Privacy Policy for Neptun.fun
Last updated: 6 May 2026
Welcome to Neptun.fun! This Privacy Policy ("Policy") describes the practices of Neptun.fun ("Neptun", "we", "us", or "our") regarding the collection, storage, use, processing, transfer, and disclosure of personal data that you provide or that is generated when you access the website located at https://neptun.fun, any subdomains, APIs, smart contracts, or related interfaces (the "Platform") and use the products, tools, and services made available through the Platform (the "Services").
This Policy is incorporated into and forms part of our Terms of Service available at https://neptun.fun/terms ("Terms"). Capitalized terms not defined in this Policy have the meanings given to them in the Terms.
By accessing the Platform, connecting a wallet, or using the Services, you acknowledge that you have read and understood this Policy and consent (where consent is the applicable legal basis) to the practices described below. If you do not agree with this Policy, please do not access the Platform or use the Services.
1. Important Notice About Blockchain and Non-Custodial Services
Neptun.fun is a non-custodial interface to public blockchains, primarily the Solana blockchain. You should understand the following before using the Services:
- Public ledger. Transactions, wallet addresses, token balances, and on-chain interactions you make through the Platform are recorded on a public blockchain. Once recorded, this information is public, permanent, and outside our control. We cannot modify, erase, or anonymize data that has been written to a public blockchain.
- No custody. We do not custody, hold, or control your private keys, seed phrases, or digital assets. Any transaction is signed by your self-custodial wallet (e.g., Phantom, Solflare, Backpack, MetaMask) and broadcast directly to the network.
- Wallet addresses are pseudonymous, not anonymous. A wallet address may, on its own or combined with other information, be considered personal data under certain laws (e.g., GDPR). We treat wallet addresses associated with identifiable individuals as personal data under this Policy.
- Third-party RPC, indexers, and infrastructure. When you load the Platform or sign a transaction, requests may be routed through third-party RPC providers, block explorers, indexers, and analytics providers. Their handling of data is governed by their own policies.
2. The Data We Collect About You
We may collect, use, store, and transfer different categories of personal data, including:
(a) Identity and contact data — username, display name, profile picture or avatar URL, email address (if provided), and any handle or social-media identifier you optionally link to your account.
(b) Wallet and on-chain data — your public wallet address(es), signed messages used for authentication ("sign-in with Solana / Ethereum"), transactions you initiate through the Platform, token holdings visible at those addresses, and any tokens, pools, or markets you create, trade, or interact with.
(c) Communications data — content of messages, posts, comments, livestream chat, replies, reactions, reports, or other user-generated content you submit through the Platform, plus any correspondence you send to us (e.g., support tickets, emails).
(d) Technical data — IP address (and approximate location derived from it), browser type and version, device type, operating system, screen resolution, language, time-zone setting, referring URLs, and cookie/identifier data.
(e) Usage data — pages and features visited, clickstream and interaction events, feature toggles, search queries, theme and UI preferences, session duration, error reports, and similar diagnostics.
(f) KYC / compliance data (only if and where required) — if access to certain Services is gated by anti-money-laundering ("AML"), counter-terrorism-financing ("CTF"), or sanctions screening, we (or a vetted third-party provider) may collect government-issued identification, proof of address, date of birth, nationality, and biometric data solely for verification.
(g) Aggregated and de-identified data — statistical or aggregated data derived from the above. We may use and share this data freely; if it is ever combined in a way that re-identifies you, we treat it as personal data again.
(h) Special-category data. We do not intentionally collect sensitive personal data (e.g., health, biometric, racial or ethnic origin, political opinions, religious beliefs). Please do not submit such data through the Platform.
You are not obligated to provide personal data, but some Services cannot be made available without it.
3. How We Collect Your Personal Data
We collect personal data through the following channels:
(a) Information you provide directly — when you connect a wallet, create a profile, create or trade a token, post content, livestream, contact support, fill in a form, or otherwise interact with us.
(b) Information collected automatically — when you access the Platform, we and our service providers automatically collect technical and usage data via cookies, SDKs, server logs, and similar technologies (see Section 9).
(c) Information from public blockchains — we read on-chain data (e.g., balances, transaction history, contract events) associated with addresses that interact with the Platform. This information is public.
(d) Information from third parties — analytics, fraud-prevention, sanctions-screening, KYC providers, payment processors, social login providers, and oracles may share information with us pursuant to their own terms and applicable law.
