privacy policy |


1. Introduction

This privacy policy applies to processing activities performed by  the Starknet Foundation and its affiliates – including Zolkin PT Unipesoal LDA, Tzolkin Limited Tzolkin GmbH (collectively referred to as the “Foundation”) — in relation to the personal data that it collects relating to partner(s), contributor(s), grantee(s), programme   participant(s),   applicant(s)   employees,   contractors,   consultants engaged by the Starknet Foundation or its affiliates (“you” or “your” as the context requires), people engaging with it on social media or with respect to users of https://www.starknet.org (the “Website”).

Privacy is of the utmost importance to us. Please see below information about how the Foundation  manages personal data, and for information about your rights with respect to the processing of your personal data.

The Foundation is committed to processing your personal data in accordance with applicable data protection laws, including the Cayman Islands Data Protection Act (2021 Revision) ("Cayman DPA"), the General Data Protection Regulation (EU) 2016/679   ("GDPR"),   and   other   similar   privacy   laws   where   applicable.   The Foundation implements appropriate safeguards to ensure that your personal data is protected during international transfers and is processed in a lawful, fair, and transparent manner.

This   Privacy   Policy   covers   personal   data   collected   online,   through   direct interactions, via third-party sources, and through blockchain networks where applicable.

2. Definitions

The following terms are defined as follows:

2.4 “Personal data” refers to any information relating to an identified or identifiable natural person, including names, identification numbers, location data, an online identifier, or to one or more factors specific to the physical, economic, cultural or social identity of a natural person.

2.5 “Programmes and Initiatives” refers to all grants programmes, developer partnerships,   incentives   creating   token   awards   for   partner(s),   contributor(s), grantee(s), programme participant(s), applicant(s)s, sponsorships, events (such as hacker houses and basecamps) and all such future programmes or initiatives offered, in its sole discretion, by the Foundation to members, developers, builders or promoters of the Starknet ecosystem and community.

3. Our Role as Data Controller or Data Processor

The Foundation acts as a data controller under applicable data protection laws when it determines the purposes and means of processing your personal data — for example, when you apply for a grant, interact with our community initiatives, orcommunicate directly with us.

In certain situations, Foundation may act as a joint controller alongside our partners (e.g., co-hosting an event or jointly operating a grant program with another organization). In such cases, both parties may determine the purposes and means of data processing, and the Foundation will clarify those responsibilities in our agreements and, where applicable, through joint privacy notices. In other instances — such as when the Foundation uses third-party platforms (e.g., Luma   for   event signups,   Discord   for   community   discussions,   or   GitHub   for integrations) —the operators of those platforms may act as independent data controllers. Your use of those services will also be governed by their own privacy policies.

You may contact our Data Protection Officer (or equivalent representative) at privacy@starknet.org  for any questions regarding this Privacy Policy or your personal data.

4. Information we collect about you from time to time

Personal Data the Foundation Collects About Employees, Applicants, Contractors, and Consultants

From   time   to   time   the   Foundation   collects   personal   data   from   employees, contractors, and consultants, including:
- Biographical information (full name, residential address, email address, telephone
number, date of birth, place of birth, gender, citizenships);
- Employment details (position, department, salary, benefits);
- Background verification data (references, right to work checks, criminal record
checks where permitted by law and deemed necessary);
- Performance, disciplinary, and grievance records;
- Emergency contact information;
- Health and wellbeing information where necessary (e.g., for occupational health
purposes).

Such data is collected for recruitment, HR management, legal compliance, and
operational purposes.

Personal Data the Foundation Collect About partner(s), contributor(s), grantee(s), programme participant(s), applicant(s):

The Foundation obtains information about you in a number of ways through your use
of the Website, through grant applications, sponsorship agreements, attendance at
events run by us, such as Basecamp and Hacker Houses, and from information3
provided in the course of on-going support to developers, the ecosystem and people
who engage with us.

The minimum information required for entering into a contract governing your interaction with the us, and for enabling us to comply with our statutory obligations, is biographical information and contact information, verification information, PEP information (defined below), and financial information. For example: full name, residential address and contact details (e.g. email address, telephone number etc.), date of birth, place of birth, gender, citizenship (“Biographical information and contact information”);bank account information, wallet addresses, credit card details, details about your source of funds, assets and liabilities, and information relating to economic and trade sanctions lists (“Financial information”);

Information on whether you (or someone close to you) holds a prominent public function (“PEP information”);

Information the Foundation receives about you from other sources:

The Foundation also receives information about you from third parties¹ such as our service providers assisting with AML, fraud, and security compliance, and through publicly available sources.

Third Party Links:

Links to and Interaction with Third Party Products. The Site may enable you to interact with or contain links to your Third Party Account and other third party websites, mobile software applications and services that are not owned or
controlled by us (each a “Third Party Service”). The Foundation is not
responsible for the privacy practices or the content of such Third Party Services. Please be aware that Third Party Services may collect Personal Information from you. Accordingly, the Foundation encourages you to read the terms and conditions and privacy policy of each Third Party Service that you choose to use or interact with.

Conversation Transcripts and Recordings

We may collect and retain transcripts or recordings of conversations with you, including but not limited to email exchanges, chat communications (e.g., via X, Discord or Telegram), video calls (e.g., via Zoom or Google Meet), or other communication platforms used in the context of our programmes and initiatives.
These records may include your name, contact details, time stamps, message content, and other metadata associated with the interaction.

Such data is collected to facilitate communication, provide support, document decision-making, improve programme delivery, and meet operational, legal or compliance requirements. Where applicable, the Foundation will notify you in
advance when conversations may be recorded.

Your Rights

Depending on applicable data protection laws, you have the following rights
regarding your personal data:

- The right to access your personal data.
- The right to correct or update inaccurate or incomplete personal data.
- The right to request the deletion of your personal data.
- The right to object to or restrict the processing of your personal data.
- The right to data portability, which allows you to obtain and reuse your
personal data for your own purposes across different services.
- The right to withdraw your consent at any time where we rely on your
consent to process your personal data.
- The right to lodge a complaint with a supervisory authority if you believe we
have infringed your data protection rights.

To exercise any of these rights, please contact us at legal@starknet.org.

Security Measures

The   Foundation   implements   industry-standard   technical   and   organizational measures to protect your personal data against unauthorized access, loss, misuse, or alteration. These measures include but are not limited to:

- Encryption of personal data during transmission and at rest.
- Access   control   protocols   to   restrict   access   to   personal   data   only   to
authorized personnel.
- Regular monitoring and auditing of our security practices.
- Secure   storage   solutions   and   cybersecurity   protections   to   prevent
unauthorized access to systems.

However, please note that no method of transmission over the internet or
method of electronic storage is completely secure, and the Foundation cannot
guarantee absolute security.

Where the Foundation store personal data:

For Starknet Foundation employees, we store data on secure third-party platforms including   Google   Workspace,   Notion,   Deel,   Bob,   and   Slack.   For   interactions involving external stakeholders such as programme participants, applicants, and partners, the Foundation may store data on platforms such as Google Workspace, Notion, Airtable, DocuSign, HubSpot, and other trusted service providers. All vendors are selected based on their privacy and security standards and are bound by data processing agreements where applicable.

Protection of Minors

The Foundation does not knowingly collect personal data from individuals under the age of 18. If the Foundation becomes aware that we have inadvertently received personal data from a person under 18 years of age without verified parental consent, the Foundation will delete such information from our records. If you believe that the Foundation might have any information from or about a child under 18, please contact us at privacy@starknet.org.

5. Our legal justification for processing personal data

When relying on our legitimate interests as a legal basis for processing your personal data,   the   Foundation   has   conducted   a   balancing   test   (Legitimate   Interests Assessment or "LIA") to ensure that such processing is necessary and does not override your fundamental rights and freedoms. Our legitimate interests include supporting and operating our programs, ensuring platform security, complying with governance obligations, and fostering ecosystem development.

