logo
Surf Privacy Policy
Last Updated: Jul 3rd, 2025

We at Cybertino Inc. (together with our affiliates, “Surf”, “we”, “our” or “us”) respect your privacy and are strongly committed to keeping secure any information we obtain from or about you. This Privacy Policy describes our practices with respect to Personal Data that we collect from or about you when you use our websites, products, services, and related applications (collectively, the “Service”).

Please read this policy carefully to understand our practices regarding your information. If you do not agree with the terms of this policy, please do not use our Service. By using our Service, you agree to the terms of this policy.

If you are located in the EEA, UK, California or certain other U.S. states, please refer to Sections 9–10 for additional information about your privacy rights.

1. Personal Data We Collect

We collect personal data relating to you (“Personal Data”) as follows:

1.1 Personal Data You Provide

You may directly provide the following personal data when using the Service:

  • Contact Information: such as your name, email address, telephone number, mailing address and, if applicable, company name.
  • Account Information: When you create an account with us, we collect information associated with your account, including your name, contact information, account credentials, referral code (if applicable), date of birth, payment information, transaction history, and any other information you add to your account.
  • Communications: information you provide when you communicate with us via the Services, chat or social media.
  • Feedback & Support: content of reports or communications you send us about issues or feedback.
  • Marketing Preferences: your choices about receiving marketing communications and interaction details with those communications.
  • User Content: We collect Personal Data that you provide through your interactions with the Service (“Content”), including prompts, chat messages, and other inputs during AI chat sessions, as well as any files, images, audio, or other media you upload. We may also collect the outputs generated by the Service (“Outputs”), such as AI-generated responses and chat logs.
  • Transaction Data: information related to transactions you conduct and your transaction history.
  • Financial Data: including your wallet address or other identifiers associated with your digital or financial accounts.
  • Payment Information: We do not directly collect or store your credit card details. All payment transactions are processed by trusted third-party payment processors that are PCI-DSS compliant, who collect and use the necessary personal information to complete the transaction.

1.2 Data We Collect Automatically

When you access or use our website or online services, we, our service providers, and business partners may automatically collect certain data about you, your computer or mobile device, and your interactions with our Services, communications, and other online services, including but not limited to:

  • Device Data: Information such as your device’s operating system type and version, manufacturer and model, browser type, screen resolution, IP address, unique identifiers (including those used for advertising purposes), language settings, and general geolocation information (such as city, state, or geographic region).
  • Online Activity Data: Information such as the pages or screens you viewed, navigation paths between pages or screens, time spent on pages or screens, referring websites, timestamps of visits, and indicators of whether you opened or clicked links in our emails or other communications.
  • Blockchain Activity Data: Information related to your cryptocurrency transactions conducted through the Services, including wallet address, transaction hash, sender and recipient addresses, transaction amount, timestamp, and transaction history, as well as other on-chain activities associated with your public wallet address.
  • Cryptocurrency Data: Information regarding your virtual currency or wallet balances and other relevant data.
  • Communication Interaction Data: Information about your interactions with our communications, such as emails, text messages, or other messages (e.g., whether you opened or forwarded such messages).

We may collect the above information through the use of cookies and other tracking technologies.

1.3 Data from Third‑Party Sources

We may supplement the Personal Data we collect with information obtained from third-party sources, including but not limited to:

  • Public Sources: Such as government agencies, public records, publicly available websites, social media platforms, and public blockchain data.
  • Data Providers: Such as data brokers, commercial information services, and other third-party data licensors.
  • Partners: Including marketing partners, event co-sponsors, and organizations with whom we jointly offer products or services.
  • Service Providers: Third parties that provide services on our behalf, including hosting and storage providers, analytics vendors, blockchain-analytics and compliance services, and customer-support platforms.
  • Business Transaction Partners: Such as entities involved in actual or potential business transactions with us, including mergers, acquisitions, financings, or asset sales.
  • Third-Party Linked Services: If you link your account with a third-party platform (such as a social media or single sign-on provider), we may receive information from that service, such as your profile photo, username, and any other information you have authorized the third party to share based on your privacy settings with that service.

1.4 Other Data

We may collect other types of Personal Data that are not specifically listed here, which we will use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection.

