Legal Document

Privacy Policy

Fylox Protocol · Effective: March 19, 2026 · Version 1.0
This Privacy Policy explains how Fylox Protocol ("Fylox," "we," "us," or "our") collects, uses, and protects information about you when you use our application and services. We are committed to protecting your privacy and being transparent about our data practices. Please read this policy carefully.
01

Introduction

Fylox Protocol is a payment infrastructure application built natively on Pi Network, designed to allow Pi Network Pioneers to send, receive, and spend Pi in their daily lives. Our services include Pi-native payments, QR-based merchant payments, and related financial tools.

By using Fylox, you agree to the collection and use of information in accordance with this policy. We collect only what we need to provide the service, and we never sell your personal data.

02

Who We Are

Fylox Protocol is operated as an independent third-party application built on the Pi Network ecosystem. We are not affiliated with, endorsed by, or a subsidiary of Pi Network or its parent company, Social Chain Inc.

For the purposes of applicable data protection law, Fylox Protocol is the data controller of your personal information collected through our application.

Important: Fylox Protocol operates in Testnet mode during the current phase. All transaction values shown in the application are for demonstration purposes only and do not represent real financial value. This policy applies to both Testnet and future Mainnet operations.
03

Information We Collect

3.1 Information from Pi Network

When you authenticate with Fylox using your Pi Network account, we receive the following information from Pi Network's SDK, subject to your consent:

  • Your Pi Network username
  • Your Pi Network user ID (UID) — a unique identifier assigned by Pi Network
  • Your Pi Network KYC verification status
  • An access token to facilitate payments on your behalf

We do not receive your Pi wallet private keys, biometric data, phone number, or any other sensitive identity information directly from Pi Network.

3.2 Transaction Data

When you use Fylox to send, receive, or make payments, we collect:

  • Payment amounts and recipients
  • Transaction identifiers (payment IDs, blockchain transaction IDs)
  • Timestamps of transactions
  • Payment memos and metadata you provide
3.3 Usage Data

We automatically collect certain technical information when you use our application:

  • App version and device type
  • Language and region preferences
  • General usage patterns (screens visited, features used)
  • Error logs and crash reports
3.4 What We Do Not Collect
  • Your real name, email address, or physical address
  • Payment card numbers or bank account details
  • Government-issued ID or passport data
  • Precise geolocation data
  • Biometric data of any kind
Data Type Source Required?
Pi Username Pi Network SDK Yes — for account identification
Pi UID Pi Network SDK Yes — for backend authentication
KYC Status Pi Network SDK Yes — required to process payments
Transaction History Fylox Backend Yes — to display your activity
Language Preference Device / User No — improves experience
Error Logs App No — helps us fix bugs
04

How We Use Your Information

We use the information we collect strictly to operate and improve the Fylox service. Specifically:

To provide the service
  • Authenticate you via Pi Network and create your Fylox session
  • Process Pi payments on your behalf through the Pi Network blockchain
  • Display your transaction history and balance
  • Enable QR-based payments at merchants
To improve the service
  • Diagnose and fix technical errors
  • Understand how users interact with the app to prioritize improvements
  • Detect and prevent fraudulent or unauthorized use
To comply with legal obligations
  • Comply with applicable laws and regulations
  • Respond to lawful requests from public authorities
We do not: sell your personal data to third parties, use your data for advertising, build behavioral profiles for marketing purposes, or share your data with data brokers of any kind.
05

Pi Network & Third Parties

Fylox Protocol integrates with Pi Network's official SDK and payment APIs. When you use Fylox, certain interactions are governed by Pi Network's own privacy policy, which we encourage you to review at minepi.com.

Pi Network

Pi Network processes authentication requests and payment transactions on the blockchain independently of Fylox. Pi Network's collection and use of your data is subject to their own privacy policy and terms of service.

Hosting Infrastructure

Our backend infrastructure is hosted on Render (render.com). Render processes server-side data as a data processor on our behalf, subject to Render's data processing agreement and privacy policy.

Analytics & Error Tracking

We currently do not use third-party analytics services. If this changes, we will update this policy and notify users accordingly before any such services are activated.

No Data Sales

We will never sell, rent, or lease your personal data to any third party, for any reason, under any circumstances.

06

Data Retention

We retain your data for as long as your account is active and for a reasonable period thereafter to comply with legal obligations and resolve disputes.

Data Retention Period
Account data (Pi UID, username) Duration of account + 90 days after deletion request
Transaction records 5 years (for financial compliance purposes)
Error logs 30 days
Usage data 12 months

After the applicable retention period, your data is securely deleted or anonymized so it can no longer be associated with you.

07

Your Rights

Depending on your location, you may have the following rights regarding your personal data. We respect and honor these rights regardless of where you are located.

  • Right to access — Request a copy of the personal data we hold about you.
  • Right to rectification — Request that we correct inaccurate or incomplete data.
  • Right to erasure — Request that we delete your personal data, subject to legal retention obligations.
  • Right to portability — Request your data in a structured, machine-readable format.
  • Right to object — Object to processing of your data for certain purposes.
  • Right to restrict processing — Request that we limit how we use your data in certain circumstances.

To exercise any of these rights, contact us at the address provided in Section 12. We will respond to your request within 30 days. We will never discriminate against you for exercising your privacy rights.

Account deletion: To delete your Fylox account and associated data, contact us at info@fyloxprotocol.com. Note that blockchain transaction records are immutable and cannot be deleted from the Pi Network blockchain, as they are outside our control.
08

Security

We take the security of your data seriously and implement industry-standard measures to protect it:

  • All data transmitted between the app and our servers is encrypted using HTTPS/TLS
  • Authentication tokens are short-lived and signed using industry-standard JWT with HS256
  • We do not store Pi Network access tokens beyond the duration of your session
  • Our backend enforces rate limiting, CORS restrictions, and input validation on all endpoints
  • Passwords are never stored — authentication is delegated entirely to Pi Network

Despite these measures, no system is completely immune to security risks. In the event of a data breach that affects your personal data, we will notify you as required by applicable law.

09

Children's Privacy

Fylox Protocol is not directed at children under the age of 13, or under the age of 16 in jurisdictions where a higher age threshold applies (such as the European Union).

We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately at info@fyloxprotocol.com and we will take steps to delete that information promptly.

Access to Fylox also requires a Pi Network account with completed KYC verification, which has its own age requirements enforced by Pi Network independently of Fylox.

10

International Data Transfers

Fylox Protocol serves users globally, across 200+ countries. Our backend infrastructure is hosted in the United States (Oregon region via Render). By using Fylox, you acknowledge that your data may be transferred to and processed in the United States or other countries that may have different data protection laws than your country of residence.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) as the lawful mechanism for international data transfers where applicable.

We are committed to ensuring that your data receives an adequate level of protection regardless of where it is processed.

11

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

  • Update the "Effective Date" at the top of this policy
  • Post the updated policy at fyloxprotocol.com/privacy
  • For material changes, provide prominent notice within the application

Your continued use of Fylox after any changes constitutes acceptance of the updated policy. If you do not agree with the changes, you should discontinue use of the service and request account deletion.

We will not make material changes to how we use your data without giving you the opportunity to opt out or discontinue using the service.

12

Contact Us

If you have questions about this Privacy Policy, want to exercise your rights, or have concerns about how we handle your data, please reach out to us. We take all privacy inquiries seriously and will respond within 30 days.

Fylox Protocol — Privacy Contact
📧 Email: info@fyloxprotocol.com
🌐 Website: fyloxprotocol.com
Telegram: t.me/FyloxProtocol