Skip to content
Last updated

Privacy Policy

Last updated: May 26, 2026

This policy explains what personal data we collect when you use Vilna, why we process it, the legal bases we rely on under the General Data Protection Regulation (GDPR), and the rights you have. It covers the Vilna website, documentation, and API services (the "Service").

1. Who we are

Vilna ("we", "us") operates the Service and acts as the controller of your personal data. Vilna is not yet incorporated as a company. During this pre-incorporation phase the founding team operates the Service and is responsible for your data; once we incorporate we will name the legal entity controller, its registered address, and an EU/UK representative if one is required. You can reach us about any privacy matter at support@vilna.io.

If you are in the European Economic Area (EEA) or the UK and have a question about how we handle your data, write to the same address and we will respond.

2. What we collect

Account data you give us: email address, first and last name, and company name when you register.

Usage data collected automatically: IP address, browser type and version, the pages you visit, timestamps, device identifiers, and diagnostic data.

API usage data: API key usage statistics, request frequencies and patterns, error and debugging logs, the blockchain addresses you ask us to monitor (these are already public on-chain), and the webhook endpoints you configure.

We do not collect special-category data, and the Service is not directed at children (see section 9).

What we doData usedLegal basis (GDPR Art. 6)
Provide and maintain the Service, manage your accountAccount data, API usage dataPerformance of a contract (Art. 6(1)(b))
Keep the Service secure, prevent abuse, debug and improve itUsage data, API usage dataLegitimate interests (Art. 6(1)(f))
Send you service-related and account communicationsEmailLegitimate interests, or consent where required (Art. 6(1)(a)/(f))
Meet legal and regulatory obligationsAs applicableLegal obligation (Art. 6(1)(c))

Where we rely on legitimate interests, we have weighed them against your rights and use the minimum data needed. You can object to that processing (see section 7).

4. Cookies

We use a small number of cookies to run the site and remember your preferences. See our Cookie Policy for the details and your choices.

5. Who we share it with

We share personal data only with:

  • Service providers who process data on our behalf to host, run, secure, and support the Service (for example hosting and error-reporting providers). They act on our instructions under a data-processing agreement.
  • Authorities or advisers where we are legally required to disclose, or need to establish or defend legal claims.
  • A successor in the event of a merger, acquisition, or asset sale, with notice to you.

We do not sell your personal data.

6. International transfers

We may process data outside the EEA. Where we do, we rely on an appropriate safeguard, such as an adequacy decision or the European Commission's Standard Contractual Clauses, so that your data keeps an equivalent level of protection. Contact us if you would like more detail on the safeguard that applies.

7. Your rights

Under the GDPR you can ask us to:

  • give you access to the personal data we hold about you;
  • correct data that is wrong or incomplete;
  • erase your data;
  • restrict or object to how we process it;
  • receive your data in a portable format, or have it sent to another provider;
  • withdraw consent at any time, where we rely on consent (this does not affect processing before withdrawal).

To exercise any of these, email support@vilna.io. You also have the right to lodge a complaint with your data-protection supervisory authority if you think we have handled your data improperly.

8. How long we keep it

We keep personal data only as long as needed for the purposes above, then delete or anonymise it. We may keep certain records longer where the law requires it or to establish or defend legal claims. You can ask us to delete your data at any time (section 7).

9. Blockchain data

Blockchain addresses and transactions are public by nature. When you give us addresses to monitor, that information is already public on the blockchain.

We never collect or store:

  • private keys;
  • seed phrases;
  • wallet passwords;
  • anything that could give us control over your blockchain assets.

We are a non-custodial service. We watch public chains and report activity; we do not hold or move your funds. See our Non-custodial Service Notice.

10. Security

We use reasonable technical and organisational measures to protect your data. No method of transmission or storage is completely secure, so we cannot guarantee absolute security, but we work to keep the risk low and to respond quickly if something goes wrong.

11. Children

The Service is intended for users aged 18 and over. We do not knowingly collect data from anyone under 18. If you believe a child has given us personal data, contact us and we will delete it.

12. Changes to this policy

We may update this policy. When we do, we will change the "Last updated" date above and, for significant changes, give you notice by email or a prominent notice on the Service.

13. Contact us

For any question about this policy or your data, email support@vilna.io.