Privacy Policy
Effective Date: 19 May 2026
This Privacy Policy explains how Smithii LTD (“Smithii“, “we“, “our“, “us“) collects, uses, shares, and protects personal data when you use our websites, applications, and services (the “Services“), including:
- https://smithii.io (marketing site)
- https://tools.smithii.io (no-code dApp toolkit)
- https://docs.smithii.io (documentation)
- Any other Smithii-owned subdomain, application, or interface
This Policy should be read alongside our Terms of Service available at https://smithii.io/en/terms-of-service/.
1. Who is the Data Controller
The Data Controller is:
- Smithii LTD
- Company Limited by Shares incorporated in the United Arab Emirates
- Company Registration Number: 01010192
- Business Licence Number: 07010192 (RAK Digital Assets Oasis)
- Registered office: Office A, RAK DAO Business Centre, RAK BANK ROC Office, Ground Floor, Al Rifaa, Sheikh Mohammed Bin Zayed Road, Ras Al Khaimah, United Arab Emirates · PO BOX 30099
- Contact for privacy matters: info@smithii.io
Smithii has not designated a Data Protection Officer (“DPO”) because the scope and nature of our processing activities do not legally require one. The point of contact for all privacy-related enquiries is the email above.
2. Scope of this Policy
This Policy applies to anyone who:
- visits our websites;
- connects a self-custodial wallet to our applications;
- subscribes to our newsletter or other communications;
- contacts our support channels;
- otherwise interacts with the Services.
This Policy does not apply to third-party services, websites, smart contracts, blockchains, wallet providers, or platforms that you access through, or in connection with, our Services. Those third parties have their own privacy policies, which we encourage you to review independently.
3. Regulatory Framework
Smithii processes personal data in compliance with:
- the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (“UAE PDPL“);
- the EU General Data Protection Regulation 2016/679 (“GDPR“), to the extent it applies to personal data of users in the European Economic Area;
- the UK GDPR, to the extent it applies to personal data of users in the United Kingdom;
- the California Consumer Privacy Act / California Privacy Rights Act (“CCPA/CPRA“), to the extent it applies to personal data of California residents;
- any other applicable data protection law in the jurisdictions where our Services are offered.
4. What Personal Data We Collect
We collect only the personal data that is necessary to operate the Services. Specifically:
4.1 Data collected automatically
- Wallet address when you connect a self-custodial wallet (e.g. Phantom, Solflare, Backpack, MetaMask, Rabby, Sui Wallet). A wallet address is considered pseudonymous personal data under GDPR because it can be associated with a person through on-chain activity.
- IP address and user-agent recorded in server logs.
- Approximate geolocation (country/region) derived from IP for sanctions and access-control purposes.
- Device and browser information (screen size, language, operating system) for compatibility and analytics purposes.
- On-chain interaction data generated when you sign Transactions through the Services (transaction signatures, token addresses, amounts, timestamps). This data is, by design, publicly recorded on the relevant blockchain and is not under Smithii’s control.
- Tool input data: the parameters you enter into our Tools (e.g. token name, ticker, description, image, social links, wallet lists, vesting schedules, claim-site copy) — only to the extent necessary to execute the action you request.
4.2 Data you provide voluntarily
- Email address: if you subscribe to our newsletter, open a support ticket, or contact us directly.
- Support correspondence: the content of messages you send to our support channels (email, Discord, Telegram).
- Forum or community handles: when you participate in our community channels (Discord username, Telegram username, X handle).
4.3 Data we do NOT collect
For clarity, Smithii does not collect:
- Real names, dates of birth, government identifiers, or KYC documents (we do not operate any KYC process);
- Private keys, seed phrases, or any wallet credentials;
- Payment-card data, bank-account information, or any traditional financial identifiers;
- Special categories of personal data (such as health, religious beliefs, ethnic origin, sexual orientation, or biometric data).
