Privacy Policy

VoidAI Bridge (App) Terms and Conditions Contact: privacy@voidai.com

Effective date: September 1, 2025
Controller: VoidAI (“VoidAI,” “we,” “us,” or “our”)

Summary: This Privacy Policy explains how VoidAI collects, uses, discloses, and safeguards information when you use our websites, apps, APIs, smart contracts, validators, bridges, and related services (collectively, the Services). Because parts of our Services run on public blockchains, some information is inherently public and may be immutable.

1) Scope & Who this applies to

This Policy applies to:

Visitors to our websites and docs, account holders, developers, validators/miners, liquidity providers, and end‑users of apps integrated with our APIs/bridges.
Services we operate on or off chain (including testnets), and communications we send (support, marketing, status pages).
It does not cover third‑party services we don’t control (e.g., external wallets, exchanges, dApps, clouds). Review their policies separately.

2) Information we collect

We collect information in three main ways: you provide it, we collect it automatically, and we obtain it from others or public sources (including blockchains).

A) Information you provide directly

Account, profile, and developer information (name/alias, email, organization, role, preferences).
Support and communications (tickets, feedback, call/chat transcripts).
KYC/Compliance information (if applicable and only where required): identity docs, residency, sanctions/PEP checks.
Payment and billing details processed by our payment partners (e.g., Stripe); we store only limited metadata (e.g., transaction ID, last4, status) and not full card numbers.
Content you submit to the Services (e.g., prompts, files, models, datasets, code, parameters) when using AI/compute features.
Validator/miner onboarding information (hardware specs, attestations, staking addresses, payout preferences).

B) Information collected automatically

Device & usage (IP address, device/OS/browser, language, time zone, referral/UTM, pages viewed, clickstream).
Service telemetry and logs (requests, API keys, rate limits, error codes, response times, resource consumption, validator performance).
Cookies and similar technologies (see Section 7).
Approximated location from IP for fraud prevention, localization, and compliance.

C) Information from public sources & partners

Blockchain data: wallet/public addresses, smart‑contract interactions, transaction hashes, token balances, events, and states on chains we support (e.g., Bittensor, Solana, Ethereum, Base).
Partners and service providers (cloud/hosting, wallet providers, analytics, identity verification, AML screening, price oracles, RPC/indexers).
Social, community, and marketing channels you connect with us on.

Note on on‑chain data: Public blockchain data is generally accessible by anyone and often cannot be altered or deleted. While we can’t edit public ledgers, we can minimize what we write to chain, avoid linking addresses to real‑world identities unless required, and honor your rights for off‑chain data (see Section 12).

3) How we use information

We use information to:

Operate, provide, and secure the Services (including smart contracts, validators, APIs, and bridges).
Process transactions, staking, bridging, liquidity provisioning, and rewards distributions.
Prevent abuse and meet legal obligations (fraud, AML, sanctions screening, chargebacks, audits).
Improve performance, reliability, and user experience; develop new features and documentation.
Provide support and communicate about updates, outages, security, and changes.
Personalize content and documentation; measure and improve marketing (where permitted).
Comply with contractual and regulatory requirements.

Legal bases (EEA/UK)

Where GDPR/UK GDPR applies, we rely on: (i) contract performance, (ii) legitimate interests (e.g., securing Services, improving features), (iii) consent (when required, e.g., certain cookies/marketing), and (iv) legal obligations (e.g., KYC/AML if applicable).

AI/model usage of your content

We do not use your private inputs/outputs to train our models without your permission.
We may use anonymized/aggregated usage statistics to improve reliability and capacity planning.
If you explicitly opt in to share data for research/model improvement, we will describe what is included and how to revoke consent.

4) Disclosures of information

We share information with:

Service providers/processors under contract (cloud hosting, DDoS protection, monitoring, analytics, customer support, KYC/AML, payments like Stripe, price oracles, RPCs/indexers, email/SMS).
Ecosystem partners to fulfill the Service you request (e.g., wallet integrations, cross‑chain bridges, validators/miners processing jobs).
Corporate transactions (merger, financing, acquisition, or dissolution), where data is transferred subject to this Policy.
Legal reasons: to comply with law, respond to valid legal process, or protect rights, safety, and property.
With your direction: if you link accounts, publish artifacts, or share API keys/addresses with third‑party tools.

We do not sell personal information for money. Where state laws define “sale” or “sharing” to include cross‑context behavioral advertising, we do not engage in such practices without providing required notices and opt‑out controls (see Section 11).

