Privacy Policy
Effective Date: 1 January 2026 | Version 1.0 | shadow.fi
Shadow is designed as a permissionless, non-custodial platform. We collect minimal personal data. This Privacy Policy explains what data we collect, why, how it is used, and your rights in relation to it. Please read this policy carefully before using the Platform.
Table of Contents
- Who We Are
- The Permissionless Nature of Shadow
- What Data We Collect and Why
- What We Do Not Collect
- Blockchain Data and Public Ledgers
- Cookies and Analytics
- How We Use Your Data
- Legal Bases for Processing
- Data Sharing and Third Parties
- International Data Transfers
- Data Retention
- Security
- Your Rights
- Children's Privacy
- Changes to This Policy
- Complaints
1. Who We Are
Shadow operates the decentralised marketplace available at shadow.fi (the “Platform”), through which users can access and interact with the Shadow Protocol, a set of open-source smart contracts governing the issuance and trading of Shadow Tokens. Shadow Tokens are community meme coins referencing the cultural identities of private, unlisted companies. They are not investments in those companies.
References in this Privacy Policy to “Shadow”, “we”, “us”, or “our” refer to the Shadow development team responsible for operating shadow.fi and associated platform services. For data protection enquiries, contact details are published at shadow.fi as required by applicable data protection law.
Official $SHADOW Contract Address (Solana)
ApWouPoUxPgv2uLXbG2hbh9mpRv3q244D2i9wq6vpump
2. The Permissionless Nature of Shadow
Shadow is designed around a minimal-data philosophy consistent with the values of decentralised finance. The core Protocol operates without user accounts, without identity verification, and without requiring any personal information to access marketplace functionality.
You can connect a Wallet, purchase and sell Shadow Tokens, and participate in governance without providing your name, email address, or any other personal identifier to Shadow. This is intentional and reflects a fundamental design commitment to participant privacy and permissionless access.
Certain ancillary services, including the shadow.fi website, may involve limited data collection as described in this Policy.
3. What Data We Collect and Why
3.1 Data You Provide Voluntarily
Shadow does not require you to create an account or provide personal information to use the Platform. If you contact us voluntarily, we will receive and retain the information contained in your communication solely to respond to your enquiry. This data is not used for any other purpose.
3.2 Wallet Addresses
When you connect a Wallet to the Platform, your public Wallet address becomes visible to the Platform interface. A Wallet address is a pseudonymous identifier which, in some circumstances, may be associable with an identifiable individual. We treat Wallet addresses with the same care as personal data and use them solely to facilitate your interaction with the Shadow Protocol and display your token balances and transaction history.
3.3 Technical and Usage Data
When you access shadow.fi, our web infrastructure may automatically collect certain technical data, including:
- IP address, typically truncated or anonymised where technically feasible
- Browser type and version
- Operating system
- Pages visited and time spent on each page
- Referring URL
- Date and time of access
This data is collected solely to maintain the security and performance of the Platform, to diagnose technical issues, and to understand aggregate usage patterns. It is not used to identify individual users.
4. What We Do Not Collect
Shadow does not collect and has no interest in collecting:
- Your name, date of birth, or government-issued identity documents.
- Your financial account details, payment card information, or banking credentials.
- Your physical address or telephone number.
- Biometric data of any kind.
- Any information about your off-platform financial holdings, investment positions, or trading activity.
- Any information about your interest in, or views on, any private company referenced by a Shadow Token, beyond what is expressed through your on-chain trading activity, which is publicly visible on the blockchain regardless of Shadow's involvement.
Shadow's platform does not require your identity to function. The permissionless architecture is a design commitment, not a technical limitation. We collect the minimum data necessary to operate the Platform safely and nothing more.
5. Blockchain Data and Public Ledgers
All transactions executed through the Shadow Protocol are recorded on a public blockchain. Your Wallet address, transaction amounts, timestamps, and token holdings are permanently and publicly visible to anyone who queries the blockchain. This is an inherent and irrevocable characteristic of public blockchain technology that exists independently of Shadow.
Shadow has no control over blockchain data. Once a transaction is confirmed on-chain, it cannot be deleted, modified, or made private by Shadow or by you. If you require privacy in your financial transactions, you should understand the public nature of blockchain records before using the Platform.
Shadow does not sell, aggregate, or commercially exploit blockchain data associated with your Wallet address. We may use aggregated, anonymised on-chain data to understand platform usage and improve the Protocol.
A consequence of the public blockchain architecture is that your trading activity in Shadow Tokens, including which company-referenced tokens you hold or have traded, is publicly visible on-chain. Participants who wish to maintain privacy in their token holdings should be aware of this characteristic before transacting.
6. Cookies and Analytics
6.1 Cookies
Shadow.fi may use a limited number of technically necessary cookies to support Platform functionality, including session management and Wallet connection state. We do not use advertising cookies, tracking pixels, or third-party behavioural analytics cookies.
Where applicable law requires, we will request your consent before placing non-essential cookies. You can configure your browser to refuse cookies; however, this may limit certain Platform functionality.
6.2 Analytics
If we use web analytics tools on shadow.fi, we will configure them to anonymise IP addresses and will not permit analytics providers to use your data for their own purposes. We will disclose the specific analytics tools in use on our Cookie Notice page at shadow.fi.
7. How We Use Your Data
We use the limited data we collect for the following purposes only:
- Operating and maintaining the shadow.fi website and Platform interface.
- Facilitating your interaction with the Shadow Protocol, including displaying your Wallet balance and transaction history.
- Responding to communications you initiate with us.
