Privacy policy
Privacy Policy
Last updated: January 16, 2026
This Privacy Policy explains how STAKELY, S.L. (“Stakely”, “we”, “us”) processes personal data when you access or use stakely.io and related services offered through the Website.
1. Who is responsible for your personal data?
Data Controller: STAKELY, S.L. Address: C/Ferraz 2, 2o IZQ, 28008, Madrid, Spain NIF: B72551682 Contact: [email protected]
2. Scope and services covered
This Privacy Policy applies to personal data processed in connection with:
- Website Catalog and informational content (staking education, network information, links to third-party wallets and tools).
- Staking widget (where available) that lets you connect a wallet and initiate staking-related transactions.
- RPC Load Balancer (public endpoints routing RPC requests through Stakely infrastructure).
- Nodes as a Service (paid services where users register and obtain access to managed RPCs or validator-related services).
3. What data do we process?
We apply data minimization, we only process data that is necessary for the purposes described below.
A) Website Catalog (general browsing)
- Browsing and technical data: device and browser information, pages visited, approximate location derived from IP (country or region level), and similar technical metadata.
- Cookies and similar identifiers: depending on your cookie preferences (see Section 6).
- Contact and communications data: if you contact us, we process your email address and the content of your message.
B) Staking widget usage analytics (where available)
We do not store wallet addresses as standalone fields in our backend. We store limited technical analytics to understand usage and improve reliability:
- Transaction hash
- Transaction payload
- Timestamp
- Network
Important: transaction data is, by nature, intended to be submitted to a public blockchain, and may allow on-chain addresses to be inferred or linked through blockchain analysis once broadcast and recorded on-chain.
C) RPC Load Balancer (public endpoints)
- Transient request handling: we process RPC requests to route them to backend nodes. We remove request headers and do not forward client-identifying headers to backend nodes.
- Request content: the RPC method and parameters (body, path, query) are processed to deliver the response. RPC parameters may include public blockchain addresses or transaction data, depending on the call you make.
We do not intentionally store identifiable client IP logs in our own load balancer systems. Infrastructure providers involved in delivering the service (for example, CDN and hosting) may process IP addresses and generate short-lived operational logs as part of providing network security and delivery.
D) Nodes as a Service (registered, paid services)
Depending on how you sign up and use the service, we may process:
- Account data: email address, and authentication data you provide for account access.
- Billing and invoicing data: name and billing address, and any additional invoicing details required by law.
- Service communications: messages related to incidents, updates, support requests, and service notices.
- Operational and security data: usage identifiers (such as API key identifiers), access events, performance metrics, and security signals needed to protect the service and prevent abuse.
4. How do we collect your data?
We collect data:
- Directly from you when you contact us, register, or use paid services.
- Automatically when you browse the Website or interact with our services (through logs, security systems, and cookies depending on your settings).
- From service providers that help us operate the Website and services (see Section 7), for example, analytics and error monitoring providers.
5. Why do we process your data and on what legal bases?
| Purpose | Data categories | Legal basis |
|---|---|---|
| Provide the Website, content, and requested functionality | Browsing/technical data; necessary cookies | Legitimate interest (service delivery, security, fraud prevention) |
| Respond to inquiries and support requests | Email; message content | Legitimate interest (support) or pre-contractual steps (if applicable) |
| Operate the staking widget and improve reliability | Tx hash; tx payload; timestamp; network | Legitimate interest (service improvement, troubleshooting, integrity) |
| Operate RPC Load Balancer and protect availability | Transient request data; security signals | Legitimate interest (network security, abuse prevention, service continuity) |
| Provide RPC as a Service (account, access, delivery) | Account data; operational and security data | Performance of a contract |
| Payments, billing, accounting, invoicing | Billing/invoicing data | Performance of a contract; legal obligation |
| Analytics (non-essential) | Cookies/identifiers; usage data | Consent (where required) |
| Marketing communications (general) | Consent (where required) | |
| Marketing to existing customers about similar services (where permitted) | Legitimate interest, with opt-out |
6. Cookies and similar technologies
We use cookies and similar technologies:
- Strictly necessary cookies to ensure the Website works securely and reliably.
- Non-essential cookies and analytics (such as Google Analytics or Umami, depending on your configuration) only when you consent where required.
You can manage your choices via the cookie banner and settings on the Website. For details, see our Cookies Policy: https://stakely.io/policies/cookies-policy
7. Who do we share data with?
We do not sell personal data.
We may share data with:
Service providers (processors) that help us operate the Website and services, such as:
- Cloudflare (CDN, security, performance)
- DigitalOcean (infrastructure hosting)
- Google Analytics (analytics, if enabled by consent where required)
- Umami (analytics, if enabled by consent where required)
- Sentry (error monitoring and diagnostics)
- Payment processors (to process payments and manage billing)
Authorities and public bodies when required by law, or to protect rights, safety, and security.
Some providers act as independent controllers for their own purposes in limited contexts. Where that applies, their privacy notices govern their processing.
8. International data transfers
Some providers may process data outside the European Economic Area. Where international transfers apply, we use appropriate safeguards under applicable data protection law (for example, contractual safeguards and other measures where required).
9. Data retention
We keep data only as long as needed for the purposes described in this Policy:
- Contact messages: retained for as long as necessary to respond and handle follow-ups, then deleted or anonymized within a reasonable period.
- Staking widget analytics (tx hash, payload, timestamp, network): retained only as long as needed for product analytics and troubleshooting, then deleted or aggregated.
- RPC Load Balancer processing: request data is processed transiently to deliver responses. We do not intentionally keep identifiable client IP logs in our systems.
- Nodes as a Service account and operational data: kept for the duration of the contract, and longer where required for legal, tax, and accounting obligations, or to resolve disputes and enforce agreements.
- Cookie-based analytics: retained according to our cookie settings and provider configurations, and subject to your consent choices.
10. Security
We implement technical and organizational measures designed to protect personal data against unauthorized access, alteration, loss, or misuse. No system is completely secure, but we aim to apply proportionate controls appropriate to the nature of the services.
11. Your rights and how to exercise them
Subject to applicable law, you may request:
- Access, rectification, erasure, restriction, portability.
- Objection to processing based on legitimate interest.
- Withdrawal of consent at any time (where processing is based on consent).
To exercise your rights, email [email protected]. We may request additional information only if needed to verify your identity.
You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD): C/ Jorge Juan, 6, 28001 Madrid, Spain.
12. Third-party links and services
The Website may include links to third-party wallets, explorers, and other services. When you use those services, their privacy policies apply. We are not responsible for third-party processing practices.
13. Blockchain notice
Transactions you initiate may be recorded on public blockchains. Public blockchains are decentralized networks not controlled by Stakely. Once data is recorded on-chain, it may be immutable and publicly accessible, and Stakely cannot delete or modify on-chain records. This does not affect our ability to delete off-chain data we control, where applicable.
14. Changes to this Privacy Policy
We may update this Policy to reflect legal or operational changes. We will post the updated version on the Website and update the “Last updated” date. If a change requires consent, we will request it through appropriate means.
