Terms and Conditions

These Terms and Conditions ("Terms") constitute a legally binding agreement between the user ("User," "you") and Arcane Privacy Foundation, a foundation duly organised and existing under the laws of the Republic of the Marshall Islands, together with its affiliates and subsidiaries worldwide (the "Company," "Arcane," "we," "us," or "our"). The Company develops and operates access points and reference implementations for the privacy protocol deployed on the Solana blockchain (the "Protocol"), comprising a single on-chain smart contract (designed for permanent immutability once all features have shipped) together with the Privacy Vault, Arcane Pay (Send / Import Send / Collect), Arcane Swap, Secret Notes, the Compliance Tool, the Privacy Engine, the Arcane Pay API, and other features described in the Company's documentation. The Company provides access to a suite of non-custodial, privacy-preserving tools, including the web-based interface available at https://arcaneprivacy.com/ (the "Website"), the application available at https://app.arcaneprivacy.com, dashboard-related user interfaces, APIs, decentralised applications, and any associated or successor software, sites, systems, or services (collectively, the "Platform").

By accessing, interacting with, or using the Platform in any manner, including by connecting a wallet, submitting a transaction, generating a Secret Note, selecting a Relayer, or clicking "Accept" or a similar acknowledgement, you expressly:

• confirm that you have read, understood, and agreed to be bound by these Terms;
• represent and warrant that you have the legal capacity and authority to enter into these Terms; and
• agree that such acceptance creates a binding contract between you and the Company under the laws of the Republic of the Marshall Islands.

If you do not agree to these Terms, you must immediately discontinue use of the Platform. If you are accepting these Terms on behalf of a company, organisation, or other legal entity, you represent and warrant that you have full authority to bind such entity to these Terms. In such circumstances, references to "you" or "your" shall refer to that entity. If you do not possess such authority, or if you do not agree to all of these Terms, you must not access or use the Platform.

These Terms, together with the Privacy Policy and any additional policies, notices, or guidelines issued by the Company from time to time, constitute the entire agreement between you and the Company with respect to your access to and use of the Platform, and supersede all prior or contemporaneous understandings or agreements, whether written or oral.

The Company may suspend, restrict, or interrupt access to the Platform interfaces for scheduled or unscheduled maintenance, security remediation, upgrades, or technical reasons. The on-chain Protocol itself is designed to be immutable and operates independently of any Company-operated interface. Although the Company will use reasonable efforts to minimise disruption, it does not guarantee advance notice and shall not be liable for any consequences of such suspension or interruption.

The failure or delay by the Company to enforce any provision of these Terms will not constitute a waiver of that provision or of any other rights, unless such waiver is expressly made in writing by an authorised representative of the Company. If any provision of these Terms is held invalid or unenforceable by a competent tribunal, the remaining provisions shall remain in full force and effect. You may not assign, transfer, or delegate any rights or obligations under these Terms without the Company's prior written consent. The Company may assign or transfer its rights or obligations under these Terms to an affiliate or successor without restriction.

Nothing in these Terms shall be construed to create or imply any partnership, joint venture, employment, fiduciary, or agency relationship between you and the Company. Neither party has authority to bind or obligate the other in any manner except as expressly provided in these Terms.

1. Definitions

"Compliance Tool"

The voluntary, client-side feature of the Platform that allows a User to generate a proof-of-funds report (e.g., a PDF) linking a specific deposit to a specific withdrawal, using the User's own Secret Note as input.

"Compliance Oracle"

The decentralised oracle that publishes cryptographically signed risk data consumed by the Arcane smart contract before processing a transaction, such that flagged wallets are rejected at the program level regardless of how the transaction is submitted.

"Fixed Denomination" / "Denomination"

The fixed-size unit of a deposit within a given Privacy Pool (for example, 1 SOL, 10 SOL, 100 SOL). Every deposit in a Pool is exactly the same size; amount-correlation is eliminated by design rather than by encryption.

"Indexer"

Off-chain, read-only software that observes and organises publicly available blockchain data (including commitment trees and Privacy Pool metrics) for informational and usability purposes only.

"Interface-Level Controls"

Automated, objective mechanisms that affect routing, prioritisation, or visibility of Relayers within Arcane-operated interfaces without affecting transaction validity, authorization, custody, or asset ownership.

"Privacy Engine"

The real-time component of the Platform that, using publicly verifiable on-chain inputs, computes a 0–100 privacy score for an individual deposit. The score is a property of a deposit; it is not a profile of a User and does not classify Users.

"Privacy Pool" / "Pool"

A collection of unspent deposits of the same fixed denomination of a given supported token, which together form the anonymity set against which any individual withdrawal is indistinguishable.

"Relayer"

An independent, off-chain operator that participates in the open, staked relayer network and, at a User's request, submits a fully authorized blockchain transaction and fronts applicable network transaction fees, without discretion to modify, redirect, approve, or reject transaction contents or access User funds.

"Secret Note"

A User-held cryptographic secret generated locally at the time of deposit, which is required to construct the zero-knowledge proof necessary to spend (withdraw or transfer) the corresponding deposit. The Secret Note may, as a convenience, be backed up on-chain in a form encrypted with a key derived from the User's wallet signature; the Company has no access to that key.

"$ARCANE Token"

The native token of the Arcane ecosystem (Solana SPL token; verify the official contract on the Website), used for governance, relayer staking, and participation in the privacy-pool fee accrual mechanism. Holding $ARCANE does not entitle a person to any custodial or fiduciary relationship with the Company.

2. Interpretation

2.1. Modifications. We reserve the right to change or modify these Terms at any time and at our sole discretion by posting a notification on the Platform. Any changes to or modifications of these Terms will be in effect as of the "Last updated" date referred to at the top. You should review these Terms before accessing the Platform. By accessing the Platform after the "Last updated" date, you accept and agree to the revised Terms.

2.2. Comprehensive agreement. These Terms, the Privacy Policy, and any rules outlined on the Platform constitute a legally binding and enforceable agreement between the Company and you, as an end-user of the Platform. These Terms supersede any prior or contemporaneous negotiations, discussions, agreements, understandings, representations, and warranties, whether written or oral, between you and us regarding the subject matter.

2.3. Headings. The headings and subheadings in these Terms are for ease of reference only and are not to be taken into account in the construction or interpretation of any provision or provisions to which they refer.

2.4. Extended meaning. Unless otherwise specified, words importing the singular include the plural and vice versa, and words importing one gender include all genders. The words "include," "includes," or "including" are to be interpreted on an inclusive basis and deemed to be followed by the words "without limitation." The language in these Terms is to be interpreted as to its fair meaning and not strictly for or against any party.

