Privacy Policy

This Privacy Policy describes how Infinitus ("we", "us", or "our") collects, uses, stores, and protects personal information when you use our DeFi platform and services.

By using Infinitus services, you consent to the data practices described in this policy. If you do not agree with our privacy practices, please do not use our platform.

This policy complies with:

• GDPR (General Data Protection Regulation) - EU privacy law
• CCPA (California Consumer Privacy Act) - California privacy law
• Other applicable data protection regulations

2.1 Information You Provide

When you use Infinitus, you may provide:

• Wallet Address: Your blockchain wallet address (public)
• Telegram Username: If connecting via Telegram bot (@InfinitusBrianV2Bot)
• Email Address: For notifications and account recovery (optional)
• Transaction Data: Campaign details, token addresses, transaction amounts
• Communication Data: Messages sent to support or via Telegram

2.2 Information Collected Automatically

When you use our platform, we automatically collect:

• Device Information: IP address, browser type, operating system, device ID
• Usage Data: Pages visited, features used, time spent on platform
• Log Data: Access times, error logs, API requests
• Cookies: Session cookies for authentication and preferences (see Section 8)
• Blockchain Data: Public transaction history from Base Network

2.3 Information from Third Parties

We may receive information from:

• Blockchain Networks: Public transaction data from Base (L2 Ethereum)
• Telegram: Username, user ID, chat metadata
• Alchemy: Wallet creation and transaction data (custodial wallets)
• DexTools: Token trending status and market data
• Analytics Services: Aggregated usage statistics (anonymized)

We use collected information for the following purposes:

3.1 Service Delivery

• Execute campaigns (Baby Buys, Chart Builder, TrendLauncher)
• Process blockchain transactions and smart contract interactions
• Manage custodial wallets (Alchemy Account Abstraction)
• Provide AI predictions and recommendations
• Facilitate community pooling and proportional returns

3.2 Platform Improvement

• Analyze usage patterns to improve features
• Debug errors and fix technical issues
• Optimize AI agent performance and accuracy
• Enhance user experience and interface design

3.3 Security and Fraud Prevention

• Detect and prevent market manipulation
• Identify suspicious activity and unauthorized access
• Enforce Terms of Service and community guidelines
• Comply with legal obligations and regulations

3.4 Communication

• Send transaction confirmations and status updates
• Notify you of campaign completion or issues
• Respond to support inquiries
• Send important platform announcements (opt-out available)

3.5 Legal Compliance

• Comply with legal obligations and regulatory requirements
• Respond to law enforcement requests and court orders
• Enforce our Terms of Service
• Protect our rights and the rights of our users

For EU users, we process personal data under the following legal bases:

4.1 Contractual Necessity

Processing is necessary to fulfill our contract with you (Terms of Service). This includes executing campaigns, processing transactions, and delivering services.

4.2 Legitimate Interest

We process data to improve our platform, prevent fraud, and ensure security. We balance our interests against your privacy rights.

4.3 Consent

For optional features (email notifications, marketing communications), we obtain your explicit consent. You can withdraw consent at any time.

4.4 Legal Obligation

We process data to comply with legal requirements, including AML (Anti-Money Laundering), KYC (Know Your Customer), and regulatory reporting.

We share your information with the following parties:

5.1 Service Providers

• Supabase: Database hosting and authentication
• Upstash: Redis caching and rate limiting
• Alchemy: Custodial wallet creation and blockchain RPC
• Railway: Application hosting and deployment
• QStash: Cron job scheduling for automated tasks
• Telegram: Bot messaging and notifications

5.2 Blockchain Networks

All transactions are broadcast to the Base Network (L2 Ethereum), making them publicly visible on blockchain explorers. This includes:

• Your wallet address
• Transaction amounts and timestamps
• Smart contract interactions
• NFT ownership (Agent Gallery)

5.3 Legal Requirements

We may disclose information when required by law:

• In response to subpoenas, court orders, or legal process
• To comply with government or regulatory investigations
• To protect our rights, property, or safety
• To enforce Terms of Service or prevent fraud

5.4 Business Transfers

If Infinitus is acquired, merged, or sold, your information may be transferred to the new owner. We will notify you via email or platform announcement before any such transfer.

