Privacy Policy
This Privacy Policy explains how BlockPhi (“BlockPhi”, “we”, “us”, or “our”) collects, uses, shares, and protects personal data when you visit www.blockphi.com, subscribe to our research, engage our community, or otherwise interact with us (collectively, the “Services”). Please read this policy carefully. If you do not agree with it, please do not use our Services.
1. Who we are and how to contact us
BlockPhi is an investment analytics firm operating www.blockphi.com and related research, commentary, and community services. For any question about this policy or about your personal data, contact us at contact@blockphi.com.
For the purposes of the EU and UK General Data Protection Regulation (“GDPR”), BlockPhi acts as the data controller of the personal data collected through the Services, except where this policy states otherwise.
2. Information we collect
2.1 Information you provide directly
- Contact details you submit through our contact form, email, or customer support channels, including your name, email address, and the content of your message.
- Subscription data when you subscribe to our newsletter (via Substack) or enroll in a paid tier (via Whop), including account identifiers and, where applicable, billing information handled directly by those processors.
- Community activitywhen you post, comment, or react in our Discord community, governed by Discord's own terms and privacy policy.
- Survey, feedback, and correspondence that you voluntarily provide.
2.2 Information collected automatically
- Server and security logs, including IP address, user agent string, referrer URL, request timestamp, and pages viewed. These are retained for security, fraud prevention, and service integrity purposes.
- Aggregated and anonymised analytics about how visitors interact with the Services.
- Device and connection information such as browser type, operating system, language setting, and approximate location derived from IP address.
2.3 Information collected via third parties
- Whop processes all paid-tier sign-ups, billing, and membership status. We receive confirmation of membership and tier but do not store payment card details.
- Substack manages our newsletter subscriber list and delivers email updates.
- Discordhosts our private community. Your presence and activity there are governed by Discord's terms.
- Medium and YouTube host embedded content; their embeds may set cookies governed by their own policies.
3. How we use your information
- To respond to inquiries and provide the Services you request.
- To deliver, maintain, and improve the website, research, and community.
- To verify membership status and provide tier-specific access.
- To send service-related communications, updates, and (where you opted in) newsletters.
- To detect, prevent, and address security incidents, fraud, and abuse.
- To comply with applicable legal, regulatory, tax, and accounting obligations.
- To enforce our Terms of Service and protect our rights and property.
4. Legal bases for processing (GDPR)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases:
- Performance of a contract to provide the Services you request and enforce our Terms (Art. 6(1)(b) GDPR).
- Legitimate interests to operate and secure the Services, understand how they are used, communicate with you, and improve what we offer (Art. 6(1)(f) GDPR), provided those interests are not overridden by your rights.
- Your consent for optional communications (such as the newsletter) and for non-essential cookies where required (Art. 6(1)(a) GDPR). You can withdraw consent at any time.
- Compliance with a legal obligation, including tax, accounting, fraud-prevention, and AML/CTF requirements (Art. 6(1)(c) GDPR).
5. Cookies and similar technologies
The site uses only strictly necessary cookiesrequired for basic site operation (for example, your cookie consent choice). We do not run third-party advertising, marketing, or cross-site tracking cookies.
Embedded third-party content (such as YouTube videos, Medium articles, or the Substack newsletter widget) may set their own cookies when loaded. Those cookies are governed by the respective third parties' privacy policies. You can manage your preferences at any time: .
6. How we share your information
We do not sell personal data. We do not share personal data with third parties for cross-context behavioural advertising. We disclose personal data only in the following circumstances:
- Service providers who process data on our behalf under written agreements that restrict use to the services we retained them for. Current processors include: Vercel (web hosting and delivery), Whop (membership, billing, access control), Discord (community platform), Substack (newsletter delivery), FormSubmit (contact-form transport), Google Fonts (font delivery) and YouTube / Medium for embedded content.
- Legal or regulatory requirements, including responding to a lawful subpoena, court order, or government request, and to protect our rights, property, safety, or the rights of others.
- Business transfers, such as a merger, acquisition, reorganisation, insolvency, or sale of assets, in which case personal data may be transferred as part of the transaction.
- With your consent or at your direction.
7. International data transfers
The Services are operated from the European Union. Some of our processors (including Vercel, Whop, Discord, Substack, YouTube, and Medium) are headquartered in the United States or other jurisdictions outside the EEA. Where personal data is transferred outside the EEA, UK, or Switzerland, we rely on appropriate safeguards such as European Commission Standard Contractual Clauses, the UK International Data Transfer Addendum, or applicable adequacy decisions (for example, the EU-US Data Privacy Framework where the processor is certified).
8. Data retention
We retain personal data only for as long as necessary for the purposes described in this policy, to comply with our legal, regulatory, tax, or accounting obligations, or to resolve disputes and enforce our agreements:
- Contact-form submissions: up to 24 months, then deleted or anonymised.
- Membership and transaction records: retained for the duration of your membership plus up to 7 years for tax and accounting purposes.
- Newsletter-subscription data: retained until you unsubscribe, plus a suppression record to prevent re-subscription in error.
- Server logs: up to 90 days in their raw form, after which they are aggregated or deleted.
- Cookie-consent records: up to 12 months, after which we will re-prompt.
9. Your rights
9.1 Rights under EU / UK GDPR
Subject to applicable law, you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete personal data.
- Request erasure of your personal data (subject to certain exceptions).
- Restrict or object to certain processing.
- Data portability, where processing is based on consent or a contract and carried out by automated means.
- Withdraw consent at any time (without affecting the lawfulness of prior processing).
- Lodge a complaint with the supervisory authority of your EU member state of habitual residence, place of work, or place of alleged infringement. Our lead supervisory authority is identified on request; contact us at contact@blockphi.com.
9.2 Rights under California law (CCPA / CPRA)
California residents have additional rights, including the right to know what personal information we collect, use, disclose, and sell or share; the right to delete; the right to correct; the right to limit the use of sensitive personal information; and the right to non-discrimination for exercising these rights. We do not sell or share personal information for cross-context behavioural advertising. To exercise your rights, contact contact@blockphi.com.
9.3 How to exercise your rights
Email contact@blockphi.com. We will respond within a reasonable timeframe and in any event within one month (extendable where permitted by law). We may need to verify your identity before fulfilling certain requests.
10. Children's privacy
The Services are not directed at children under the age of 18, and we do not knowingly collect personal data from minors. If you believe a child has provided personal data to us, please contact us and we will take steps to delete it.
11. Security
We implement technical and organisational safeguards appropriate to the sensitivity of the personal data we process, including transport encryption (HTTPS/TLS), access controls, httpOnly cookies for authentication, server-side membership verification, and regular review of our security posture. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.
12. Data-breach notification
In the unlikely event of a personal-data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours of becoming aware of the breach, in accordance with Art. 33 GDPR, and notify affected individuals where required by law.
13. Do Not Track and Global Privacy Control
Because we do not use advertising or cross-site tracking cookies, we do not currently differentiate responses to browser Do-Not-Track or Global Privacy Control (GPC) signals beyond our default practice of not tracking across sites.
14. Third-party links and embedded content
The Services may link to or embed content from third parties (such as Medium articles, YouTube videos, exchange partner pages, and Substack). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before interacting with their content.
15. Marketing communications
We will only send marketing communications (such as newsletters) if you have opted in. You can unsubscribe at any time using the link in any email we send, by withdrawing consent from your Substack subscription, or by contacting contact@blockphi.com.
16. Nothing here is investment advice
All content on the Services is educational and informational only. Nothing is financial, investment, legal, or tax advice. Past performance is not indicative of future results. Do your own research and consult a qualified professional before making investment decisions. See our Terms of Service for the full investment-risk disclosures.
17. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. Material changes will be reflected on this page with a new “Last updated” date, and, where required by law, we will notify you directly.
18. Contact
For any question about this Privacy Policy or to exercise your privacy rights, contact us at contact@blockphi.com.