FinnishMark (FIM) Privacy Policy

FinnishMark collects **only the minimum amount of data** required for platform security, token distribution, and fraud prevention.

We do **NOT** collect names, passport details, addresses, full KYC documents, or other unnecessary personal data unless legally mandated.

2.1 Identity & Contact Data

The only identity-related data we collect: Email address (used for verification, airdrop/ICO communication, fraud prevention, and account linking) and Referral code usage (to track performance and reward eligibility). We do not collect: name, date of birth, nationality, phone number, home address, or identity documents.

2.2 Wallet Data (Blockchain)

We collect: your Solana wallet address, verification signature or proof-of-wallet-ownership, transaction confirmation (on-chain), ICO contribution data, airdrop claim confirmations, referral-based token allocation data, and on-chain fraud patterns (bots, duplicate attempts). Blockchains are public; wallet information is inherently transparent. Wallet addresses are considered personal data under GDPR **only when linked to another identifier (e.g., email)**.

2.3 Human Verification Data (Stripe)

For the mandatory human verification fee ($0.79), Stripe provides us: payment success/failure status, payment intent ID, country inferred by payment processor, limited fraud-metadata, and last 4 digits of card (tokenized, non-sensitive). We **never receive or store**: full credit card numbers, CVV codes, billing addresses, or sensitive payment information. Stripe processes these independently.

2.4 Technical & Anti-Fraud Metadata

FinnishMark uses industry-standard fraud detection to prevent Sybil attacks, bots, and abusive manipulation. We collect: IP address and geolocation (approximate), browser and device fingerprints, operating system and version data, language + locale information, VPN/proxy detection, TOR or anonymizer flags, behavior indicators (rapid-fire automation patterns), referral redemption patterns, multiple-wallet clustering attempts, and repeated Stripe verification attempts. We **do not** use this data for marketing or profiling. It is strictly for security and fairness.

2.5 Social Media Verification (X.com)

For users seeking the **500 FIM sharing reward**, we verify: profile creation date, follower count, visibility & permanence of the shared post, whether the content was altered or deleted, engagement authenticity (anti-fake follower scan), manual content review, and account integrity signals. We **do not** access: DMs, private posts, email address associated with X.com, or follower identities.

2.6 Voluntary Data

If you contact support or make a GDPR request, we may collect: emails you send, documents you voluntarily attach, and your responses to verification questions. This data is never used for marketing.

3.1 Platform Operation

Data is required to operate: the airdrop, the ICO, referral programs, reward distribution, wallet verification, eligibility enforcement, duplicate prevention, and ensuring only real humans participate.

3.2 Fraud Prevention and Platform Security

We employ automated and manual systems to detect: multiple accounts, manipulative or bot-like patterns, fake referrals, fraudulent X.com activities, stolen payment cards, automated scripts, spam registrations, VPN-based manipulation, and device-based multi-accounting. Platform integrity and fairness require fraud prevention.

3.3 Legal and Regulatory Compliance

We process data to comply with: GDPR, EU AML principles (non-KYC unless legally mandatory), FATCA / CRS (where applicable), EU MiCA requirements, Estonian law, law enforcement requests, and financial record retention rules.

3.4 Communication

We use your email to: confirm your verification, confirm ICO or airdrop eligibility, provide token claim instructions, deliver official notices, and send critical changes to Terms. We do **not** send ads or newsletters unless you opt-in.

4.1 Contractual Necessity

Processing is required for: delivering airdrop tokens, processing ICO transactions, validating wallet ownership, and distributing referral rewards. Without this processing, we cannot provide services.

4.2 Legitimate Interest

Used for: protecting platform from fraud, detecting bots, preventing financial crime, and ensuring fairness for all users.

4.3 Legal Obligation

We retain and disclose data when required by: Estonian law, EU law, GDPR requirements, financial crime prevention authorities, and court orders.

4.4 Consent

You provide consent by: submitting your email, clicking verification buttons, linking your wallet, accepting T&C, and using our websites. Consent may be withdrawn except where legally required otherwise.

FinnishMark does **not** sell personal data. We do **not** share with advertisers. We do **not** monetize user data.

We only share data with:

5.1 Service Providers (Processors)

Stripe, Cloudflare, Cloud hosting providers, Anti-fraud vendors, and Email delivery services. They follow strict contractual data protections.

5.2 Legal Authorities

Data is disclosed **only** when: legally required, subject of fraud investigation, ordered by a court, or required under AML or sanctions rules. We do not volunteer data to third parties.

5.3 Blockchain Transparency

All blockchain data is public, immutable, and outside our control.