Skip to main content
Last modified: December 8, 2025 This Privacy Policy (the “Policy”) explains how 419 Dev Labs (together with its affiliates, “avnu”, “Alpha Road”, “Company”, “we”, “our”, or “us”) collects, uses, stores, shares and protects information when you access or use:
  • https://avnu.fi, https://app.avnu.fi and all related subdomains,
  • our trading interfaces, router, paymaster, intents engine and staking dashboards,
  • our APIs, SDKs, analytics pages or other web applications,
  • and any other properties, features, tools or services made available by avnu
(collectively, the “Services”). By accessing or using the Services, you acknowledge that you have read and understood this Policy. This Policy forms part of our Terms & Conditions.

1. High-Level Summary

avnu is a non-custodial interface and infrastructure provider.

We DO NOT Collect

  • First/last name
  • Postal address
  • Date of birth
  • Email address
  • Private keys / seed phrases

We DO Collect

  • Public on-chain data (wallet address, transactions)
  • Quote-level and swap-level logs
  • Limited off-chain analytics data
  • Technical and performance diagnostics
We do not run account systems and do not identify users directly. We use third-party analytics tools (e.g., Google Analytics, Hotjar, Vercel Analytics, Sentry) to understand platform usage and improve performance and security.
We never sell user data. We minimize collection wherever possible. We continuously work to integrate privacy-preserving tooling (proxies, anonymization, local-first analytics, opt-outs).

2. Information We Collect

We categorise the data we collect into three groups:

2.1 Public On-Chain Data (Non-Personal Data)

When you interact with the Services, we may automatically read or process:
  • wallet addresses,
  • transactions you sign,
  • token balances,
  • routes executed via avnu,
  • events and logs emitted by smart contracts,
  • on-chain states required to compute quotes.
This information is public by design. We do not control or modify blockchain transparency.

2.2 Technical & Device Information (Pseudonymous Off-Chain Data)

We collect limited, pseudonymous technical metadata such as:
  • browser type and version
  • device type (mobile, tablet, desktop)
  • language preferences
  • pages visited, clicks, UI interactions
  • timestamps & session duration
  • network performance metrics
  • referrers and URL paths
  • aggregated usage statistics
We do not collect personally identifying information such as name, email, or phone number. We do not attempt to link technical metadata to an individual identity.

2.3 Operational, Routing & Security Data

To provide high-performance routing and maintain platform integrity, we log:
  • quote requests and parameters,
  • swap attempts, success and failure metrics,
  • slippage settings, route selections, transaction hashes,
  • suspicious or abusive patterns (e.g., spam queries, scraping, automated flooding),
  • API key usage patterns (if integrating via Developer Tools),
  • errors, exceptions and performance bottlenecks.
We use this to:
  • improve routing quality,
  • protect the system from abusive or malicious behaviour,
  • detect anomalies,
  • maintain network reliability,
  • enforce rate limits and prevent platform degradation.

3. How We Use Data

We use the data we collect for the following purposes:

3.1 Providing and improving the Services

This includes:
  • computing quotes, routes, gas estimations, and simulations,
  • operating the router, paymaster, staking dashboard, and on-chain interactions,
  • monitoring app stability and infrastructure performance,
  • building analytics that help us improve swap routing and execution,
  • upgrading our systems and features based on usage patterns.

3.2 Customer support

We may use technical logs and public blockchain data to:
  • troubleshoot user-reported execution issues,
  • diagnose errors or routing anomalies,
  • provide explanations or insights into expected vs. actual execution.
Because we are non-custodial, we cannot modify, reverse, or cancel any user transaction.

3.3 Safety and security

We may use data to:
  • detect and prevent abusive or fraudulent behaviour,
  • investigate bugs, exploits or suspicious patterns,
  • block harmful traffic or compromised wallets,
  • maintain platform reliability.
This includes logging repeated failed transactions, unusual quote patterns, or automated scraping that degrades performance. We may process or share information where:
  • required by law,
  • requested by regulators, law enforcement or competent authorities,
  • necessary to comply with sanctions, AML/CTF obligations (where applicable),
  • necessary to enforce our Terms & Conditions.

3.5 Aggregated & anonymized analytics

We may combine or anonymize datasets to:
  • analyse product usage,
  • identify trends,
  • measure system performance,
  • guide product development decisions.
Aggregated data contains no personal identifiers and cannot reasonably be traced back to an individual.

4. How We Share Data

We share only the minimum necessary information with the third-party tools we use:

4.1 Service Providers

Sentry Used for:
  • application monitoring,
  • error tracking,
  • debugging performance issues.
Google Analytics, Vercel Analytics, Hotjar Used for:
  • understanding how users interact with the app,
  • improving UI/UX,
  • identifying performance bottlenecks,
  • conducting anonymized behavioural analysis.
These tools do not receive blockchain private keys, names, emails, or other direct identifiers from us. Vercel Used for:
  • hosting,
  • serverless execution,
  • CDN delivery of the front-end interface.
Vercel may log request metadata (IP address, request headers). We do not attempt to link that metadata to personal identities. We may share information if:
  • required by law,
  • necessary to comply with sanctions or AML rules,
  • responding to subpoenas, regulatory inquiries, or lawful investigations,
  • needed to protect our rights, users, or the integrity of the Services.

4.3 No sale of data

We never sell or rent user data.
Where GDPR applies, we process data based on one or more of the following legal bases:
Legal BasisDescription
ConsentWhen you use our Services or accept cookies
Contract performanceTo operate the router, paymaster, staking dashboard, or API
Legal obligationsComplying with applicable laws or regulatory inquiries
Legitimate interestImproving the Services, ensuring security, preventing abuse, and generating anonymized analytics

6. Your Rights (GDPR & Equivalent Frameworks)

Where applicable, you have the right to:
RightDescription
AccessRequest a copy of personal data we may hold
RectifyRequest corrections to inaccurate information
EraseRequest deletion of personal data (subject to legal allowances)
Restrict processingRequest limits on certain forms of processing
ObjectObject to processing based on legitimate interest
Data portabilityReceive data in a structured, machine-readable format
Withdraw consentAt any time, where processing is based on consent
Blockchains cannot be editedWe cannot modify:
  • your wallet address,
  • transaction history,
  • token balances,
  • on-chain state.
Blockchain immutability is outside our control.

7. Data Retention

We retain data only as long as needed to:
  • operate the Services,
  • comply with legal obligations,
  • detect and prevent abuse,
  • resolve disputes,
  • improve performance and routing quality.
We may retain aggregated or anonymized data indefinitely.

8. Data Security

We implement reasonable technical and organizational measures to protect data, including:
  • encrypted communications (HTTPS),
  • strict access controls,
  • minimal data collection by design,
  • ongoing audits of analytics providers,
  • infrastructure security hardening.
However, no system can guarantee perfect security. We do not control the security of blockchains or user wallets.

9. International Data Transfers

We may process or store data on servers operated by third-party providers located in various jurisdictions. Where required, we rely on:
  • Standard Contractual Clauses (SCCs),
  • adequacy decisions,
  • or other lawful mechanisms.

10. Changes to This Policy

We may update this Policy from time to time. Material changes will be reflected via an updated “Last modified” date. Your continued use of the Services indicates that you have reviewed and accepted the updated Policy.

11. Contact

If you have questions, complaints, or requests under this Policy, contact us:
We may request additional information to verify your identity before processing your request.