Privacy Policy

This Privacy Policy ("Policy") describes how Arcane Privacy Foundation, a foundation organised under the laws of the Republic of the Marshall Islands (the "Company," "Arcane," "we," "us," or "our"), collects, uses, stores, discloses, and otherwise processes information in connection with access to and use of the Arcane protocol, related dashboards, interfaces, documentation, SDKs, and services (collectively, the "Platform").

This Policy implements Arcane's internal privacy and data-handling standards, which are designed to reflect privacy-by-design, data minimization, and security-by-default principles appropriate to a decentralised, non-custodial, and trustless system. It is intended to provide transparency into how those standards apply in practice and to accurately reflect the technical architecture and operational boundaries of the Arcane protocol. It does not create any fiduciary, custodial, advisory, or monitoring obligations, nor does it imply that the Company possesses technical capabilities or access beyond what is expressly described in this Policy.

This Policy forms an integral part of the documents governing access to the Platform, including the Terms and Conditions (the "Terms") and any applicable Risk Disclaimer. Each document addresses different aspects of the Platform and should be read together. Capitalised terms not defined here have the meanings given to them in the Terms. In the event of any inconsistency between this Policy and the Terms, the Terms prevail to the extent of such inconsistency.

1. Purpose and scope of this Policy

1.1. Arcane is designed and operated as a non-custodial, privacy-preserving software protocol deployed on the Solana blockchain. The Company develops and maintains reference implementations, interfaces, and tooling that allow Users to interact directly with the autonomous on-chain Arcane smart contract, which is designed for permanent immutability once all features have shipped (see the Terms for details on the current upgrade authority). Accordingly:

• Arcane does not operate or maintain user accounts;
• Arcane does not custody, control, or access User funds, private keys, Secret Notes, deposit notes, or cryptographic secrets;
• Arcane does not initiate transactions on behalf of Users. Where Users elect to route a withdrawal through the relayer network, the Platform may facilitate transaction preparation or relayer selection; however, all transactions are authorised by the User through their self-custodied wallet and broadcast by independent, third-party relayers that hold no custody and cannot modify transaction contents;
• Arcane does not maintain centralised records linking blockchain activity to real-world identities. Any privacy properties associated with the protocol arise from cryptographic design (zero-knowledge proofs, Merkle commitments, nullifiers, fixed denominations) and User-controlled key management, not from trust placed in the Company.

For the avoidance of doubt, the existence of an open relayer network, an algorithmic relayer-selection mechanism, an off-chain compliance oracle, or any score-based interface ranking does not grant the Company access to User assets, deposit notes, plaintext withdrawal data, transaction linkages, or protocol state, and does not alter the non-custodial or trustless nature of the Platform.

1.2. This Policy applies solely to information processed by the Company in connection with: (a) the Arcane website and web-based interfaces; (b) application programming interfaces (APIs), including the Arcane Pay API; (c) software development kits (SDKs); (d) documentation and technical resources; (e) communications initiated by Users with the Company; (f) any current or future mobile applications operated by the Company; and (g) any future products built by the Company.

1.3. This Policy does not apply to: public blockchain networks (including Solana); transactions broadcast or settled on-chain; third-party wallets, relayers, RPC providers, validators, indexers, or oracle operators; decentralised applications or services not operated by the Company; or information processed entirely under a User's sole control (including Secret Notes stored locally or backed up on-chain in encrypted form). Users interact with such third parties at their own risk and subject to those parties' respective privacy practices.

1.4. While Arcane is engineered to enhance transactional privacy through cryptographic techniques and a fixed-denomination anonymity model, the Company makes no representation or warranty that use of the Platform will:

• ensure anonymity, secrecy, or untraceability in all circumstances;
• prevent lawful access, analysis, or inference by third parties, including chain analytics providers;
• exempt Users from legal, regulatory, tax, or reporting obligations in their jurisdiction; or
• shield Users from enforcement actions or compulsory disclosure orders.

Users remain solely responsible for understanding and complying with applicable data protection, financial, tax, and other laws in their jurisdictions.

1.5. Arcane is developed in accordance with privacy-by-design and data-minimisation principles. The Platform is architected to avoid collecting personal data wherever technically feasible. However, nothing in this Policy shall be interpreted as an undertaking to eliminate all privacy risks; a commitment to maintain specific cryptographic standards indefinitely; or an assumption of obligations beyond those imposed by applicable law.

2. Core privacy position and regulatory baseline

2.1. Data minimisation and architectural constraints. Arcane is architected to minimise the collection, processing, and retention of information and to avoid processing information that could reasonably be used to identify Users wherever technically feasible. The protocol is designed so that the majority of User interactions occur on-chain or locally within the User's own environment, without reliance on Company-operated accounts, centralised databases, or identity-linked records. The Company intentionally limits its information-handling activities to what is strictly necessary to operate, secure, and maintain the Platform interfaces and related off-chain infrastructure.

2.2. Absence of user accounts and identity mapping. The Company does not create, maintain, or administer User accounts. Access to the Platform occurs through User-controlled blockchain wallets and does not require off-chain registration, the provision of usernames, passwords, email addresses, or other persistent identifiers to the Company. Any on-chain registration or state recorded within Arcane's smart contracts is publicly verifiable, pseudonymous in nature, and does not involve the creation or maintenance of identity records by the Company.

2.3. The Company does not:

• request or collect government-issued identifiers;
• request or collect biometric information;
• require identity verification, onboarding procedures, or KYC enrolment;
• maintain records linking wallet addresses to real-world identities; or
• perform user identification, profiling, classification, or behavioural scoring.

Any association between a User and a blockchain address is established solely by the User through their chosen wallet software and exists independently of the Company's systems, records, or infrastructure. Risk screening performed at the front end or enforced by the on-chain compliance oracle (see Section 3.1.4) operates on wallet addresses, not identities, and does not establish or store any link to a real-world person.

2.4. Controller / processor positioning. To the extent that privacy or data protection principles may be deemed applicable, the Company determines the limited purposes and means of processing solely in relation to technical, operational, and administrative information processed in connection with the website, Platform interfaces, documentation, and User-initiated communications. The Company does not act as a controller, processor, joint controller, fiduciary, custodian, or trusted intermediary in respect of:

• on-chain transaction data, deposits, withdrawals, or transfers within the Arcane protocol;
• cryptographic commitments, Merkle tree leaves, Merkle roots, or nullifiers;
• Secret Notes, deposit notes, or wallet-derived encryption keys in plaintext form;
• private keys, signing material, or cryptographic secrets in any form accessible to the Company; or
• any data processed exclusively within User-controlled wallets, devices, or decentralised infrastructure.

The Company may operate non-authoritative off-chain infrastructure that mirrors or derives commitment-tree state, deposit pool metrics, or anonymity-set statistics from publicly verifiable on-chain state, solely to support Platform usability (including the Privacy Engine score). Such infrastructure introduces no trust assumptions, does not alter protocol state, and can be independently replicated or verified using public blockchain data.

Where the Platform stores encrypted Secret Note material on-chain as a convenience backup, such material is encrypted using a key derived from the User's wallet signature and cannot be decrypted by the Company.

2.5. Public blockchain data disclaimer. Public blockchain networks, including Solana, are transparent, immutable, and globally accessible by design. The Company does not control, curate, modify, delete, or restrict access to blockchain data. For the avoidance of doubt:

• blockchain addresses, transaction hashes, timestamps, commitments, Merkle roots, and related metadata are not collected or processed by the Company as personal data;
• the Company does not determine the purposes or means of processing such data; and
• such data falls outside the Company's technical and operational control for the purposes of this Privacy Policy.

2.6. No custody, no surveillance, no profiling. Arcane does not monitor User behaviour for the purpose of profiling, behavioural analysis, compliance surveillance, targeted advertising, or commercial exploitation. The Company does not:

• perform wallet clustering, transaction graph analysis, or linkage analysis;
• attempt to deanonymise Users or infer identities;
• combine on-chain data with off-chain identifiers to enrich a profile; or
• sell, rent, license, or otherwise monetise User information.

The Privacy Engine produces a real-time privacy score (0–100) for each individual deposit based on publicly observable on-chain factors (anonymity-set size, elapsed time, pool activity, timing peers). It is a property of a deposit, not a profile of a User. No off-chain identifier is associated with the score, and no record is retained that links the score to a User's identity.

2.7. Purposes and justification for processing. Where the Company processes limited categories of information, such processing is undertaken solely for defined, proportionate, and legitimate purposes, including:

• operation, maintenance, and security of the Platform interfaces;
• prevention of abuse, misuse, or malicious activity targeting the website or interfaces;
• response to User-initiated communications and support requests; and
• protection of the integrity, availability, and legitimate interests of the Company.

The Company does not process information for marketing, advertising, behavioural analysis, profiling, automated decision-making, or data monetisation purposes.

2.8. No expansion of obligations. Nothing in this Section shall be construed as an admission that the Company processes information beyond what is expressly described here, nor as an agreement to assume obligations, roles, or technical capabilities beyond those expressly set out in this Privacy Policy.

3. Information processed

Guiding principle: minimal and incidental processing. The Company adheres to a principle of strict data minimisation. Information is processed only to the limited extent necessary to operate and maintain the Platform interfaces, ensure technical security and integrity, and respond to User-initiated communications. The Company does not process personal data as part of the core functioning of the Arcane protocol itself. The protocol operates autonomously on the Solana blockchain through decentralised smart contracts, without reliance on Company-controlled databases, identity systems, or custodial infrastructure.

3.1. Information processed by the Company

3.1.1. Technical and usage information. When Users access the website or Platform interfaces, the Company may incidentally process limited technical and usage-related information necessary to ensure functionality, security, and availability. Such information may include network metadata (such as IP addresses or truncated IP addresses), browser type, operating system, device characteristics, timestamps, referring URLs, session duration, and basic error or access logs. This information is processed solely for purposes such as maintaining platform stability, diagnosing technical issues, preventing abuse, and ensuring secure delivery of content. The Company does not use such information to identify Users, create profiles, or associate technical data with wallet addresses, blockchain transactions, or protocol activity. Where feasible, technical and usage information is processed in an aggregated, transient, or anonymised form and is not retained as a persistent identifier.

3.1.2. User-initiated communications. Where Users voluntarily contact the Company, including through email (such as team@arcaneprivacy.com or legal@arcaneprivacy.com), support channels, vulnerability disclosure submissions, governance-related communications, or similar correspondence, the Company may process the information provided by the User. This may include names, usernames or pseudonyms (if provided), contact details such as an email address, and the content of the communication and any attachments. The provision of such information is entirely voluntary, and Users are encouraged not to include unnecessary or sensitive information in communications. Such information is processed solely for the purpose of responding to the inquiry, addressing technical or security matters, or engaging in protocol-related communications, and is not used for marketing, profiling, or unrelated purposes.

3.1.3. Security-related records. The Company may process limited information relating to security incidents, abuse prevention, vulnerability disclosures, or misuse of the Platform interfaces, where reasonably necessary to protect the availability, integrity, and security of the website and interfaces. Such information may also be processed in connection with internal investigations, dispute resolution, or response to legitimate requests directed to the Company. These records are handled proportionately, retained only as necessary, and are not used for surveillance, profiling, or commercial exploitation.

3.1.4. Compliance and risk-screening data. To enforce the compliance posture described in our Compliance documentation, the Platform interfaces consume signed risk-screening data from a third-party provider (currently the Range Risk and Compliance API). The on-chain protocol additionally verifies cryptographically signed oracle data before processing a transaction, so that flagged wallets are rejected at the program level regardless of how a transaction is submitted. In each case:

• the input to screening is a wallet address, not an identity;
• screening results are consumed at the point of transaction and are not stored by the Company as a persistent profile of any User;
• the Company does not receive, store, or process any underlying KYC, identity, or off-chain enrichment data held by the screening provider; and
• the existence of a screening interaction does not constitute the creation of a User account or an identity record.

Users may consult the screening provider's own privacy notice for information about how that provider handles data independently of the Company.

3.1.5. Voluntary Compliance Tool inputs. Where a User chooses to use the Arcane Compliance Tool to generate a proof-of-funds report, the User locally provides their own Secret Note as input to a client-side process. The Compliance Tool produces a downloadable report (e.g., a PDF) on the User's device. The Company does not receive, store, or process the User's Secret Note, the contents of the generated report, or the identity of any recipient to whom the User chooses to disclose it.

3.2. Information not collected or controlled by the Company

For the avoidance of doubt, the Company does not collect, store, process, or otherwise control the following categories of information in connection with the Platform or the protocol.

3.2.1. Identity and KYC information. The Company does not collect or process identity-verification or know-your-customer information, including government-issued identifiers, biometric identifiers, proof-of-address documentation, financial account numbers, or similar personal identification data.

3.2.2. Wallet credentials and cryptographic secrets. The Company does not collect, store, access, or control any wallet credentials or cryptographic secrets, including private keys, seed phrases, signing keys, authentication material, or Secret Note encryption keys. All such credentials are generated, stored, and controlled exclusively by Users within their self-custodied wallets or local environments.

3.2.3. Secret Notes, deposit notes, and proofs. The Company does not have the technical ability to read User-held Secret Notes, derive nullifiers from them, or generate withdrawal proofs on a User's behalf. Where Secret Notes are backed up on-chain as a convenience, they are encrypted with a key derived from the User's wallet signature; the Company does not hold, derive, or escrow that key.

3.2.4. On-chain transaction data. The Company does not process blockchain transaction data as personal data. This includes deposit and withdrawal transactions, commitments, nullifiers, Merkle tree positions, encrypted note backups, zero-knowledge proofs, and on-chain relayer routing metadata. The Company does not possess the technical capability to decrypt, modify, reverse, or associate such data with identified or identifiable individuals.

3.2.5. Public blockchain data and third-party indexing. Use of the protocol necessarily involves interaction with public blockchain infrastructure. Data associated with such interactions may be visible to independent third parties, including blockchain explorers, node operators, indexers, analytics providers, or other network participants. The Company does not operate blockchain indexers for surveillance or profiling purposes, does not enrich or correlate on-chain data with off-chain identifiers, and does not control or assume responsibility for any processing conducted by third parties that independently access public blockchain data. The Company may operate limited, non-authoritative indexing infrastructure solely to derive or mirror publicly available on-chain state (including commitment-tree data and Privacy Engine inputs). Such indexing does not involve identity inference, profiling, or monitoring and does not alter the public or decentralised nature of the underlying blockchain data.

3.2.6. Cookies and similar technologies. The website may use limited cookies or similar technologies that are strictly necessary to support core functionality, security, and basic performance monitoring, such as error detection and service reliability. The Company does not deploy advertising cookies, behavioural tracking technologies, cross-site tracking mechanisms, fingerprinting techniques, or marketing analytics. Information derived from such technologies is not linked to wallet addresses, protocol activity, or on-chain data.

3.2.7. Sensitive information and children's data. The Company does not intentionally collect or process sensitive personal information or information relating to children. Users are instructed not to submit such information through the Platform or Company communication channels.

3.2.8. Data accuracy and user responsibility. To the extent Users voluntarily provide information to the Company, Users are responsible for ensuring that such information is accurate and appropriate. The Company does not independently verify User-provided information and does not rely on such information for automated decision-making, scoring, or profiling.

4. Purpose and legal basis for processing

The Company processes limited categories of information only where such processing is necessary, proportionate, and directly related to the operation, security, and integrity of the Platform interfaces, or to respond to User-initiated communications. The Company does not process information for purposes unrelated to the functioning of the Platform interfaces, does not engage in surveillance or commercial data exploitation, and does not process information in a manner inconsistent with the non-custodial, decentralised, and trustless design of the Arcane protocol.

4.1. Permitted purposes of processing. The Company may process limited categories of personal data solely for the following purposes and on the corresponding legal bases:

4.1.1. Operation and security of the Platform interfaces. To operate, maintain, and secure the website and Platform interfaces, including ensuring availability, performance, integrity, and protection against abuse, malicious activity, or technical failures. This includes processing limited technical or diagnostic information necessary to detect errors, mitigate attacks, ensure system stability, and safeguard the interfaces against misuse.

4.1.2. User-initiated communications and support. To receive, review, and respond to communications voluntarily initiated by Users, including support requests, technical inquiries, vulnerability disclosures, governance-related communications, or other protocol-related correspondence. Information provided in such communications is processed solely for the purpose of responding to the inquiry or taking appropriate follow-up action and is not used for marketing, profiling, or unrelated activities.

4.1.3. Abuse prevention and Platform integrity. To implement proportionate measures to protect the website and Platform interfaces from abuse, denial-of-service attacks, automated scraping, or other activities that could compromise availability, security, or User experience. Such measures are applied at the interface or infrastructure level only and do not involve monitoring, analysing, or restricting protocol-level transactions or on-chain activity.

4.1.4. Compliance posture enforcement. To enable risk screening of wallet addresses at the interface layer and, where applicable, to support the on-chain compliance oracle that the Arcane smart contract consults before processing a transaction. The Company does not maintain a centralised database of risk-scored Users; screening results are consumed at the moment of transaction.

4.1.5. Protection of rights and legitimate interests. To the extent reasonably necessary, to establish, exercise, or defend the Company's rights and interests, including in connection with dispute resolution, investigations, enforcement of the Terms, or response to credible claims or requests directed at the Company. Any processing for such purposes is limited in scope, handled proportionately, and confined to off-chain information within the Company's possession or control.

4.2. No secondary or incompatible use. Information processed by the Company is not used for secondary purposes that are incompatible with the purposes described in this Section. In particular, the Company does not process information for:

• marketing, advertising, or promotional activities;
• behavioural analysis or user profiling;
• targeted communications or segmentation;
• automated decision-making producing legal or similarly significant effects; or
• sale, rental, licensing, or monetisation of information.

4.3. No automated decision-making or profiling. The Company does not engage in automated decision-making, profiling, scoring, or classification of Users that produces legal or similarly significant effects with respect to those Users. Automated processes associated with the Arcane protocol, including zero-knowledge proof verification, nullifier checks, Merkle root validation, and smart contract execution, are performed autonomously by the on-chain protocol and do not constitute decisions made by the Company. The Privacy Engine score is a property of a deposit derived from public on-chain data; it does not classify a User or produce a legal effect on a User.

4.4. Public blockchain processing disclaimer. To the extent that information recorded on public blockchains could be interpreted as personal data under certain frameworks, such information is not processed by the Company. Such data is generated, propagated, and made publicly available by decentralised blockchain infrastructure operating independently of the Company. The Company does not determine the purposes or means of such processing and does not have the technical ability to modify, delete, or restrict access to on-chain data.

4.5. Purpose limitation and proportionality. The Company applies strict purpose-limitation and proportionality principles and ensures that only the minimum amount of information necessary is processed for each permitted purpose. Information is not retained or repurposed beyond what is reasonably required to achieve the specific purpose for which it was processed.

5. Data sharing and disclosure

5.1. No sale or commercial disclosure. The Company does not sell, rent, license, trade, monetise, or otherwise commercially disclose information processed in connection with the Platform. Information is disclosed to third parties only where such disclosure is strictly necessary to operate and secure the Platform interfaces, to respond to User-initiated requests, or to protect the integrity and legitimate interests of the Company, and only to the minimum extent required for the relevant purpose.

5.2. Disclosure to service providers acting as data processors. The Company may disclose limited categories of information to carefully selected third-party service providers that support operation of the website and Platform interfaces. Such service providers may include providers of hosting, infrastructure, security monitoring, communications tooling, incident response, and professional advisory services. All such service providers are engaged under contractual arrangements that require them to:

• process information solely on the Company's instructions and only for the specified purpose;
• maintain appropriate confidentiality and security safeguards;
• refrain from using information for independent or commercial purposes; and
• delete or return information once the relevant services are complete, where feasible.

Disclosure to service providers does not include access to private keys, Secret Notes, cryptographic secrets, deposit notes, or protocol-level state.

5.3. Disclosure for security, abuse prevention, and Platform integrity. The Company may disclose limited information where reasonably necessary to investigate, prevent, or respond to security incidents, abuse, misuse of the Platform interfaces, or violations of the Terms. Such disclosures are limited to off-chain information within the Company's possession or control and do not involve monitoring or disclosure of on-chain activity, transaction data, or cryptographic material.

5.4. Disclosure to protect rights and interests. The Company may disclose limited information where reasonably necessary to establish, exercise, or defend its rights or interests, including in connection with disputes, claims, investigations, or enforcement of the Terms. Any such disclosure is proportionate, limited in scope, and confined to information relevant to the specific matter.

5.5. No disclosure of wallet, note, or cryptographic data. The Company does not disclose, and does not possess the technical capability to unilaterally access or disclose, private keys, seed phrases, Secret Notes, deposit notes, wallet-derived encryption keys, withdrawal proofs, nullifiers in unrevealed form, or any data enabling unilateral tracing or deanonymisation of protocol activity. Accordingly, the Company cannot and does not disclose such information to any third party under any circumstances. The Company is not in possession of a backdoor, escrowed key, master viewing key, or "god mode" capability with respect to the Arcane protocol.

5.6. Decentralised infrastructure and independent third parties. The Arcane protocol operates on decentralised blockchain infrastructure and relies on independent third parties, including blockchain validators, relayer operators (selected algorithmically from an open, staked relayer set), RPC providers, oracle operators, wallet providers, and other network participants. These parties operate autonomously, are not controlled or directed by the Company, and independently determine the purposes and means of any information processing they perform. The Company does not act as a joint controller or intermediary with respect to such parties and does not assume responsibility for their data-handling practices. Users interact with such third parties at their own discretion and are responsible for reviewing their respective privacy practices.

5.7. Corporate transactions. In the event of a merger, acquisition, restructuring, financing, insolvency, or similar corporate transaction, limited information may be disclosed to professional advisers, counterparties, or potential acquirers solely to the extent reasonably necessary to evaluate or complete the transaction. Any such disclosure is subject to appropriate confidentiality obligations and does not expand the purposes for which information is processed.

5.8. Cross-border data handling. The Platform is globally accessible, and limited categories of information processed by the Company may be accessed or handled across jurisdictions as part of normal operation of the website and interfaces. Where information is handled across borders, the Company applies reasonable contractual, technical, and organisational safeguards proportionate to the limited nature of the information involved.

5.9. No public disclosure by the Company. The Company does not publicly disclose information processed in connection with the Platform, including through public reports, transparency dashboards, or analytics outputs. Any information visible on public blockchains exists independently of the Company's actions and is not disclosed, published, or controlled by the Company.

6. Cookies and similar technologies

6.1. The website may use cookies or similar technical mechanisms that are strictly necessary to support core functionality, security, and basic performance of the website and Platform interfaces. Such technologies are used solely to enable essential services, maintain session integrity, prevent abuse, and ensure the secure and reliable delivery of content.

6.2. The Company limits its use of cookies and similar technologies to the following categories only:

• Strictly necessary cookies, which are required for the operation, security, and basic functionality of the website and interfaces; and
• Performance and error-monitoring technologies, used solely to detect technical issues, diagnose errors, and maintain operational stability.

6.3. The Company does not deploy cookies or similar technologies for advertising, behavioural tracking, cross-site tracking, fingerprinting, profiling, or marketing purposes.

6.4. Information derived from cookies or similar technologies is not linked, correlated, or associated with:

• wallet addresses or wallet-connection metadata;
• blockchain transactions, deposits, or withdrawals;
• Secret Notes, commitments, nullifiers, or zero-knowledge proofs; or
• any on-chain or protocol-level state.

6.5. Cookie-derived information is processed independently of the Arcane protocol and is limited to off-chain website functionality. Users may configure their browser settings to refuse or limit cookies. However, disabling strictly necessary cookies may affect the functionality, security, or availability of certain website features.

6.6. The Company does not permit third-party advertising networks, data brokers, or marketing-analytics providers to place cookies or similar tracking technologies on the website.

7. Frontend diagnostics and platform performance

7.1. To ensure the availability, stability, and security of the website and Platform interfaces, the Company may process limited technical and diagnostic information generated through User interactions with the frontend. Such information is processed solely to identify and resolve technical malfunctions, improve reliability, prevent abuse or malicious activity targeting the interfaces, and maintain the integrity and availability of the Platform.

7.2. Frontend diagnostic and performance information may include:

• error logs and crash reports;
• failed or incomplete interface loads;
• transaction broadcast or submission failures at the interface level;
• connectivity or latency issues related to RPC access; and
• basic performance metrics relating to interface responsiveness or availability.

7.3. Frontend diagnostic information is:

• processed only at the interface or infrastructure level;
• not used to identify individual Users;
• not correlated with wallet addresses, Secret Notes, deposit-pool activity, or withdrawal outcomes; and
• not used for profiling, behavioural analysis, or tracking.

Where feasible, such information is processed in an aggregated, transient, or anonymised form.

7.4. Frontend diagnostic information is retained only for the period reasonably necessary to investigate and resolve the relevant technical issue, after which it is deleted or irreversibly anonymised. The Company does not retain frontend diagnostic data as a persistent identifier or for long-term analytical purposes.

7.5. Processing of frontend diagnostic information does not involve monitoring, analysing, or restricting protocol-level transactions or on-chain activity. The Company does not observe, record, or infer User behaviour within the Arcane protocol as part of frontend diagnostics.

8. Wallet connection metadata

8.1. When a User connects a self-custodied blockchain wallet to the Platform interface, the Company may incidentally process limited connection-related metadata strictly necessary to enable the connection and facilitate interface functionality. Such metadata may include the wallet software type, network selection, connection status, and basic success or failure indicators.

8.2. The Company does not collect, store, access, or process:

• private keys, seed phrases, signing material, or authentication credentials;
• wallet addresses as persistent personal identifiers;
• transaction payloads, message contents, or execution parameters;
• Secret Notes, deposit notes, encrypted note backups, commitments, nullifiers, or zero-knowledge proofs; or
• protocol-level state or on-chain activity.

