Privacy Policy

Last updated: May 29, 2026

General information 

In this privacy policy (“Policy”), you will find information regarding the processing of personal data that Medium Rare Foundation, a foundation established in Panama (“we” or “our company”) processes as a data controller with you as a data subject (“you”). 

This Policy is intended to provide a clear and transparent overview of our data processing practices across multiple jurisdictions. Certain provisions of this Policy may therefore apply only to individuals located in specific jurisdictions, in particular where you are protected under the GDPR or under applicable U.S. privacy laws (such as the CCPA or other comprehensive consumer privacy laws in various U.S. states). We have included these provisions to align our practices with internationally recognized data protection standards. Where a specific section applies only to certain jurisdictions, this will be indicated in the relevant part of the Policy.

We implement appropriate technical and organizational measures to protect your Personal Data. In the event of a Personal Data breach that is likely to result in a risk to your rights and freedoms, we may notify you and the relevant supervisory authority as required by applicable law.

Each third-party protocol or decentralized application (dApp) you interact with is an independent data controller. We are not responsible for the privacy practices of such third parties, and their processing of your data is governed by their respective privacy policies.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Policy:

TL;DR version

  1. visit our Website, or any website of ours that links to this Policy; 
  2. use our Services; 
  3. engage with us in other related ways, including any sales, marketing, or events.

1. What personal information do we collect?

We process various categories of Personal Data about you, for various purposes. These categories are: 

Personal identification information

If you participate in a survey or usability study, we may record any identification and contact details you voluntarily provide (such as your name, email address, or job title), as well as your responses and engagement with the survey or study.

We may store communications you send to us via email, social media, or other channels (e.g., Twitter or Discord), including submissions made through surveys, forms, or questionnaires.

Wallet addresses or blockchain records are collected while connected and the analytical tools might collect your Device Internet Protocol address. To comply with legal obligations and protect the Services from fraud or illicit activity, we may work with external service providers who may obtain information related to your wallet address or transactions conducted through the Services. These records are inherently public, self-generated, and not issued or assigned by us or any central authority, and they do not inherently identify any natural person.

Legal basis: Processing is necessary for the performance of a contract (your use of the Service).

Data retention time: For the duration of your interaction with the Service and for a period thereafter, and in any event no longer than 2 years after your last interaction.

Usage Data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When you access the Service by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

We may also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device. 

Legal basis: Processing is based on our legitimate interests in analyzing and improving our Service.

Data retention period: For the necessary period for such purposes, and in any event no longer than 3 months, unless a longer retention period is required for security fraud prevention or technical stability purposes.

The Services are not intended for individuals under the age of 18 (or any other age required by local law), and we do not deliberately gather Personal Information from children. 

If we need to rely on consent as a legal basis for processing your information and your country requires consent from a parent, we may require your parent's consent before we collect and use that information.

2. How do we use data collected?

We use your Personal Data for several business purposes such as providing our Services, carrying out administrative tasks and promoting our products and Services, as detailed below:

3. How do we disclose data collected?

The following are the types of third parties that we may share your information with:

4. Duration of Personal Data storage or criteria for storage

We retain Personal Data only for as long as necessary for the purposes for which it was collected. For specific retention periods, where applicable, please refer to section 1 (What personal information do we collect), where each purpose is matched with its corresponding retention timeframe. 

Please note that in some circumstances we may store your Personal Data for longer periods of time, for example (i) where we are required to do so under applicable legal, regulatory, tax or accounting requirements, (ii) to maintain an accurate record of your interactions with us in the event of any complaints, (iii) where we reasonably expect there would be investigation or litigation in relation to your Personal Data, or (iv) in order to detect, investigate, prevent, or stop fraudulent, unauthorized, or illegal activities, to address security vulnerabilities or technical issues, and to protect our Users and the broader ecosystem. After expiry of the relevant retention period, Personal Data will be deleted or anonymized where feasible.

5. Newsletter opt-out option 

If you provide us with your email address and consent, we may occasionally send you newsletters to keep you informed about updates and new features. 

If you wish to opt-out of receiving our newsletters, you may withdraw your consent at any time by clicking on the unsubscribe link included in each email. You may also withdraw your consent by contacting us at [email protected]

6. International data transfers

Due to the global nature of our Services, your Personal Data may be transferred to and processed in countries outside your jurisdiction, including outside the EEA and the United States.

Transfers relating to individuals in the EEA

If you are located in the EEA, we ensure that any transfer of your Personal Data outside the EEA is carried out in compliance with GDPR. In particular, we rely on one or more of the following safeguards, as appropriate:

Transfers relating to individuals outside the EEA

If you are located outside the EEA, your Personal Data may be transferred to countries (including out of the United States) other than your country of residence for the purpose of provision of the Services and customer support. 

For more information about the safeguards we use for international data transfers, please contact us using the details provided in this Policy. 

7. What are your rights?

The following rights shall apply to individuals located in the EEA.  If you wish to exercise any of your rights, please contact us by e-mail at [email protected]. However, due to the inherent nature of the blockchain, any Personal Data recorded on the blockchain (such as your transaction history associated with a wallet address) cannot be edited, corrected, restricted, or deleted. You acknowledge and agree that your relevant rights under the GDPR or similar laws do not extend to information permanently recorded on the public blockchain.

If we process your Personal Data based on your consent, you have the right to withdraw your consent at any time, including consent to receive newsletters. You can withdraw your consent by contacting us at [email protected].