5. Purposes of Processing and Legal Bases
We process personal data for the following purposes, on the following legal bases (Article 6 GDPR / equivalent under UAE PDPL):
| Purpose | Data used | Legal basis |
|---|---|---|
| Providing the Services (allowing you to connect a wallet, execute Transactions, manage tokens, etc.) | Wallet address, IP, on-chain data, tool inputs | Performance of contract (the Terms of Service) |
| Operating, securing, and improving the Services | IP, user-agent, device data, server logs | Legitimate interests (security, integrity, fraud prevention) |
| Restricting access from sanctioned jurisdictions | IP-based geolocation | Compliance with legal obligations (sanctions, AML) |
| Responding to support enquiries | Email, message content, wallet address (if shared) | Performance of contract / Legitimate interests |
| Sending newsletter and product updates | Email address | Consent (you can withdraw at any time) |
| Analytics and audience measurement | Cookies, IP, device data | Consent (granted via our cookie banner) |
| Compliance with legal, tax, or regulatory obligations | Any relevant data, only when required | Compliance with legal obligations |
| Establishing, exercising, or defending legal claims | Any relevant data, only when required | Legitimate interests |
6. Blockchain Data — Special Notice
The Services facilitate Transactions on public blockchains (Solana, Sui, Eclipse, Ethereum, Base, BNB Chain, Polygon, Arbitrum, Avalanche, Blast, Hydra, and others). By design, blockchain Transactions are:
- Public: anyone in the world can inspect them through block explorers, indexers, and analytics services.
- Permanent: once recorded, they cannot be modified or deleted by Smithii or anyone else.
- Pseudonymous: while a wallet address does not directly reveal a real-world identity, on-chain analysis combined with off-chain data may allow re-identification.
You acknowledge and accept that:
- Once a Transaction is signed and broadcast, the related data is outside Smithii’s control and cannot be erased on request.
- Your “right to erasure” under GDPR, UAE PDPL, or any equivalent law does not extend to data already recorded on a public blockchain, because Smithii is not the controller of such data and has no technical means to remove it.
- Smithii will, however, erase any off-chain personal data we hold about you upon valid request, subject to legal retention obligations.
7. Cookies and Tracking Technologies
We use cookies and similar tracking technologies on https://smithii.io and related properties. Our cookie practices are managed through a Consent Management Platform (CookieYes) that allows you to grant, refuse, or withdraw consent at any time.
7.1 Categories of cookies we use
- Strictly necessary cookies — essential for the website to function (e.g. session management, security, load balancing). These do not require consent.
- Preference cookies — remember your language and interface settings.
- Analytics cookies — collect aggregate usage data via Google Analytics and our proprietary internal analytics tool. Used only with your consent.
- Marketing cookies — currently not deployed by Smithii on https://smithii.io. We may introduce them in the future for retargeting or campaign measurement; if so, you will be asked for consent through the CookieYes banner.
7.2 Managing your cookie preferences
You can review or change your cookie preferences at any time:
- via the “Cookie Settings” link in our website footer, which opens the CookieYes consent dashboard;
- via your browser settings (Chrome, Firefox, Safari, Edge, and others let you block or delete cookies);
- via opt-out tools provided by individual analytics services (e.g. Google Analytics Opt-Out browser add-on).
Refusing analytics cookies does not affect your ability to use the Services. Strictly necessary cookies cannot be refused without breaking core functionality.
8. Third-Party Data Processors
We rely on a small number of trusted third-party providers to operate the Services. Each of them processes personal data only on our instructions and under appropriate data-processing agreements.
| Provider | Purpose | Data shared | Location |
|---|---|---|---|
| Vercel | Frontend hosting and CDN | IP, user-agent, request logs | USA / global |
| Railway | Backend hosting | IP, request logs, wallet addresses | USA / global |
| Cloudflare | CDN, DDoS protection, DNS | IP, request metadata | Global |
| MongoDB Atlas | Database storage | Wallet addresses, Tool inputs, support tickets | USA / global |
| Reown (WalletConnect) | Wallet connection protocol | Wallet address, session metadata | Global |
| Helius | Solana RPC provider | IP, transaction requests, wallet addresses | USA |
| Alchemy | EVM RPC provider | IP, transaction requests, wallet addresses | USA |
| QuickNode | Multi-chain RPC provider | IP, transaction requests, wallet addresses | USA |
| Pinata | IPFS storage for token metadata | Tool input data (token name, image, etc.) | USA |
| Jito | Solana MEV / bundle relay | Transaction data, IP | Global |
| Google Analytics | Website analytics (with consent) | IP (truncated), device, behavior | USA |
| ActiveCampaign | Newsletter and email automation | Email address, subscription preferences | USA |
| Discord | Community support channel | Username, message content (only when you initiate contact) | USA |
We periodically review our processor list and update it as needed. The current list is published at https://smithii.io/en/privacy-policy/.