8.3. Wallet connection metadata is:

• processed on an ephemeral basis;
• not retained as a persistent identifier;
• not used to track Users across sessions or visits;
• not correlated with protocol activity, transaction outcomes, or blockchain data; and
• not used for profiling, behavioural analysis, analytics, or marketing.

8.4. Wallet connection functionality does not grant the Company custody, control, or access to User assets or cryptographic material. The Company does not monitor, analyse, or infer User activity within connected wallets or within the Arcane protocol.

8.5. Wallet software and wallet providers are independent third parties. The Company does not control their operations, security practices, or data handling and is not responsible for information processed by such providers. Users are responsible for reviewing and understanding the privacy practices of their chosen wallet providers.

9. Abuse prevention and Platform integrity

9.1. The Company may implement proportionate technical measures at the website or interface level to protect the Platform from abuse, misuse, or malicious activity, including rate limiting, automated traffic controls, denial-of-service mitigation, and similar safeguards. Such measures are designed solely to protect the availability, stability, and security of the Platform interfaces.

9.2. Abuse-prevention measures:

• operate at the interface or infrastructure access layer only;
• rely on limited technical indicators necessary to detect abnormal or malicious traffic patterns;
• do not involve persistent tracking of Users or devices; and
• are not used for profiling, behavioural analysis, surveillance, or commercial monitoring.

The Company does not use abuse-prevention mechanisms to identify Users, infer identities, or associate activity across sessions or platforms.

9.3. Any measures implemented under this Section affect only access to Company-operated interfaces and do not alter, restrict, or interfere with the autonomous operation of the Arcane smart contract or on-chain protocol functionality. Users may continue to interact directly with the Arcane protocol through other means independent of the Company's interfaces, subject to the on-chain compliance oracle's verification of signed risk data.

10. SDKs, developer tools, and third-party implementations

10.1. The Arcane protocol may be accessed or integrated through SDKs, the Arcane Pay API, reference implementations, or tooling made available by the Company. Third-party developers who integrate the protocol or SDK into their own applications operate independently and are solely responsible for any information processing conducted within their applications or services.

10.2. The SDKs and reference implementations provided by the Company do not transmit personal information, telemetry, analytics, or usage data to the Company by default. The Company does not receive information regarding how third-party applications use the protocol, including information relating to deposits, withdrawals, relayer selection, or Privacy Engine consumption, unless such transmission is explicitly implemented by the third-party developer.

10.3. Where a developer uses the Arcane Pay API (including webhooks or wallet-set management for up to the API's documented limits), the Company processes only the minimum metadata required to operate the API for that developer's account (such as an API key identifier and request counters). The Company does not link this metadata to end-user identities and does not receive end-user wallet keys, Secret Notes, or proof material.

10.4. The Company does not control, audit, or monitor third-party applications built using the Arcane protocol or SDKs and does not act as an intermediary, controller, or processor with respect to information processed by such applications. Users interact with third-party applications at their own discretion and are responsible for reviewing the privacy practices and terms of such applications.

10.5. The decentralised and open nature of the Arcane protocol permits independent implementations and integrations beyond the Company's control. The Company does not assume responsibility for the data-handling practices, security measures, or compliance obligations of independent developers or third-party services.

11. Browser-based preferences

11.1. Certain user-interface preferences, such as language selection, display settings, anonymity-set view options, or interface configuration, may be stored locally within the User's browser or device environment to improve usability and functionality.

11.2. Such preferences:

• are stored locally and remain under the User's control;
• are not transmitted to the Company unless technically necessary for website functionality;
• are not linked to wallet addresses, protocol activity, or on-chain data; and
• are not used to identify Users, track behaviour, or infer identities.

11.3. The Company does not use browser-based preferences to create user profiles or persistent identifiers.

12. Data retention and storage limitation

12.1. Principles of data minimisation and storage limitation. The Company adheres to strict data-minimisation and storage-limitation principles. Information is retained only for as long as is reasonably necessary to fulfil the specific, explicit, and legitimate purposes for which it is processed, as described in this Privacy Policy. The Company does not retain information on a continuous, indefinite, or speculative basis, and does not retain information for profiling, behavioural analysis, surveillance, or any purpose inconsistent with the non-custodial, decentralised, and permissionless nature of the Arcane protocol.

12.2. Categories of information subject to retention. To the limited extent that information is processed, retention applies only to the following categories:

• Technical and security information, including limited network or device metadata, truncated IP-address fragments, timestamps, and error or access logs, processed solely for security, integrity, and operational purposes;
• User-initiated communications, including correspondence voluntarily submitted by Users through support, disclosure, governance, or contact channels; and
• Security, abuse, or integrity records, where retention is reasonably necessary to investigate incidents, prevent misuse of the Platform interfaces, or protect the Company's legitimate interests.

For the avoidance of doubt, the Company does not retain private keys, seed phrases, Secret Notes, wallet-derived encryption keys, deposit-pool linkages, withdrawal proofs, protocol state, or persistent identifiers intended to track or correlate User activity over time.

12.3. Determination of retention periods. Retention periods are determined on a category-specific basis and are proportionate to the purpose for which the information is processed:

• Technical and security logs are retained only for a short, rolling period necessary to maintain platform security, diagnose issues, and prevent abuse, after which they are deleted or irreversibly anonymised;
• User-initiated communications are retained for the duration necessary to respond to the inquiry and for a reasonable follow-up period, unless longer retention is justified by security, operational, or integrity considerations; and
• Security or abuse-related records may be retained for longer periods where reasonably necessary to investigate incidents, resolve disputes, or protect the Platform and the Company.

Where feasible, information is anonymised or aggregated prior to extended retention.

12.4. On-chain and decentralised data. Blockchain data, including commitments, nullifiers, Merkle-tree updates, encrypted Secret Note backups, and other protocol-level state, is recorded on public, permissionless blockchain infrastructure outside the Company's control. Such data is not stored by the Company in off-chain databases, cannot be modified, deleted, or selectively retained by the Company, and is governed exclusively by the rules of the underlying blockchain networks. Accordingly, on-chain data does not constitute Company-retained information for the purposes of this Privacy Policy.

12.5. Storage location and access controls. Where information is retained, it is stored on systems subject to access controls proportionate to the sensitivity and nature of the information. Access is restricted to authorised personnel on a need-to-know basis, and reasonable technical and organisational safeguards are implemented to prevent unauthorised access, loss, alteration, or misuse. The Company does not operate centralised databases mapping protocol activity to identifiable Users.

12.6. Deletion and anonymisation. The Company implements procedures designed to ensure that information is deleted without undue delay once it is no longer necessary for the purposes for which it was processed, or irreversibly anonymised so that it can no longer be associated with an identifiable individual. Deletion may occur automatically through system processes or manually following periodic review.

12.7. Retention exceptions. Where information is reasonably required to address security incidents, misuse of the Platform interfaces, disputes, or other integrity-related matters, the Company may retain such information for the duration necessary to resolve the relevant issue.

12.8. No custodial, monitoring, or recordkeeping obligations. Nothing in this Section shall be interpreted as creating any obligation on the Company to monitor User activity, retain transaction-level data, act as a recordkeeper, or assume custodial, fiduciary, or surveillance responsibilities in respect of User assets or protocol interactions.

12.9. Explicit exclusions. For the avoidance of doubt, the Company does not:

• conduct behavioural analytics or user profiling;
• perform wallet clustering, transaction surveillance, or deanonymisation;
• deploy fingerprinting or cross-device tracking technologies;
• monitor protocol activity for compliance or enforcement purposes (the on-chain compliance oracle operates autonomously);
• sell, rent, monetise, or commercially exploit information;
• enrich blockchain data with off-chain identifiers; or
• use automated tools to score, classify, or rank Users.

13. Data security and safeguards

13.1. Security-by-design and proportionality. The Company implements security measures designed to protect information processed in connection with the Platform against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Such measures are implemented on a proportionate basis, taking into account the limited nature of the information processed by the Company, the decentralised and non-custodial architecture of the Arcane protocol, the role of the Company as an interface and tooling provider, and the technical feasibility of safeguards. The Company does not maintain centralised repositories of protocol transaction data, decrypted cryptographic material, or User identity records.

13.2. Technical safeguards. The Company employs technical safeguards appropriate to the nature and scope of its operations, which may include:

• secure hosting and infrastructure environments;
• encryption of data in transit where appropriate;
• access controls, authentication mechanisms, and role-based permissions;
• system hardening, patch management, and environment segregation;
• logging and monitoring for security and integrity purposes; and
• reasonable measures to prevent unauthorised access or misuse of systems.

The Company does not have access to private keys, seed phrases, Secret Notes, wallet-derived encryption keys, or decrypted protocol data and therefore cannot secure, recover, or restore such information.

13.3. Organisational measures. The Company implements organisational safeguards proportionate to its operational scope, which may include internal access restrictions, confidentiality obligations for personnel and contractors, and internal procedures governing handling of information processed in connection with the Platform. Access to information is limited to authorised individuals on a need-to-know basis and is restricted to the minimum extent necessary to perform operational, security, or support functions.

13.4. Decentralised and cryptographic security boundary. The Arcane protocol relies on cryptographic primitives (zk-SNARKs, Poseidon-style hashing, commitment trees, nullifier sets), an industry-standard trusted setup, decentralised blockchain infrastructure, independent validator networks, an open relayer network, signed-oracle compliance data, and other third-party systems. The security of on-chain transactions, deposit-pool integrity, and protocol-level state depends in part on factors outside the Company's control, including the security of User-managed wallets, private keys, devices, Secret Notes, and third-party infrastructure. The Company does not control and cannot guarantee the security, availability, or correctness of decentralised networks or third-party systems.

13.5. No absolute security guarantee. No system is completely secure. The Company does not warrant or guarantee that information, cryptographic mechanisms, decentralised infrastructure, or third-party services will be immune from unauthorised access, compromise, failure, or attack. Users acknowledge and accept that residual risks are inherent in the use of decentralised and cryptographic systems.

13.6. User security responsibilities. Users are solely responsible for safeguarding their private keys, seed phrases, Secret Notes, credentials, devices, wallet software, and any other tools used to access the Platform. The Company cannot recover lost credentials, restore access, regenerate lost Secret Notes, or reverse transactions resulting from User error, compromise, loss of keys, or misuse of third-party services. The encrypted on-chain backup of Secret Notes is a convenience feature that depends on the User's continued ability to produce a wallet signature; it does not constitute Company custody of those notes.

13.7. Incident response. The Company maintains internal procedures designed to identify, assess, and respond to security incidents affecting information processed in connection with the Platform interfaces. Where a security incident materially affects the integrity or availability of the website or interfaces, the Company may take reasonable steps to mitigate impact, investigate the issue, and restore functionality. The Company does not monitor protocol-level activity as part of incident response.

13.8. No monitoring or surveillance obligation. Nothing in this Section shall be construed as imposing any obligation on the Company to monitor User activity, conduct proactive surveillance, analyse protocol transactions, or assume custodial, fiduciary, compliance, or enforcement responsibilities.

14. User rights

14.1. To the extent the Company processes limited categories of information in connection with the Platform, Users may request reasonable access to, correction of, or deletion of such information, subject to the technical and operational constraints described in this Privacy Policy. This Section applies only to information processed by the Company in its capacity as an operator of off-chain interfaces and resources. It does not apply to:

• data recorded on public or permissionless blockchain networks;
• commitments, encrypted Secret Note backups, nullifiers, Merkle-tree data, or protocol-level state;
• information processed exclusively within User-controlled wallets or devices; or
• information processed independently by third parties outside the Company's control, including chain analytics providers, indexers, and the screening provider's own datasets.

Nothing in this Section requires the Company to collect additional information, re-identify Users, or compromise the privacy-preserving design of the Arcane protocol in order to respond to a request.

14.2. Access to information. Users may request confirmation as to whether the Company processes information relating to them and, where applicable, request access to such information. Due to the non-custodial, pseudonymous, and decentralised nature of the Platform, the Company may be unable to associate information with a specific individual without additional information provided by the User. Access requests are therefore limited to information the Company can reasonably identify and retrieve without disproportionate effort.

14.3. Correction of information. Where information processed by the Company is demonstrably inaccurate or incomplete, Users may request correction. This right does not apply to immutable blockchain data, cryptographic protocol state, or information generated or controlled by decentralised infrastructure or independent third parties.

14.4. Deletion of information. Users may request deletion of information processed by the Company where such information is no longer necessary for the purpose for which it was processed. Users acknowledge that the Company cannot delete, modify, or reverse on-chain data or protocol-level state, and that anonymised or aggregated information may no longer be attributable to an identifiable individual. Deletion requests may be declined where retention is reasonably necessary to address security incidents, prevent misuse, or protect the Company's legitimate interests.

14.5. Limitation of processing. Where appropriate, Users may request that processing of certain information be limited. Any such limitation applies solely to off-chain information processed by the Company and does not affect autonomous protocol execution or decentralised infrastructure.

14.6. Exercising requests. Requests relating to this Section may be submitted to legal@arcaneprivacy.com.

14.7. To protect security and integrity, the Company may request reasonable information to verify the request and may decline requests that are manifestly unfounded, excessive, technically infeasible, or incompatible with the decentralised design of the Platform.

15. Children's data

15.1. The Platform and the Arcane protocol are not intended for use by children. The Company does not knowingly collect or process information relating to individuals below the age at which they may lawfully provide information without parental consent.

15.2. The Company does not implement age-verification mechanisms or identity checks, as the Platform operates on a permissionless, non-custodial, and pseudonymous basis. Compliance with age-related requirements remains the responsibility of Users.

15.3. If the Company becomes aware that it has inadvertently processed information relating to a child, it will take reasonable steps to delete such information where technically feasible and appropriate.

16. Cross-border data handling

16.1. The Platform is globally accessible, and limited categories of information processed by the Company may be handled across jurisdictions as part of operating the website and interfaces. Such handling is limited in scope and confined to information necessary for the purposes described in this Privacy Policy.

16.2. Where information is handled across borders, the Company applies reasonable technical, organisational, and contractual safeguards proportionate to the limited nature of the information involved.

16.3. Decentralised infrastructure participants, including validators, relayer operators, RPC providers, oracle operators, and wallet providers, operate independently and may process information in jurisdictions of their choosing. The Company does not control the location, governance, or data-handling practices of such participants and does not act as an intermediary or joint operator in respect of their activities.

17. Policy updates, contact, and governance

17.1. Updates to this Privacy Policy. The Company may amend or update this Privacy Policy from time to time to reflect changes in Platform functionality, technical architecture, operational practices, or organisational structure. Updates will be effective as of the "Last updated" date indicated at the top of the Policy. Continued use of the Platform following an update constitutes acknowledgement of the revised Policy.

17.2. Relationship to Terms and protocol architecture. This Privacy Policy must be read together with the Terms and Conditions governing access to and use of the Platform. Nothing in this Policy modifies the non-custodial or decentralised nature of the Arcane protocol, creates custodial or monitoring obligations, or expands the Company's role beyond that of an off-chain interface and tooling provider. In the event of any inconsistency, the Terms prevail.

17.3. Contact information. For questions, requests, or concerns relating to this Privacy Policy, Users may contact legal@arcaneprivacy.com. The Company does not maintain user accounts or identity databases. Accordingly, responses may be limited by technical feasibility and privacy-preserving constraints. Nothing in this Privacy Policy shall be construed as a waiver of any rights or defences available to the Company, or as a representation that the Company processes information beyond what is expressly described herein.