4. How We Use Your Personal Data and Legal Bases
We process personal data for specified, explicit, and legitimate purposes. Where the EU/UK GDPR or similar laws apply, the following legal bases may apply (often more than one applies to a given processing activity):
| Purpose | Examples | Typical legal basis |
|---|---|---|
| Provide the Services | Authenticating wallets, displaying balances, routing trades, hosting content, surfacing tokens | Performance of a contract; legitimate interests |
| Account and platform management | Creating and securing your profile, recovering access, managing preferences | Performance of a contract; legitimate interests |
| Safety, security, and fraud prevention | Rate-limiting, bot detection, anti-abuse, sanctions screening, content moderation, investigating reports | Legitimate interests; legal obligation |
| Compliance | KYC/AML/CTF where applicable, responding to lawful requests, sanctions and watch-list screening, tax reporting | Legal obligation |
| Communications | Service announcements, security notices, responding to inquiries | Performance of a contract; legitimate interests |
| Marketing (optional) | Newsletters, product updates, promotions | Consent (you may withdraw at any time) |
| Analytics and product improvement | Diagnosing bugs, measuring feature use, A/B testing, capacity planning | Legitimate interests; consent where required by local law |
| Legal claims | Establishing, exercising, or defending legal claims | Legitimate interests; legal obligation |
We will not use your personal data for materially new purposes without an updated lawful basis and, where required, your consent.
5. Automated Decision-Making and AI Systems
We may use automated systems (including machine-learning models) for tasks such as fraud detection, sanctions screening, anti-spam filtering, and content classification. These tools support human review; we do not subject you to decisions producing legal or similarly significant effects on you that are based solely on automated processing without a meaningful right to human review, except where permitted by law (e.g., to prevent fraud or comply with sanctions). Where required by Article 22 GDPR or analogous laws, you may request human review by contacting us at the address in Section 16.
6. Disclosure and Sharing of Personal Data
We do not sell personal data for monetary consideration. We may share personal data with the following categories of recipients:
(a) Service providers and processors — hosting, cloud infrastructure, analytics, error monitoring, customer-support tooling, email delivery, anti-fraud, KYC/AML, content delivery networks, RPC providers, and indexers, in each case under contractual safeguards.
(b) Affiliates — entities under common ownership or control with Neptun, for the purposes described in this Policy.
(c) Government, regulators, and law enforcement — when we are required to disclose personal data to comply with a legal obligation, court order, subpoena, or other lawful request, or to protect our rights, property, or safety, or that of our users or the public.
(d) Professional advisers — lawyers, accountants, auditors, and insurers under duties of confidentiality.
(e) Business transitions — in the event of a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our assets, personal data may be transferred to the relevant counterparty subject to confidentiality.
(f) With your consent or at your direction — including when you choose to publish content, link a social account, or share data with a third-party application.
(g) Aggregated or de-identified information — which is not personal data and may be shared without restriction.
We do not engage in "sharing" or "selling" of personal data for cross-context behavioral advertising as those terms are defined in the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA").
7. International Transfers of Personal Data
Neptun operates globally. Your personal data may be transferred to, stored in, and processed in countries outside your country of residence, including jurisdictions whose data-protection laws differ from your own. Where personal data is transferred from the European Economic Area ("EEA"), the United Kingdom, or Switzerland to a country that has not been deemed by the relevant authority to provide an adequate level of protection, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable), and we conduct transfer-impact assessments consistent with Schrems II guidance. You may request a copy of these safeguards by contacting us at the address in Section 16.
By using the Services, you acknowledge such international transfers may occur.
8. Third-Party Services and Links
The Platform may interface with, link to, or display content from third parties — including wallets, RPC providers, block explorers, oracles, social platforms, livestream infrastructure, and decentralized exchanges. These services are operated independently and are governed by their own privacy policies. We do not control and are not responsible for their practices. You should review their policies before using them or sharing personal data with them.
9. Cookies and Similar Technologies
We use cookies, local storage, session storage, pixels, SDKs, and similar technologies (collectively, "Cookies") for purposes such as:
- Strictly necessary — authentication, session management, security, load balancing.
- Functional / preferences — remembering theme (light/dark), language, layout choices, and connected wallet.
- Analytics — understanding aggregated usage to improve performance and reliability.
- Anti-abuse — bot detection, rate limiting, and fraud prevention.
Where required by law (e.g., the EU ePrivacy Directive), we will request your consent for non-essential Cookies through a consent banner or preference center. You can also control Cookies through your browser settings, though disabling certain Cookies may affect Platform functionality.