You have the right to access the Personal Data we process about you, including information on the purposes of processing, categories of data, recipients, retention periods, and whether we use automated decision making. 

You have the right to request correction or completion of inaccurate or incomplete Personal Data.

You have the right to request deletion of your Personal Data, subject to legal exceptions. 

You have the right to request restriction of processing where applicable.

You have the right to receive Personal Data you provided to us in a structured, commonly used and machine-readable format and to request transmission to another controller where technically feasible. 

You have the right to object to processing of your Personal Data.  

You can make a complaint by contacting your local Office for Personal Data Protection, you can find your local Office for Personal Data Protection according to your country of residence in the list of Personal Data Protection Competent Authorities available here https://digital-strategy.ec.europa.eu/en/library/list-personal-data-protection-competent-authorities

The following rights shall apply to individuals protected by applicable U.S. privacy laws (such as the CCPA and comprehensive consumer privacy laws in other U.S. states). If you wish to exercise any of your rights, please contact us by e-mail at [email protected]

You have the right to know whether we process your Personal Information, and to access such information, including categories, sources, purposes, disclosures and whether it has been sold or shared.

You have the right to request correction of inaccurate Personal Information. 

You have the right to request deletion of your Personal Information, subject to legal exceptions. 

You have the right to request a copy of your Personal Information in a portable format.

You have the right to opt-out of the sale or sharing of Personal Information and targeted advertising, where applicable. 

You have the right not to be discriminated against for exercising your privacy rights. 

If we deny your request, you may appeal our decision. 

You may lodge a complaint with relevant authorities such as the Federal Trade Commission, state attorney general, or other applicable authority, depending on the nature of the issue. We ask you to please attempt to resolve any issues with us before you contact your local supervisory authority and/or relevant institution. 

8. Additional information under GDPR

We may use profiling based on your on-chain activity to analyze and optimize the Service. However, we do not carry out automated decision-making, including profiling, that produces legal or similarly significant effects on you.

We have not appointed a data protection officer as we do not currently consider that we are required to do so under applicable data protection laws.

9. Specific provisions under applicable U.S. state privacy laws 

This Policy details the categories of Personal Information we collect and process, the categories of sources from which we obtain it, the purposes for its collection and processing, the categories of Personal Data we disclose to third parties for our operational business purposes, as well as our practices regarding data retention and deletion (please see sections 1-5). 

We do not sell your Personal Information in exchange for monetary compensation. However, we use targeting cookies to enhance your browsing experience by providing personalized ads and analytics (please see section 10) which may constitute “sharing” of Personal Information under applicable U.S. privacy laws. To opt-out of such uses of your Personal Data, you may contact us using the contact details provided in this Policy or exercise your preferences through any available consent management tools or privacy controls we may make available from time to time. We do not currently implement automated recognition of browser-based opt-out preference signals, such as Global Privacy Control (GPC). However, you may exercise your opt-out rights at any time by contacting us, and we will process such requests in accordance with applicable privacy laws. We will not unlawfully discriminate against you for exercising your rights under applicable privacy law. 

You may have certain rights under applicable law regarding your Personal Data. These rights are set forth above in the section 7 “What are your rights?”. If you have questions or wish to exercise your rights under applicable privacy laws, please contact us using the details provided in this Policy. We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the Personal Data subject to the request. We may need to request additional Personal Data from you, such as your account email address where applicable, in order to verify your identity and protect against fraudulent requests. If you make a request to delete, we may ask you to confirm your request before we delete your Personal Data. We will respond to your request within timeframes required by applicable law (generally within 45 days). If you have a complex request, applicable law may allow us up to 90 days to respond. We will still contact you within 45 days from when you contacted us to let you know we need more time to respond. 

If we decline to take action on a request that you have submitted, we will inform you of our reasons for doing so, and provide instructions for how to appeal the decision. Depending on your state of residence you may have the right to appeal within a reasonable period of time after you have received our decision. If you have this appeal right, within the timeframe required under applicable law of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If we deny your appeal, we will provide you with a method for contacting your state attorney general’s office to submit a complaint to the extent required by applicable law.

Other California Privacy Rights 

Additional information for California residents regarding their privacy rights under the CCPA is included in this Policy. The CCPA permits you, as a California resident, to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send an email to [email protected].

Do Not Track Notice: 

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not currently respond to or honor DNT signals or similar mechanisms transmitted by web browsers except as required by applicable law.

10. Tracking technologies and Cookies 

We use Cookies and similar tracking technologies to track the activity on our Service and Website and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service. The technologies we use may include:

We use both Session and Persistent Cookies for the purposes set out below:

For more information about the cookies we use and your choices regarding cookies, please visit section 14 (Cookies).

11. Links to other websites

Our Service may contain links to other websites that are not operated by our company. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

12. Changes to this Policy

This Policy may be updated from time to time to reflect legal, regulatory, or operational requirements relating to Personal Data protection and our protection. The current version will always be available on the Website.

You are advised to review this Policy periodically for any changes. Changes to this Policy are effective when they are posted on this page.

13. Contact Us

If you have any questions about this Policy, you can contact us by email: [email protected]

14. Cookies

We use technical Cookies (those that are strictly necessary) that are required for the operation of the Website or Services, which may be stored on your device without your consent. For all other types of Cookies, your consent is required. You can accept or reject non-essential Cookies via the cookie banner displayed when you first visit the Website.

You may withdraw your consent or change your cookie preferences at any time by adjusting your settings via the cookie banner or by contacting us using the details provided in this Policy.

Necessary (2)

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.