Why the Foundation process your personal data Legal Justification Categories of personal data
To manage our employment relationship, including job interview, payroll, benefits administration, HR operations, internal reviews, compliance with labor and tax laws, and occupational safety Legal obligation under employment and tax laws; performance of a contract; legitimate interests in HR and operational management Biographical information and contact information, financial information, verification information, employment-related data (e.g., job role, compensation, performance), other relevant HR data
To enter agreements with developers, builders, collaborators, and event promoters to provide grants and support to the Starknet ecosystem. Performance of a contract and anti-money laundering laws. Biographical information and contact information, financial information, PEP information (where relevant), verification information and other information.
To conduct or arrange for the conducting of identity checks Legal obligation to comply with “Know your customer” and customer due diligence regulatory obligations. Such processing is also in our legitimate interest to prevent and detect potential crime and/or fraud and to protect our business. Biographical information and contact information, financial information, PEP information (where relevant), verification information and other information.
To verify your identity and comply with legal obligations, including responding to subpoenas, court orders, and other judicial processes, fulfilling tax and regulatory reporting requirements, and supporting internal risk management and compliance procedures. Legal obligation; legitimate interests in ensuring transparency and legal compliance Biographical information and contact information, financial information, PEP information (where relevant), verification information and other information.
To administer our agreements with the Starknet community and ecosystem, to provide you with information in respect of our grants programmes and other initiatives to support the Starknet community and review your ongoing needs, to troubleshoot and improve our grant programmes and other initiatives and to develop new initiatives and grant programmes. In order to ensure effective provision of our grant programmes and other initiatives and to meet the needs of Starknet community individuals and entities with whom the Foundation enter into a grant agreement or other such initiative, it is in our legitimate interest to administer our agreements and initiatives, to provide you with information about our programmes and initiatives, to troubleshoot our programmes and initiatives and to review our partners’ ongoing needs. It is also in our legitimate interest to improve our programmes and initiatives, including support services and to develop and market new programmes and initiatives. Biographical information and contact information, financial information, PEP information (where relevant), verification information, other information and browser information.
To market our programmes and initiatives Consent, where you have agreed to receive marketing messages directly. The Foundation relies upon our legitimate interest to process information about how our programmes and initiatives are used to decide on marketing strategies. Biographical information and contact information, other information and browser information
To conduct surveys It is in our legitimate interest to send you surveys and conduct such surveys in order to gather information on how our programmes and initiatives are working for you and how to improve them. Your participation in those surveys will be on the basis of your consent. Biographical information and contact information, other information and browser information.
For internal business purposes and recordkeeping The Foundation has legal obligations to keep certain records. Such processing is in our legitimate interest for internal business and research purposes as well as for record keeping purposes. It is also in our legitimate interest to keep records to ensure that you comply with your contractual obligations pursuant to the agreement governing our relationship with you. Biographical information and contact information, financial information,verification information, other information and browser information
To establish, enforce, or defend our legal rights, including initiating or responding to legal proceedings, managing disputes, or addressing claims before courts, regulatory bodies, or other competent authorities. Legitimate interests in protecting the Foundation’s legal rights and resolving disputes Biographical information and contact information, financial information, verification information, other information and browser information
To notify you of changes to our programmes and initiatives and/or to laws and regulatory rules and regulations Legal obligation. Often the law requires us to advise you of certain changes to programmes or initiatives or laws. The Foundation may need to inform you of changes to the terms or the features of our programmes or initiatives. The Foundation need to process your personal data to send you these legal notifications. You will continue to receive this information from us even if you choose not to receive direct marketing information from us. Where such notification is not legally required, it may be in our legitimate interest to notify you of such changes. Biographical information and contact information, financial information,and other information
To administer and secure our operations, including maintaining IT and system security, implementing access controls, and detecting or preventing fraud and other potential threats. Legitimate interests in ensuring the security and integrity of our systems, data, and infrastructure Biographical information and contact information, financial information, verification information, other information and browser information
To tailor our programmes, initiatives, and communications to better align with your organisation’s needs and preferences, and to ensure continuity in our engagement with you as a partner, contributor, or participant. Legitimate interests in delivering relevant support and improving the effectiveness of our programmes and initiatives Other information, browser information and log information
To communicate with you It is in our legitimate interest to communicate with our partner(s), contributor(s), grantee(s), programme participant(s), applicant(s)to ensure the effective delivery of our programmes and initiatives and to fulfill the objectives of the Foundation. Biographical information and contact information, financial information and other information
To receive services from third parties including services such as administrative, legal, tax, compliance, insurance, IT, analytics, identity verification, research or other services It is generally in our legitimate interest to receive such services from third parties to ensure the effective delivery of our programmes and initiatives and to administer and protect our objectives. Biographical information and contact information, financial information, PEP information (where relevant), verification information, other information, browser information

 

6. Disclosure of your personal data

6.1 Service Providers and Data Processors

The Foundation may disclose your personal data to third-party service providers who process data on our behalf and under our instructions. These may include vendors that provide services such as identity verification, cloud storage, IT support, analytics, KYC/AML compliance, and security monitoring.

These service providers are contractually obligated to handle your data in compliance with applicable data protection laws and only for the purposes the Foundation instruct. They act as our data processors under GDPR and similar laws.

6.2 Independent Third Parties and Partners

We may also share your personal data with third parties who act as independent data controllers—for example, co-sponsors of events, grant partners, or ecosystem collaborators. These third parties determine how and why they process the data independently of the Foundation.

Where applicable, the Foundation will notify you of such sharing, and such partners are responsible for providing their own privacy notices or fulfilling legal obligations directly to you.

Please note that in such cases, the Foundation does not control how these third parties use your personal data once it has been shared.The Foundation may also disclose personal data when it is compelled by law, for example to a government agency as a result of a valid court order.

7. For UK & EEA clients: Transfers of personal data outside of the European Economic Area (EEA) and the United Kingdom (UK)

The Foundation may transfer your personal data outside the EEA and UK to affiliated entities, service providers and business partners. Transfers outside of the EEA or the UK (as appropriate) are done in accordance with lawful transfer mechanisms. If personal data is transferred to a country which has been found by the European Commission to have an essentially equivalent standard of data protection to the EEA, then the Foundation may rely on an ‘adequacy decision’ to transfer that personal data. See here for a list of countries with adequacy decisions. If personal data is transferred from the EEA or UK to the US, the Foundation may rely on standard contractual clauses. 

Transfers of personal data outside the European Economic Area (EEA) and the United Kingdom (UK) are carried out in compliance with applicable data protection laws. Where no adequacy decision exists, the Foundation uses appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms.

8. Privacy when using digital assets and blockchains

Your use of digital assets may be recorded on a public blockchain. Public blockchains are distributed ledgers, intended to immutably record transactions across wide networks of computer systems. Many blockchains are open to forensic analysis which can lead to re-identification of transacting individuals and the revelation of personal data, especially when blockchain data is combined with other data.

As blockchains are decentralized or third-party networks which are not controlled or operated by us, the Foundation is not able to erase, modify, or alter personal data on such networks. Please avoid including personal data in blockchain transactions or metadata where it is not strictly necessary. Blockchains are immutable and public by design, and data written to a blockchain generally cannot be modified or deleted. Where you choose to store or transmit data on-chain, you should ensure that it does not contain personal information or sensitive data that may infringe upon your privacy rights.

9. Data retention

When personal data is no longer necessary for the purposes for which it may lawfully be processed, the Foundation will remove any details that will identify you, or the Foundation will securely destroy the relevant records. The Foundation may need to maintain records for a significant period of time after you cease being a partner for legal or regulatory reasons, for example when the Foundation needs to retain information to help manage a dispute or legal claim. 

If you have opted out of receiving marketing communications the Foundation will hold your details on our suppression list so that the Foundation knows you do not want to receive these communications.

The Foundation may keep your personal data for periods in line with the below table:

Data Type Examples Purpose Suggested Retention Period
Employee data Contracts, IDs, payroll info, reviews HR, legal, payroll For UK employees - 6 years
For EU employees - 10 years (after termination)²
KYC/AML data ID, wallet address, source of funds, sanctions check Compliance, anti-fraud UK & Cayman - 5 years after the end of the business relationship

EU - 7 years after the end of the business relationship
Contract data Name, address, email contained in contacts Legal, audit, dispute management UK & Cayman - 6 years after termination

EU - 10 years after termination
Financial data Name, address, emails contained in invoices & payment logs Tax, accounting UK - 6 years.
EU - 10 years.
Cayman Islands - 5 years.
Programme data Name, address, emails contained, nationality, age in applications for events or programmes Programme administration UK & Cayman - 5 years.
EU - 5 years.
Communications Emails, chat logs, meeting notes Documentation, support EU, UK & Cayman - 6 years
Marketing data Email, preferences, sign-up info Community updates UK, EU & Cayman - 2 years or until opt-out


10. Cookies

Cookies and Analytics

Our website uses Matomo Analytics, a privacy-focused analytics tool. The Foundation has configured Matomo to operate without cookies and to not store or track any personally identifiable information. As such, the Foundation does not require your consent for analytics tracking under applicable data protection laws.

The Foundation does not use any marketing or non-essential cookies on our site. Only strictly necessary cookies (if any) are used to ensure the basic functionality of the site.

11. Your rights regarding your personal data

The rights that are available to you in relation to the personal data of the Foundation process are outlined below. You may request to exercise these rights subject to any limitations provided for under applicable data protection laws. 

Access: You can ask us to confirm whether the Foundation is processing your personal data and, if so, what information the Foundation processes and to provide you with a copy of that information.

Rectification: It is important to us that your personal data is up to date. The Foundation will take all reasonable steps to make sure that your personal data remains accurate, complete and up-to-date. Please inform us if your personal data changes. If the personal data the Foundation holds about you is inaccurate or incomplete, you are entitled to have it rectified. If the Foundation has disclosed your personal data to others, the Foundation will let them know about the rectification where possible. If you ask us, and if possible and lawful to do so, the Foundation will also inform you with whom the Foundation has shared your personal data.

You may inform us at any time that your personal details have changed by emailing us at legal@starknet.org. Subject to applicable law, the Foundation will change your personal data in accordance with your instructions. To proceed with such requests, in some cases the Foundation may need supporting documents from you as proof i.e. personal data that the Foundation is required to keep for regulatory or other legal purposes.

Erasure: You can ask us to delete or remove your personal data in certain circumstances. Such requests may be subject to any retention limits the Foundation are required to comply with in accordance with applicable laws and regulations. If the Foundation has disclosed your personal data to others, the Foundation will let them know about the erasure request where possible. If you ask us, and if possible and lawful to do so, the Foundation will also inform you with whom the Foundation has shared your personal data.

Processing restrictions: You can ask us to block or suppress the processing of your personal data in certain circumstances such as if you contest the accuracy of that personal data or object to us processing it. It will not stop us from storing your personal data. If the Foundation has disclosed your personal data to others, the Foundation will let them know about the restriction of processing if possible. If you ask us, and if possible and lawful to do so, the Foundation will also inform you with whom the Foundation has shared your personal data.

Data portability: In certain circumstances you may have the right to obtain personal data you have provided to us, in a structured, commonly used and machine-readable format, and to re-use it elsewhere or ask us to transfer this to a third party of your choice, where technically feasible.

Objection: You can ask us to stop processing your personal data, and the Foundation will do so, if the Foundation are:Relying on our own or someone else’s legitimate interests to process your personal data except if the Foundation can demonstrate compelling legal grounds for the processing or for the establishment, exercise or defence of legal claims;

Processing your personal data for direct marketing; or

Processing your personal data for research unless the Foundation reasonably believes such processing is necessary for the performance of a task carried out for reasons of public interest (such as by a regulatory or enforcement agency).

Automated decision-making and profiling: If the Foundation have made a decision about you based solely on an automated process (e.g. through automatic profiling) that affects your ability to access our programmes or initiatives or has another significant effect on you, you can request not to be subject to such a decision unless the Foundation can demonstrate to you that such decision is necessary for entering into, or the performance of, a contract between you and us. Even if a decision is necessary for entering into or performing a contract, you may contest the decision and require human intervention. The Foundation may not be able to offer our programmes or initiatives to you, if the Foundation agree to such a request (i.e. end our relationship with you).

Complaints: You have the right to complain to a competent data protection authority. Contact details are set out in Section 16 below. The Foundation asks that you first contact legal@starknet.org to give us an opportunity to address any concerns. 

Withdraw consent: You have the right to withdraw consent to processing based on consent at any time. Note this will not affect the lawfulness of processing based on consent prior to the withdrawal of consent or on grounds where consent is not required. 

You have the right to object to decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects on you.

