Blocksfolio

Effective Date: October 25, 2025

Welcome to Blocksfolio ("Service"), operated by BlocksForge ("we," "us," or "our"). This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our Service. By accessing or using Blocksfolio, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

We are committed to protecting your privacy and being transparent about our data practices. This Privacy Policy applies to all users of Blocksfolio and covers both personal information you provide directly and data we collect automatically through your use of the Service.

1. Information We Collect

1.1 Information You Provide Directly

• Wallet Address: When you connect your wallet to Blocksfolio, we collect and store your XPR Network wallet address (e.g., XPR wallet address). This is required to provide the Service and track your DeFi positions.
• Email Address: You may optionally provide an email address to enable notification features such as loan health alerts and subscription expiry notifications. Email addresses are stored securely and used solely for the purposes you authorize.
• User Preferences and Settings: We store your preferences including notification settings, loan health thresholds, notification interval preferences, pinned tab preferences, and other user-configurable settings to provide a personalized experience.
• Terms of Service Acceptance: We record the date and time when you accept our Terms of Service.

1.2 Information We Collect Automatically

• On-Chain Data: We automatically query and aggregate publicly available blockchain data associated with your connected wallet address, including:
  • Lending and borrowing positions (supplied assets, borrowed assets, collateral, interest accrued)
  • Transaction history (deposits, withdrawals, borrows, repays, liquidations)
  • Token holdings and balances
  • Reward token balances (e.g., unclaimed LOAN rewards on lending platforms)
  • Loan health metrics and borrowing power calculations
  • Historical APY and APR data for your positions
  • Earned interest and yield over time
• Usage Data: We collect information about how you interact with the Service, including pages visited, features used, time spent, navigation patterns, and user interactions. This data helps us improve the Service and understand user behavior.
• Device and Technical Information: We may collect device type, browser type and version, operating system, IP address (anonymized when possible), screen resolution, and other technical data for analytics and security purposes.
• Cookies and Session Data: We use secure, httpOnly cookies to maintain user sessions and authentication state. Session cookies are necessary for the Service to function and expire after a defined period or when you log out.

1.3 Information from Third-Party Sources

• Blockchain and Protocol Data: We collect data from the XPR Network blockchain, DeFi protocol smart contracts, oracle services, blockchain explorers, indexers, and other third-party data providers to aggregate and display your DeFi portfolio information.
• Price Data: We collect token price data from oracle services and data providers to calculate USD values, portfolio values, and APY/APR metrics.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and Deliver the Service: To operate Blocksfolio, display your DeFi portfolio data, track lending and borrowing positions, calculate earnings and APY, provide analytics and visualizations, and deliver the core functionality of the Service.
• Process Transactions and Subscriptions: To process subscription payments, verify payment transactions on the blockchain, manage your subscription status, and maintain subscription records.
• Send Notifications: To send email notifications based on your configured preferences, including loan health alerts, subscription expiry reminders, and other service-related notifications. You control which notifications you receive and can opt out at any time.
• Personalization: To remember your preferences, settings, pinned tabs, notification configurations, and other user-specific customizations to provide a tailored experience.
• Analytics and Improvement: To analyze usage patterns, understand how users interact with the Service, identify bugs and issues, improve features and functionality, optimize performance, and develop new features.
• Security and Fraud Prevention: To protect against fraud, abuse, unauthorized access, and security threats; to verify transactions and detect suspicious activity; and to enforce our Terms of Service.
• Legal and Compliance: To comply with applicable laws, regulations, legal processes, and government requests; to respond to law enforcement or regulatory inquiries; and to protect our rights, property, and safety, as well as those of our users and the public.
• Communications: To send you service-related announcements, updates, security alerts, technical notices, and administrative messages. These communications are necessary for the Service and you cannot opt out of them while using Blocksfolio.

3. How We Store and Protect Your Information

3.1 Data Storage

• Database Storage: Your personal information, including wallet addresses, email addresses, user preferences, subscription data, and aggregated DeFi position data, is stored securely in our database.
• Data Location: Data is stored on secure servers. By using the Service, you consent to the transfer and storage of your information in these locations.
• Data Retention: We retain your personal information for as long as your account is active or as needed to provide the Service. Historical portfolio data may be retained to provide historical analytics even after account closure, unless you request deletion.

