legal / vimen.org
Privacy Policy
Last updated: July 12, 2026
1. Scope of This Policy
This Privacy Policy (this “Policy”) describes how the operators of the Vimen website and interface (“Vimen,” “we,” “us,” or “our”) collect, use, disclose, and otherwise process information in connection with your use of vimen.org, app.vimen.org, docs.vimen.org, and any related subdomains (collectively, the “Site”). This Policy applies solely to the Site. It does not apply to the Vimen protocol smart contracts, which are autonomous software on a public blockchain, nor to any third-party website, wallet, application, or service that you may access through the Site, including the systems of Robinhood Assets (Jersey) Ltd, each of which is governed by its own privacy practices. By using the Site, you acknowledge the practices described in this Policy.
2. Our Approach: Data Minimization by Design
The Site is designed to operate with as little personal data as practicable. We do not require you to create an account, and we do not request or store your name, postal address, telephone number, date of birth, government identifier, photograph, or financial account details in order for you to browse the Site. Interaction with the protocol is performed through a self-custodial wallet that you control; we never receive your private keys, seed phrases, or wallet credentials, and we have no technical means of obtaining them.
3. Data We Do Not Collect
For the avoidance of doubt, we do not collect: (a) know-your- customer or identity verification documentation; (b) biometric information; (c) special categories of personal data within the meaning of Article 9 of the EU General Data Protection Regulation (“GDPR”); (d) precise geolocation such as GPS coordinates; (e) the contents of your communications with third parties; or (f) advertising identifiers for cross-site behavioral profiling. We do not sell personal data, we do not rent personal data, and we do not share personal data with third parties for their own direct marketing purposes.
4. On-Chain Data Is Public and Permanent
When you interact with the protocol, your wallet address, transaction amounts, transaction timestamps, token balances, and related metadata are recorded on Robinhood Chain (chain id 4663), a public, distributed, append-only ledger. Such information: (a) is broadcast to and replicated by network participants worldwide; (b) is publicly visible to anyone, including through block explorers and analytics services; (c) is permanent and cannot be altered, deleted, or anonymized by us or by anyone else; and (d) may, in combination with other information, permit third parties to draw inferences about you. We do not control the blockchain and cannot effect the erasure, rectification, or restriction of on-chain data. You should assume that anything you write to a public blockchain is irrevocably public, and you accept this as an inherent characteristic of the technology.
5. Data We May Process Automatically
Like substantially all websites, our hosting and content delivery infrastructure may automatically process certain technical data when you access the Site, including: (a) your IP address; (b) browser type and version; (c) operating system and device characteristics; (d) referring URLs; (e) pages viewed and the dates and times of access; and (f) diagnostic information such as error logs and response times. Such data is processed for the purposes of serving content, maintaining security, preventing abuse, and diagnosing technical faults, and is retained only for so long as reasonably necessary for those purposes.
6. Site Analytics
If and to the extent we deploy analytics on the Site, we use, or will endeavor to use, privacy-preserving, aggregate measurement that does not build individual profiles, does not track you across unrelated websites, and does not rely on persistent cross-site identifiers. Analytics data is used solely to understand aggregate usage of the Site (for example, page view counts and approximate country-level traffic distribution) and to improve the Site. Where consent is required by applicable law for any analytics technology, such technology will not be activated absent that consent.
7. Geolocation Checks for Geoblocking
The interface at app.vimen.org performs jurisdiction checks in order to enforce the access restrictions described in the Geoblock Notice, including restrictions applicable to US persons and to persons in sanctioned jurisdictions. These checks: (a) derive an approximate, country-level or region-level location from your IP address at the time of your visit; (b) may record the fact that an access attempt from a restricted jurisdiction was blocked, together with the IP address, timestamp, and coarse location associated with the attempt, for compliance evidencing purposes; and (c) may include your self-certification of eligibility. We do not use geolocation data for advertising or profiling. Geoblocking records are retained only as long as reasonably necessary to demonstrate compliance with applicable restrictions.