2. How We Use Personal Data

We may use your personal information for the following purposes or as otherwise disclosed at the time of collection:

  • Service Delivery and Operations: To provide and operate the Services; enable security features; establish and maintain your user profile; facilitate invitations to contacts; communicate with you about the Services, including updates, alerts, and support messages; communicate about events or contests; and provide technical support and respond to your inquiries.
  • Personalization: To understand your needs and preferences; personalize your experience and our communications with you; and remember your settings as you navigate the Services.
  • Improvement and Analytics: To analyze how you use the Services; improve the Services and other aspects of our business; understand user behavior (e.g., page views, navigation patterns, email interactions); develop new products and features; and use dialog content you submit (e.g., prompts, uploads, chat transcripts) to analyze performance, troubleshoot issues, and enhance Surf’s functionality and overall user experience.
  • Marketing and Advertising: We, our service providers, and third-party advertising partners may use your personal information for marketing and advertising purposes, including:
  • Direct Marketing: We may send you direct marketing communications, which may be personalized based on your interests. You may opt out of receiving these communications at any time.
  • Interest-Based Advertising: We, our service providers, and advertising partners may use cookies and similar technologies to collect information over time about your interactions with the Service, our communications, and other online services. This information may be used to deliver targeted advertising that we or they believe may be of interest to you. We may also share relevant user data with these third parties to support such advertising across other platforms.
  • Events, Promotions, and Contests: To administer promotional events and contests; communicate with you regarding your participation; and, where permitted by law, to collect and use your personal information obtained during such activities to contact you or send you marketing communications.
  • Compliance and Protection: We may use your personal information to:
  • Comply with applicable laws, regulations, legal obligations, law enforcement requests, and legal proceedings (e.g., subpoenas, investigations, or requests from government authorities);
  • Protect our, your, or others’ rights, privacy, safety, or property, including by asserting or defending against legal claims;
  • Audit our internal processes for compliance with legal, contractual, and policy requirements;
  • Enforce the terms and conditions governing the Service; and
  • Detect, investigate, prevent, and respond to fraud, unauthorized use, abuse, cybersecurity threats, or other harmful, unethical, or illegal activities, including identity theft and cyberattacks.
  • We may also screen wallet addresses against sanctions and anti–money-laundering (AML) watchlists to comply with applicable laws.
  • Aggregated, De-identified, and/or Anonymized Data: We may create data sets that do not identify you by aggregating or de-identifying personal information. We may use and share such data without restriction for lawful business purposes, including to analyze usage trends, improve our services, and promote our business.
  • Corporate Events: In connection with actual or potential corporate transactions (e.g., mergers, acquisitions, asset transfers, reorganizations, or bankruptcy), we may share personal information as part of those transactions.
  • Further Uses: In limited circumstances, we may use your personal information for purposes not originally disclosed, provided such use is compatible with the original purpose or subject to your consent where required.

3. Disclosure of Personal Data

We may disclosure your personal data with the following circumstances:

  • Affiliates: Our parent company, subsidiaries, and other affiliated entities.
  • Service Providers: Third parties that provide services on our behalf or assist with the operation of the Service or our business (e.g., hosting, IT, customer support, chat features, email delivery, marketing, and analytics).
  • Advertising Partners: Third-party advertising companies for the interest-based advertising purposes described above.
  • Authorized Third Parties: Third parties with whom you have directed us to share your information or where you have provided consent.
  • Business Partners: Third parties with whom we collaborate, including joint marketing or promotional partners, co-service providers, or those offering products or services that may be relevant to you.
  • Linked Third-Party Services: If you log in to or link your account with a third-party service (e.g., social media platforms), we may share your personal information with that service. Their use of your information will be subject to their privacy policies and your settings with them.
  • Professional Advisors: Legal, financial, audit, or insurance professionals where disclosure is necessary for the services they provide.
  • Compliance and Protection: To comply with legal obligations, respond to lawful requests, enforce our terms, protect rights and safety, or investigate potential violations or misconduct.
  • Corporate Transactions: In connection with or during negotiations of mergers, acquisitions, asset sales, reorganizations, bankruptcies, or other corporate transactions.

4. Retention

We generally retain personal information for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal, accounting, or regulatory obligations; to establish, exercise, or defend legal claims; or to prevent, detect, or investigate fraud or other unlawful conduct. In determining appropriate retention periods, we consider the volume, nature, and sensitivity of the data; the potential risk of harm from unauthorized access or disclosure; the purposes for which the data was collected and whether those purposes can be achieved through other means; and applicable legal requirements. When personal information is no longer required, we will delete or anonymize it. Where deletion is not feasible (e.g., data stored in backup archives), we will securely store the information, restrict further processing, and delete it when practicable in accordance with our data retention policies.

5. Security

We implement reasonable administrative, technical, and physical safeguards to protect your personal information against accidental loss and unauthorized access, use, alteration, or disclosure. However, no method of transmission or storage over the Internet is completely secure. You are also responsible for protecting your personal information by properly managing the credentials you use to access it, such as usernames and passwords. If you suspect that your credentials have been compromised, please notify us immediately.