3. Eligibility

3.1. You must be of legal age in your jurisdiction and capable of forming a legally binding contract. Users lacking legal capacity must not access or use the Platform.

3.2. Access is permitted only from jurisdictions where the use of privacy-enhancing blockchain technologies is lawful. You may not use the Platform if it would require the Company to obtain licences, authorizations, or registrations under local laws.

3.3. You must not be located in, ordinarily reside in, or access the Platform from a jurisdiction subject to international sanctions. You must not be a person or entity subject to sanctions administered by OFAC, EU, UN, UK, or equivalent authorities. The Arcane Compliance Oracle additionally enforces sanctions screening at the smart contract level.

3.4. You are eligible to use the Platform only if you access and interact with it using self-custodied wallets that you control. The Platform is intended only for Users capable of managing private keys, wallets, Secret Notes, and blockchain transaction submissions securely.

3.5. Eligibility requires sufficient familiarity with blockchain systems, including the ability to evaluate and manage risks relating to irreversible transactions, gas / network fees, Relayer execution mechanisms, fixed-denomination decomposition of deposit amounts, and loss of access to private keys, wallet credentials, or Secret Notes.

3.6. Eligibility requires consent to electronic terms and enforcement through digital signatures and wallet-based authorization.

3.7. Eligibility requires that use of the Platform complies with applicable financial, AML / CFT, sanctions, tax, and privacy laws in your jurisdiction.

3.8. The Platform is non-custodial and is available only to Users who have the technological ability to self-manage digital assets without custodial support.

4. About the Platform

Arcane is a privacy protocol on the Solana blockchain that allows Users to move digital assets without exposing transactional relationships on-chain. The Protocol restores confidentiality to on-chain value flows by combining fixed-denomination Privacy Pools, zk-SNARK withdrawal proofs, Merkle commitments, nullifiers, and an open relayer network into a single on-chain smart contract.

At its core, Arcane allows a User to deposit a fixed denomination of a supported token into a Privacy Pool, receive a Secret Note, and later spend that note to a different address through a zero-knowledge proof that does not reveal which deposit is being spent. Every deposit in a given Pool is identical in size, and the anonymity set consists of all unspent deposits in that Pool. Privacy is achieved through indistinguishability rather than encryption: there is nothing to break because there is nothing to hide.

Arcane introduces a unified product surface that includes the Privacy Vault (deposits and withdrawals), Arcane Pay (Send, Import Send, Collect for up to the documented maximum of recipients per operation), Arcane Swap (private swaps that feed the same Pools), Secret Notes (with optional encrypted on-chain backup), and the Compliance Tool (voluntary, client-side proof-of-funds reports). All products share the same Pools and the same on-chain contract.

All interactions with the Arcane Protocol occur through standard Solana addresses and wallet-signed transactions executed directly against the autonomous on-chain smart contract. The Protocol is fully non-custodial: Arcane does not hold User assets, control funds, or act on behalf of Users. Transaction initiation, authorization, and key management remain entirely with the User, and no component of the Protocol has the technical ability to access or move User assets unilaterally.

Current state and intended immutability. The Arcane smart contract is designed for permanent immutability once all features have shipped. During the current development phase, the Company retains an upgrade authority over the on-chain contract in order to deliver remaining functionality, integrate planned features, and address security issues. That upgrade authority is limited to changes to the program itself; it does not grant the Company custody of, or any technical ability to access, User funds, Secret Notes, deposit notes, wallet-derived encryption keys, or cryptographic secrets. Once feature development is complete, the upgrade authority is intended to be revoked, at which point the contract will operate as a permanently immutable program with no admin key, no upgrade authority, no pause function, no operator that can alter behaviour, and no master viewing key. Until that point, Users should treat the existence of the upgrade authority as a risk and review Section 14 (User responsibilities and risks) accordingly.

The Compliance Oracle enforces sanctions and risk screening at the smart contract level: the program itself rejects flagged wallets regardless of how a transaction is submitted.

The Protocol is permissionless. An open, staked relayer network may assist with transaction submission under explicit User authorization, improving usability without compromising privacy or custody. Any Interface-Level Controls applied to relayer routing within Arcane-operated interfaces are automated, objective, and do not alter the non-custodial or permissionless nature of the Protocol.

5. Services and functionality

5.1. Platform services. The Platform provides non-custodial technical interfaces enabling Users to interact with the Arcane smart contract deployed on the Solana blockchain. The Platform facilitates access to the Protocol's privacy-preserving functionality without taking custody of assets, managing private keys, or executing transactions on behalf of Users. Platform services may include, without limitation:

• wallet-based connection and transaction signing;
• deterministic, local generation of Secret Notes at the time of deposit;
• construction of deposit, withdrawal, transfer, and swap transactions against the Arcane smart contract;
• deposit of supported digital assets into fixed-denomination Privacy Pools;
• submission of withdrawal transactions utilising zero-knowledge proofs;
• optional routing of withdrawal transactions through independent, staked Relayers;
• the Arcane Pay product (Send, Import Send, Collect), including multi-recipient flows up to the documented maximum;
• the Arcane Swap product;
• the Compliance Tool, a voluntary client-side proof-of-funds generator;
• real-time Privacy Engine score (0–100) and status tier per individual deposit;
• encrypted on-chain backup of Secret Notes (encrypted with a key derived from the User's wallet signature; never with a Company-held key);
• the Arcane Pay API for developers (subject to documented limits, including wallet-set size, fee parameters, and webhooks); and
• informational dashboards, monitoring tools, and Protocol-related analytics derived from public on-chain state.

The Platform acts solely as an access layer and does not modify, approve, or guarantee any on-chain transaction outcome.

5.2. Wallet-based access and on-chain interaction.

• Users access and interact with the Platform by connecting a compatible, self-custodied Solana wallet.
• No user registration, email address, or credential submission is required.
• All actions are executed through digitally signed blockchain transactions.
• The Company does not take custody of User assets or manage private keys.

5.3. Privacy functionality. The Platform enables Users to utilise Arcane's privacy-enhancing features, which include:

• creation of cryptographic commitments representing deposits into a fixed-denomination Privacy Pool;
• generation and local storage of a Secret Note, with optional encrypted on-chain backup;
• fully private withdrawals that break the on-chain link between deposit and withdrawal addresses through a zero-knowledge proof, a nullifier check, and Merkle root verification;
• multi-recipient payments through Arcane Pay, with unique Relayer routing per transaction; and
• the voluntary, client-side Compliance Tool for selective disclosure on a per-deposit basis.

5.4. Relayer assistance.

• The Protocol supports optional Relayer-assisted execution for private withdrawal transactions.
• Users may route transactions to an independently operated Relayer to abstract transaction fees and prevent linkage between the withdrawing wallet and the underlying Secret Note holder.
• Relayers operate independently and are not custodians, agents, or service providers of the Company. The Company does not control transaction contents, execution, or asset custody.
• The Company does not guarantee Relayer availability, uptime, solvency, responsiveness, execution timing, or successful settlement.
• A Relayer's refusal, inactivity, failure, or non-responsiveness may prevent successful withdrawal execution; the User retains the ability to select a different Relayer, run their own Relayer (subject to staking and protocol requirements), or interact with the Protocol directly without a Relayer.
• The Platform may apply automated, objective, and non-discretionary criteria to determine the routing, prioritisation, visibility, or availability of Relayers within Arcane-operated interfaces. Such criteria may include sanctions indicators, technical conformance, staking status, reliability metrics, abuse-prevention signals, and Protocol-integrity protections. These measures operate solely at the interface or routing level and do not affect the validity, authorization, or execution of transactions submitted directly to the blockchain.
• Relayer controls are implemented through algorithmic, score-based or preference-based selection rather than binary exclusion, except where required by applicable law or Protocol-integrity protections. Relayers may be deprioritised or omitted from default interface presentation without being blocked from independent operation or direct blockchain interaction.

5.5. Permissionless and pseudonymous access.

• The Protocol's core smart contract operates without identity-based onboarding or custody; however, the smart contract enforces sanctions and risk screening at the program level via the Compliance Oracle, and access to certain interfaces, execution pathways, or Relayer routing options may be subject to automated Interface-Level Controls.
• Users retain control over pseudonymous identifiers (wallet addresses) and over their own Secret Notes.
• The Company cannot recover lost wallet access, lost Secret Notes, or reverse executed transactions.

5.6. Smart contract execution.

• All execution is governed by the autonomous on-chain smart contract deployed to Solana.
• The smart contract executes deterministically, and individual confirmed transactions cannot be reversed.
• The Company does not control or intervene in validator behaviour or blockchain settlement processes. The contract is designed for permanent immutability once all features have shipped; until that point, the Company retains a limited upgrade authority as described in Section 4. Once the upgrade authority is revoked, the Company will be technically unable to upgrade, pause, or modify the deployed contract.

5.7. Fees and Protocol charges.

• The Protocol may impose Protocol-level or interface-level fees on deposits, withdrawals, transfers, swaps, or Relayer-assisted submissions. Fees may vary and are disclosed through the Platform interface at the time of use.
• Fees are assessed solely for use of the Protocol and do not constitute custody fees, execution guarantees, performance guarantees, or service-level commitments. No account-creation fees are charged.
• Fees generated by the Protocol may accrue to the Protocol treasury or to decentralised governance mechanisms (including the $ARCANE staking pool) and do not create any fiduciary, agency, or service obligation between the User and the Company.

5.8. Indexers and Privacy Engine.

• Indexers are off-chain, read-only systems that organise publicly available blockchain data for usability purposes only. They do not submit transactions, verify proofs, control execution, or affect asset ownership.
• The Privacy Engine consumes publicly verifiable on-chain inputs to compute a 0–100 score per deposit. The score is informational only, is a property of a deposit (not a User), and does not affect on-chain execution.
• Indexer and Privacy Engine availability, completeness, and accuracy are not guaranteed. Users may independently operate their own Indexers and compute equivalent metrics from public on-chain data.

5.9. Compliance Tool. The Compliance Tool is a voluntary, client-side feature. It does not transmit Secret Notes or report contents to the Company. The Company does not store, retain, or have access to any report generated by a User. Use of the Compliance Tool is at the User's discretion and remains the User's responsibility.

6. User interaction with the Protocol

This Section summarises, at a high level, the operational sequence for interacting with the Arcane Protocol. It is provided for conceptual clarity only and does not modify any other obligations or disclaimers contained in these Terms.

6.1. Wallet connection. Users interact with the Protocol by connecting a compatible, self-custodied Solana wallet through the front end or by programmatic means. No account registration, personal identifiers, or custodial credentials are required. All actions are authorised exclusively through cryptographic signatures generated by the User's wallet. The Company does not access, store, or control private keys.

6.2. Deposit into a Privacy Pool. To initiate privacy-preserving activity, a User selects a fixed denomination of a supported token and submits a deposit transaction to the corresponding Privacy Pool. For each deposit: (a) a cryptographic commitment is recorded on-chain; (b) a Merkle-tree leaf is appended to the shared protocol state; (c) the User receives a Secret Note locally; and (d) the User may, at their option, store the Secret Note encrypted on-chain (encrypted with a key derived from a wallet signature). The Protocol does not associate deposits with User identity or off-chain identifiers. Where a transaction amount exceeds the available denominations, the User may decompose the amount into multiple separate deposits across compatible denominations.

6.3. Local Secret Note management. Secret Notes are generated locally and controlled exclusively by the User. The Company and the Protocol do not generate, store, recover, escrow, or manage Secret Notes on behalf of Users and do not have access to such notes at any time. Loss, compromise, or misuse of a Secret Note may result in permanent loss of access to the corresponding deposit, with no recourse or recovery mechanism. The optional on-chain encrypted backup feature does not constitute Company custody: the encryption key is wallet-derived and is never accessible to the Company.

6.4. Compliance Oracle verification. Before processing a deposit or a withdrawal, the Arcane smart contract verifies cryptographically signed risk data published by the decentralised Compliance Oracle. Flagged wallets are rejected at the program level. This verification:

• cannot be bypassed by interacting with the smart contract directly;
• operates on wallet addresses, not on real-world identities;
• does not result in storage of an identity record by the Company; and
• is enforced autonomously by the smart contract, not by a Company decision.

6.5. Zero-knowledge withdrawal authorization. To withdraw assets from a Privacy Pool, a User generates a zero-knowledge proof demonstrating ownership of a valid Secret Note without revealing which deposit is being spent or linking the deposit to the withdrawal address. Upon submission to the smart contract:

• the proof is cryptographically verified on-chain;
• the nullifier is checked for uniqueness to prevent double-spending; and
• upon success, the requested amount is released to the destination address.

State transitions are final once confirmed on the Solana blockchain.

6.6. Relayer-mediated submission. For privacy-preserving reasons, a User may submit a withdrawal through a Relayer drawn from the open, staked relayer network. In such cases:

• the User constructs, authorizes, and cryptographically signs the transaction locally;
• the Relayer broadcasts the fully authorized transaction to the Solana network;
• applicable network fees are fronted by the Relayer; and
• any reimbursement, where applicable, is executed programmatically according to Protocol logic, including, where relevant, deduction from the withdrawn amount per the User's authorization.

