Colosseum — discover select projects from the proving ground for crypto's best builders
Learn moreLast Updated: June 29, 2026
This Privacy Policy explains how MetaDAO LLC collects, uses, discloses, and protects information about you when you access or use the Platform, the Protocol, our website at metadao.fi, and the other Services. It is the “Privacy Policy” incorporated by reference into, and forming part of, our Terms of Service, and capitalized terms used but not defined here have the meanings given to them in the Terms of Service.
For the purposes of applicable data protection law, the controller of your personal data is MetaDAO LLC, a decentralized autonomous organization limited liability company registered in the Republic of the Marshall Islands (“MetaDAO”, “we”, “us”, or “our”), with a mailing address of PO Box 852, Long Island Rd, Majuro, Marshall Islands MH 96960.
If you have any question about this Policy or how we handle your personal data, you can contact us at market.governed.civilization@metadao.fi.
This Policy applies to personal data we process about visitors to and users of the Services. It does not apply to the independent acts of Founders, other Users, third-party wallet providers, blockchain networks, or any third-party site or service that you reach through a link on the Services, each of which operates under its own terms and privacy practices.
The Services are not offered to, and are not intended for, persons who reside in, are citizens of, are located in, or are otherwise Restricted Persons or located in a Restricted Jurisdiction, as set out in the Terms of Service. Because the Services may be lawfully accessed by permitted users in the European Economic Area (“EEA”) and the United Kingdom (“UK”), we treat the EU General Data Protection Regulation (“GDPR”) and the UK GDPR as the governing data protection framework for this Policy, and this Policy does not address United States state privacy laws.
We collect and process the following categories of information:
Wallet and on-chain information. When you connect a digital wallet, we receive your public wallet address and can observe the on-chain transactions, balances, Token holdings, Launch participation, and governance activity associated with that address. This information is recorded permanently on public blockchains.
Information you provide. Information you submit through registration forms, contact forms, or other communications with us, including any name, email address, or message content you choose to provide, and any eligibility or verification information we request.
Device and usage information. Information automatically collected when you use the Services, such as IP address, device and browser type, operating system, language settings, referring pages, the pages and features you access, and the dates and times of your interactions.
Cookies and analytics data. Information collected through cookies and similar technologies and through our analytics providers, as described in Sections 5 and 6.
Background and screening information. Where you apply to become, or engage with us as, a Founder or client, we (through an independent screening provider) may collect and process identity, eligibility, sanctions, and background-screening information about you, which may include criminal-record or other sensitive information to the extent permitted by applicable law.
We do not knowingly collect special categories of personal data, and you should not submit such data to us through the Services. We do not collect or store your private keys or seed phrases, and we cannot recover them.
We process personal data for the following purposes and on the following lawful bases under the GDPR and UK GDPR:
To provide and operate the Services (performance of a contract, or our legitimate interest in operating the Services where no contract exists), including enabling wallet connection, displaying on-chain data, and facilitating your interaction with the Protocol.
To maintain security and integrity (legitimate interests, and compliance with legal obligations), including detecting and preventing fraud, abuse, market manipulation, governance attacks, sanctions evasion, and circumvention of access controls or geo-blocking.
To verify eligibility and comply with law (compliance with legal obligations, and legitimate interests), including confirming you are not a Restricted Person and responding to lawful requests from authorities.
To screen prospective and current Founders and clients (compliance with legal obligations, including anti-money-laundering and sanctions requirements, and our legitimate interests in preventing fraud and protecting the Services), as described in Section 4.1.
To communicate with you (performance of a contract, or legitimate interests), including responding to enquiries you submit through contact forms.
To understand and improve the Services (consent, for non-essential analytics and cookies; otherwise legitimate interests), as described in Sections 5 and 6.
To enforce our Terms and protect legal rights (legitimate interests, and establishment, exercise, or defense of legal claims).
Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal. Where we rely on legitimate interests, you may object as described in Section 12.
Consistent with the eligibility and anti-money-laundering requirements in our Terms of Service, we engage Groom Lake, an independent contractor, to provide network security services and to conduct background and eligibility screening on prospective and current Founders and clients. This screening may include identity verification, sanctions and watchlist checks, and, where permitted by applicable law, criminal-record and other background information.
Where we carry out such screening on individuals, we rely on our legitimate interests in preventing fraud, sanctions evasion, and other unlawful activity, and on compliance with our legal obligations, including anti-money-laundering and counter-terrorist-financing requirements. We process any criminal-offence or otherwise sensitive information only to the extent, and subject to the additional conditions and safeguards, required by applicable law.
We use cookies and similar technologies (such as local storage, pixels, and software development kits) to operate the Services, remember your preferences, maintain security, and — with your consent — measure and analyze usage.
Strictly necessary cookies are required for the Services to function and do not require consent. All other cookies, including analytics and performance cookies, are non-essential and are set only after you provide consent through our cookie banner or preference controls. You can withdraw or change your consent at any time through those controls or your browser settings.
This Section describes how we use analytics tools on the Services. It supplements, and should be read together with, Section 5 (Cookies) and Section 4 (lawful bases).
