Privacy policy - Fiet Documentation

Last updated: 17 February 2026 This Privacy Policy explains how Usher Labs Pty Ltd (ABN 35 658 656 332), doing business as Fiet, and its affiliates (Usher Labs, we, us, or our) collect, use, disclose, store, and protect personal information in connection with our Websites and Services (as defined in our Terms of Service). The Services include our websites (including any sub-domains), the Fiet Business API, the Fiet Client Node software, associated technologies (such as Prover components and Maker market-making tools), and any related products, APIs, documentation, portals, dashboards, or other features we make available. The Services facilitate non-custodial interaction with the decentralised Fiet Protocol. We are committed to protecting your privacy and handling any personal information we collect in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Due to the non-custodial and decentralised nature of the Services and the Fiet Protocol, we collect very limited personal information. We do not collect or store sensitive information such as private keys, seed phrases, or other credentials that would allow us to access or control your digital assets. This Privacy Policy applies only to personal information we collect through the Services. It does not apply to your direct interactions with the decentralised Fiet Protocol, third-party blockchains, integrated automated market makers, or other Third-Party Services (as defined in our Terms of Service), which are governed by their own privacy practices. By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Services. We may update this Privacy Policy from time to time. Material changes will be notified in accordance with our Terms of Service. Your continued use of the Services after changes constitutes acceptance of the updated policy. For questions about this Privacy Policy or our privacy practices, please contact us at legal@usher.so.

High Level Summary

Limited Collection: Most interactions with the Services are anonymous or pseudonymous. We collect minimal personal information for general use, but additional limited information is collected for specific features, such as Business API account creation and Prover submissions by market makers.
No Sensitive or Wallet Data: We never collect or store private keys, seed phrases, passwords, or any credentials that could enable access to or control of your digital assets or wallets.
Fiet Business API Accounts: When you create an account to access the Fiet Business API, we collect basic details (such as email address and organisation information) solely to generate and manage your API key and authenticate access.
Fiet Prover Data for Market Makers: Market makers using the Prover share read-only financial data (e.g., assets under management or inventory details) for private processing via zero-knowledge proofs. Raw financial data may be stored temporarily for redundancy and fault tolerance but is processed securely and privately. Where disclosure of aggregated or pseudo-anonymised data occurs (e.g., on-chain proofs reflecting network-wide facilitation activity), individual raw data becomes obfuscated as more market makers participate.
Limited Purposes: Personal information is used only to provide and improve the Services, manage accounts, generate proofs, ensure security, and comply with legal obligations.
No Selling or Third-Party Marketing: We do not sell your personal information or share it with third parties for their own marketing purposes.
Your Rights: You have rights under Australian privacy laws to access, correct, or complain about your personal information. See the relevant sections below for details.
Transparency and Control: We use Cookies for essential functions and analytics, with options to manage preferences.

This summary is for convenience only. Please read the full Privacy Policy for complete details.

1. Children’s Privacy

The Services are not intended for or directed at children under the age of 18 years. We do not knowingly collect, use, or disclose personal information from children under 18. If you are a parent or guardian and believe we have collected personal information from your child under 18, please contact us immediately at legal@usher.so. We will take reasonable steps to delete such information from our records as soon as practicable. In accordance with our Terms of Service, users must be at least 18 years old (or the age of majority in their jurisdiction) to access or use the Services. Any use of the Services by individuals under 18 is unauthorised and in violation of these Terms.

2. How We Collect Personal Information

We collect personal information in the following ways:

Directly from you: When you voluntarily provide it to us, for example by creating a Business API account (including email address and organisation details for API key generation), contacting us via email or support forms, subscribing to newsletters or updates, providing feedback, submitting data through the Prover for proof generation, or otherwise interacting with the Services in a way that involves submitting information.
Automatically through your use of the Services: When you visit our Websites or access the Services, we (and our third-party service providers) may automatically collect technical and usage information using Cookies, server logs, pixels, and similar technologies (as described in section 5: Cookies and Tracking Technologies).
From third parties: We may receive limited information from third-party providers who assist us in operating the Services, such as analytics tools, hosting providers, or infrastructure services. This is typically aggregated or anonymised data to help us understand usage patterns.

For market makers using the Fiet Prover, read-only financial data (e.g., assets under management or inventory details) is shared directly from your connected sources. This data is processed privately using zero-knowledge proofs (via Verity zkTLS), and raw data may be stored temporarily for redundancy and fault tolerance. As more market makers facilitate liquidity on the network, any disclosed proof data becomes aggregated, obfuscating individual contributions. We only collect personal information where it is reasonably necessary for our functions or activities, and we do so by lawful and fair means in accordance with the Australian Privacy Principles.