Relayers do not custody funds, modify transactions, determine recipients, or control execution outcomes. Relayer availability, responsiveness, or continuity is not guaranteed and may affect the ability to complete certain Protocol actions.

6.7. Secret Note recovery (encrypted on-chain backup). Where a User has opted in to encrypted on-chain backup, the User may recover their Secret Notes on a new device by reconnecting the same wallet and producing the wallet signature required to derive the decryption key. The Company is not involved in this process and cannot perform it on a User's behalf. Loss of the wallet or its signing capability results in permanent loss of access to the backed-up notes.

7. Relayers, automation, routing, and interface controls

7.1. Core principle. Relayer-related automation operates exclusively at the interface and routing level and does not affect transaction validity, authorization, execution, custody, or asset ownership. No automation implemented by the Company or the Protocol shall:

• freeze, seize, or take custody of User funds;
• invalidate, reverse, or modify blockchain transactions; or
• require human approval for transaction execution.

Automation may only determine whether and how Relayers are surfaced, deprioritised, or excluded within Arcane-operated interfaces. The Compliance Oracle, by contrast, operates at the smart contract layer and is enforced autonomously; it does not constitute Company-controlled discretion.

7.2. Automated Relayer control model. For privacy-preserving reasons, withdrawals may be submitted via a Relayer drawn from the open, staked relayer network. Users acknowledge and accept that:

• inability or refusal of a specific Relayer to submit a transaction may delay execution, but does not constitute custody of, or restriction over, User assets;
• Users may select an alternative Relayer or interact with the Protocol directly; and
• ownership of assets remains with the User at all times, notwithstanding execution dependencies.

7.3. Interface control. Relayer selection, routing, and availability within Arcane-operated interfaces may be governed by automated, objective, and non-discretionary mechanisms that may consider:

• legal or sanctions-related risk indicators (consistent with the Compliance Oracle posture);
• staking status and economic security;
• technical conformance and Protocol-integrity requirements;
• performance, availability, or reliability metrics; and
• abuse-prevention or network-safety protections.

These mechanisms do not affect transaction validity, authorization, cryptographic correctness, or asset ownership.

7.4. Interface-level measures. In exceptional circumstances involving active exploitation, systemic Protocol risk, or legal compulsion, temporary interface-level restrictions may be applied to Relayer routing. Such measures are: (a) limited to routing and interface availability; (b) time-bound; and (c) without effect on transaction validity, smart contract logic, or User asset ownership. Such interface-level measures cannot alter the smart contract itself; the contract is designed for permanent immutability once all features have shipped, and any upgrades that occur during the current development phase are governed by Section 4 rather than by interface-level controls.

7.5. Relayers do not act as agents, custodians, fiduciaries, or service providers of the Company. The Company does not guarantee Relayer availability, uptime, responsiveness, or execution success. Users assume all risks associated with reliance on Relayer-mediated transaction submission, and any User may, subject to staking and protocol requirements, operate their own Relayer.

8. $ARCANE token, staking, and the privacy pool

8.1. The $ARCANE token is the native token of the Arcane ecosystem, issued as a Solana SPL token. The authoritative contract address is published on the Website. You should always verify the contract address directly on the Website before transacting.

8.2. $ARCANE is used for governance, relayer staking, and participation in the privacy-pool fee accrual mechanism. Holding, staking, or otherwise using $ARCANE does not entitle the holder to any custodial, fiduciary, employment, or agency relationship with the Company, nor to any guarantee of monetary value, return, yield, profit, or any other economic outcome.

8.3. Relayer staking. Independent operators may participate in the open relayer network by staking $ARCANE in accordance with Protocol parameters. Staking is performed at the operator's sole risk. The Company does not guarantee the financial outcome, slashing protection, or continuous operation of any staked Relayer.

8.4. Governance. $ARCANE may confer participation rights in any on-chain governance processes defined by the Protocol. Governance outcomes are determined by token-holder participation and Protocol rules, not by the Company. The Protocol's core smart contract is designed for permanent immutability once all features have shipped; once the upgrade authority described in Section 4 is revoked, neither governance nor any other party can retroactively alter the on-chain logic of the contract.

8.5. No investment representation. $ARCANE is offered solely as a utility within the Arcane ecosystem. Nothing on the Website, in the Platform, in the documentation, or in these Terms constitutes an offer to sell, a solicitation of an offer to buy, or a recommendation in respect of any security, investment contract, or financial instrument in any jurisdiction. You must independently determine whether your acquisition, holding, or use of $ARCANE is lawful and appropriate in your jurisdiction.

8.6. Market risk. The market value of $ARCANE and of any digital asset deposited into a Privacy Pool may fluctuate, depreciate, or become worthless. The Company makes no representation or warranty regarding the present or future value of $ARCANE or of any other token.

9. Electronic consent and wallet-based authorization

9.1. You acknowledge and agree that your access to and use of the Platform is conditioned upon your electronic acceptance of these Terms. For purposes of applicable contract, electronic transactions, and evidence laws, including without limitation the Electronic Transactions Act (Marshall Islands) and analogous laws in other jurisdictions, you expressly agree that:

9.1.1. Wallet signatures as legal consent. Any cryptographic signature, message signing, or transaction authorization executed using a blockchain wallet that you control constitutes your valid and binding electronic signature, and has the same legal effect as a handwritten signature or written consent.

9.1.2. On-chain actions as acceptance. Your use of the Platform, including connecting a wallet, submitting transactions, signing messages, interacting with the Arcane smart contract, generating Secret Notes, depositing assets, generating proofs, selecting Relayers, using Arcane Pay, using Arcane Swap, using the Compliance Tool, or otherwise invoking Protocol functionality, constitutes your affirmative acceptance of, and agreement to be legally bound by, these Terms, as amended from time to time.

9.1.3. Irrevocability of blockchain authorization. You acknowledge that blockchain-based authorizations and transactions, once signed and submitted, are technically irreversible and may not be withdrawn, revoked, or rescinded, and you agree that such authorizations evidence your intent to be legally bound at the time of execution.

9.1.4. No additional formalities required. You waive any requirement for physical signatures, paper records, or additional confirmations, and agree that no further action, acknowledgement, or documentation is required to establish the enforceability of these Terms.

9.1.5. Attribution. All wallet-based actions and signatures are deemed to be performed by you and attributable to you, whether initiated directly or indirectly through software, interfaces, APIs, or Relayers, and you accept full responsibility for such actions.

10. Intellectual property

10.1. All rights, title, and interest in and to the Platform, the Arcane reference implementations, and all associated materials, including software code, smart contracts, zk-SNARK circuits, cryptographic designs, algorithms, system architecture, interface components, documentation, trademarks, trade names, service marks, logos, UI / UX layouts, and any related content or proprietary materials (collectively, "Intellectual Property"), are and shall remain the exclusive property of the Company, its contributors, or its licensors, except where expressly released under an open-source licence.

10.2. This includes upgrades, improvements, bug fixes, patches, parameter changes, or derivative works, whether developed internally or arising from User feedback or community suggestions. Nothing in these Terms shall be construed as granting you any rights or interests in such Intellectual Property other than the limited licence expressly permitted herein.

10.3. Subject to compliance with these Terms, the Company grants you a limited, revocable, non-exclusive, non-transferable, non-sublicensable licence to access and use the Platform solely for lawful, personal, and non-commercial purposes connected with interacting with the Arcane Protocol. This limited licence does not permit:

• reproduction, modification, redistribution, public display, or commercial use of any part of the Platform other than as expressly permitted by an applicable open-source licence; or
• using the Platform for illegal, unauthorized, or exploitative purposes.

10.4. You shall not, and shall not assist or permit any third party to:

• copy, replicate, modify, translate, or create derivative works based on the Platform, except as expressly permitted by an applicable open-source licence;
• reverse-engineer, decompile, or attempt to extract source code from the Platform, smart contracts, cryptographic components, or related software (other than from publicly available source);
• remove, obscure, or modify proprietary notices or branding;
• scrape, harvest, or extract content or data from the Platform without written authorization, other than public on-chain data; or
• commercially exploit any Intellectual Property without prior written consent from the Company.

Any unauthorized use constitutes a material breach of these Terms.

10.5. All names, logos, and branding associated with "Arcane," "Arcane Privacy," "Arcane Pay," "Privacy Vault," "Arcane Swap," "Secret Notes," "$ARCANE," and other marks displayed on the Platform are trademarks or service marks owned by the Company or its licensors. Nothing herein grants any licence or right to use such marks, and unauthorized use may constitute trademark infringement.

10.6. If you provide the Company with suggestions, enhancements, feature ideas, bug reports, or other feedback ("Feedback"), you acknowledge and agree that such Feedback is provided voluntarily and without confidentiality obligations. You grant the Company a perpetual, irrevocable, worldwide, royalty-free licence to use, reproduce, disclose, and incorporate such Feedback into the Platform or related projects without obligation or compensation to you.

11. Third-party services

11.1. The Platform may provide access to, integrate with, or rely on third-party tools, networks, wallets, Relayers, the Compliance Oracle's underlying data provider (currently the Range Risk and Compliance API), cryptographic libraries, RPC infrastructure, Indexers, explorers, or other decentralised or traditional services. Such references or integrations do not constitute endorsement, control, or responsibility by the Company.

11.2. Use of third-party services, including independent Relayers and the Compliance Oracle data provider operating outside the Company's control, is entirely at your own risk. The Company is not responsible for:

• degradation or denial of service by Relayers, RPC providers, or oracle infrastructure;
• bugs, failures, exploits, or interruptions in third-party software;
• misleading or inaccurate information provided by external sources;
• withdrawal or refusal of a Relayer to broadcast a transaction; or
• rejection of a transaction by the on-chain Compliance Oracle based on signed risk data.

12. User representations and warranties

By accessing or using Arcane, including any smart contracts, Privacy Pools, Relayer interfaces, SDKs, the Arcane Pay API, the Compliance Tool, or related applications, you represent and warrant that:

12.1. You understand and accept the inherent risks associated with interacting with blockchain networks, zk-SNARK-based privacy protocols, fixed-denomination mixing pools, decentralised relayer networks, on-chain compliance oracles, and locally held cryptographic secrets such as Secret Notes.

12.2. You will use the Protocol only for lawful purposes and in full compliance with applicable laws and regulations, including sanctions, AML / CFT, tax, reporting, and privacy laws in your jurisdiction.

12.3. You will not interact with the Protocol if you are a resident, national, or entity located in a jurisdiction where the use of privacy-preserving cryptographic systems, mixers, Relayers, or decentralised asset transfers is prohibited or restricted.

12.4. You represent that you are at least the age of majority in your jurisdiction and have capacity to enter into these Terms.

12.5. All information, authorizations, or credentials you provide in connection with your use of the Protocol are accurate and complete.

12.6. You acknowledge that Arcane is a decentralised, non-custodial, and trustless protocol and does not control, hold, or recover private keys, Secret Notes, encrypted note backups, or other user credentials.

12.7. You acknowledge that the Company does not act as a broker, custodian, financial institution, payment processor, money transmitter, or regulated service provider.

12.8. You will not attempt to exploit, attack, compromise, or interfere with any cryptographic mechanism, ZK-proof generation or verification flow, Relayer execution flow, Compliance Oracle data path, or Privacy Pool logic.

12.9. You will promptly and responsibly disclose any discovered bugs, vulnerabilities, or suspected exploits to the Arcane security contact at security@arcaneprivacy.com in accordance with the Security page.

12.10. You acknowledge that Arcane contributors, developers, and affiliates do not guarantee the continued availability, liveness, or execution finality of the Protocol or of any Relayer.

12.11. You acknowledge that the Protocol enforces sanctions and risk screening at the smart contract layer via the Compliance Oracle, and that this enforcement cannot be bypassed by interacting with the contract directly.

13. Disclaimer of warranties

The Platform is provided on an "as-is" and "as-available" basis. To the maximum extent permitted under applicable law, the Company and its contributors, developers, affiliates, service providers, and Relayers disclaim all warranties, express or implied, including without limitation:

13.1. warranties of merchantability, fitness for a particular purpose, title, non-infringement, security, or uptime;

13.2. warranties related to correctness, verifiability, validity, confidentiality, secrecy, unlinkability, or anonymity of transactions, deposits, withdrawals, Privacy Engine scores, or Secret Notes; and

13.3. warranties relating to liveness, finality, Relayer execution, Compliance Oracle availability, correct ZK-proof verification, or successful submission / settlement of transactions.

Arcane makes no representation, warranty, or guarantee that:

13.4. the Protocol will be uninterrupted, error-free, secure, private, resistant to analysis, immune from attack, or continuously available;

13.5. a given Privacy Pool will at any time contain a sufficient anonymity set to achieve a particular privacy outcome, or that any specific Privacy Engine score will be obtained or maintained;

13.6. Secret Notes, commitments, or nullifiers will remain confidential, recoverable, or computationally secure in perpetuity, including against future advances in cryptanalysis or quantum computing;

13.7. Relayers will be available, responsive, live, trustworthy, or capable of completing required transactions;

13.8. the Compliance Oracle data provider will be available, accurate, complete, or timely;

13.9. the Protocol will function as intended following forks, chain re-organisations, advances in cryptography, quantum breakthroughs, or regulatory intervention.

