Privacy Policy — Frak

Last updated: April 1, 2026

1. Introduction

Frak Labs places particular importance on protecting users' privacy.

The Frak platform has been designed around a data minimization principle, aimed at limiting the collection and storage of personal information as much as possible.

Unlike many digital services, Frak does not require the creation of an account based on personal information such as:

  • name
  • email address
  • phone number

Use of the application relies on a biometric credential associated with a unique digital wallet.

This policy explains:

  • which data is used;
  • how it is processed;
  • what rights users have.

Data is processed in accordance with the General Data Protection Regulation (GDPR).

2. Data controller

The data controller is:

Frak Labs - 40, rue BEZOUT - 75014 PARIS

SIRET 953 585 783 000 12

RCS PARIS B 953 585 783

NAF code 6209Z

Contact: contact@frak-labs.com

3. Account creation and user identifier

Access to the Frak application relies on the creation of a digital wallet.

This wallet is generated from a biometric authentication process carried out on the user's device.

This process creates a unique identifier corresponding to a wallet address

Frak does not collect or store:

  • name
  • email address
  • phone number
  • biometric data

Biometric authentication is performed using the WebAuthN (FIDO) protocol. This standard ensures that biometric data is stored exclusively on the user's device, via the operating system's security mechanisms (Face ID, Touch ID or equivalent), to which Frak never has access.

Frak never has access to this biometric data.

4. Data used by the platform

Although Frak does not collect personally identifiable information, certain technical data may be used to operate the service.

This data includes, in particular:

  • wallet address (user identifier)
  • information related to recommendations
  • information related to rewards
  • interactions with partner brands

This information is used, in particular, to:

  • identify the origin of a recommendation
  • allocate a reward
  • ensure the security of the service.

5. Data recorded on the blockchain

Certain information related to transactions or rewards may be recorded on a blockchain infrastructure.

This data is:

  • public or pseudonymized depending on the technology used
  • linked only to the wallet address

Frak Labs does not control the blockchain infrastructure and cannot modify or delete data recorded on it.

6. Analytics data

To improve the user experience and the operation of the platform, Frak may analyze certain technical data related to use of the application.

This data may include:

  • navigation within the application
  • interactions with features
  • use of sharing mechanisms
  • events related to purchases or rewards

These analytics are performed via OpenPanel, a self-hosted analytics solution based in Europe.

Analytics data:

  • is anonymized;
  • does not allow users to be directly identified;
  • is used solely to improve the service.

7. Sharing data with partners

Certain information may be shared with partners when necessary to provide the service.

Partner brands

When a recommendation leads to a purchase, certain technical information may be transmitted to the partner brand in order to:

  • identify the origin of the recommendation
  • validate the allocation of the reward.

Payment services

Financial operations associated with rewards may be carried out by specialized partners, including Monerium.

These partners may process certain data necessary to execute payments.

Processing of this data is subject to their own privacy policies.

8. Data hosting

The technical data used by Frak is hosted within the European Union.

Frak does not transfer personal data outside the European Economic Area.

9. Retention period

Technical data required to operate the platform is kept only for the duration necessary to run the service.

Anonymized analytics data may be retained for statistical purposes.

10. Security

Frak implements technical measures to protect the data used by the platform.

These measures include, in particular:

  • encryption of communications
  • application-level security mechanisms
  • limiting the data collected.

11. User rights

In accordance with the General Data Protection Regulation (GDPR), users have rights over the personal data concerning them.

However, to the extent that Frak does not directly collect personally identifiable information, the exercise of certain rights may be limited.

Any request may be sent to: contact@frak-labs.com

12. Policy updates

Frak may update this policy to reflect:

  • changes to the service
  • regulatory changes

Users will be informed of any material change.

13. Contact

For any question regarding data protection:

contact@frak-labs.com