8. Cookies and Local Storage
The Site uses, at most, strictly necessary cookies and browser localStorage entries required for the Site to function, such as: (a) session integrity and security tokens; (b) interface preferences (for example, display settings and dismissed notices); and (c) a record of eligibility self-certification. These items do not track you across other websites. We do not use third-party advertising cookies. You can clear or block cookies and localStorage through your browser settings; however, doing so may impair the functioning of the interface, including the eligibility flow.
9. Third-Party Infrastructure Processors
We rely on a small number of third-party service providers to operate the Site, which may process technical data described in Sections 5 through 8 on our behalf, including: (a) web hosting and content delivery network providers; (b) domain name system and TLS certificate providers; (c) IP-geolocation database or lookup providers used for the checks described in Section 7; and (d) remote procedure call (RPC) node providers that relay blockchain queries and transactions, which necessarily receive your IP address and the wallet addresses and transaction data you query or broadcast. Each such provider processes data under its own terms and, where applicable, under data processing agreements. We select providers with regard to their security and privacy practices, but we do not control them.
10. Legal Bases for Processing (EEA, UK, and Similar Regimes)
Where the GDPR, the UK GDPR, or a similar law applies, we process personal data on the following legal bases: (a) legitimate interests (Article 6(1)(f) GDPR) in operating, securing, and improving the Site, in preventing abuse, and in understanding aggregate usage, balanced against your rights and freedoms; (b) compliance with legal obligations (Article 6(1)(c) GDPR), including sanctions compliance and the enforcement and evidencing of jurisdictional access restrictions; (c) consent (Article 6(1)(a) GDPR), where required for particular technologies, which you may withdraw at any time with effect for the future; and (d) where relevant, performance of a contract (Article 6(1)(b) GDPR) in providing the Site to you under the Terms of Use.
11. Your Rights
Depending on your jurisdiction, you may have rights to: (a) request access to personal data we hold about you; (b) request rectification of inaccurate data; (c) request erasure of data; (d) request restriction of, or object to, processing; (e) request portability of data you provided; (f) withdraw consent where processing is based on consent; and (g) lodge a complaint with a supervisory authority, including, in the EEA, the authority of your habitual residence. You may exercise these rights by contacting us as set out in Section 16. Please note that these rights apply to data we hold; as described in Section 4, we are unable to erase, rectify, or restrict data recorded on a public blockchain, because no one can.
12. Data Retention
We retain the limited data we process only for as long as reasonably necessary for the purposes described in this Policy: (a) infrastructure and security logs are retained for short, rolling periods consistent with industry practice; (b) geoblocking and compliance records are retained for as long as reasonably necessary to evidence compliance with applicable restrictions or to establish, exercise, or defend legal claims; and (c) correspondence you send us is retained for as long as needed to respond and to maintain a record of the exchange. When data is no longer needed, it is deleted or irreversibly aggregated.
13. International Transfers
The Site is served globally, and the providers described in Section 9 may process data in jurisdictions other than your own, including jurisdictions that have not been the subject of an adequacy determination. Where required by applicable law, we rely on appropriate safeguards for such transfers, such as standard contractual clauses adopted by the European Commission or equivalent mechanisms, together with supplementary measures where appropriate. By its nature, data broadcast to a public blockchain is replicated worldwide without restriction, and no transfer safeguard applies or can apply to it.
14. Children
The Site is not directed to children, and persons under the age of eighteen (18), or the age of majority in their jurisdiction if higher, are not permitted to use the Site under the Terms of Use. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us and we will take reasonable steps to delete it.
15. Changes to This Policy
We may update this Policy from time to time to reflect changes in our practices, technologies, or legal requirements. The updated Policy will be posted on this page with a revised “Last updated” date, and material changes may be highlighted on the Site. Your continued use of the Site after an update constitutes acknowledgment of the revised Policy.
16. Contact
Questions, requests, and complaints concerning this Policy or our data practices may be directed to @vimenprotocol on X. We will respond within any timeframe required by applicable law and, in any event, without undue delay.