3.2 Security Measures

We implement industry-standard security measures to protect your information, including:

• Encryption of data in transit using HTTPS/TLS
• Secure, httpOnly cookies with appropriate security flags (secure, sameSite)
• Session encryption using industry-standard JWT (JSON Web Tokens) with secure cryptographic algorithms
• Access controls and authentication mechanisms
• Regular security assessments and monitoring
• Secure coding practices and vulnerability testing

4. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We may share your information in the following limited circumstances:

• Service Providers: We may share information with trusted third-party service providers who assist us in operating the Service, such as hosting providers, email service providers (for sending notifications), analytics providers, and payment processors. These providers are contractually obligated to protect your information and use it only for the services they provide to us.
• Blockchain Queries: Your wallet address is used to query publicly available blockchain data. This involves interacting with blockchain networks, smart contracts, and third-party blockchain data providers. Information on public blockchains is inherently public and visible to anyone.
• Legal Requirements: We may disclose your information if required by law, legal process, court order, subpoena, or government request; to enforce our Terms of Service; to protect our rights, property, or safety, or those of our users or the public; or as part of legal proceedings.
• Business Transfers: If BlocksForge is involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on the Service before your information is transferred and becomes subject to a different privacy policy.
• With Your Consent: We may share your information for other purposes with your explicit consent.

5. Blockchain and Public Data

6. Your Privacy Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

6.1 Access and Portability

You have the right to request access to the personal information we hold about you and, in certain circumstances, to receive a copy of that information in a portable format.

6.2 Correction and Update

You can update your email address and notification preferences directly through the Service settings. If other information is inaccurate or needs updating, please contact us.

6.3 Deletion

You have the right to request deletion of your personal information, subject to certain legal exceptions (e.g., we may need to retain certain information for legal, tax, or accounting purposes). Deleting your account will remove your personal information from our active systems, but on-chain data will remain on the blockchain indefinitely.

6.4 Opt-Out of Email Notifications

You can disable email notifications at any time through the Service settings. You can control loan health alerts, subscription notifications, and other optional notifications. Note that you cannot opt out of essential service-related communications required for the Service to function (e.g., security alerts).

6.5 Data Portability and Withdrawal

You can disconnect your wallet and stop using the Service at any time. This will prevent further data collection, but previously collected data will be retained according to our retention policies unless you request deletion.

6.6 How to Exercise Your Rights

To exercise any of these rights, please contact us at https://www.blocksforge.com/contact. We will respond to your request within a reasonable timeframe and in accordance with applicable data protection laws.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to provide, secure, and improve the Service:

• Essential Cookies: Session cookies are required for authentication, security, and core functionality. These cookies are httpOnly, secure, and cannot be disabled without preventing the Service from functioning. Session cookies expire after 10 years or when you log out.
• Analytics Cookies: We may use analytics tools to understand usage patterns and improve the Service. These may include first-party or third-party analytics services.
• Preference Cookies: We store user preferences (such as pinned tabs, notification settings) locally to provide a personalized experience.

Most browsers allow you to control cookies through settings. However, disabling essential cookies will prevent you from using the Service.

8. Third-Party Links and Services

The Service may contain links to third-party websites, DeFi protocols, blockchain explorers, and other services. We are not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third-party services you interact with. This Privacy Policy applies only to Blocksfolio.

9. Children's Privacy

Blocksfolio is not intended for use by individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will take steps to delete such information.

10. International Users and Data Transfers

Blocksfolio is operated globally, and your information may be transferred to, stored in, and processed in countries other than your country of residence. These countries may have different data protection laws than your jurisdiction. By using the Service, you consent to the transfer of your information to these countries. We take steps to ensure that your information receives an adequate level of protection wherever it is transferred.

11. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy, including:

• Account Data: Retained while your account is active and for a reasonable period after account closure to comply with legal obligations and resolve disputes.
• Transaction and Subscription Data: Retained for accounting, tax, and legal compliance purposes (typically 7-10 years after the transaction).
• Historical Portfolio Data: May be retained to provide historical analytics and visualizations. You can request deletion of this data.
• Usage and Analytics Data: Typically retained in anonymized or aggregated form for analytics purposes.

When information is no longer needed, we will securely delete or anonymize it. Please note that on-chain data is permanent and cannot be deleted from the blockchain.

12. Email Security and Privacy Risks

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service features. When we make material changes, we will notify you by email (if you have provided one) and/or by posting a prominent notice on the Service. Changes become effective immediately upon posting. Your continued use of the Service after changes are posted constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request information about the personal information we collect, use, disclose, and sell (though we do not sell personal information).
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out: You have the right to opt-out of the "sale" of personal information. However, we do not sell personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, please contact us using the information below. We will verify your identity before processing your request.

15. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

• Legal Basis for Processing: We process your personal information based on: (1) performance of a contract (to provide the Service), (2) legitimate interests (to improve and secure the Service), (3) consent (for optional features like email notifications), and (4) legal obligations.
• Rights: You have the right to access, rectify, erase, restrict processing, object to processing, and data portability. You also have the right to withdraw consent and lodge a complaint with a supervisory authority.

To exercise these rights, please contact us using the information below.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: