Privacy Policy

Last updated: March 19, 2026

1. Introduction

Hfund ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform at hfund.finance ("Service").

2. Information We Collect

2.1 Account Information

  • Email address
  • Display name
  • Password (stored as bcrypt hash, never in plain text)
  • Google account ID (if using Google sign-in)

2.2 Financial Information

  • Account balance
  • Investment contract details (amounts, lock periods, earnings)
  • Transaction history (deposits, withdrawals, amounts, dates)
  • Connected wallet addresses (Ethereum/Arbitrum)
  • On-chain transaction hashes

2.3 Referral Information

  • Unique referral code
  • Referrer identity (who referred you)
  • Referral bonus history

2.4 Communication Data

  • Support tickets and messages
  • Telegram ID (if you connect Telegram notifications)
  • Telegram username and messages sent in the official Hfund community channel (for moderation purposes)
  • System notifications history

2.5 Technical Data

  • IP address (for rate limiting and security)
  • Browser type and version
  • Access timestamps

3. Information We Do NOT Collect

  • Government-issued identification (no KYC)
  • Social security numbers or tax IDs
  • Physical addresses
  • Phone numbers
  • Biometric data
  • Private keys or wallet seed phrases

4. How We Use Your Information

We use your information for the following purposes:

  • Account Management: To create and maintain your account, process investments, and manage withdrawals
  • Transaction Processing: To verify deposits on-chain, process withdrawals, and calculate earnings
  • Security: To protect against unauthorized access, fraud, and abuse through rate limiting and 2FA verification
  • Communication: To send transaction confirmations, verification codes, contract notifications, and system announcements
  • Level Calculation: To calculate your level score and determine your tier benefits
  • Referral Program: To track referrals and calculate referral bonuses
  • Platform Improvement: To monitor performance and improve the Service

5. Data Storage & Security

Your data is stored in a PostgreSQL database on secure servers. We implement the following security measures:

  • Passwords hashed with bcrypt (irreversible)
  • HTTPS/TLS encryption for all data in transit
  • JWT tokens with 30-minute expiration
  • HttpOnly, SameSite cookies
  • CSRF protection
  • Rate limiting on all sensitive endpoints
  • Row-level database locking for financial operations
  • Withdrawal verification codes expire after 10 minutes
  • Content Security Policy and other security headers

6. Data Sharing

We do not sell, rent, or trade your personal information. We may share data only in the following circumstances:

  • On-Chain Transactions: Wallet addresses and transaction hashes are inherently public on blockchain networks
  • Email Services: Your email address is shared with our email provider (Gmail SMTP) for sending verification codes and notifications
  • Telegram: Messages in the official Hfund Telegram community are processed by our AI moderation system to detect and remove harmful content (spam, scams, hate speech). Message content is sent to Anthropic's Claude API for classification and is not stored beyond the moderation check
  • Legal Requirements: We may disclose information if required by law, regulation, or legal process
  • Security: We may share information to investigate fraud or protect the security of the platform

7. Cookies

We use the following cookies:

  • Session Cookie: Contains your encrypted JWT session token. HttpOnly, SameSite=Lax. Expires when you close the browser or after 30 minutes of inactivity.
  • Referral Cookie: Stores a referral code when you visit a referral link. Used during registration only. Expires after 30 days.

We do not use analytics cookies, advertising cookies, or third-party tracking cookies.

8. Data Retention

We retain your data for the following periods:

  • Account Data: Retained for the lifetime of your account
  • Transaction Records: Retained indefinitely for audit and regulatory purposes
  • Withdrawal Verification Codes: Automatically deleted after 10 minutes or upon use
  • Rate Limiting Data: IP-based rate limit counters expire after 1-15 minutes

9. Your Rights

You have the right to:

  • Access: View your personal data through your profile and dashboard
  • Correction: Update your display name and password through your profile settings
  • Wallet Management: Connect or disconnect your wallet address at any time
  • Account Deletion: Request deletion of your account by contacting support. Note: transaction records may be retained for regulatory compliance
  • Data Export: Request a copy of your data by contacting support

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

11. International Data

Your data may be processed and stored on servers located outside your country of residence. By using the Service, you consent to the transfer of your information to these locations.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or platform notification. The "Last updated" date at the top reflects the most recent revision.

13. Contact

For privacy-related inquiries, contact us at: