Privacy policy

The data controller responsible for the processing of your personal data is LensARstore, Lyoner Str. 40, 60528 Frankfurt am Main, Germany. Privacy questions and data subject requests can be sent to privacy@koal.fun.

Koal is a non-custodial Platform. We do not collect names, email addresses, or government identity documents as part of normal use. The data we may process is:

• Wallet addresses — the public blockchain addresses you connect to the Platform. These are public data on-chain.
• On-chain activity — token launches, trades, and other transactions executed through Koal are recorded immutably on public blockchains. We do not control this data and cannot remove it.
• Usage data — if analytics cookies are accepted: page views, feature interactions, browser type, device characteristics, and approximate location at country level. Collected via first-party analytics, not shared with ad networks.
• Technical logs — IP address, request timestamps, and error logs collected by our hosting and edge infrastructure for security, abuse prevention, and debugging. Retained briefly and then aggregated or discarded.
• Wallet-connection data — when you connect a wallet via WalletConnect or a similar protocol, session metadata is exchanged with the wallet provider's relay servers. See section 6.
• Support communications — if you email us, we retain that correspondence.

Under Art. 6(1) GDPR we rely on the following legal bases:

• Contract performance (Art. 6(1)(b)) — to operate the Platform and execute the transactions you initiate.
• Legitimate interests (Art. 6(1)(f)) — to maintain platform security, prevent fraud and abuse, and improve the Platform. You can object to this processing at any time.
• Consent (Art. 6(1)(a)) — for analytics cookies, where you have given explicit consent via the cookie preference centre. Consent can be withdrawn at any time.
• Legal obligation (Art. 6(1)(c)) — where required by applicable law, including responding to valid requests from courts and authorities.

• To provide and operate the Platform and its features.
• To detect and prevent fraud, abuse, and security incidents.
• To analyse usage patterns and improve the user experience (analytics cookies only).
• To respond to support requests and legal enquiries.
• To comply with applicable legal obligations.

We do not sell personal data and we do not share it for advertising purposes. Personal data may be shared with the following categories of recipients, all of whom act as processors under data processing agreements (Art. 28 GDPR):

• Hosting and edge infrastructure — providers of compute, content delivery, and DDoS protection that operate the koal.fun website and API endpoints.
• Blockchain RPC providers — services that submit transactions and read state from public blockchains on your behalf when the Platform interacts with the chain.
• Wallet-connection services — WalletConnect, Reown, and similar protocols that handle the encrypted handshake between your wallet and the Platform.
• Analytics providers — only if you have consented; aggregated, pseudonymous usage statistics.
• Email and support tooling — services used to receive and process correspondence sent to our published inboxes.
• Legal authorities and courts — where disclosure is legally required, or to protect the rights, property, and safety of users or third parties.

A current list of named processors is available on request to privacy@koal.fun.

All blockchain transactions are publicly visible on-chain by their nature. Anyone, anywhere, can read them. This is a property of the technology, not a sharing of data on our part.

To use the Platform you must connect a self-custodial wallet. Wallet connection is handled by third-party protocols and applications — for example MetaMask, Rainbow, Coinbase Wallet, WalletConnect, or Reown — that are not operated by Koal.

When you connect a wallet:

• Your wallet address is shared with the Platform so we can construct transactions for you to sign.
• Session metadata, including connection identifiers and the chain you are connected to, may be relayed through the wallet protocol's servers.
• The wallet application itself may collect data subject to its own privacy policy. Koal has no control over and no visibility into your private keys, seed phrase, or any data the wallet holds locally.

We recommend reading the privacy policy of the wallet you choose to connect.

We retain personal data only as long as necessary for the purposes for which it was collected:

• Usage analytics — 12 months from collection.
• Technical and security logs — up to 30 days, then aggregated or deleted.
• Support correspondence — up to 3 years from last contact, or longer where retention is required by law.
• Records required for legal or accounting reasons — for the period required by applicable law (typically 6 to 10 years under German commercial and tax law).
• On-chain data — permanent and outside our control. Erasure is technically impossible.

If you are in the European Economic Area, the United Kingdom, or another jurisdiction with comparable data protection law, you have the following rights with respect to data we hold about you:

• Access — request a copy of the personal data we hold about you (Art. 15 GDPR).
• Rectification — request correction of inaccurate data (Art. 16).
• Erasure — request deletion of your data, subject to legal retention requirements and the technical limits of public blockchains (Art. 17).
• Restriction — request that we limit processing of your data (Art. 18).
• Portability — receive your data in a structured, machine-readable format (Art. 20).
• Objection — object to processing based on legitimate interests (Art. 21).
• Withdraw consent — at any time via the cookie preference centre or by contacting us. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

To exercise any right, contact privacy@koal.fun. We will respond within one month, extendable by a further two months for complex requests, in accordance with Art. 12(3) GDPR.

You also have the right to lodge a complaint with your local supervisory authority. The competent authority for our Frankfurt operation is the Hessischer Beauftragter für Datenschutz und Informationsfreiheit (HBDI).

We do not use automated decision-making, including profiling, that produces legal or similarly significant effects on you within the meaning of Art. 22 GDPR. We may use automated systems to detect fraud and abuse, but any action with consequences for your access to the Platform is reviewed and decided by a human.

We implement appropriate technical and organisational measures to protect data against unauthorised access, alteration, disclosure, or destruction, in line with Art. 32 GDPR. Measures include encryption in transit, access controls, infrastructure hardening, and regular security review. No system is perfectly secure, however, and we cannot guarantee that data transmission over the internet is free of risk.

Most of our processing happens within the European Economic Area. Some service providers we use may be located in, or replicate data to, third countries — typically the United States or the United Kingdom. Where personal data is transferred outside the EEA, we rely on one of the following safeguards under Chapter V GDPR:

• An adequacy decision of the European Commission (for example the EU-US Data Privacy Framework, or the UK adequacy decision).
• The European Commission's Standard Contractual Clauses, supplemented where necessary by additional technical and organisational measures (such as encryption and pseudonymisation) to address risks identified in Schrems II.
• Other safeguards permitted under Art. 46 GDPR.

You can request information about specific transfers and the safeguards in place at privacy@koal.fun.

The Platform is not directed at children. You must be at least 18 years old to use Koal, as set out in our Terms of Service. We do not knowingly process personal data of anyone under 18. If you believe a minor has provided us with data, contact privacy@koal.fun and we will delete it.

For the cookies we use and how to manage them, see our Cookie policy.

We may update this Privacy Policy from time to time as the Platform evolves and as the law develops. We will notify users of material changes by updating the effective date at the top of this page and, where the change is significant, by notice on the Platform. We encourage you to review this page periodically.