HyaPi Logo
hyaPi
StakeTerms

HyaPi Privacy Policy

Last updated: Sep 2025

1) Who we are

HyaPi (“we”, “our”, “us”) provides a Pi-native application that lets Pi holders lock Pi, receive hyaPi accounting units, and participate in governance of target yield venues. We are not the Pi Network, and we don’t control external blockchains or validators.

We drafted this policy to explain what we collect, why, how we protect it, and your choices. We took inspiration from how leading DeFi teams explain their practices (e.g., Aave) while adapting to Pi’s SDK/Platform flows and your use of our services.

2) Scope

  • The HyaPi web app in Pi Browser (and any sandbox/testnet environment),
  • Our public API endpoints, and
  • Related sites, dashboards, and support channels.

It does not cover third-party sites or protocols (Pi Network itself, exchanges, validators, wallets, analytics providers, etc.).

3) What we collect

We collect only what we need to authenticate you, process payments, operate staking/redemption, and secure the app:

Account & identifiers

  • Pi-provided identifiers via the Pi App Platform SDK (e.g., username, uid) and session tokens; we do not receive your private keys.
  • Internal user ID mapping (our DB’s users/pi_identities records).

Payments & treasury

  • Pi payment IDs, directions (U2A/A2U), amounts, status, and related metadata/txids as returned by the Pi Platform/API; amounts are verified server-side.
  • Staking/redemption records (amounts, lockup weeks, fees, snapshots, PPS).

On-chain/public

Public wallet addresses and on-chain events on target networks (e.g., Sui/Aptos/Cosmos) when we delegate/unstake; these are public by design.

Device & usage

Basic HTTP request data (IP address, user-agent), timestamps, and app logs for security/debugging.

Cookies/local storage only where strictly necessary (session, preferences). If you later add analytics or cookie banners, update this section.

We do not intentionally collect government IDs, biometric data, or sensitive categories. If Pi KYC status becomes available to us, we will store only minimal status flags necessary to comply with Pi policies and risk controls.

4) Sources

  • You, via the app UI.
  • Pi SDK (client) and Pi Platform API (server) for authentication and payments.
  • Public blockchains for transaction and delegation data.

5) Why we use your data (purposes + legal bases)

  • Provide the service: authenticate via Pi SDK, approve/complete payments, credit stakes/redemptions, show balances and history (contract necessity).
  • Security & fraud prevention: idempotency checks, audit logs, abuse/DoS detection (legitimate interests).
  • Governance & allocations: snapshots, proposals, votes, execution records (contract necessity/legitimate interests).
  • Compliance: maintain financial/tax records and honor valid law-enforcement requests (legal obligation).
  • Comms & support: respond to requests, send critical service notices (legitimate interests/consent).

If you later add marketing or analytics, obtain consent and update this page.

6) Sharing

  • Pi Network servers to verify tokens and process U2A/A2U payments.
  • Infrastructure vendors (hosting, storage, email/support) under confidentiality and security controls.
  • Validators/venues: we interact on-chain using public addresses. We don’t send them your personal data.
  • Regulators/law enforcement where required by law.

We don’t sell personal information.

7) International transfers

Our infrastructure may process data globally. Where required, we rely on appropriate safeguards (e.g., standard contractual clauses). Contact us for details.

8) Security

We use industry-standard measures: TLS in transit, restricted secrets, least-privilege access, database controls, and server-side verification of payment amounts. Still, no system is 100% secure; users should secure their devices and Pi credentials.

9) Retention

  • Payment/stake/redemption records: retained as long as necessary for service/accounting/audit (commonly up to 7 years).
  • Server logs: typically ≤ 30–90 days unless needed for an investigation.

We’ll delete or anonymize data once no longer needed.

10) Your rights

Depending on your jurisdiction: access, correction, deletion, portability, restriction/objection, and complaint to a supervisory authority. To exercise rights, contact us (see §14). We may ask you to verify via Pi auth.

11) Children

HyaPi is not intended for individuals under 18. If we learn we processed data of a minor, we’ll delete it.

12) Third-party links & protocols

We don’t control external protocols/websites. Use them at your own risk and review their policies.

13) Changes

We’ll post updates here and update the “Last updated” date.

14) Contact

[Legal name / entity], [address], [email].
Data protection contact: [email].

See also: Terms of Service