In addition, we may disclose personal data to:
- law enforcement, courts, or government authorities when required by law or to defend our legal rights;
- professional advisors (lawyers, accountants, auditors) bound by confidentiality;
- acquirers or successors in case of merger, acquisition, or sale of assets, subject to the same privacy obligations.
9. International Data Transfers
Because Smithii is based in the United Arab Emirates and our processors operate globally, your personal data may be transferred to, stored, and processed in countries outside your country of residence, including the United States and other jurisdictions that may not provide the same level of data protection as your home country.
When we transfer personal data outside the European Economic Area, the United Kingdom, or any jurisdiction whose laws apply to you, we rely on appropriate safeguards, including:
- Standard Contractual Clauses approved by the European Commission (or equivalent UK SCCs);
- Adequacy decisions where available;
- contractual commitments from our processors to protect personal data to a standard at least equivalent to that of UAE PDPL and GDPR;
- technical measures including encryption in transit (TLS) and at rest where supported.
10. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, regulatory, tax, or reporting requirements.
Default retention periods:
| Data category | Retention |
|---|---|
| Server logs (IP, user-agent, request metadata) | Up to 90 days |
| Wallet addresses and Tool inputs stored in our database | For as long as the User relationship exists, plus a reasonable period for legal-defence purposes (typically up to 24 months after last interaction) |
| Support correspondence | Up to 3 years after resolution of the relevant ticket |
| Newsletter subscription data | Until you unsubscribe, plus up to 30 days for technical purging |
| Cookies and analytics data | According to the consent and cookie lifetimes configured in CookieYes (typically 12–24 months) |
| On-chain Transaction data | Permanent — by design, on a public blockchain (out of Smithii’s control) |
After the relevant retention period, data is deleted or anonymised. Backups may persist for a limited additional period for disaster-recovery purposes.
11. Your Rights
Subject to the conditions and limitations set out in applicable law (UAE PDPL, GDPR, UK GDPR, CCPA/CPRA, and any other applicable framework), you have the following rights regarding your personal data:
- Right of access — to know what personal data we hold about you and obtain a copy.
- Right to rectification — to correct inaccurate or incomplete data.
- Right to erasure (“right to be forgotten”) — to request deletion of off-chain data, subject to the limitations described in Section 6.
- Right to restriction of processing — to limit our use of your data in certain circumstances.
- Right to data portability — to receive your data in a structured, machine-readable format and transmit it to another controller.
- Right to object — to processing based on legitimate interests, including direct marketing.
- Right to withdraw consent — at any time, where processing is based on consent (this does not affect the lawfulness of prior processing).
- Right not to be subject to automated decision-making — Smithii does not currently make automated decisions with legal or similarly significant effects regarding Users.
- Right to lodge a complaint — with the competent supervisory authority (see Section 14).
For California residents (CCPA/CPRA), additional rights include the right to know categories of data collected and sold/shared, the right to opt out of “sale” or “sharing” of personal information, and the right to non-discrimination for exercising your rights. Smithii does not sell or share personal information for cross-context behavioral advertising as defined under CCPA/CPRA.
12. How to Exercise Your Rights
To exercise any of the rights above, send a written request to info@smithii.io, including:
- your name (or wallet address if anonymous);
- the right you wish to exercise;
- any information that helps us identify the relevant data (e.g. wallet address used, approximate dates of use);
- your preferred contact channel for our response.
We will respond within 30 calendar days of receipt, extendable by up to two additional months for complex or numerous requests, in which case we will inform you within the first 30 days.
Exercising your rights is free of charge, except where requests are manifestly unfounded, excessive, or repetitive — in which case we may charge a reasonable fee or refuse to act on the request, as permitted by law.