12. Changes to this privacy notice

Our privacy notice is reviewed regularly in light of new regulations, technologies, and any changes to our business operations. Any personal data the Foundation process will be governed by our most recent privacy notice. We will update the “Last updated” date accordingly at the beginning of this privacy notice. Please review this privacy notice from time to time. The Foundation will announce any material changes to this privacy notice on our website. 

The Foundation will notify you of material changes in a timely manner and, where appropriate prior to the change taking effect via website notice or direct communication where appropriate

13. Our products and services are not available to children

Our programmes and initiatives are not directed to persons under the age of 18 (herein, “Children”, “Child”) and the Foundation does not knowingly collect personal data from children. If the Foundation learns that the Foundation has inadvertently processed personal data from a child, the Foundation will take legally permissible measures to remove that data from our records. The Foundation will not allow the Child to apply or enter into any of our programmes or initiatives. If you are a parent or guardian of a Child, and you become aware that a Child has provided personal data to us, please contact us at legal@starknet.org.

To help enforce this policy, the Foundation applies age-screening or confirmation steps (e.g., “18+ only” disclaimers) on applicable program application forms, grant submissions, and event registrations. We also avoid collecting personal data that would directly indicate a partner(s), contributor(s), grantee(s), programme participant(s), applicant(s)'s age unless it is strictly necessary. If the Foundation relies on third-party platforms (e.g., event tools, social media channels), the Foundation expects those platforms to enforce their own age restrictions under their terms of service. 

14. Contact information

Any questions, complaints, comments and requests regarding this privacy notice are welcome and should be addressed to legal@starknet.org.  

15. Data Protection Authorities

If you are not satisfied with our response to your complaint, you have the right to submit a complaint to a competent data protection authority. Examples of relevant data protection authorities are listed below:

For residents of the Cayman Islands:

Office of the Ombudsman
 3rd Floor, Anderson Square
Shedden Road, George Town
Grand Cayman, Cayman Islands
P.O. Box 2252

For residents of the United Kingdom:
The Information Commissioner’s Office
Wycliffe House, Water Ln
Wilmslow SK9 5AF, UK

For residents of Portugal:
You may complain to your local supervisory authority or to our lead supervisory authority the Irish Data Protection Commission:

Local supervisory authority:
CNPD - Comissão Nacional de Proteção de Dados
Av. D. Carlos I, 134, 1º
1200-651 Lisboa
Portugal



1 Such as Sumsub or such similar service providers that may be engaged by the Foundation from time to time.
2 In Portugal to the extent there are any occupational safety matters we will keep records for 40 years.
Join the team
Arrow Down 1 Streamline Icon: https://streamlinehq.com
Add Streamline Icon: https://streamlinehq.com

Long Termism

Long_Termism

Lorem ipsum dolor sit amet, consectetur adipiscing elit. In nec nisi odio. Quisque eget dolor et enim pulvinar posuere. Morbi mollis a purus at malesuada. Morbi auctor rutrum elit, at porttitor lorem vehicula a.

Add Streamline Icon: https://streamlinehq.com

Innovation

Innovation

Lorem ipsum dolor sit amet, consectetur adipiscing elit. In nec nisi odio. Quisque eget dolor et enim pulvinar posuere. Morbi mollis a purus at

Add Streamline Icon: https://streamlinehq.com

Collaboration

Collaboration

Lorem ipsum dolor sit amet, consectetur adipiscing elit. In nec nisi odio. Quisque eget dolor et enim pulvinar posuere. Morbi mollis a purus at malesuada. Morbi auctor rutrum elit.

Add Streamline Icon: https://streamlinehq.com

Transparency

Transparency

Lorem ipsum dolor sit amet, consectetur adipiscing elit. In nec nisi odio. Quisque eget dolor et enim pulvinar posuere. Morbi mollis a purus at malesuada. Morbi auctor rutrum elit, at porttitor lorem vehicula a.

Careers
Privacy Policy
Grants
External Link Streamline Icon: https://streamlinehq.com
starknet.io
External Link Streamline Icon: https://streamlinehq.com
Mail Send Envelope Streamline Icon: https://streamlinehq.com
Logo X Streamline Icon: https://streamlinehq.com
@2025 Starknet Foundation
Entity name: Starknet Foundation | Registration no.: 393786