5) Data retention

We keep personal data only as long as necessary for the purposes described here, including legal/accounting needs, dispute resolution, and security.
Logs and telemetry are retained for limited periods and then deleted or anonymized.
On‑chain records may be permanent; we cannot remove data written to public ledgers. Off‑chain references to such data can be minimized or pseudonymized.

6) Security

We employ administrative, technical, and physical safeguards appropriate to the risk, including encryption in transit, access controls, key management, network segmentation, and routine audits. No system is 100% secure; report issues to security@voidai.com. If we determine that a breach affects you, we will notify you as required by law.

7) Cookies & similar technologies

We use first‑party cookies and similar technologies to enable core functionality (e.g., session management, CSRF protection) and to measure basic usage/performance. Where required, we obtain consent and provide controls to manage preferences. You can adjust browser settings to refuse cookies, but some features may not work properly.

8) Children’s privacy

Our Services are not directed to children under 13 (or the relevant age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us to request deletion.

9) International data transfers

We may process and store information in countries other than where you live. When transferring personal data from the EEA/UK/Switzerland to countries lacking adequacy decisions, we rely on appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) and UK Addendum, plus additional protections as needed.

10) Your choices & rights

Global controls

Access/Correction/Deletion: You may request access to, correction of, or deletion of your off‑chain personal data.
Portability: Receive a copy of certain data in a portable format.
Consent withdrawal: Where processing is based on consent, you can withdraw it at any time.
Objection/Restriction: In some cases, you may object to or request we restrict certain processing.

Limitations: We cannot alter or delete information stored on public blockchains. Where feasible, we will minimize further processing or unlink off‑chain identifiers.

California (CCPA/CPRA)

Right to know/access, correct, delete personal information.
Right to opt‑out of sale/share (as defined by law) and limit use of sensitive personal information.
Non‑discrimination for exercising rights.

EEA/UK

You may contact us or our EU/UK representatives [if applicable], and you can lodge a complaint with your local data protection authority.

11) Notice at collection (California)

We collect the following categories of personal information: identifiers (e.g., email, IP, wallet/public address), internet/network activity (usage logs), geolocation (approximate), financial/payment metadata (via processors), and in limited cases, compliance data. We use them for the purposes and share them with the categories of recipients described in Sections 3–4. We do not knowingly sell/share personal information as defined by CPRA without offering opt‑out.

12) Data categories & special blockchain considerations

Identifiers: name/alias, email, IP, wallet/public address, device IDs, API keys.
Commercial/financial: transactions via payment processors; on‑chain interactions (hashes, token transfers).
Technical/usage: telemetry, logs, performance metrics, resource consumption.
Compliance (if required): government ID, residency, sanctions checks.
Inferences: limited service analytics; no automated decisions with legal or similarly significant effects without notice.

Blockchain immutability: On‑chain data is public, replicated, and durable. If you connect an address to your identity elsewhere, others may infer your activity. Use good operational security. We surface privacy guidance but cannot control independent third‑party indexing or analytics.

13) Third‑party services

Our Services may link to or integrate with third‑party wallets, exchanges, RPCs, oracles, analytics, and storage. Your interactions with those services are governed by their terms and privacy policies. We are not responsible for their practices.

14) Data about validators/miners & liquidity providers

If you operate hardware, provide liquidity, or validate/bridge through our Services, we may maintain:

Hardware/instance metadata and performance attestations, proof‑of‑GPU tests, and uptime metrics.
Staking/validator/bridge addresses and reward distributions.
Compliance screenings where required by law or partner policies.
We use this data to allocate work, detect fraud/Sybil attacks, pay rewards, and ensure network integrity.

15) Retention periods (illustrative)

Account and support records: life of account + up to 7 years (legal/accounting).
Telemetry/logs: 30–365 days depending on subsystem.
Compliance records (if any): as required by law/partners.
Marketing preferences: until you opt out or account deletion.

16) Changes to this Policy

We reserve the right to update this Policy from time to time. We will post the revised version with a new “Effective date” and, where required, provide additional notice. Continued use of the Services after an update constitutes acceptance.

17) Contact us

For questions, requests, or complaints:
Email: privacy@voidai.com

Developer & API addendum (if you build on VoidAI)

Keep your API keys confidential; you’re responsible for usage under your keys.
Do not send sensitive personal data to our APIs unless necessary and permitted by law.
If you collect end‑user data, publish your own privacy notice, and obtain required consents.
Respect rate limits and security guidance; notify us promptly of incidents involving your integration.

Smart‑contract & bridge addendum

Smart contracts are transparent and may expose on‑chain metadata necessary for functionality.
Bridging, staking, and liquidity actions may be publicly traceable across chains.
We cannot reverse or delete on‑chain transactions.
Fees, rewards, and emissions events may be publicly queryable.