Privacy Policy

1. Information We Collect

When you use the CIFI 100 Day Incubator platform, we may collect the following information:

• Account Information: Name, email address, country, and project details submitted through our registration form
• Wallet Information: XDC-compatible wallet addresses provided during registration
• Usage Data: Pages visited, features used, and interaction patterns to improve the platform experience
• Communications: Messages and correspondence sent through our booking and mentorship systems

We may also collect technical data such as browser type, device information, IP address, and referring URLs when you access our site. We do not collect sensitive personal data (e.g., government IDs, financial account numbers) beyond wallet addresses necessary for XDC Network interactions.

2. How We Use Your Information

We use collected information to:

• Process and manage your incubator application
• Provide mentorship scheduling and program communications
• Facilitate DAO deployment and smart contract interactions on XDC Network
• Improve platform functionality and user experience
• Send program updates, milestone reminders, and relevant announcements

We will never sell, rent, or trade your personal information to third parties. Data is retained for the duration of your program participation and for 12 months afterward for alumni services, unless you request earlier deletion.

3. Blockchain Data

Transactions on XDC Network, including token transfers and smart contract deployments, are recorded on a public blockchain. This data is immutable and publicly accessible by design. CIFI Global does not control or have the ability to delete on-chain data.

Wallet addresses, transaction hashes, token transfers, and smart contract interactions are permanently recorded on the XDC public ledger. We cannot modify or delete this on-chain data. Do not submit wallet addresses you wish to keep private. On-chain certificates issued upon program completion (format: CIFI-C{cohort}-{uuid}) are also permanent.

4. Cookies & Local Storage

This platform uses browser local storage to save form data and application state. We do not use third-party tracking cookies. Google Fonts are loaded from Google's servers, which may set cookies according to Google's privacy policy.

We use browser localStorage for session tokens (JWT) and application form state. These are strictly functional — no advertising or analytics cookies are set by this platform. Google Fonts are loaded externally and may set cookies per Google's privacy policy. You can clear localStorage at any time through your browser settings.

5. Third-Party Services

We may use the following third-party services:

• Google Fonts: For web typography delivery
• MapLibre / OpenStreetMap: For the interactive global map
• XDC Network: For blockchain transactions and smart contract deployment

We also use Resend for transactional email delivery, Calendly for mentor session booking, and Netlify for hosting and serverless functions. Each service processes data according to its own privacy policy. We do not share personal data with these services beyond what is necessary to operate the platform (e.g., email address for sending program updates).

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information. However, no method of transmission over the Internet is 100% secure.

Specific measures include: JWT-based authentication with HttpOnly/Secure/SameSite=Strict cookies, bcrypt password hashing (12 rounds), rate limiting on sensitive endpoints (10 requests/minute), HTML escaping of all user-generated content, input validation on wallet addresses and transaction hashes, and HTTPS enforcement via HSTS headers. All data is stored in Netlify's SOC 2 compliant infrastructure.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal data. To exercise these rights, contact us at the email address below.

EU/EEA residents (GDPR): You have the right to access, rectify, erase, restrict processing of, and port your personal data. You may also object to processing and withdraw consent at any time. California residents (CCPA): You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information (we do not sell data). To exercise any of these rights, email us at apply@cifi.global. We will respond within 30 days.

8. Contact

For privacy-related inquiries, contact CIFI Global at apply@cifi.global.