Your use of the Protocol, including Privacy Pools, the Privacy Engine, Arcane Pay, Arcane Swap, the Compliance Tool, Secret Notes, the Arcane Pay API, and Relayer execution systems, is entirely at your sole risk.

14. User responsibilities and risks

By accessing or using Arcane, including its smart contract, Privacy Pools, Secret Notes, the Privacy Engine, the Compliance Tool, the Arcane Pay API, the open relayer network, SDKs, or related tooling, you agree, acknowledge, represent, and warrant the following.

A. User responsibilities

14.1. You are solely responsible for all actions taken through any Solana wallet you connect to the Protocol and for securing all associated private keys, seed phrases, Secret Notes, or other credentials. Arcane cannot retrieve, restore, or reset credentials, and cannot regenerate a lost Secret Note even where an encrypted on-chain backup exists if the underlying wallet signing capability has been lost.

14.2. You are fully responsible for the legality of your use of the Protocol, including compliance with any applicable laws governing sanctions and AML / CFT, reporting, taxation, recordkeeping, data privacy and cryptography, digital asset transfer, and money transmission.

14.3. You acknowledge that all transactions submitted to the Solana blockchain, including deposits, withdrawals, transfers, swaps, and Relayer-submitted transactions, are final, irrevocable, and irreversible. Arcane contributors cannot reverse, unwind, or recover transferred assets.

14.4. You agree not to misuse the Protocol, including attempts to bypass interface screening or the on-chain Compliance Oracle, attempts to deanonymise other Users' deposits, attempts to reverse-engineer cryptographic systems other than from publicly available source, attempts to interfere with Relayer execution, or attempts to exploit vulnerabilities for personal benefit.

14.5. Continued access to the Platform interface is conditioned upon lawful use and compliance with these Terms; however, the on-chain Protocol itself cannot be unilaterally restricted by the Company outside the limited upgrade authority described in Section 4, and is intended to operate without any such authority once feature development is complete. Access to Company-operated interfaces may be restricted in response to suspected abuse or illegal activity to the extent technically feasible.

B. Risks

You acknowledge, understand, and agree that your access to and use of the Arcane Protocol involves significant technical, operational, and legal risks. All such use is undertaken at your own risk. To the maximum extent permitted by applicable law, neither the Company nor any of its respective contributors, developers, service providers, affiliates, or infrastructure participants shall be responsible or liable for any loss, damage, delay, inaccessibility, or inability to use the Protocol or any component thereof, except as expressly required by law. These risks include, without limitation:

B.1. Technical and cryptographic risks.

14.6. The Protocol relies on advanced cryptographic constructs, including zk-SNARK circuits, an industry-standard trusted setup, Poseidon-style hashing, Merkle commitments, and nullifiers. Such constructs remain subject to ongoing cryptographic review and may contain undiscovered vulnerabilities.

14.7. Smart contracts may contain defects, bugs, exploits, or vulnerabilities that could result in unauthorized access, loss of funds, or irreversible transaction failures.

14.8. Advances in cryptanalysis or computing (including quantum computing) may compromise the security guarantees of the underlying primitives or of the trusted setup, potentially exposing prior or future activity.

14.9. Network congestion, degraded validator performance, forks, re-orgs, consensus failures, or censorship may delay or prevent execution of deposits, withdrawals, transfers, or swaps.

14.9-A. Upgrade authority during development. As described in Section 4, the on-chain Arcane contract is designed for permanent immutability once all features have shipped, but the Company currently retains an upgrade authority for the limited purpose of delivering remaining features and addressing security issues. You acknowledge and accept that, during this development phase: (i) the on-chain program logic may change as a result of an upgrade and may behave differently after an upgrade than before; (ii) an upgrade could, despite the Company's reasonable best efforts, introduce defects, regressions, or new vulnerabilities; (iii) the upgrade authority could be misused, compromised, or otherwise exercised in a way that adversely affects the Protocol; and (iv) the timing of upgrade-authority revocation depends on completion of feature development and is not guaranteed. The upgrade authority does not extend to custody of, or unilateral access to, User funds, Secret Notes, deposit notes, wallet-derived encryption keys, or cryptographic secrets.

B.2. Relayer execution and liveness risks.

14.10. Withdrawals routed through Relayers depend on third-party operators for execution and fee abstraction. Relayers may experience downtime, unresponsiveness, misconfiguration, slashing, or operational issues. Users are not restricted to a single Relayer.

14.11. Relayer selection occurs at the time of withdrawal and may be changed if a chosen Relayer is unavailable. In the event a Relayer fails to execute, the User may temporarily lose the ability to submit a withdrawal through that Relayer but does not lose ownership of the underlying deposit; the withdrawal may be re-routed through a different Relayer, or the User may interact with the Protocol directly.

14.12. No contributor or affiliated party is obligated to operate, replace, subsidise, or expedite Relayers, nor to assist in recovery or execution beyond the functionality provided by the Protocol.

B.3. Privacy and anonymity-set risks.

14.13. While the Protocol is designed to provide strong privacy through fixed-denomination indistinguishability, absolute unlinkability or anonymity cannot be guaranteed. Inference attacks, metadata correlation, timing analysis, off-chain identifiers, withdrawal-amount decomposition patterns, side-channel observations, behaviour patterns, or cryptographic breakthroughs may compromise privacy.

14.14. The size, freshness, and timing characteristics of a Privacy Pool affect the practical anonymity-set strength of a withdrawal. The Privacy Engine score is informational, computed from public data, and is not a guarantee. Users should evaluate the Privacy Engine score and exercise discretion regarding timing of withdrawals.

14.15. Disclosure of a Secret Note, voluntary use of the Compliance Tool, or sharing of withdrawal details may permit a counterparty to link a specific deposit to a specific withdrawal. The Company has no involvement in such disclosures.

B.4. Ownership, finality, and loss-of-control risks.

14.16. All transactions executed on-chain are final and irreversible.

14.17. Loss of access to private keys, wallets, credentials, or Secret Notes may result in permanent loss of access to deposits, with no recourse or recovery mechanism. The optional encrypted on-chain backup of Secret Notes depends on the continued availability of the original wallet's signing capability and does not constitute Company custody.

14.18. Protocol-level state transitions and cryptographic commitments are enforced through zero-knowledge proofs. Invalid proofs are rejected by the smart contract; as a result, Users cannot lose assets at the protocol level due to submission of an invalid proof. Users may, however, lose assets through self-inflicted loss of a Secret Note or through interaction with malicious third-party services outside Arcane.

B.5. Economic and market risks.

14.19. The value of digital assets deposited into or withdrawn from the Protocol, including $ARCANE, may fluctuate, depreciate, or become worthless.

