Privacy Policy

Effective Date: 6 August 2025

MatterFi Inc. (“MatterFi”, “we”, “us” or “our”), a corporation incorporated in Wyoming, USA (registered office: 30 N Gould St, Ste R, Sheridan, WY 82801, United States), operates the website https://americanfortress.io (the “Site”). We are committed to protecting your privacy and processing personal data transparently and in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the California Consumer Privacy Act (“CCPA”), and other applicable laws.

AmericanFortress™ (“AmericanFortress”) is a brand owned and operated by MatterFi.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit the Site, subscribe to our newsletter, or purchase digital asset name services (the “Services”).

1. Scope

This Privacy Policy applies to personal data processed through the Site and related Services. Separate terms and conditions apply to the checkout, management, and sale of FortressNames™ via Stripe; however, the underlying data processing is referenced here for transparency.

2. What Personal Data We Collect

Category	Data Elements	Source	Purpose	Legal Basis (GDPR)
Contact Data	Email address	Directly from you via newsletter sign‑up form	Provide newsletter and marketing communications	Consent (Art. 6 (1)(a))
Transactional Data	Payment token, last 4 digits of card, billing country (processed by Stripe)	Stripe	Facilitate payments for FortressNames™	Contract (Art. 6 (1)(b))
Usage Data	IP address, browser type, device ID, referral URL, pages viewed, time spent	Automatic via cookies & similar tech (Google Analytics, Hotjar)	Site analytics, debugging, improvement	Consent (Art. 6 (1)(a))
Marketing Engagement	Email open & click‑through metrics, campaign source	SmartLead	Optimise newsletter performance	Consent / Legitimate Interest (Art. 6 (1)(f))

‍

‍Special Categories of Data. We do not intentionally collect sensitive personal data (e.g., health, biometrics).

3. How We Use Your Information

Provide and maintain the Services (processing payments via Stripe, delivering purchased FortressNames™).
Send newsletters and promotional content where you have opted‑in.
Analyse and improve the Site via Google Analytics and Hotjar heat‑mapping.
Detect and prevent fraudulent or malicious activity.
Comply with legal obligations and respond to lawful requests.

4. Cookies & Similar Technologies

We use first‑ and third‑party cookies, web beacons, and pixels. Non‑essential cookies are set only after you have provided consent via our cookie banner.

4.1 Cookie Table (ready to paste)

Category	Cookie Name(s)	Provider	Purpose	Expiration
Strictly Necessary	__stripe_mid, __stripe_sid, m	Stripe	Enable secure payment processing	1 year / 30 min / 2 years
	cookie_consent, cookie_settings	americanfortress.io	Stores your cookie preferences	6 months
Analytics	_ga, _gid, _gat	Google Analytics	Distinguish users / throttle request rate	2 years / 24 h / 1 min
	_hjSession_{siteID}, _hjAbsoluteSessionInProgress, _hjIncludedInSessionSample	Hotjar	Session telemetry & sampling	30 min / 30 min / 2 min
Marketing & Engagement	Cell	YouTube	Stores a unique ID to keep statistics of what videos a user has seen	Session
	VISITOR_INFO1_LIVE	YouTube	Estimate bandwidth & optimise video delivery	6 months
	IDE, test_cookie	Google Advertising	Deliver or retarget ads	1 year / 15 min
	smartlead_uid, smartlead_session	SmartLead	Track newsletter campaign performance	1 year / Session

‍

Note: Cookie names and lifespans may change as providers update their services. This table is reviewed at least annually.

‍

5. Third‑Party Recipients)

‍

Service	Location of Processing	Safeguards
Stripe, Inc. (payments)	USA / Global	Standard Contractual Clauses (SCCs) & PCI‑DSS compliance
Google LLC – Google Analytics, YouTube	USA / Global	SCCs & IP anonymisation
Hotjar Ltd.	EU (Ireland)	GDPR‑ready, DPA in place
SmartLead AI, Inc.	USA	SCCs; marketing DPA

We do not sell your personal data.

6. International Data Transfers

Where data is transferred outside the European Economic Area (“EEA”) or UK, we rely on SCCs approved by the European Commission, or other legally recognised mechanisms, to ensure adequate protection.

7. Data Retention

Data Set	Retention Period
Newsletter subscription data	Until you unsubscribe + 30 days for suppression list
Payment records (via Stripe)	7 years (tax & accounting)
Analytics records	26 months (Google Analytics default)

8. Security

We implement administrative, technical, and organisational measures, including HTTPS encryption, least‑privilege access controls, and regular penetration testing. No method of transmission over the Internet is entirely secure; however, we strive to use commercially acceptable means.

9. Your Rights (GDPR / UK GDPR)

You have the right to: * Access your personal data. * Rectify inaccurate data. * Erase data (‘right to be forgotten’). * Restrict or object to processing. * Data portability. * Withdraw consent at any time (this does not affect lawfulness prior to withdrawal). * Lodge a complaint with a supervisory authority (e.g., your local DPA or the Wyoming Attorney General).

To exercise any of these rights, contact us at privacy@matterfi.com.

10. Children’s Privacy

The Site is not directed to children under 16. We do not knowingly collect personal data from children. If we learn we have, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy occasionally. The “Effective Date” at the top indicates when the latest version took effect. We will notify you of material changes via email or a Site notice.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact:

MatterFi Inc.
Attn: Privacy Team
30 N Gould St, Ste R
Sheridan, WY 82801, USA
Email: privacy@matterfi.com
Tel: +1‑307‑555‑0120 (business hours MT)