We use analytics to understand how visitors and Users interact with the Services — for example, which pages and features are used, how users navigate the interface, the performance and stability of the Services, and aggregate trends in usage. We use these insights to maintain, troubleshoot, secure, and improve the Services. We do not use analytics to make decisions that produce legal or similarly significant effects about you.
We use the following analytics, performance-monitoring, and infrastructure-logging providers in connection with the public Services. Except where noted, each acts as our processor and processes personal data only on our instructions:
PostHog — product analytics. Records page and feature usage, navigation, and interaction events, and may process IP address and device or browser characteristics. This is our primary non-essential analytics tool.
New Relic — application performance monitoring and error logging. Processes performance telemetry, diagnostic and error data, which may include IP address.
Vercel — hosting and edge delivery of the website and interface. Generates server and access logs (including IP address) and may provide aggregate usage measurement.
Cloudflare — content delivery, performance, and security (including DDoS mitigation and web-application firewall). Processes IP address and request metadata; this processing is largely strictly necessary to deliver and secure the Services.
Northflank — application and infrastructure hosting. Captures operational and server logs, which may include IP address.
The interface is built using the Next.js framework, which runs within our own hosting environment. It is software we operate rather than a separate third-party recipient of your personal data, and is therefore not listed as a provider above.
Depending on your consent and the provider, analytics may process: IP address (often truncated or pseudonymized), device and browser characteristics, operating system, approximate location derived from IP, referring and exit pages, pages and features viewed, interaction events, session duration, and similar usage metrics. Where the Services associate analytics events with your connected wallet address, that association is treated as personal data and processed in accordance with this Policy.
For users in the EEA and UK, non-essential analytics are carried out only on the basis of your consent, obtained through the cookie banner described in Section 5. You may decline analytics and continue to use the Services, and you may withdraw your consent at any time. Where analytics are strictly necessary to secure or deliver the Services, we may rely on our legitimate interests.
Consistent with the prohibitions in our Terms of Service, we do not use analytics to deanonymize or re-identify any user from blockchain data, to build profiles that single out a specific individual from on-chain activity, or to combine analytics data with wallet data for the purpose of identifying a natural person, except where strictly necessary to investigate fraud, abuse, or a violation of the Terms, or to comply with a legal obligation.
You can control analytics through our cookie banner and preference controls, your browser or device settings (including “do not track” and cookie controls), and any opt-out mechanisms offered by our analytics providers. Disabling analytics will not prevent you from using the core functions of the Services.
The Protocol operates on public blockchains (for example, Solana). When you transact through the Services, information such as your wallet address, transaction details, Token holdings, and governance activity is recorded on a public, decentralized ledger. As our Terms of Service note, information published or recorded on the blockchain is not confidential.
Because public blockchains are immutable and are not controlled by us, on-chain personal data cannot be altered, erased, or made inaccessible on request, and your rights of erasure, rectification, and restriction (described in Section 12) are necessarily limited with respect to data already written to the blockchain. We cannot reverse, modify, or delete on-chain transactions or records.
Certain treasury and governance operations, including multi-signature management, are carried out on-chain using tools such as Squads on the Solana network. Information involved in those on-chain operations, including wallet addresses, is public and permanent as described above.
We do not sell your personal data. We may share personal data with:
Analytics, hosting, and security providers identified in Section 6 (PostHog, New Relic, Vercel, Cloudflare, and Northflank), which process usage, performance, log, and security data on our behalf as processors.
Network security and screening provider. We use Groom Lake as our network security provider and, as an independent contractor, to conduct background and eligibility screening as described in Section 4.1. In that capacity Groom Lake may receive identity, contact, eligibility, and, where permitted by law, background-screening information.
Other service providers and processors who perform functions on our behalf, such as collaboration, productivity, and communications tooling, under contractual confidentiality and data protection obligations.
Blockchain networks and the public, by the inherent design of the Protocol, as described in Section 7.
Authorities and other parties where permitted or required, including to comply with applicable law, sanctions obligations, or valid legal process, to enforce our Terms, or to protect the rights, safety, and property of MetaDAO, our Users, or others, consistent with the Monitoring and Enforcement provisions of the Terms of Service.
Successors, in connection with a merger, acquisition, reorganization, or sale of assets, subject to this Policy.
We and our service providers may process personal data in countries outside the EEA, the UK, or your country of residence, which may not provide the same level of data protection. Several of the providers we rely on — including those named in Section 6, our wallet-authentication provider, and our security and screening provider — are established in or process data in the United States. Where we transfer personal data to a provider outside the EEA or the UK, we have put in place the European Commission’s Standard Contractual Clauses and, for transfers subject to UK law, the UK International Data Transfer Addendum to those Clauses, with each such provider. You may request a copy of the safeguards we rely on by contacting us at the address in Section 18.
We retain personal data only for as long as necessary for the purposes set out in this Policy, including to operate and secure the Services, comply with our legal and regulatory obligations, and establish, exercise, or defend legal claims. The specific retention periods we apply are set out below.
