Privacy Policy

1. Who We Are

RLC - Rafal Skrzydelski (“Block Forest”, “we”, “us”, or “our”) is the controller of personal data collected through this website and the LP-Intelligence product.

You can contact us at: rafael@block-forest.org.

2. Scope

This Privacy Policy applies to personal data collected through block-forest.org and any sub-pages, including the LP-Intelligence product pages and access-request forms. It does not apply to data processed under separate data processing agreements concluded with customers who access our API services.

3. Personal Data We Collect

Information You Provide Voluntarily

When you submit a request for access to LP-Intelligence or contact us via our inquiry form, we collect:

• Full name
• Business email address
• Company or organisation name
• Job title or role
• Information about your use case, including relevant DeFi protocols, wallet addresses, or liquidity management context that you choose to provide
• Message content and any attachments you include

Providing this information is voluntary. However, without it we cannot assess your request or respond to your inquiry.

Technical and Usage Data

When you visit our website, our servers and analytics tools may automatically record:

• IP address
• Browser type and version
• Operating system
• Referring URL and exit pages
• Pages visited, timestamps, and session duration
• Server log data

4. How We Use Personal Data

We use the personal data described above to:

• Assess eligibility — review access requests and determine whether LP-Intelligence is an appropriate fit for your use case
• Respond to inquiries — communicate with you regarding your request, provide follow-up information, or ask clarifying questions
• Provide onboarding — if access is granted, facilitate account setup, API credential provisioning, and technical onboarding
• Protect the service — detect and prevent fraudulent requests, abuse, or unauthorised access attempts
• Maintain records — keep an internal record of business communications and access decisions for compliance and audit purposes
• Improve our website — analyse aggregated usage patterns to improve content and performance

Submitting a request for access does not automatically grant API access or create a customer relationship. Each request is reviewed individually.

5. Legal Bases for Processing

Where the GDPR or equivalent legislation applies, we rely on the following legal bases:

• Legitimate interests (Art. 6(1)(f) GDPR) — processing inquiry data to evaluate business requests, protect our systems, and maintain communication records, where our interests are not overridden by your rights
• Performance of a contract / pre-contractual steps (Art. 6(1)(b) GDPR) — processing necessary to respond to your access request and, if applicable, prepare a service agreement
• Compliance with legal obligations (Art. 6(1)(c) GDPR) — where retention or disclosure is required by applicable law
• Consent (Art. 6(1)(a) GDPR) — if and when we introduce consent-based processing, such as optional analytics or marketing communications

6. Cookies and Analytics

Our website may use strictly necessary technologies required for the site to function correctly. These do not require consent.

We use Vercel Analytics to collect aggregated usage statistics such as page views, referring URLs, and general device information. Vercel Analytics is designed to be privacy-friendly and does not use third-party tracking cookies or collect information that would enable us to personally identify end users from analytics data alone. No consent is required for this type of analytics.

If we introduce additional tracking or consent-based analytics in the future, this policy will be updated accordingly.

7. How We Share Information

We do not sell personal data. We may share personal data with trusted third-party service providers acting as processors on our behalf, including:

• Infrastructure and hosting — Vercel, for website and API infrastructure
• Analytics — Vercel Analytics, for aggregated website analytics
• CRM / communication tools — Internal contact form, for managing contact form submissions and inquiry follow-ups

All processors are contractually bound to process data only on our instructions and in accordance with applicable data protection law. We may also disclose personal data where required by applicable law, court order, or to protect the rights and safety of our business and users.

8. International Transfers

Some of our service providers may process personal data outside the European Economic Area (EEA). Where such transfers occur, we ensure appropriate safeguards are in place in accordance with applicable law, including Standard Contractual Clauses (SCCs) and, where applicable, adequacy decisions (e.g. Standard Contractual Clauses or adequacy decisions where applicable).

9. Data Retention

We retain personal data only for as long as necessary for the purposes described above:

• Business inquiry and access request data — retained for 12 months from the date of last contact from the date of last contact, or longer if required by law or ongoing business relationship
• Server logs and technical data — retained for 90 days, after which they are deleted or anonymised

If an inquiry results in an active customer relationship, relevant data will be retained for the duration of that relationship and as required by applicable legal obligations thereafter.

10. Your Rights

Subject to applicable law, you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate or incomplete data
• Erasure — request deletion of your personal data in certain circumstances
• Restriction — request that we restrict processing of your data in certain circumstances
• Portability — receive your data in a structured, commonly used, machine-readable format where processing is based on consent or contract
• Objection — object to processing based on legitimate interests
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at rafael@block-forest.org. We will respond within the timeframes required by applicable law.

You also have the right to lodge a complaint with your local supervisory authority. The relevant authority for RLC - Rafal Skrzydelski is the President of the Personal Data Protection Office (UODO).

11. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, or alteration. These measures include access controls, encryption in transit, and regular security reviews. However, no transmission over the internet can be guaranteed to be completely secure.

12. Third-Party Services and Links

Our website may contain links to third-party websites or services. This Privacy Policy does not apply to those sites. We encourage you to review the privacy policies of any third-party services you access via links on our website.

13. Children

Our services are directed to businesses and professionals. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has submitted personal data through our website, please contact us at rafael@block-forest.org and we will take steps to delete such data promptly.

14. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or services. When we make material changes, we will update the “Last updated” date at the top of this page. We encourage you to review this page periodically.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: rafael@block-forest.org. We aim to respond to all data-related inquiries within 30 days.