Privacy & Data

Privacy Policy

1. Introduction

This Privacy Policy explains how FortisX (“we”, “us”, “our”) collects, uses, and protects information about you when you visit our websites, use our dashboards and APIs, interact with our staking and analytics products, or otherwise communicate with us (collectively, the “Services”).

We are committed to handling personal data responsibly and transparently. By using the Services, you acknowledge that you have read and understood this Privacy Policy.

2. Who we are and scope of this Policy

FortisX provides cloud-based infrastructure for staking analytics, validator monitoring, allocation automation, and related tooling. This Privacy Policy applies to:

  • visitors to websites operated under fortisx.fi;

  • registered users of our dashboards, APIs, and institutional products;

  • representatives of our customers, partners, and vendors who interact with us.

This Policy does not apply to on-chain data visible on public blockchains (which is openly accessible by design) or to third-party services that have their own privacy terms.

3. Information we collect

We collect the following categories of information, depending on how you interact with the Services:

  • Account and contact information
    Information you provide when you create an account or contact us, such as name, email address, organization, role, and communication preferences.

  • Usage and telemetry data
    Information about how you use the Services, such as pages visited, features accessed, time spent, logs of API requests, and interaction events within dashboards and tools.

  • Technical information
    IP address, browser type, operating system, device identifiers, language settings, and other technical data collected through server logs and similar technologies.

  • Blockchain and infrastructure data
    Public blockchain addresses, validator identifiers, staking positions, and infrastructure metadata that you configure or connect to the Services, as well as publicly available on-chain information we index or analyze.

  • Support and communication records
    Information contained in emails, tickets, or other communications with our support or account teams, including attachments and metadata.

We generally do not intend to collect special categories of personal data (such as data revealing racial or ethnic origin, political opinions, or health). Please do not submit such information to us.

4. Cookies and similar technologies

We use cookies and similar technologies to operate the Services, analyze traffic, and remember preferences. For more detail on the types of cookies we use and how you can control them, please refer to our Cookie Policy.

5. How we use your information

We use the information we collect for the following purposes:

  • to provide, operate, and maintain the Services;

  • to configure and execute analytics, monitoring, and allocation workflows set up by you;

  • to secure the Services, prevent abuse, and detect fraud or suspicious activity;

  • to analyze performance, reliability, and usage in order to improve the Services;

  • to communicate with you, including sending service-related notices and responding to inquiries;

  • to comply with legal obligations and enforce our agreements and policies.

We do not sell your personal data or use it to build profiles for third-party advertising.

6. Legal bases for processing

Where required by applicable data protection law (for example, in the European Economic Area or the United Kingdom), we rely on one or more of the following legal bases to process personal data:

  • Contract – to provide the Services and perform our obligations under our agreements with you or your organization;

  • Legitimate interests – to operate, secure, and improve the Services in a way that is proportionate and respects your rights;

  • Legal obligation – to comply with laws, regulations, and requests from competent authorities;

  • Consent – where you have given us consent for a specific purpose (for example, certain marketing communications or optional analytics).

7. How we share information

We may share information with:

  • Service providers
    Third-party vendors who provide infrastructure, analytics, security, support, communications, or other operational services. They process data on our behalf and under appropriate contractual safeguards.

  • Partners and integrators
    When you choose to connect third-party custodians, validators, exchanges, or other providers, we may share relevant configuration or telemetry as necessary to operate the integration.

  • Corporate transactions
    In connection with a merger, acquisition, restructuring, or sale of assets, where permitted by law and with appropriate protections.

  • Legal and regulatory
    Where required by law, regulation, court order, or a competent authority, or where we believe disclosure is reasonably necessary to protect our rights, users, or the public.

We do not sell personal data to third parties.

8. International data transfers

Because FortisX operates infrastructure and uses service providers in multiple jurisdictions, your information may be processed in countries other than the one in which you reside. These countries may have data protection laws that differ from those in your jurisdiction.

Where required by law, we put in place appropriate safeguards for international transfers, such as standard contractual clauses approved by relevant authorities.

9. Data retention

We retain personal data for as long as necessary to fulfil the purposes described in this Privacy Policy, including:

  • for the duration of your account or relationship with FortisX;

  • for as long as we provide the Services to your organization;

  • for any period required by applicable law, regulation, or contractual obligation;

  • for a limited period thereafter to resolve disputes, enforce agreements, and maintain security logs.

When data is no longer needed, we will delete or anonymize it in accordance with our retention policies.

10. Your rights

Depending on your location and applicable law, you may have certain rights in relation to your personal data, such as:

  • the right to access the personal data we hold about you;

  • the right to request correction of inaccurate or incomplete data;

  • the right to request deletion of your data in certain circumstances;

  • the right to object to or restrict certain types of processing;

  • the right to withdraw consent where processing is based on your consent;

  • the right to receive a copy of your data in a structured, commonly used format (data portability), where applicable.

To exercise your rights, please contact us using the details in section 13. We may need to verify your identity before responding. You also have the right to lodge a complaint with a supervisory authority if you believe your rights have been violated.

11. Security

We use technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include access controls, encryption in transit and at rest where appropriate, monitoring, and internal security policies.

No system can be completely secure. You are responsible for maintaining the security of your own systems, credentials, and wallets, and for promptly notifying us of any suspected compromise related to the Services.

12. Children’s privacy

The Services are not directed to individuals under 18 years of age, and we do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us so that we can take appropriate action.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in technology, legal requirements, or our practices. When we make material changes, we will update the “Last updated” date below and may provide additional notice (for example, via the site or by email).

12. Contact

If you have questions about this AML/KYC Policy or how FortisX manages compliance, please contact us at [email protected].

Last updated: 14 Nov 2025

Legal & compliance contact

Legal and compliance enquiries

For information regarding the FortisX group corporate structure or access to additional legal documentation, please contact the legal and compliance team.

We use cookies to operate the site, analyze traffic, and remember your preferences. You can change settings at any time.
Learn More