On-chain data (wallet addresses, transactions, Token holdings, and governance activity recorded on public blockchains): retained permanently on the relevant blockchain and outside our control, as described in Section 7.
Device, usage, server, and security logs (including IP addresses, access logs, and performance or error telemetry from Vercel, Cloudflare, Northflank, and New Relic): up to thirty (30) days, unless a longer period is necessary to investigate fraud, abuse, or security incidents.
Analytics data (PostHog and similar tools, where you have given consent): up to thirty (30) days from collection, or until you withdraw consent, whichever is earlier.
Contact and enquiry communications (information you submit through contact forms or direct correspondence with us): up to ninety (90) days from the date of your last communication with us, or longer where required to establish, exercise, or defend legal claims.
Founder and client screening records (identity, eligibility, and background-screening information processed through Groom Lake): for the period required by applicable anti-money-laundering, sanctions, and counter-terrorist-financing laws (typically five (5) years after the end of the relevant business relationship), and otherwise only as long as necessary for the screening purpose.
Internal collaboration records (communications retained in tools such as Google Workspace, Slack, Notion, and GitHub): in accordance with our internal retention practices, generally up to ninety (90) days, unless a longer period is required by law or for legal claims.
When retention periods expire, we delete or anonymize personal data unless we are required or permitted to retain it for a longer period.
We implement technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, or alteration. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. As our Terms of Service note, content you transmit may travel unencrypted across networks and may be posted on public blockchains. You are responsible for safeguarding your wallet, private keys, seed phrases, and credentials; we do not store them and cannot recover them.
Subject to applicable law and the limitations described in this Policy, individuals in the EEA and UK have the following rights with respect to their personal data:
Access — to obtain confirmation of whether we process your personal data and a copy of it.
Rectification — to have inaccurate or incomplete personal data corrected.
Erasure — to request deletion of your personal data in certain circumstances (subject to the blockchain limitations in Section 7).
Restriction and objection — to restrict or object to certain processing, including processing based on our legitimate interests.
Portability — to receive certain personal data in a structured, commonly used, machine-readable format.
Withdrawal of consent — to withdraw consent at any time where processing is based on consent, including for analytics and non-essential cookies.
To exercise any of these rights, contact us at market.governed.civilization@metadao.fi. We may need to verify your identity, which for wallet-based interactions may include a cryptographic signature from the relevant wallet. You also have the right to lodge a complaint with a supervisory authority. Our supervisory authority for data protection is the Office of the Ombudsman of the Cayman Islands (5th Floor, Anderson Square, 64 Shedden Road, George Town, Grand Cayman; www.ombudsman.ky). If you are in the European Economic Area or the United Kingdom, you also retain the right to lodge a complaint with the data protection authority of your country of residence or, in the United Kingdom, the Information Commissioner’s Office.
The Services are not directed to, and may not be used by, anyone under eighteen (18) years of age or the age of majority in their jurisdiction, whichever is higher. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete it.
The Services may contain Third-Party Links and may interoperate with third-party wallets, blockchains, and applications. We do not control and are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing them with personal data.
MetaDAO maintains community and support presences on third-party platforms (which may include Telegram and Discord) and uses third-party collaboration and productivity tools for its internal operations (which may include Google Workspace, Slack, Notion, and GitHub). Communications you send through public community channels are processed by those platforms as independent controllers under their own privacy terms, and any information you send to us there, or through a contact form, may be retained within our internal tools.
We do not make decisions producing legal or similarly significant effects about you based solely on automated processing, except where necessary for security or fraud-prevention purposes or as otherwise permitted by law. The futarchy governance outcomes of the Protocol are market-driven and operate independently of MetaDAO, as described in the Terms of Service.
We may update this Policy from time to time. When we make material changes, we will take reasonable steps to notify you, such as by posting the updated Policy on the Services with a new “Last Updated” date and, where appropriate, providing additional notice. Unlike the Terms of Service’ change mechanism, material changes to this Policy will not be treated as effective immediately on posting where advance notice is required by applicable law. Your continued use of the Services after the effective date constitutes acceptance of the updated Policy to the extent permitted by law.
This Policy forms part of, and is governed by the same law as, the Terms of Service. It is governed by and construed in accordance with the internal laws of the Cayman Islands, without regard to any conflict-of-law principle, and disputes arising under it are subject to the mandatory, binding arbitration provision in Section 20.2 of the Terms of Service — ad hoc arbitration governed by the Arbitration Act, 2012 of the Cayman Islands, seated in George Town, Grand Cayman, before a single arbitrator and on an individual basis — to the extent permitted by applicable law.
Nothing in this Section limits any non-waivable right you have under applicable data protection law. In particular, if you are in the European Economic Area or the United Kingdom, your statutory rights to lodge a complaint with a supervisory authority (as described in Section 12) and to an effective judicial remedy are not affected by the arbitration provision or the class-action waiver in the Terms of Service.
If you have questions, concerns, or requests regarding this Policy or your personal data, you can reach us at:
MetaDAO LLC
PO Box 852, Long Island Rd, Majuro, Marshall Islands MH 96960