Controller and contact
The controller is DolomiteByte, Alpenstraße 1, 6020 Innsbruck, Austria, operator of AssetFable. Privacy and legal contact: contact@dolomitebyte.com. Product support: support@assetfable.com.
Where no separate data protection officer is named, you can use this address for access, deletion, objection, withdrawal, portability, correction, and other privacy requests.
Scope
This policy applies to assetfable.com, www.assetfable.com, app.assetfable.com, the AssetFable Android app, PWA functionality, support communications, public social links, Premium and billing flows, wallet and exchange features, on-chain proofs, push notifications, community features, AssetFable Earn, and the AssetFable Beta Badge on Base Mainnet.
When you open external services such as app stores, payment providers, wallets, blockchains, exchanges, on-ramp providers, swap routers, marketplaces, explorers, or social platforms, their own privacy terms also apply.
Legal bases and principles
We process data for specific purposes and only where a legal basis applies. For users in the European Economic Area, legal bases include contract performance and pre-contractual steps, legitimate interests in security, fraud prevention, product operation and support, legal obligations, and consent where a feature requires it.
AssetFable does not sell personal data to data brokers. AssetFable currently does not use third-party marketing analytics or cross-site advertising cookies on the public website. If those features are introduced, this policy must be updated first and consent will be requested where required.
Website, device, and log data
When you use the website or app, we may process IP address, timestamps, URL, referrer, browser, operating system, device class, language, crash and security events, server responses, and similar technical data. Purposes include delivery, load balancing, abuse prevention, troubleshooting, security, and evidence of lawful use.
The public website is operated with Next.js/Vercel. App backends and databases are provided through Supabase. These providers may process technical operational data as processors or independent providers depending on the context.
Account, login, and profile
For accounts, AssetFable processes data depending on the login method, including email address, password-related hashes, Supabase user ID, OAuth IDs and profile data from Google, Discord, X, or Apple if offered, phone/SMS/MFA data if enabled, wallet identities, signature proofs, session tokens, roles, language, currency, portfolio tier, admin status, timestamps, and security events.
Profile features may store username, display name, avatar, preferred currency, language, theme, social links, feature request activity, votes, support history, and in-app settings. Avatars may be selected through camera, gallery, or file upload and stored as profile images.
Wallets, blockchains, and portfolio data
When you connect wallets or add addresses, AssetFable processes public wallet addresses, networks, signatures, chain IDs, token, NFT, DeFi, transaction, balance, price, floor, metadata, refresh, and error data. Supported or connected ecosystems may include Ethereum, Base, Polygon, Optimism, Arbitrum, BNB Chain, Monad, Solana, and Bitcoin.
For enrichment and updates, AssetFable may use providers such as Alchemy, Helius, Zerion, CoinGecko, OpenSea, Magic Eden, PancakeSwap NFT, DexScreener, Moralis, API Ninjas, eBay, Pyth, Chainlink, PublicNode, BaseScan/Etherscan/Blockscout-compatible explorers, The Graph-compatible endpoints, IPFS gateways, and Pinata. Public blockchain data is public, persistent, and not deletable by AssetFable. Deletion at AssetFable removes internal links but cannot remove on-chain records.
Exchange connections
If you connect exchanges, AssetFable processes read-only API credentials, provider, connection status, validation responses, balances, holdings, subaccounts, snapshots, sync timestamps, error messages, and audit events. Current provider flows may include Bitpanda, Binance, Coinbase, and OKX.
API credentials are encrypted and stored through Supabase Vault or server-side security mechanisms. AssetFable does not request withdrawal or trading permissions. You are responsible for granting read-only permissions only and revoking credentials with the exchange when appropriate.
Premium, payments, and subscriptions
For Premium, AssetFable processes plan, price, currency, billing period, status, purchase channel, Stripe customer, checkout, subscription and portal IDs, Google Play product, purchase token, order, expiry and status data, and events for activation, renewal, cancellation, payment failure, refunds, and tax/accounting compliance.
Card data, payment instruments, app-store billing, and KYC data are generally processed by payment and platform providers such as Stripe, Google Play, and Apple if later offered. AssetFable does not store full credit card numbers.
Buy, swap, and third-party transactions
Buy and swap features may process wallet address, asset, network, amount, fiat currency, quote, route, slippage, provider, checkout URL, transaction hash, status, fee, and integration metadata. Possible providers include Transak, MoonPay, OKX, 0x, LI.FI, and Jupiter.