We honor Global Privacy Control ("GPC") signals where required by law as a valid opt-out of "sale" or "sharing" of personal information for cross-context behavioral advertising. We do not currently respond to other Do Not Track ("DNT") signals because there is no industry standard for them.
10. Data Security
We implement administrative, technical, and physical safeguards designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. Measures include encryption in transit (TLS), access controls, logging, principle of least privilege, and periodic review of our service providers.
No method of transmission or storage is 100% secure. You acknowledge that there is inherent risk in using internet-based and blockchain-based services, and you assume responsibility for safeguarding your wallet, private keys, seed phrase, and any credentials you use to access the Services. Anyone with access to your wallet can transact in your name, and we cannot reverse blockchain transactions.
If we become aware of a personal data breach that affects you, we will notify you and the relevant supervisory authorities where and as required by applicable law.
11. Data Retention
We retain personal data only for as long as is necessary for the purposes for which it was collected, including to:
- provide the Services to you;
- comply with legal, accounting, tax, or regulatory obligations (which may require retention for several years, e.g., AML record-keeping);
- resolve disputes and enforce our agreements; and
- maintain backup and disaster-recovery systems.
When personal data is no longer needed, we delete or anonymize it. Note that data written to a public blockchain (e.g., transaction history, public addresses, on-chain memos) cannot be deleted by us and will remain on-chain indefinitely.
12. Your Privacy Rights
Depending on where you live, you may have the following rights with respect to your personal data:
- Access — request a copy of the personal data we hold about you.
- Rectification — request correction of inaccurate or incomplete data.
- Erasure / "right to be forgotten" — request deletion in certain circumstances (subject to legal exceptions and the immutable nature of blockchains).
- Restriction — request that we limit processing in certain circumstances.
- Objection — object to processing based on our legitimate interests, including for direct marketing.
- Portability — receive your data in a structured, commonly used, machine-readable format.
- Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
- No discrimination — not be denied service or charged different prices for exercising your rights, where prohibited by law.
- Lodge a complaint — with your local data-protection supervisory authority. If you are in the EEA, you may complain to your national authority; in the UK, the Information Commissioner's Office (ICO); in California, the California Privacy Protection Agency (CPPA).
12.1 Additional rights for California residents (CCPA/CPRA)
You have the right to know what personal information we collect, use, disclose, and (if applicable) sell or share; to delete personal information; to correct inaccurate personal information; to limit the use and disclosure of sensitive personal information; and to opt out of "sale" or "sharing" for cross-context behavioral advertising. As stated in Section 6, we do not engage in such sale or sharing. You may also designate an authorized agent to make a request on your behalf.
12.2 Additional rights for residents of other US states
If you are a resident of a US state with a comprehensive consumer-privacy law (including, as of the date above, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Indiana, Florida, Delaware, New Jersey, New Hampshire, Kentucky, Nebraska, Maryland, Minnesota, and Rhode Island), you may have rights similar to those listed above, including the right to appeal a denial of a privacy request.
12.3 How to exercise your rights
To exercise any of these rights, email [email protected] with sufficient information for us to verify your identity (including, where necessary, signing a message from the wallet address tied to the account). We will respond within the timeframes required by applicable law.
13. Children's Privacy
The Services are not directed to, and we do not knowingly collect personal data from, children under the age of 18 (or the higher minimum age required in your jurisdiction). If you believe a child has provided us with personal data, please contact us and we will take appropriate steps to delete it.
14. Marketing Communications
If you opt in to marketing communications, you can opt out at any time using the unsubscribe link in any marketing email or by contacting us at [email protected]. Even if you opt out of marketing, we may still send you transactional or service-related messages (e.g., security alerts, important Service updates).
15. Changes to This Privacy Policy
We may update this Policy from time to time to reflect changes in our practices, technology, legal or regulatory requirements, or for other operational reasons. The "Last updated" date at the top of this Policy indicates when it was last revised. If changes are material, we will provide more prominent notice (such as an in-Platform banner or, where appropriate, an email). Your continued use of the Services after the effective date of any updated Policy constitutes acceptance of the changes.
16. Contact Us
If you have questions, requests, or complaints regarding this Policy or our handling of your personal data, please contact us at [email protected]. For privacy requests, please use the subject line "Privacy Request — [Right Requested]".
If you are in the EEA or UK and you believe we have not adequately addressed your concern, you may contact your local data-protection authority.