3. Personal Information We Collect

We collect very limited personal information, reflecting the non-custodial and decentralised design of the Services and the Fiet Protocol. We do not require you provide personal details to access most features. We never collect or store sensitive information such as private keys, seed phrases, passwords, or any credentials that could enable access to your digital assets or wallets. The categories of personal information we may collect, and the sources from which we collect it, are described below.

(a) Information Collected Automatically

When you visit our Websites or interact with the Services, we (and our third-party service providers) may automatically collect certain technical and usage information through cookies, pixels, server logs, and similar technologies. This may include:

Device and browser information (e.g., device type, operating system, browser type and version, unique device identifiers).
Internet connection details (e.g., IP address, approximate location derived from IP address, time zone).
Usage data (e.g., pages viewed, features accessed, time spent on pages, referring URLs, clickstream data).

This information is generally anonymised or pseudonymised and used for purposes such as improving the Services, analysing performance, ensuring security, and generating aggregated insights.

(b) Information You Provide Voluntarily

We collect personal information only when you choose to provide it, such as:

Contact and account details (e.g., name, email address, or other information) if you contact us via email, support forms, feedback submissions, or newsletter sign-ups.
Any other information you voluntarily submit through the Services (e.g., in account creation and/or communications with us).

(c) Information from Third Parties

We may receive limited information from third-party analytics providers, advertising networks, or infrastructure services (e.g., Google Analytics, Cloudflare, or similar tools) that help us operate and improve the Services. This is typically aggregated or anonymised usage data. We do not collect personal information from your on-chain interactions with the decentralised Fiet Protocol or Third-Party Services (such as blockchain addresses, transaction data, or wallet activity), as these are pseudonymous and not linked to your identity unless you voluntarily provide such a link. If you connect a wallet or interact with the Services in a way that reveals personal information (e.g., through optional integrations), we do not store or process that information beyond what is necessary for the immediate function. We do not collect sensitive personal information (as defined under the Privacy Act 1988 (Cth)), such as health data, racial or ethnic origin, political opinions, or religious beliefs.

4. How We Use Your Personal Information

We use personal information only where it is reasonably necessary for our functions or activities as a provider of the Services, and in accordance with the Australian Privacy Principles. The purposes for which we use personal information include:

(a) To Provide and Maintain the Services

To operate, maintain, and improve the Websites and Services, including troubleshooting, debugging, and enhancing functionality.
To deliver core functionality, including managing Business API accounts (e.g., authenticating access via API keys), processing Prover submissions from market makers to generate zero-knowledge proofs of reserve availability, facilitating interactions with the decentralised Fiet Protocol, and enabling market makers to facilitate liquidity for markets.
For market makers, to privately process submitted read-only financial data (e.g., assets under management or inventory details) using zero-knowledge proofs (via Verity zkTLS). Raw data may be stored temporarily for redundancy and fault tolerance during processing, but is not retained long-term. Only the resulting cryptographic proofs are used or disclosed (e.g., on-chain or aggregated within the Protocol). As more market makers participate, any disclosed data becomes aggregated and obfuscated, protecting individual details.
To respond to your inquiries, support requests, or feedback submitted through the Services.
To deliver communications you have requested, such as newsletters or updates (where you have subscribed).

(b) For Analytics and Improvement

To understand how users interact with the Services, generate aggregated and anonymised insights, and improve user experience (e.g., through analytics tools to measure traffic, usage patterns, and performance).
To develop new features or services based on aggregated usage data.

(c) For Security and Compliance

To detect, prevent, and address fraud, security incidents, or technical issues.
To comply with Applicable Laws, regulatory requirements, or legal processes (e.g., responding to subpoenas or government requests).
To enforce our Terms of Service or protect our rights, property, or safety, or that of our users or others.

(d) For Other Legitimate Purposes

For internal administrative purposes, such as auditing, data analysis, and research.
In connection with a business transaction (e.g., merger, acquisition, or asset sale), where personal information may be transferred as a business asset (subject to confidentiality obligations).

We process personal information only where necessary for these purposes and on a lawful basis under the Privacy Act 1988 (Cth), such as with your consent (where provided), for the performance of our agreement with you (the Terms of Service), for our legitimate interests (provided they are not overridden by your rights), or to comply with legal obligations. We do not use personal information for automated decision-making that produces legal or similarly significant effects on individuals. Where possible, we anonymise or aggregate information so that it no longer identifies you, and we may use such anonymised data for any lawful purpose without restriction. We do not use personal information for purposes unrelated to the Services without your consent or as otherwise permitted by law. Where processing relies on legitimate interests, these are balanced against your privacy rights (e.g., security and service improvement outweigh minimal intrusion from anonymised analytics).

5. Marketing Communications

We may use your personal information (such as your email address) to send you communications about our Services, updates, features, or other information we believe may be of interest to you, including newsletters, announcements, or promotional materials relating to Fiet or Usher Labs. We will only send you direct marketing communications where we have your consent or are otherwise permitted to do so under the Privacy Act 1988 (Cth) and the Spam Act 2003 (Cth). For example, if you subscribe to our newsletter or provide your email address for updates, we will treat this as consent to receive such communications. Every marketing communication we send will include clear instructions on how to opt out (e.g., an unsubscribe link or reply mechanism). You can also withdraw your consent or opt out of receiving marketing communications at any time by:

Clicking the “unsubscribe” link in any marketing email we send you.
Contacting us at legal@usher.so with your request.

We will process your opt-out request promptly, usually within 5 business We do not share your personal information with third parties for their own marketing purposes. If you opt out of marketing communications, we may still send you non-promotional messages, such as service updates, security alerts, or responses to your inquiries.

6. Disclosure of Personal Information

We do not sell, rent, or trade your personal information. We disclose personal information only in limited circumstances and where permitted or required by the Australian Privacy Principles and Applicable Laws. We may disclose personal information to the following categories of recipients:

(a) Our Service Providers

Third-party providers who assist us in operating the Services, such as hosting providers, analytics services, cloud infrastructure providers, email delivery services, and security tools.
Examples of Service Providers As examples, we may use the following third-party service providers to assist us in operating the Services:
- Analytics providers, such as Google Analytics and PostHog, to collect usage data.
- Cloud infrastructure and hosting providers, such as Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).
- Domain registration and web services, such as GoDaddy.
- Email and transactional communication services, such as Postmark.
These providers are contractually obliged to use personal information only for the purposes of providing services to us and to maintain appropriate confidentiality and security measures.

(b) Professional Advisors

Our legal, financial, insurance, or other professional advisors where necessary for obtaining advice or managing our business.

(c) In Connection with Business Transactions

In the event of a merger, acquisition, financing, reorganisation, bankruptcy, receivership, sale of company assets, or similar transaction, personal information may be transferred to the relevant third party as a business asset, subject to appropriate confidentiality protections.

(d) For Legal or Regulatory Purposes

To comply with Applicable Laws, regulatory requirements, or legal processes (e.g., court orders, subpoenas, or government requests).
To enforce our Terms of Service, protect our rights, privacy, safety, or property, or that of our users or others.
To detect, prevent, or address fraud, security issues, or technical problems.
To respond to lawful requests from public authorities, including for national security or law enforcement purposes.

(e) Aggregated or Anonymised Data

We may share aggregated, de-identified, or anonymised information (which cannot reasonably be used to identify you) with third parties for analytics, research, or other lawful purposes.

(f) Specific Disclosures for Service Features:

Business API Account Information: Basic account details (e.g., email address and organisation information) may be disclosed to service providers necessary for authentication and access management.
Prover Data for Market Makers: Raw read-only financial data submitted via the Prover is never disclosed. Only the resulting cryptographic proofs (generated using zero-knowledge technology via Verity zkTLS) are shared as necessary for the decentralised Fiet Protocol (e.g., on-chain or in aggregated form). Temporary storage for redundancy and fault tolerance occurs in secure environments, but raw data is not shared. As more market makers facilitate liquidity on the network, any disclosed proof data becomes aggregated or pseudo-anonymised, further obfuscating individual contributions.

We do not disclose personal information to third parties for their own marketing purposes. Where disclosure involves cross-border transfers (see section 6), we take reasonable steps to ensure the recipient handles personal information in accordance with this Privacy Policy and the Australian Privacy Principles.

7. Cookies and Tracking Technologies

We use cookies, pixels, local storage, and similar technologies (collectively, Cookies) on our Websites and within the Services to collect the technical and usage information described in section 1(a). Cookies help us:

Remember your preferences and settings.
Understand how you navigate and interact with the Services.
Analyse performance and usage to improve functionality and user experience.
Ensure security and detect fraudulent activity.