KYC, payment processing, execution, sanctions screening, and regulatory checks are handled by the relevant third-party providers or wallets. Token search, token discovery, quote context, and market data may also rely on CoinGecko, DexScreener, Moralis, or RPC/explorer data sources. AssetFable is not a custodian, broker, exchange, financial adviser, or payment institution and does not control blockchain transactions signed by you.
Graded cards, market data, and collections
For graded-card features, AssetFable may process card name, certification numbers, grading company, condition, images, purchase prices, market values, sold-listing data, eBay references, collection assignment, favorites, watchlists, and portfolio history.
Market data, floors, prices, listings, and analytics may be incomplete, delayed, or inaccurate. They are for portfolio display and not binding valuation, tax, legal, or investment advice.
Push notifications and local storage
If you enable notifications, AssetFable processes web-push subscriptions, FCM or native push tokens, token hashes, platform, user agent, locale, delivery status, preferences, and notification history. On Android, Firebase Cloud Messaging may be used.
Browser or device storage may contain sessions, Supabase auth tokens, PKCE data, theme, language, sidebar state, install prompts, wallet connector state, and push tokens. You can remove local data through browser, app, or operating-system controls; this may log you out or disable features.
Beta Badge, IPFS, and public proofs
The AssetFable Beta Badge is a soulbound ERC-721/ERC-5192 badge on Base Mainnet with limited supply. For minting, eligibility, and display, AssetFable may process wallet address, signature, mint status, transaction hash, contract events, BaseScan/OpenSea links, and IPFS metadata.
The contract, wallet addresses, transaction data, and ownership proofs are public. AssetFable can remove internal displays or links, but it cannot reverse lawful blockchain records.
Recipients and international transfers
Depending on the feature, data may be shared with hosting, database, auth, payment, app-store, wallet, blockchain, market-data, push, support, security, legal, and infrastructure providers. This includes Supabase, Vercel, Stripe, Google/Firebase/Google Play, Apple where relevant, Twilio or other SMS/MFA providers where enabled, Alchemy, Helius, Zerion, CoinGecko, OpenSea, Magic Eden, PancakeSwap NFT, DexScreener, Moralis, eBay, API Ninjas, Pyth, Chainlink, PublicNode, WalletConnect/Reown, wallet apps, Transak, MoonPay, OKX, 0x, LI.FI, Jupiter, Discord, X, Instagram, TikTok, YouTube, BaseScan/Etherscan/Blockscout-compatible explorers, The Graph-compatible endpoints, Pinata, and IPFS gateways.
Providers may be located outside your country, including in the United States. Where required, we use standard contractual clauses, adequacy decisions, Data Privacy Framework certifications, processing agreements, or other applicable transfer mechanisms. Some public blockchain or third-party transactions are initiated directly by you and are technically visible worldwide.
Retention
Account, profile, portfolio, and connection data is generally stored while your account exists or the feature is needed. Exchange credentials are revoked and removed on a best-effort basis when you disconnect the exchange or delete your account. Push data is deleted or disabled when you disable notifications, tokens become invalid, or your account is deleted.
Billing, tax, accounting, security, and legal defense records may be kept longer where required by law or legitimate interests. Backups are overwritten on technical cycles. Public blockchain data, app-store records, payment-provider logs, and third-party data follow the respective systems and retention rules.
Your rights
Depending on applicable law, you may have rights to access, correction, deletion, restriction, portability, objection, withdrawal of consent, and complaint to a supervisory authority. In Austria, the Datenschutzbehörde is available at dsb.gv.at.
For California/US users, rights may also include rights to know, access, delete, correct, opt out of sale or sharing, limit certain sensitive personal information, and non-discrimination. AssetFable does not sell personal data and currently does not share personal data for cross-context behavioral advertising. We may verify requests and may deny or limit them where lawful, including for legal retention, security evidence, or rights of others.
Children, security, and changes
AssetFable is not directed to children. Because of crypto, wallet, exchange, and payment features, you may use the service only if you are of legal age or otherwise validly able to consent under applicable law. If we learn that a child provided data without required consent, we will delete or restrict it after reasonable review.
We use appropriate technical and organizational measures, including encrypted transport, access controls, server-side secret handling, Vault storage, logging, and data minimization. No system is perfectly secure. We may update this policy when features, providers, or laws change; material changes will be communicated appropriately.