- Monitoring and improving Platform security and performance.
- Detecting, investigating, and preventing fraudulent, abusive, or unlawful activity.
- Complying with applicable legal obligations, including responding to lawful requests from regulatory or law enforcement authorities.
- Understanding aggregate Platform usage to inform Protocol development decisions.
We do not use your data for targeted advertising. We do not sell your data to any third party. We do not build profiles of individual users for any commercial purpose.
8. Legal Bases for Processing
Where data protection law requires us to identify a legal basis for processing personal data, we rely on the following:
- Contractual necessity: processing your Wallet address and transaction data to provide the Platform services you have requested.
- Legitimate interests: collecting technical usage data to maintain and improve the security and performance of the Platform, where these interests are not overridden by your privacy rights.
- Legal obligation: processing data as required to comply with applicable law, regulatory requirements, or lawful authority requests.
- Consent: where we use non-essential cookies or similar technologies, we will rely on your consent, which you may withdraw at any time.
9. Data Sharing and Third Parties
9.1 Service Providers
We may share limited data with third-party service providers who assist us in operating the Platform, including web hosting providers, content delivery networks, and security monitoring services. These providers are contractually required to process data only on our instructions and to maintain appropriate security standards.
9.2 Blockchain Infrastructure
Interactions with the Shadow Protocol involve broadcasting transactions to public blockchain networks. Blockchain node operators, validators, and anyone with access to the public ledger will be able to see transaction data as described in Section 5.
9.3 Referenced Companies
Shadow does not share any user data with any Referenced Company. The private companies whose identities are referenced by Shadow Tokens have no access to any information about Shadow Platform participants. Shadow's use of a company's name for cultural identification purposes does not create any data-sharing relationship with that company.
9.4 Legal and Regulatory Disclosure
We may disclose data to government authorities, regulators, or law enforcement agencies where required to do so by applicable law or court order. Where legally permitted, we will notify you of such disclosure.
9.5 No Sale of Data
Shadow does not sell, rent, or trade personal data to any third party for commercial purposes. This is an absolute policy.
9.6 Business Transfers
In the event of a merger, acquisition, or transfer of Shadow's assets, user data may be transferred to the successor entity, subject to the same privacy protections described in this Policy. We will notify users of any such transfer through our Official Channels.
10. International Data Transfers
Shadow operates globally and your data may be processed in countries other than the country in which you reside. Where we transfer personal data internationally, we take steps to ensure that appropriate safeguards are in place, including standard contractual clauses approved by relevant data protection authorities where applicable.
Public blockchain transaction data is inherently global and cannot be geographically restricted. This is a characteristic of the underlying blockchain technology and not a Shadow-specific policy.
11. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law:
- Communications data: retained for up to 36 months from the date of communication, or longer if required by law.
- Technical and usage data: retained in identifiable form for up to 12 months, after which it is aggregated and anonymised.
- Wallet address data: retained for the duration of your use of the Platform and for a reasonable period thereafter for security and audit purposes.
Blockchain transaction data is permanently recorded on the public ledger and cannot be deleted by Shadow or by you.
12. Security
We implement appropriate technical and organisational measures to protect the data we hold against unauthorised access, disclosure, alteration, or destruction. These measures include encryption in transit, access controls, and regular security reviews.
No security system is impenetrable. We cannot guarantee the absolute security of any data transmitted to or stored on the Platform. You are responsible for maintaining the security of your own Wallet and private keys. Shadow has no ability to recover funds or access lost Wallets.
In the event of a data breach that is likely to result in a risk to your rights or freedoms, we will notify you and relevant supervisory authorities as required by applicable law.
13. Your Rights
Depending on your jurisdiction, you may have the following rights in relation to personal data we hold about you:
- Right of access: to request a copy of the personal data we hold about you.
- Right to rectification: to request correction of inaccurate personal data.
- Right to erasure: to request deletion of your personal data, subject to our legal retention obligations and the inherent limitations of public blockchain records.
- Right to restriction of processing: to request that we limit how we use your data in certain circumstances.
- Right to data portability: to receive your personal data in a structured, machine-readable format.
- Right to object: to object to processing based on legitimate interests.
- Right to withdraw consent: where processing is based on consent, to withdraw that consent at any time.
To exercise any of these rights, contact details are published at shadow.fi as required by applicable data protection law. We will respond within the timeframe required by law. Note that we cannot delete data that exists on a public blockchain, and we may be required to retain certain data to comply with legal obligations.
14. Children's Privacy
The Platform is not directed at individuals under the age of 18, or the age of legal majority in their jurisdiction if higher. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please use the contact details published at shadow.fi and we will take prompt steps to delete it.
15. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be announced through our Official Channels and a notice will be posted at shadow.fi. The updated Policy will be effective upon publication.
Your continued use of the Platform following the publication of an updated Privacy Policy constitutes your acceptance of those changes.
16. Complaints
If you are located in a jurisdiction with a data protection supervisory authority and you believe we have not handled your data in accordance with applicable law, you have the right to lodge a complaint with that authority.
Contact details for submitting a privacy complaint or data rights request to Shadow are published at shadow.fi. This information is maintained as required by applicable data protection law. We would appreciate the opportunity to address your concerns directly before any formal proceedings are initiated.
Shadow collects minimal data by design. We do not sell your data. Blockchain transactions are permanently public. Shadow will never contact you unsolicited. Shadow does not share user data with any Referenced Company. The only official Shadow website is shadow.fi.
shadow.fi — Privacy Policy v1.0, effective 1 January 2026. © 2026 Shadow.fi. All rights reserved.