, technical, and physical safeguards designed to protect information. However, no security measures are perfect, and we cannot guarantee the security of information transmitted to or from the Services.

If you use API credentials (e.g., API keys) or other access credentials, you are responsible for maintaining their confidentiality and for activities that occur under your credentials.

8. Data Retention

We retain information for as long as reasonably necessary to provide, secure, and improve the Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods depend on the type of information and the purpose for which it is processed.

9. Third-Party Materials and Services

The Services may contain links to, or integrations with, third-party websites, applications, protocols, or services ("Third-Party Materials"). Third-Party Materials are governed by their own terms and privacy policies. We are not responsible for the privacy practices of Third-Party Materials, and we encourage you to review their policies before using them.

10. Children's Privacy

The Services are not directed to individuals under 18, and we do not knowingly collect personal information from individuals under 18. If you believe a minor has provided personal information to us, please contact us.

11. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us at: