Overview
This Privacy Policy describes how FortFi LLC ("FortFi," "we," or "us") collects, uses, discloses, and protects personal information when you access our websites, applications, and related services (collectively, the "Services"). Blockchain addresses and transaction data are often public on-chain; this Policy covers information FortFi processes off-chain. Read this Policy together with our Cookie Policy and the privacy notices of integrated partners (including Turnkey, Coinbase, email delivery, and hosting providers).
Information we collect
- Account information: email address, optional phone number, display name, internal user identifiers, and session tokens associated with your authenticated account.
- Authentication data: passkey registration metadata, OAuth identifiers where enabled, and one-time codes used for email verification. Raw private keys and seed phrases are never collected by FortFi.
- Wallet and activity data: chain identifiers, wallet addresses linked to your FortFi accounts, allowlisted payout addresses, policy settings, ActionIntent records, audit logs, and timestamps related to money-moving actions you initiate.
- Technical data: IP address, browser type, device identifiers, and request logs needed to operate, secure, and troubleshoot the Services.
- Communications: messages you send to us (for example waitlist submissions or support requests) and operational emails we send to you from [email protected] (for example alpha invites and security alerts).
Official support for FortFi LLC is [email protected]. Automated FortFi messages (alpha invites, co-signer alerts, security notices) are sent from [email protected] only. We never ask for your passkey, seed phrase, or transfer codes by email.
How we use information
- Provide, authenticate, and secure the Services, including intent review, approvals, and audit logging.
- Enforce policies, detect abuse, and investigate security incidents.
- Communicate about your account, product updates, security alerts, and legal or policy changes.
- Improve reliability and develop new features using aggregated or de-identified data where possible.
- Comply with applicable law and respond to lawful requests from authorities.
Legal bases (EEA, UK, and Switzerland)
Where applicable privacy law requires a legal basis, we rely on: (a) performance of our contract with you to provide the Services; (b) legitimate interests in securing and improving FortFi, balanced against your rights; (c) consent where required (for example, non-essential cookies or marketing); and (d) compliance with legal obligations.
How we share information
We do not sell your personal information. We share information with infrastructure and service providers that help us operate FortFi, including wallet infrastructure (Turnkey), fiat onramps (Coinbase and related CDP services), email delivery, database hosting, and blockchain data providers. These providers process data under contractual obligations and their own privacy policies. We may also disclose information if required by law, to protect rights and safety, or in connection with a merger, acquisition, or asset sale with appropriate notice where required.
International transfers
FortFi may process and store information in the United States and other countries where we or our providers operate. Where required, we use appropriate safeguards for cross-border transfers, such as Standard Contractual Clauses or equivalent mechanisms.
Retention
We retain personal information for as long as needed to provide the Services, meet legal and audit requirements, resolve disputes, and enforce agreements. Intent and audit records tied to financial activity may be kept for extended periods. Session data and routine logs are retained for shorter periods unless needed for security investigations. On-chain transaction history cannot be deleted by FortFi because public blockchains are immutable.
Security
We apply defense-in-depth practices including least-privilege access, encrypted transport, transactional writes for money-movement telemetry, and strict separation of signing keys from application servers. No security program can guarantee zero risk; you are responsible for securing your passkeys and devices.
Your rights and choices
Depending on where you live, you may have rights to access, correct, delete, restrict, or port certain personal information, and to object to or withdraw consent for specific processing. To exercise these rights, contact us at [email protected]. We may need to verify your identity before responding. Some requests may be limited where we must retain records for legal, security, or anti-fraud purposes, or where we cannot alter public blockchain data.
California residents may have additional rights under the CCPA/CPRA, including the right to know, delete, and opt out of certain sharing. We do not sell personal information as defined by the CPRA.
Children
FortFi is not directed to children under 18, and we do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us information, contact us and we will take steps to delete it.
Changes to this Policy
We may update this Privacy Policy from time to time. We will post the revised Policy on this page and update the "Last updated" date. Material changes may also be communicated by email or in-product notice where appropriate.