How we protect your data and respect your privacy
Effective Date: December 21, 2024 | Last Updated: December 21, 2024
MEV Shield ("we", "us", "our") is the data controller responsible for your personal data processed through our MEV protection services.
Company: MEV Shield
Website: https://mevshield.ai
Email: privacy@mevshield.ai
Data Protection Officer: dpo@mevshield.ai
We follow data minimization principles and collect only what is strictly necessary to provide our MEV protection services. We do not collect personal identifying information such as names, email addresses, phone numbers, or physical addresses.
| Data Category | Specific Data | Storage Method |
|---|---|---|
| Wallet Identifier | Cryptographic hash of wallet address (SHA-256) | Hashed, never stored in plain text |
| Transaction Data | Transaction parameters for MEV protection routing | Processed in memory only, not retained |
| Referral Data | Referral code, referral relationships (hashed) | Linked by hashed identifiers only |
| Usage Statistics | Protected transaction volume, savings metrics | Aggregated, anonymized |
| Technical Data | IP address (for security), browser type, device info | Logs retained for 30 days maximum |
Privacy by Design: Your actual wallet address is never stored. We immediately hash all wallet addresses using SHA-256 with a secure salt, making it impossible to reverse-engineer your original address.
Under GDPR Article 6, we process your data based on the following legal grounds:
| Processing Activity | Legal Basis | GDPR Article |
|---|---|---|
| MEV Protection Services | Contract performance - necessary to provide the service you requested | Art. 6(1)(b) |
| Referral Program | Contract performance - reward calculation per program terms | Art. 6(1)(b) |
| Security & Fraud Prevention | Legitimate interests - protecting our platform and users | Art. 6(1)(f) |
| Analytics & Improvement | Legitimate interests - improving service quality (anonymized data only) | Art. 6(1)(f) |
| Legal Compliance | Legal obligation - responding to lawful requests | Art. 6(1)(c) |
We use the minimal data we collect for the following purposes:
No Marketing: We do not use your data for marketing purposes, sell your data to third parties, or create advertising profiles.
We minimize data sharing and never sell your data. We may share data with:
We may disclose data when required by law, court order, or government request, or to protect our rights, property, or safety.
Data Processing Agreements: All third-party service providers are bound by GDPR-compliant data processing agreements (DPAs) ensuring appropriate safeguards.
Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards:
You may request a copy of the safeguards we use by contacting our DPO.
We retain data only as long as necessary for the purposes described:
| Data Type | Retention Period | Reason |
|---|---|---|
| Hashed Wallet Identifiers | Until account disconnection + 30 days | Service provision and fraud prevention |
| Transaction Data | Not retained (memory-only processing) | Privacy by design |
| Referral Records | Duration of referral relationship + 1 year | Reward calculation and audit |
| Security Logs | 30 days | Security monitoring and incident response |
| Aggregated Analytics | Indefinitely (fully anonymized) | Service improvement |
As a data subject, you have the following rights under GDPR:
Request a copy of the personal data we hold about you and information about how it is processed.
Request correction of inaccurate or incomplete personal data we hold about you.
Request deletion of your personal data under certain circumstances ("right to be forgotten").
Request limitation of processing of your personal data in certain situations.
Receive your personal data in a structured, machine-readable format.
Object to processing based on legitimate interests or for direct marketing purposes.
Not be subject to decisions based solely on automated processing that significantly affect you.
Withdraw consent at any time where processing is based on consent.
How to Exercise Your Rights: Contact our Data Protection Officer at dpo@mevshield.ai. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.
If you are in the EU/EEA and believe we have not adequately addressed your concerns, you may lodge a complaint with your local data protection authority. A list of EU DPAs is available at edpb.europa.eu.
We implement comprehensive technical and organizational measures to protect your data:
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately at privacy@mevshield.ai.
We may update this Privacy Policy from time to time. When we make changes:
We encourage you to review this policy periodically. Continued use of our services after changes constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or our data practices, please contact us:
Email: privacy@mevshield.ai
Data Protection Officer: dpo@mevshield.ai
Security Issues: security@mevshield.ai
General Support: support@mevshield.ai
We aim to respond to all privacy-related inquiries within 30 days.