14.20. Fixed-denomination Pools require Users to decompose larger amounts into multiple deposits and to recompose at withdrawal. Such decomposition may introduce timing, sequencing, or counterparty patterns that affect the practical privacy of those flows.

B.6. Legal, regulatory, and compliance risks.

14.21. Laws and regulations governing cryptography, mixers, privacy technologies, zero-knowledge systems, Relayers, money transmission, sanctions compliance, data protection, export controls, reporting, and digital assets remain uncertain and rapidly evolving.

14.22. Regulators may classify the Protocol or Users' conduct as financial intermediation, VASP / money-services-business activity, remittance, custodial service, mixer use, sanction evasion, or other regulated conduct, including retroactively or in specific jurisdictions.

14.23. Users may incur registration, licensing, disclosure, reporting, tax, or AML / KYC obligations, including obligations relating to selective disclosure using the Compliance Tool. The Company does not intentionally collect or process personal data. On-chain data consists of public blockchain addresses, commitments, and other Protocol metadata, which are not designed to identify natural persons; such data may, in certain circumstances and when combined with off-chain information, be associated with an identifiable individual. The Company does not control such linkage and cannot modify or delete immutable blockchain data.

14.24. Enforcement authorities may seek to compel disclosure of identifiers, Secret Notes, metadata, or transactional records. Failure to comply with valid legal process may result in liability to the User. The Company is not in possession of Secret Notes, decryption keys, or "god mode" access and cannot produce information it does not have.

14.25. Users risk interacting unknowingly with tainted or illicit funds or sanctioned persons. The on-chain Compliance Oracle and front-end screening are designed to reject flagged wallets before a transaction is processed, but no screening system is perfect; residual risk remains the User's responsibility.

14.26. Users operating Relayer infrastructure may incur separate licensing, AML, sanctions, staking, or reporting obligations arising from fee abstraction or broadcast services.

14.27. Privacy-enhancing transactions may attract enhanced regulatory or law-enforcement scrutiny.

14.28. Conflicts of law among jurisdictions may affect validity, enforceability, or legal recognition of cryptographic transfers, ownership proofs, or finality.

14.29. Loss of Secret Notes may complicate future inheritance, insolvency resolution, civil litigation, audits, divorce, bankruptcy, tax investigations, or claims of ownership.

B.7. No duty, no guarantee, no recourse.

14.30. The Protocol is experimental and provided on a non-custodial basis.

14.31. No contributor, developer, affiliate, operator, Relayer, oracle participant, or service provider guarantees execution, settlement, continued availability, liveness, Privacy Pool strength, solvency, or correct functioning of the Protocol.

14.32. No person has any obligation to refund, reimburse, replace, restore access, retrieve balances, regenerate Secret Notes, or compensate for any loss, delay, error, failure, or unavailability of the Protocol.

B.8. Interface, frontend, and dependency risks.

14.33. Users may rely on Arcane-operated interfaces, dashboards, SDKs, APIs, or reference implementations to interact with the Protocol. Such interfaces may contain bugs, inaccuracies, latency, stale data, misconfigurations, or display errors that do not reflect actual on-chain state.

14.34. Interface availability, correctness, or usability may be affected by software defects, upgrades, browser compatibility, mobile operating systems, third-party dependencies, or infrastructure outages.

14.35. The authoritative record of ownership and execution is the blockchain itself. The Company does not guarantee that any interface accurately reflects Protocol state at any given time.

B.9. Data integrity and indexing risk.

14.36. The Protocol may rely on Indexers or off-chain data aggregation systems to present Privacy Pool metrics, Privacy Engine scores, or transaction history. Such systems may be incomplete, inaccurate, delayed, censored, or unavailable.

14.37. Incorrect or missing indexed data may cause Users to make incorrect assumptions regarding privacy strength, deposit status, or eligibility, for which the Company bears no responsibility.

B.10. Force majeure and external intervention risks.

14.38. Access to or operation of the Platform interface may be disrupted or permanently impaired by events beyond the Company's control, including government action, regulatory intervention, sanctions, court orders, infrastructure seizure, internet outages, cloud-service termination, or other force-majeure events. The on-chain Protocol itself remains accessible to anyone with the technical capability to interact with the Solana blockchain directly, subject to the Compliance Oracle's autonomous enforcement.

14.39. Such events may result in loss of access, inability to transact through Company-operated interfaces, or other consequences, without liability to the Company or any contributor.

15. Indemnity

15.1. Indemnification by you. To the fullest extent permitted by applicable law, you agree to indemnify, defend, and hold harmless Arcane Privacy Foundation, and each of its respective affiliates, contributors, developers, officers, directors, agents, contractors, service providers, infrastructure participants (including Relayer operators and oracle participants), and representatives (collectively, the "Arcane Parties") from and against any and all claims, demands, actions, proceedings, investigations, inquiries, liabilities, damages, losses, penalties, fines, forfeitures, seizures, costs, and expenses (including reasonable attorneys' fees, expert fees, and enforcement-defence costs) arising out of or relating to, directly or indirectly:

15.2. your access to, use of, or interaction with the Protocol, Platform, smart contract, Privacy Pools, Secret Notes, Relayer mechanisms, the Compliance Oracle data path, SDKs, the Arcane Pay API, or cryptographic systems;

15.3. any transaction you initiate, authorize, route, or execute, whether directly or through a Relayer;

15.4. any loss, inaccessibility, freezing, seizure, or inability to recover digital assets resulting from Protocol design, cryptographic dependencies, Relayer behaviour, or enforcement actions;

15.5. your actual or alleged violation of any applicable law, regulation, or rule, including laws relating to:

• sanctions, embargoes, or restricted persons (including OFAC, EU, UN, UK regimes);
• anti-money-laundering or counter-terrorism financing;
• digital-asset transfer, money transmission, or licensing;
• data protection, privacy, or cryptography controls;
• tax, reporting, disclosure, or recordkeeping obligations;
• any enforcement action, investigation, subpoena, seizure, freezing order, forfeiture, or regulatory inquiry arising from your use of the Protocol;
• any act or omission of a Relayer selected or utilised by you, including refusal to act, delay, censorship, mis-execution, fee disputes, front-running, metadata exposure, or permanent unavailability;
• any claim asserting that a Relayer acted as an agent, intermediary, service provider, or representative of the Arcane Parties;
• any claim arising from reliance on Relayer-assisted execution, fee abstraction, or gasless transaction routing;
• any compromise, misuse, loss, compelled disclosure, or unauthorized access to Secret Notes, deposit notes, wallet-derived encryption keys, or metadata;
• any claim that privacy guarantees were insufficient, compromised, or invalidated due to inference attacks, anonymity-set characteristics, regulatory intervention, or technological developments;
• any allegation that the Protocol facilitated concealment, obfuscation, or evasion of monitoring or enforcement;
• any attempt to exploit, reverse-engineer, interfere with, or compromise the Protocol, cryptographic mechanisms, ZK proofs, Relayer flows, the Compliance Oracle, or screening safeguards; and
• any use of the Protocol to transfer, conceal, launder, or otherwise handle proceeds of unlawful activity.

