Skip to main content

Data Privacy Notice

Flashbots Ltd.

Updated December 10, 2021

Flashbots Ltd. (the “Company”) is a company incorporated under the laws of the Cayman Islands.

The purpose of this document is to provide you with information on the Company's use of your personal data in accordance with the Cayman Islands Data Protection Act, 2017 and, in respect of any EU data subjects, the EU General Data Protection Regulation (together, the "Data Protection Legislation"). For individuals in California, please see California notices below.

The Company operates Flashbots Relay and receives information through its authentication process and through the Relay process (between a “Transaction Submitter” and a “Transaction Acceptor”).

To the extent that the Company receives personal information of individuals through Miner Authentication, this will affect you directly. If you are an institutional or collective participant in Flashbots Relay that provides us with personal data on individuals connected to you for any reason in relation to your participation in the Flashbots Relay or through other communications including Discord, this will be relevant for those individuals and you should transmit this document to such individuals or otherwise advise them of its content.

Your personal data, if any, may be processed by the Company, and by persons engaged by the Company. Under the Data Protection Legislation, you have rights, and the Company has obligations, with respect to your personal data. The purpose of this notice is to explain how and why the Company, and persons engaged by the Company, will use, store, share and otherwise process your personal data. This notice also sets out your rights under the Data Protection Legislation, and how you may exercise them.


By virtue of being either a Transaction Submitter or a Transaction Acceptor (the “Services”), (including the initial application and ongoing interactions with the Company and any affiliates and persons engaged by the Company) or by virtue of you otherwise providing us with personal information on individuals connected with you (for example directors, trustees, employees, representatives, shareholders, investors, clients, beneficial owners or agents), you may provide us with certain personal information which constitutes personal data within the meaning of the Data Protection Legislation.

We may also obtain personal data on you from other publicly accessible directories and sources. These may include websites; blockchains, bankruptcy registers; tax authorities; governmental agencies and departments, and regulatory authorities, to whom we have regulatory obligations; credit reference agencies; sanctions screening databases; and fraud prevention and detection agencies and organisations, including law enforcement.

This includes information relating to you and/or any individuals connected with you such as: IP address, device information, geolocation, name, residential address, email address, contact details, corporate contact information, signature, nationality, place of birth, date of birth, tax identification, credit history, correspondence records, passport number, bank account details, source of funds details and details relating to your Relay activity.


The Company, as the data controller, may collect, store and use your personal data for purposes including the following.

The processing that is necessary for the performance of Relay, if any, including:

  • administering or managing the Company;
  • performing Miner Authentication in connection with your involvement in the Relay project of the Company;
  • processing your Relay transaction, including failed transactions;
  • sending you reports relating to your Relay transaction;
  • facilitating the continuation or termination of the contractual relationship between you and the Company; and
  • facilitating any transfer of funds, and administering and facilitating any other transaction, between you and the Company.

The processing may be necessary for compliance with applicable legal or regulatory obligations, including:

  • undertaking due diligence including anti-money laundering and counter-terrorist financing checks, including verifying the identity and addresses of Transaction Submitters or Transaction Acceptors (and, where applicable, their beneficial owners);
  • sanctions screening and complying with applicable sanctions and embargo legislation;
  • complying with requests from regulatory, governmental, tax and law enforcement authorities;
  • surveillance and investigation activities;
  • carrying out audit checks, and instructing our auditors;
  • maintaining statutory registers; and
  • preventing and detecting fraud.

In pursuance of our legitimate interests, or those of a third party to whom your personal data are disclosed, including:

  • complying with a legal, tax, accounting or regulatory obligation to which we or the third party are subject;
  • assessing and processing requests you make;
  • sending updates, information and notices or otherwise corresponding with you in connection with your participation in the Relay;
  • investigating any complaints, or pursuing or defending any claims, proceedings or disputes;
  • providing you with, and informing you about investment products and services;
  • managing our risk and operations;
  • complying with audit requirements;
  • ensuring internal compliance with our policies and procedures;
  • protecting the Company against fraud, breach of confidence or theft of proprietary materials;
  • seeking professional advice, including legal advice;
  • facilitating business asset transactions involving the Company or related entities;
  • monitoring communications to/from us (where permitted by law); and
  • protecting the security and integrity of our IT systems.

We will only process your personal data in pursuance of our legitimate interests where we have considered that the processing is necessary and, on balance, our legitimate interests are not overridden by your legitimate interests, rights or freedoms.

The Company continues to be a data controller even if it has engaged other third parties to perform certain activities on the Company's behalf.


We may share your personal data with our affiliates and delegates. In certain circumstances we may be legally obliged to share your personal data and other financial information with respect to your Relay transaction with relevant regulatory authorities such as the Cayman Islands Monetary Authority or the Tax Information Authority. They, in turn, may exchange this information with foreign authorities, including tax authorities and other applicable regulatory authorities.

The Company’s affiliates and delegates may process your personal data on the Company's behalf, including with our banks, accountants, auditors and lawyers which may be data controllers in their own right. The Company's services providers are generally processors acting on the instructions of the Company. Additionally, a service provider may use your personal data where this is necessary for compliance with a legal obligation to which it is directly subject (for example, to comply with applicable law in the area of anti-money laundering and counter terrorist financing or where mandated by a court order or regulatory sanction). The service provider, in respect of this specific use of personal data, may be deemed to be acting as a data controller.

In exceptional circumstances, and to the extent possible after notice to you, we will share your Personal Data with regulatory, prosecuting and other governmental agencies or departments, and parties to litigation (whether pending or threatened) in any country or territory.


Due to the international nature of our business, your personal data may be transferred to jurisdictions that do not offer equivalent protection of personal data as under the Data Protection Legislation. In such cases, we will process personal data or procure that it be processed in accordance with the requirements of the Data Protection Legislation, which may include having appropriate contractual undertakings in legal agreements with service providers who process personal data on our behalf.


We will keep your personal data for as long as it is required by us in connection with a single Relay transaction. For example, we may require it for our legitimate business purposes, to perform our contractual obligations, or where law or regulation obliges us to. We will generally retain your personal data throughout the lifecycle of the specific Relay transaction you are involved in. Some personal data will be retained after your relationship with us ends. We expect to delete your personal data (at the latest) once there is no longer any legal or regulatory requirement or legitimate business purpose for retaining your personal data.


We will not take decisions producing legal effects concerning you, or otherwise significantly affecting you, based solely on automated processing of your personal data, unless we have considered the proposed processing in a particular case and concluded in writing that it meets the applicable requirements under the Data Protection Legislation.


You have certain data protection rights, including the right to:

  • be informed about the purposes for which your personal data are processed;
  • access your personal data;
  • stop direct marketing;
  • restrict the processing of your personal data;
  • have incomplete or inaccurate personal data corrected;
  • ask us to stop processing your personal data; be informed of a personal data breach (unless the breach is unlikely to be prejudicial to you);
  • complain to the Data Protection Ombudsman; and
  • require us to delete your personal data in some limited circumstances.


We are committed to processing your personal data lawfully and to respecting your data protection rights. Please contact us if you have any questions about this notice or the personal data we hold about you. Our contact details are:, marking your communication "Data Protection Enquiry".

We do not knowingly collect information online from children under 13. If you are a parent or guardian and you learn that your children have provided Flashbots with Personal Information, please contact us. If we become aware that Personal Information has been collected from a child under age 13 without verification of parental consent, we will take steps to remove that information from our servers.


Keep in mind we do not use personal information for marketing, whether by ourselves or by others.

Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, information with respect to the types of personal information the business shares with third parties for direct marketing purposes by such third party and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. Flashbots does not share information with third parties for direct marketing purposes.

To request a copy of the information disclosure pursuant to Section 1798.83 of the California Civil Code, please contact


The Company may revise this Privacy Policy from time to time. If we make a change to this policy that, in our sole discretion, is material, we will take steps to notify all users by a notice on the site. By continuing to access or use the Services after those changes become effective, you agree to be bound by the revised Privacy Policy.


If you have questions about this Privacy Policy, you can contact us by email at