top of page

Privacy Policy

Last updated: 29/08/2025

1) Who we are and how to contact us

Controller: Biedaki Ltd, registered in [England & Wales].
Email: info@bieda.co.uk

This notice explains how we process personal data when you visit www.bieda.co.uk, use our validator services, or contact us.

2) What we collect

Technical & usage data: IP address, device and browser details, timestamps, pages viewed. Under UK GDPR, these “online identifiers” can be personal data. 1

Wallet / on-chain identifiers: public keys, wallet addresses, delegation amount and reward events that are publicly recorded on the Solana blockchain or you submit through our tools. Public keys/wallet addresses can be personal data when they relate to an identifiable natural person; we treat them accordingly. 

Contact data (only if you send it): name, email, company, and any content you submit in forms or support tickets.

Do we collect special category data? No.

3) How and why we use data

  • Provide and operate the site/services (including showing validator info, handling support): performance of contract or legitimate interests.

  • Security & abuse prevention (basic server logs, incident triage): legitimate interests. We minimise logs and keep them no longer than 12 months (see Retention). The storage-limitation principle requires not keeping data “just in case.” 

  • Cookieless analytics to understand aggregated traffic and improve the site: legitimate interests. We use privacy-first analytics that do not set cookies or fingerprint visitors.

  • Legal/regulatory: complying with applicable laws, responding to lawful requests, and enforcing our terms: legal obligation or legitimate interests.

Note on blockchain data. Public blockchains are append-only; on-chain data cannot be altered or erased by us. We design so that personal data is processed off-chain where feasible (e.g., references/hashes) to respect GDPR rights while recognising blockchain’s immutability.

4) No ads, no “sale” or “share”

We do not sell or share personal data for cross-context behavioural advertising and we don’t run targeted marketing cookies. (Cookieless analytics only.)

5) Cookies & analytics

We aim to avoid cookies entirely. Where our infrastructure needs strictly-necessary cookies (e.g., load-balancer session), your browser may set them, but our analytics are cookie-less and do not use client-side state or fingerprinting.

6) Where data comes from

  • Directly from you (forms, email).

  • Automatically from your device when you browse the site (technical data).

  • Public blockchain data (e.g., your public key and delegation/claim transactions if you use our tools or interact with our validator).

7) Retention

  • Server and security logs: kept ≤ 12 months, unless a specific incident requires longer.

  • Support correspondence: normally ≤ 24 months from closure.

  • Blockchain records: public chain data persists indefinitely by design; we don’t control that ledger. We avoid placing plain-text personal data on-chain; where possible we keep personal data off-chain to allow normal retention/erasure rules. 
    We set periods against the UK GDPR storage-limitation principle.

8) Data sharing (processors & recipients)

We use reputable providers to host our website, protect it, and run analytics. They act under contract, follow our instructions, and must implement appropriate security. Where feasible, we choose providers that don’t set cookies (e.g., Plausible or Cloudflare Web Analytics).

We may disclose personal data: (i) to comply with law or lawful requests; (ii) to protect rights, safety, and network integrity; (iii) as part of a corporate transaction (if any), under appropriate safeguards.

We do not disclose wallet private keys. We operate non-custodial infrastructure; you remain in control of your assets.

9) International transfers

If processing involves transfers outside the UK (e.g., global cloud/CDN or analytics endpoints), we rely on UK adequacy, the ICO’s International Data Transfer Agreement (IDTA) or the UK Addendum to EU SCCs, plus transfer risk assessments where needed.

10) Security

We apply layered technical and organisational measures (network hardening, access controls, encryption in transit/at rest where appropriate, least-privilege, logging/alerting) and select privacy-first vendors. No internet service is 100% secure, but we strive to keep risk proportionate to the data we process.

11) Your rights (UK GDPR)

You can: access, rectify, erase (subject to limits), restrict processing, object to processing, and port data you provided; you can also withdraw consent where that is our basis. 

Blockchain caveat: erasure/rectification cannot be applied to historical on-chain entries we don’t control. We will implement off-chain measures (e.g., delinking account notes, deleting support records, or adding corrective entries where appropriate) to respect your request as far as technically feasible. 

To exercise rights, email [info@bieda.co.uk]. We may need to verify your identity and will respond within the statutory timeframe.

12) Children

Our site and services are not directed to under-18s. We do not knowingly collect data from anyone under 18; if you believe a minor has provided data, contact us and we’ll remove it where feasible. Leading validator policies follow similar age-gating language

13) Complaints

If you’re not satisfied with our response, you can lodge a complaint with the UK Information Commissioner’s Office (ICO). See: “Make a complaint” (ICO)

14) Changes to this notice

We’ll update this page if our practices change. Material changes will be signposted on-site and (where appropriate) notified via email.

bottom of page