15.6. The Arcane Parties may, but shall not be obligated to, assume exclusive control of the defence and settlement of any matter subject to indemnification. You agree to fully cooperate, provide truthful information, and not take any action that would prejudice the Arcane Parties' defence.

15.7. You may not settle any claim, admit liability, or consent to judgment that imposes any obligation, liability, restriction, or admission on any Arcane Party without their prior written consent, which may be withheld in their sole discretion.

15.8. Your indemnification obligations under this Section survive termination, suspension, or cessation of your access to the Protocol or Platform, and apply regardless of fault, negligence, strict-liability, or regulatory-classification theories asserted against the Arcane Parties.

16. Limitation of liability

16.1. To the maximum extent permitted by applicable law, the Arcane Parties shall not be liable to you under any legal or equitable theory, whether in contract, tort (including negligence), strict liability, statute, fiduciary duty, misrepresentation, restitution, or otherwise, for any loss, damage, liability, cost, or expense, arising out of or relating to, directly or indirectly:

• (a) your access to, use of, or inability to access or use the Protocol, Platform, or any related smart contract, cryptographic systems, Compliance Oracle data path, Relayer services, SDKs, interfaces, or documentation;
• (b) any reliance upon the Protocol's privacy, confidentiality, anonymity, unlinkability, liveness, execution, availability, recoverability, or security characteristics, or upon any Privacy Engine score, whether express or implied;
• (c) the performance, non-performance, delay, refusal, unavailability, misconfiguration, compromise, or cessation of any Relayer, oracle participant, validator, RPC provider, wallet, or other third-party or decentralised infrastructure component;
• (d) any failed, delayed, rejected, incomplete, or erroneous deposit, withdrawal, transfer, swap, proof generation, proof verification, nullifier usage, Merkle-tree update, or transaction of any kind;
• (e) loss of access to, or compromise of, wallets, private keys, seed phrases, Secret Notes, encrypted on-chain note backups, or other credentials;
• (f) blockchain-level events, including forks, reorganisations, rollbacks, censorship, validator behaviour, consensus failures, network congestion, or protocol upgrades on the underlying chain;
• (g) regulatory, enforcement, or judicial actions, investigations, sanctions determinations, compelled disclosures, or changes in law that affect the Protocol or your ability to access or use it; or
• (h) any unauthorized access, misuse, exploitation, or attack involving wallets, Relayers, oracle participants, cryptographic systems, or third-party infrastructure.

16.2. Without limiting Section 16.1, in no event shall the Arcane Parties be liable for any damages of any kind, including direct, indirect, incidental, consequential, special, exemplary, or punitive damages, or for any loss of profits, revenue, goodwill, data, privacy, anonymity, digital assets, balances, business opportunity, or economic advantage, even if the Arcane Parties were advised of the possibility of such damages and even if any remedy is alleged to have failed of its essential purpose.

16.3. You expressly acknowledge and agree that:

• (a) the Protocol is non-custodial, trustless, and experimental in nature, and is designed for permanent immutability once all features have shipped (subject to the current upgrade authority described in Section 4);
• (b) the Arcane Parties do not assume any duty of care, fiduciary obligation, operational responsibility, or guarantee with respect to execution, settlement, confidentiality, recoverability, or continued availability of the Protocol or any associated infrastructure; and
• (c) you may have no legal or equitable remedy against the Arcane Parties in the event of loss, delay, unavailability, or failure of any component of the Protocol.

17. Termination and suspension

17.1. Access restriction at the interface layer. The Company reserves the right, to the maximum extent technically feasible and legally required, to suspend or terminate access to the Platform interface, including:

• denial of access through Arcane-operated front ends, dashboards, APIs, or SDKs based on sanctions or risk screening at the interface layer;
• network upgrades, migration, maintenance, or deprecation of the front end;
• suspension in response to legal obligations, enforcement orders, or regulatory inquiries; and
• detection or suspicion of abuse, unlawful activity, or misuse of cryptography or Relayer infrastructure.

17.2. Smart contract immutability. The on-chain Arcane smart contract is designed for permanent immutability once all features have shipped. As described in Section 4, the Company currently retains a limited upgrade authority for the purpose of delivering remaining features and addressing security issues; once that upgrade authority is revoked, the Company will be technically unable to terminate, pause, or modify the Protocol at the smart contract layer. Sanctions and risk screening at the smart contract layer are enforced autonomously by the Compliance Oracle. Termination of access to Company-operated interfaces does not terminate the existence of the Protocol or your ability to interact with it through other means.

17.3. Effect of suspension. Suspension of interface access may result in:

• inability to use Arcane-operated front ends, dashboards, or SDKs;
• delays in convenience features such as Privacy Engine scoring or note-backup synchronisation; and
• no obligation for the Arcane Parties to restore access.

Suspension does not limit obligations arising prior to the suspension, including indemnification, and does not affect your ownership of the underlying assets, your Secret Notes, or your ability to interact with the on-chain Protocol independently.

17.4. Effect of termination. Upon termination:

• your access to Company-operated interfaces ceases immediately;
• the Arcane Parties have no obligation to restore, recover, decrypt, or assist in accessing Secret Notes, deposits, or backups;
• you remain responsible for obligations accrued before termination; and
• the on-chain Protocol itself remains accessible through any independent means consistent with the Compliance Oracle's autonomous enforcement, and is intended to operate as a permanently immutable program once the upgrade authority described in Section 4 has been revoked.

You may cease use of the Platform at any time; doing so does not release you from obligations incurred prior to discontinuation.

18. Governing law and exclusive jurisdiction

18.1. These Terms and any Dispute shall be governed by and construed in accordance with the laws of the Republic of the Marshall Islands, without regard to any choice-of-law or conflict-of-laws principles that would require application of the laws of another jurisdiction.

18.2. Subject to Section 18.3 below, the courts of the Republic of the Marshall Islands shall have exclusive jurisdiction to hear and determine any Dispute. You irrevocably submit to the personal and subject-matter jurisdiction of such courts and waive any objection based on forum non conveniens or lack of jurisdiction.

18.3. Nothing in these Terms shall prevent the Company from seeking interim, injunctive, or equitable relief in any court of competent jurisdiction where necessary to protect the Protocol, cryptographic systems, smart contract, infrastructure, or intellectual property.