Privacy Policy

Last modified: July 11, 2025

Just Cobuild, Co. Privacy Policy

Effective Date: July 11, 2025
Snapshot: "Privacy-first approach for non-custodial streaming funding."
Commit Hash: 6a8ca5daa71f96bab4e25897349c44346eaf6270

This Privacy Policy (the “Policy”) explains how Just Cobuild, Co., a Delaware C-Corporation (“Cobuild”, the “Company”, “we”, “us”, or “our”) collects, uses, and shares data in connection with the flows.wtf platform, including the Interface, smart contracts, and related services (collectively, the “Services”). Your use of the Services is subject to this Policy as well as our Terms of Service.

High-Level Summary

  • Cobuild is a US-based company operating flows.wtf, a non-custodial platform for continuous funding via streaming smart contracts. We comply with applicable US laws, GDPR, and CCPA.
  • The Flow protocol is permissionless and not governed by Cobuild.
  • We do not collect or store personal data such as first name, last name, street address, date of birth, email address, or IP address in connection with your use of the Services, unless voluntarily provided.
  • We collect limited non-identifiable data, such as public on-chain data (e.g., wallet addresses), and minimal off-chain data (e.g., device type, browser version) for analytics, security, and improvements—not to track individuals.
  • If you opt-in for emails (e.g., newsletters or updates), we store your email to send them; you can unsubscribe anytime. We do not link emails to wallet addresses or other data.
  • We explore privacy enhancements like opt-out prompts and privacy-focused tools.
  • Users can employ client-side privacy methods (e.g., VPNs, new wallets).
  • Material changes to this Policy will be posted here with advance notice.

Data We Collect

Privacy is fundamental to our mission. We value transparency and collect only what's necessary. We do not require user accounts and avoid storing personal data. As noted in our Terms (Section 9), we currently do not use tracking cookies or similar technologies (if that changes, we'll update this Policy beforehand). We honor "Do Not Track" (DNT) signals from browsers where feasible. When you interact with the Services, we collect:

  • Publicly-available blockchain data. When you connect your non-custodial wallet, we collect your public wallet address and on-chain activity (e.g., transactions, Farcaster activity) to enable features like streaming, voting, and compliance screening (e.g., for sanctions via OFAC checks). We may use third-party analytics providers. Wallet addresses are public and not personally identifying alone.
  • Information from localStorage and other tracking technologies. We and our providers may collect data from localStorage, cookies (if implemented), or similar to personalize the Services (e.g., remembering imported tokens or preferences). This includes browser type, device language, operating system, and aggregated usage patterns. We analyze these collectively to improve UX.
  • Information from other sources. We may receive wallet or transaction data from service providers for legal compliance (e.g., preventing illicit activity) or during grant-round escrow (limited custody exception per Terms Section 4.2).
  • Survey or usability information. If you join a survey or study, we record provided biographical info (e.g., name, email, job title), responses, and interactions.
  • Correspondence. We receive info you provide via email (e.g., legal@justco.build), support channels, social media (e.g., X/Twitter), or surveys.
  • Biographical information. For job applications, we collect details like name, email, resume, and work status.
  • Minimal telemetry. As per our Terms, we collect anonymized data on Service usage for analytics and improvements, based on legitimate interests.
  • Third-party integrations. The Services integrate with third parties (e.g., Juicebox, Farcaster, wallet providers). We do not control their data practices; review their privacy policies.

How We Use Your Data

We use data solely for:

  • Providing and improving the Services (e.g., funding streams, interface personalization).
  • Analytics and security (e.g., detecting exploits, aggregated insights for product vision).
  • Legal compliance (e.g., sanctions screening, tax reporting if required).
  • Communicating with you (e.g., support responses, opt-in emails).
  • Marketing (only with consent; e.g., newsletters).
  • Processing job applications or surveys.

Processing is based on: your consent (e.g., emails), contract performance (e.g., Service access), legitimate interests (e.g., security, improvements), or legal obligations.

Sharing Your Data

We do not sell data or share it for cross-context behavioral advertising. Sharing is limited to:

  • Service providers and affiliates: Third parties (e.g., analytics tools, hosting) bound by confidentiality and data protection agreements.
  • Legal requirements: To comply with laws, subpoenas, or authorities (e.g., OFAC).
  • Business transfers: In mergers, acquisitions, or asset sales.
  • With your consent: E.g., sharing on-chain data with indexers.

For GDPR: Processors are vetted; international transfers (e.g., to US) use standard contractual clauses or adequacy decisions.

Data Security

We use industry-standard measures like encryption, access controls, and secure protocols. Report vulnerabilities to security@justco.build (per Terms Section 10; discretionary rewards for good-faith disclosures). We are not liable for blockchain risks or third-party breaches (e.g., wallet providers like Juicebox, Farcaster). We cannot guarantee absolute security due to inherent internet and blockchain risks.

Your Choices and Rights

  • Opt-outs: Unsubscribe from emails anytime; manage localStorage/cookies via browser settings.
  • Access and control: Request access, correction, deletion, or portability of your data.
  • GDPR rights (if applicable): Object to processing, withdraw consent, restrict use; lodge complaints with supervisory authorities. We aim to respond within one month, extendable to two if complex.
  • CCPA rights (California residents): Know collected data, delete it, opt-out of sales (we don't sell). Non-discrimination for exercising rights. Submit requests via legal@justco.build; we'll verify and respond within 45 days.
  • We do not use data for automated decision-making with legal effects. Note: On-chain data (e.g., transactions) is public and immutable; we cannot edit or delete it.

Data Retention

We retain data only as needed: e.g., technical logs for 6-12 months, correspondence until resolved, on-chain data as public. Deletion upon request or when no longer necessary, subject to legal holds.

International Data Transfers

Data may be processed in the US or other countries. We ensure safeguards like GDPR-compliant clauses for transfers outside EEA/Switzerland.

Children's Privacy

Services are for users 18+ (per Terms Section 2.1); we do not knowingly collect data from children under 13 (or higher where required by law, e.g., 16 under GDPR).

Changes to This Policy

We may update this Policy; changes posted on flows.wtf with 30-day notice for material updates (per Terms Section 16). Continued use constitutes acceptance.

Contact Us

For questions or rights exercises: legal@justco.build or Just Cobuild, Co., 131 Continental Dr Suite 305, Newark DE 19713 USA.

This Policy aligns with our Terms; in conflicts, Terms prevail.