Types of Cookies We Use

Essential Cookies: Necessary for the basic operation of the Websites and Services (e.g., security features and session management). These cannot be disabled.
Analytics and Performance Cookies: Allow us to collect aggregated data on usage patterns (e.g., via Google Analytics or similar tools) to measure and improve performance.
Functional Cookies: Enable enhanced features, such as remembering your preferences.

We do not use Cookies for targeted advertising or behavioural tracking across third-party sites. Third-party providers (e.g., analytics services) may also set Cookies when you visit our Websites. These are subject to the third party’s own privacy policies.

Managing Cookies

You can control Cookies through your browser settings or device preferences. Most browsers allow you to block or delete Cookies, or to be notified when a Cookie is set. However, disabling essential Cookies may affect the functionality of the Services. For more information on managing Cookies, visit your browser’s help resources or sites such as www.allaboutcookies.org. If you opt out of analytics Cookies (e.g., via Google Analytics opt-out tools), we will respect your choice where technically feasible. We do not respond to “Do Not Track” signals, as there is no industry-standard interpretation of such signals.

8. Data Security

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure, as required by the Australian Privacy Principles. Security measures we implement include:

Technical safeguards such as encryption for data in transit (e.g., HTTPS), firewalls, and secure server environments.
Administrative controls, including access restrictions, employee training, and confidentiality obligations for staff and service providers.
Regular reviews and updates to our security practices to address evolving risks.

Despite these measures, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of your personal information, particularly given the inherent risks of online services and blockchain technologies. You are responsible for maintaining the security of your own devices, wallets, private keys, and credentials when using the Services. We recommend using strong passwords, enabling two-factor authentication where available, and following best practices for device and network security. If we become aware of a data breach that is likely to result in serious harm to any individual, we will comply with our obligations under the Notifiable Data Breaches scheme in Part IIIC of the Privacy Act 1988 (Cth), including notifying affected individuals and the Office of the Australian Information Commissioner where required.

9. International Data Transfers

We are based in Australia, and personal information we collect is primarily stored and processed in Australia. However, some of our service providers or affiliates may be located overseas, or may store or process data in other jurisdictions (including the United States, Europe, or Asia). When we disclose personal information to recipients outside Australia, your information may be transferred to, stored, or processed in countries that may not offer the same level of privacy protection as Australia. We take reasonable steps to ensure that overseas recipients handle your personal information in a manner consistent with this Privacy Policy and the Australian Privacy Principles. These steps may include:

Entering into contracts with recipients that incorporate the APP cross-border disclosure requirements or equivalent protections (such as the EU Standard Contractual Clauses where applicable).
Relying on your consent where appropriate.
Ensuring the transfer is necessary for the performance of our agreement with you or for other lawful purposes under the Privacy Act 1988 (Cth).

By using the Services, you consent to the transfer of your personal information to overseas recipients on these terms. If you have concerns about international transfers of your personal information, please contact us at legal@usher.so.

10. Data Security and Retention

(a) Data Security

We implement reasonable technical, administrative, and organisational measures to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure, in accordance with the Australian Privacy Principles. These measures include:

Encryption for data in transit (e.g., HTTPS) and, where appropriate, at rest.
Access controls, firewalls, and secure environments for processing and storage.
Regular security reviews and updates to address potential vulnerabilities.

For specific features:

Business API account information is stored securely with restricted access.
Prover submissions from market makers are processed in a privacy-preserving manner using zero-knowledge proofs (via Verity zkTLS). Raw read-only financial data may be stored temporarily, encrypted at rest, in secure environments, but is handled with enhanced protections and not retained beyond what is necessary.

No security measure is infallible, and we cannot guarantee absolute protection against all threats, particularly given the risks associated with online services and blockchain technologies. You are responsible for securing your own devices, credentials, and connections when using the Services. In the event of a data breach likely to result in serious harm, we will comply with our obligations under the Notifiable Data Breaches scheme (Part IIIC of the Privacy Act 1988 (Cth)), including notifying affected individuals and the Office of the Australian Information Commissioner where required.

(b) Data Retention

We retain personal information only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, or as required or permitted by Applicable Laws. Retention periods vary by data type:

Technical and usage data collected automatically (e.g., through Cookies or server logs) is retained for a limited period, typically no longer than 12 months, unless required longer for security, legal, or analytical purposes (in anonymised or aggregated form where possible).
Information you provide voluntarily (e.g., contact details from inquiries or subscriptions) is retained for the duration needed to respond to your request or manage our relationship with you, and for a reasonable period thereafter in case of follow-up (typically up to 7 years for compliance with record-keeping obligations under Australian law).
Business API account information: Retained while your account is active, and for a reasonable period after deactivation (e.g., up to 7 years for compliance or dispute resolution purposes).
Prover-related data: Raw financial data submitted by market makers is retained only temporarily for processing, redundancy, and fault tolerance. It is deleted or securely destroyed once proofs are generated and no longer needed. Cryptographic proofs may be retained or disclosed as required for the decentralised Fiet Protocol (e.g., on-chain in aggregated form).

Once personal information is no longer required, we take reasonable steps to securely delete, destroy, or de-identify it. Anonymised or aggregated data (including network-wide facilitation metrics where individual contributions are obfuscated as more market makers participate) may be retained indefinitely for analytics, research, or service improvement. If you have any questions about our retention practices for specific information, please contact us at legal@usher.so.

11. Your Privacy Rights

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have certain rights regarding your personal information. These include the right to:

Access: Request access to the personal information we hold about you. We will provide access where required by law, subject to any exceptions under the APPs (e.g., where providing access would pose a serious threat to safety or reveal commercially sensitive information).
Correction: Request correction of any inaccurate, incomplete, or out-of-date personal information we hold about you.
Complaints: Lodge a complaint if you believe we have interfered with your privacy (see section 9 for details on how to make a complaint).

Given the limited nature of the personal information we collect (primarily technical and usage data, which is often anonymised), we may not hold identifiable personal information about you in many cases. Where we do not hold personal information about you, we will inform you accordingly. To exercise your rights of access or correction, please contact us at legal@usher.so with details of your request. We will respond within a reasonable time (usually within 30 days) and may require verification of your identity. There is generally no fee for requesting access or correction, but we may charge a reasonable fee for complex requests to cover administrative costs. You may also have additional rights depending on your location (e.g., under overseas privacy laws applicable to international transfers), and we will handle such requests in accordance with Applicable Laws. If you wish to opt out of receiving communications from us (e.g., newsletters), follow the unsubscribe instructions in the communication or contact us directly. For analytics Cookies, you can manage preferences as described in section 4.

12. Complaints

If you have a complaint about how we have handled your personal information or believe we have breached the Australian Privacy Principles or the Privacy Act 1988 (Cth), please contact us first so we can try to resolve it. You can lodge a complaint by emailing our Privacy Officer at legal@usher.so or writing to us at our registered office (details in section 10). Your complaint should include details of the incident or issue, including relevant dates, and any supporting information. We will:

Acknowledge receipt of your complaint promptly (usually within 5 business days).
Investigate the matter fairly and objectively.
Respond to you with our findings and any proposed resolution within a reasonable time (usually within 30 days, or longer for complex matters, in which case we will keep you informed).

We treat all complaints seriously and aim to resolve them efficiently and courteously. If you are not satisfied with our response, you may escalate the matter to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992. Nothing in this Privacy Policy limits your rights under the Privacy Act 1988 (Cth) or other Applicable Laws.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, our privacy practices, or your personal information, please contact our Privacy Officer:

Email: legal@usher.so
Postal Address: Usher Labs Pty Ltd 5/1 Boden Rd, Seven Hills NSW 2147 Australia

We will acknowledge and respond to your query promptly and in accordance with our obligations under the Privacy Act 1988 (Cth). For complaints about our handling of personal information, please follow the process outlined in section 9. This Privacy Policy was last updated on the date shown at the top of this document.

​High Level Summary

​1. Children’s Privacy

​2. How We Collect Personal Information

​3. Personal Information We Collect

​(a) Information Collected Automatically

​(b) Information You Provide Voluntarily

​(c) Information from Third Parties

​4. How We Use Your Personal Information

​(a) To Provide and Maintain the Services

​(b) For Analytics and Improvement

​(c) For Security and Compliance

​(d) For Other Legitimate Purposes

​5. Marketing Communications

​6. Disclosure of Personal Information

​(a) Our Service Providers

​(b) Professional Advisors

​(c) In Connection with Business Transactions

​(d) For Legal or Regulatory Purposes

​(e) Aggregated or Anonymised Data

​(f) Specific Disclosures for Service Features:

​7. Cookies and Tracking Technologies

​Types of Cookies We Use

​Managing Cookies

​8. Data Security

​9. International Data Transfers

​10. Data Security and Retention

​(a) Data Security

​(b) Data Retention

​11. Your Privacy Rights

​12. Complaints

​13. Contact Us