6. Your Rights

You may have certain rights regarding your personal information, depending on your jurisdiction. These rights may include:

  • Right of Access: You may request access to some or all of the personal information we hold about you.
  • Right to Rectification: If you believe the information we hold is inaccurate or outdated, you may request that we correct it.
  • Right to Erasure: Where permitted or required by law, you may request that we delete certain personal information. (Note: information recorded on a public blockchain cannot be deleted)

If you wish to exercise any of the above rights, please contact us using the information provided at the end of this Policy. To protect your information, we may require you to verify your identity before processing your request. Depending on applicable laws or specific circumstances, we may be unable to fulfill your request, and we will provide an explanation where legally permitted.

You may also choose to stop receiving our marketing communications.

7. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page and reflected in the updated “Last Updated” date. We encourage you to review this Policy periodically to stay informed about our privacy practices. Your continued use of our Service will constitute your acceptance of those changes.

8. Notice to Users in the European Economic Area and the United Kingdom

For the purposes of the EU General Data Protection Regulation (“GDPR”) and the UK GDPR, the controller of your personal data is:

Controller

Cybertino Inc., incorporated in [California, USA]

Contact: see “Contact Us” section

Legal Bases for Processing

We process your personal data under the following legal bases, as applicable:

  • Contractual necessity – to perform a contract with you or take steps at your request before entering into a contract.
  • Legitimate interests – to pursue our legitimate business interests in a way that does not override your rights and freedoms (e.g., to maintain and improve the Services, ensure security).
  • Legal obligations – to comply with applicable laws and legal processes.
  • Consent – where you have given explicit consent (e.g., for certain marketing communications or optional features).

Your Rights

Under the GDPR and UK GDPR, you may have the following rights:

  • Right of access – to obtain a copy of your personal data
  • Right to rectification – to correct inaccurate or incomplete data
  • Right to erasure – to request deletion of your personal data
  • Right to restrict processing – to request limited use of your data
  • Right to data portability – to receive your data in a structured format and transmit it to another controller
  • Right to object – to object to processing based on our legitimate interests

How to exercise your rights

To exercise these rights, please contact us (see Contact Us section). We may ask for information to verify your identity before fulfilling your request. We will respond within the time required by applicable law. If your request is complex or numerous, we may extend the response period and will notify you accordingly.

If you believe your rights have been violated, you may lodge a complaint with your local Data Protection Authority (DPA).

International Transfers

Your personal data may be transferred to and processed in countries outside the EEA and the United Kingdom, including where our servers or third-party service providers are located. In such cases, we implement appropriate safeguards in accordance with applicable data protection laws, such as the European Commission’s Standard Contractual Clauses (SCCs).

9. California & Other U.S. State Privacy Notice

Scope

This section applies to residents of California and other states with comprehensive privacy laws (e.g., Colorado, Virginia, Utah, Connecticut).

Categories of Personal Information Collected (past 12 months)

CCPA CategoryExamplesBusiness / Commercial PurposeSold or Shared*
IdentifiersEmail, wallet addressAccount creation & securityNo
Commercial InformationTransaction historyService delivery, receiptsNo
Protected CharacteristicsAge (for legal compliance)Age verificationNo
Internet / Network ActivityDevice ID, logs, cookiesFraud prevention, analyticsNo
Geolocation (coarse)IP-derived city/stateLocalized contentNo

Surf does not sell or share personal information as defined in Cal. Civ. Code § 1798.140.

Your Rights

  • Access / Know
  • Delete
  • Correct
  • Opt-out of sale or sharing (Note: We do not currently sell or share personal information as defined under applicable law.)
  • Limit use or disclosure of sensitive personal information
  • Appeal - Depending on where you live, you may have the right to appeal a decision we make relating to requests to exercise your rights. To appeal a decision, please send your request (see “Contact Us” section) within 30 days.

How to exercise:

Submit a request (see “Contact Us” section). We will respond within 45 days, with one reasonable extension (up to another 45 days).

Non-Discrimination

Surf will not impose unreasonable differences in price, service quality, or functionality based on your exercise of these rights.

Appendix A – Additional Compliance Information

A.1 Cookies & Tracking Technologies

Surf uses necessary cookies for core functionality and optional analytics cookies to understand how visitors use our services.

You may disable non-essential cookies via your browser settings. Some browsers send “Do Not Track” signals; Surf currently does not respond to such signals.

A.2 Children’s Privacy

The Services are intended for individuals 18 years of age or older. We do not knowingly collect personal information from anyone under 13. If we learn that we have inadvertently collected such data, we will delete it promptly.

A.3 Marketing Opt-Out

You may opt out of marketing emails at any time by clicking the “unsubscribe” link in those emails or by emailing (see Contact Us section).

A.4 Blockchain Transparency Disclaimer

All on-chain transaction records are permanently public and viewable by any third party. Surf has no ability to alter or delete data that is stored on a public blockchain.

Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our handling of your personal information, please contact us at: privacy@cybertinolab.com