We retain personal information for the following periods:

• Active Accounts: Retained indefinitely while account is active
• Inactive Accounts: Deleted after 2 years of inactivity (unless required by law)
• Transaction Logs: Retained for 7 years for legal/regulatory compliance
• Support Communications: Retained for 3 years after last interaction
• Blockchain Data: Permanent (immutable on Base Network)
• Cookies: Session cookies deleted when browser closes; persistent cookies expire after 1 year

7.1 GDPR Rights (EU Users)

Under GDPR, you have the right to:

• Access: Request a copy of all personal data we hold about you
• Rectification: Correct inaccurate or incomplete information
• Erasure ("Right to be Forgotten"): Request deletion of your data (subject to legal retention requirements)
• Data Portability: Receive your data in a structured, machine-readable format
• Restriction of Processing: Limit how we use your data
• Object to Processing: Opt out of data processing based on legitimate interest
• Withdraw Consent: Revoke consent for optional processing (e.g., marketing emails)
• Lodge a Complaint: File a complaint with your local data protection authority

7.2 CCPA Rights (California Users)

Under CCPA, you have the right to:

• Know: Request disclosure of what personal information we collect, use, and share
• Delete: Request deletion of your personal information (subject to exceptions)
• Opt-Out of Sale: We do NOT sell personal information, so this right is not applicable
• Non-Discrimination: You will not be discriminated against for exercising your rights

7.3 How to Exercise Your Rights

To exercise any of these rights, contact us at:

We use cookies and similar technologies to enhance your experience:

8.1 Essential Cookies

Required for platform functionality (cannot be disabled):

• Session Cookies: Authentication and login state
• Security Cookies: CSRF protection and rate limiting

8.2 Functional Cookies

Enhance user experience (can be disabled):

• Preference Cookies: Dark mode, language settings
• Analytics Cookies: Usage statistics (anonymized)

8.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may prevent you from using certain platform features.

• Chrome: Settings → Privacy and Security → Cookies
• Firefox: Settings → Privacy & Security → Cookies and Site Data
• Safari: Preferences → Privacy → Manage Website Data

We implement industry-standard security measures to protect your data:

Technical Security

• Encryption: TLS/SSL encryption for data in transit
• Database Security: Supabase Row-Level Security (RLS) policies
• API Security: JWT authentication and rate limiting
• Wallet Security: Alchemy custodial wallet encryption
• CSRF Protection: Token-based CSRF prevention

Operational Security

• Access Controls: Principle of least privilege for staff
• Monitoring: Real-time security monitoring and alerting
• Incident Response: Breach notification within 72 hours (GDPR)
• Regular Audits: Periodic security assessments

Infinitus operates globally, and your data may be transferred to and processed in countries outside your jurisdiction, including:

• United States: Supabase, Railway, Alchemy (cloud hosting)
• European Union: Potential data center locations
• Other Regions: Based on service provider infrastructure

GDPR Safeguards

For EU users, we ensure international transfers comply with GDPR through:

• Standard Contractual Clauses (SCCs) with service providers
• Adequacy Decisions: Transfers to countries with adequate protection
• Encryption: Data encrypted in transit and at rest

Infinitus is NOT intended for users under 18 years of age.

• We do NOT knowingly collect data from children under 18
• If we discover a user is under 18, we will immediately terminate their account
• Parents who believe their child has provided data should contact privacy@infinitus.bot

Our platform may contain links to third-party websites (DexTools, blockchain explorers, etc.). We are NOT responsible for their privacy practices.

• DexTools: Token charts and trending status
• BaseScan: Blockchain explorer for Base Network transactions
• Telegram: Bot integration and messaging

We encourage you to review the privacy policies of any third-party services you interact with.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements.

• Material Changes: We will notify you via email or platform announcement
• Minor Changes: Updated "Last Updated" date reflects revision
• Continued Use: Using services after changes constitutes acceptance

We recommend reviewing this Privacy Policy periodically to stay informed about how we protect your data.

For privacy-related questions, concerns, or to exercise your rights:

EU Data Protection Authority

EU users have the right to lodge a complaint with their local supervisory authority if they believe we are not complying with GDPR. Find your authority at: EDPB Member List

California Attorney General

California users can file CCPA complaints with the California Attorney General: File CCPA Complaint