We may need to verify your identity before processing the request, particularly where the data is associated with a wallet address (you may be asked to sign a verification message with that wallet’s private key).
13. Children
The Services are not directed to, and are not intended for, individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected personal data from a minor without proper parental consent, we will delete that data promptly.
If you believe we have collected personal data from a minor, please contact info@smithii.io.
14. Supervisory Authorities
If you believe our processing of your personal data infringes applicable law, you may lodge a complaint with the competent supervisory authority:
- UAE: UAE Data Office (Federal Authority for Data Protection)
- EU/EEA: the data protection authority in your country of residence (a list is available at https://www.edpb.europa.eu/about-edpb/about-edpb/members_en)
- UK: Information Commissioner’s Office (ICO) — https://ico.org.uk
- California (USA): California Privacy Protection Agency (CPPA) — https://cppa.ca.gov
We encourage you to contact us first at info@smithii.io so we can attempt to resolve any concern directly.
15. Marketing Communications
If you subscribe to our newsletter or product updates, we will use your email address to send communications about Smithii, our Services, new features, security advisories, and related content.
You can unsubscribe at any time:
- by clicking the “Unsubscribe” link at the bottom of every email we send;
- by emailing info@smithii.io with the subject “Unsubscribe”;
- by updating your preferences in any preference centre we make available.
Unsubscribing from marketing emails does not affect transactional or service-related emails (e.g. responses to support tickets, account-security notices, mandatory legal notices).
16. Data Security
We implement reasonable technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure, or destruction, including:
- TLS encryption in transit for all Services;
- encryption at rest where supported by our infrastructure providers;
- role-based access controls and least-privilege principles internally;
- periodic security reviews of code, infrastructure, and third-party providers;
- independent audits of our proprietary Smart Contracts by Halborn and Coinfabrik (reports at https://docs.smithii.io/overview/audits);
- contractual data-protection obligations with all third-party processors.
No security measure is perfect. While we take security seriously, we cannot guarantee absolute protection against every threat. You are responsible for keeping your wallet credentials and any account credentials secure.
17. Data Breach Notification
In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will:
- notify the relevant supervisory authority within the timeframes required by applicable law (typically 72 hours under GDPR);
- notify affected Users without undue delay, where the breach is likely to result in a high risk to your rights and freedoms;
- document the breach internally and the measures taken to address it.
18. Profiling and Automated Decision-Making
Smithii does not currently make decisions based solely on automated processing that produce legal effects or similarly significant effects on Users. If we introduce such processing in the future, we will update this Policy and, where required, request additional consent.
19. Third-Party Websites and Services
The Services may contain links to third-party websites, applications, smart contracts, blockchains, or platforms operated by parties unrelated to Smithii. We are not responsible for the privacy practices of those third parties. We recommend you review their privacy policies before sharing personal data.
20. Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our Services, our third-party processors, or the legal framework. The “Effective Date” at the top of this Policy indicates the latest version.
Where changes are material, we will provide reasonable notice through the Services, on our website, or by email (where you have provided one). Your continued use of the Services after such changes constitutes acceptance of the updated Policy.
21. Governing Law
This Privacy Policy is governed by the laws of the United Arab Emirates as applied within the Emirate of Ras Al Khaimah, without prejudice to mandatory data-protection rights granted to you under your local law (including GDPR, UK GDPR, CCPA/CPRA, and any other applicable framework).
22. Language
This Policy is drafted in English. Any translation is provided for convenience only. In the event of any inconsistency between the English version and any translation, the English version shall prevail.
23. Contact
For any question, request, or concern about this Privacy Policy or about how Smithii processes your personal data, please contact:
- Email: info@smithii.io
- Postal address: Smithii LTD, Office A, RAK DAO Business Centre, RAK BANK ROC Office, Ground Floor, Al Rifaa, Sheikh Mohammed Bin Zayed Road, Ras Al Khaimah, United Arab Emirates · PO BOX 30099
END OF PRIVACY POLICY
Smithii LTD · Company Limited by Shares · RAK Digital Assets Oasis · Government of Ras Al Khaimah · UAE · Company Registration No. 01010192 · Business Licence No. 07010192
