Skip to main content

Privacy Policy

Last updated: April 2026

1. Introduction

ZENTORY Labs ("we", "us", "our") operates the ZENTORY Protocol, a decentralised research and signals platform accessible at zentorylabs.com and app.zentorylabs.com (the "Protocol").

The Protocol is non-custodial and on-chain: your assets never pass through our systems, and all core state is recorded on public blockchains. This policy explains what data we collect off-chain, how we store it, and your rights over it.

By using the Protocol, you agree to the collection and use of data as described in this policy. If you do not agree, please do not use the Protocol.

2. What We Collect

Wallet addresses

When you connect a wallet to the Protocol, we record your wallet address. This is required to identify your account, process signals, and settle epoch rewards. Wallet addresses are stored in Supabase.

On-chain transaction data

Blockchain transactions involving the Protocol (signal submissions, epoch settlements, subscription events) are recorded on public blockchains and are public and immutable. We may index and store this on-chain data off-chain for operational purposes. Once on-chain, this data cannot be deleted or modified.

Geo-location data

We derive your country code from your IP address at the time of a connection event. This data is stored in Supabase and used solely to enforce geo-blocking for OFAC-sanctioned jurisdictions and other compliance obligations. We do not store full IP addresses long-term.

Research contributions

When you submit a signal or research contribution through the Protocol, that content may be recorded on-chain and/or in Supabase as part of epoch processing. On-chain contributions are public and permanent.

Usage data

We collect basic usage analytics — pages visited, time on site, browser type — via Google Analytics or a equivalent tool if configured. This data is aggregate and does not identify you personally.

Cookies

We use a small number of session cookies strictly for authentication and Protocol state (e.g., remembering your connected wallet session). We do not use advertising trackers, fingerprinting scripts, or third-party marketing cookies.

3. How We Use Your Data

We use your data to:

  • Operate the Protocol — process signals, settle epochs, manage subscriptions, and distribute rewards.
  • Comply with legal obligations — enforce geo-blocking for sanctioned jurisdictions (OFAC) and respond to valid legal requests.
  • Communicate with you — if you opt in to updates via Discord or email, we will contact you only for Protocol-related announcements. We do not send marketing emails.

We do not sell your personal data. We do not share your data with third parties for commercial purposes.

4. Data Storage & Security

Your data is held in the following systems:

  • Supabase (supabase.io) — our primary database for off-chain Protocol data, including wallet addresses, subscription records, and geo-compliance data.
  • Vercel (vercel.com) — our frontend hosting provider. Vercel may log request data in accordance with its own privacy policy.
  • Blockchain — on-chain Protocol state is stored on public blockchains and is immutable. This includes signals, epoch settlements, and any other data you choose to on-chain.

We implement appropriate technical and organisational security measures to protect your data in Supabase. However, no system is completely secure, and we cannot guarantee absolute security.

5. Your Rights (GDPR & CCPA)

Depending on your jurisdiction, you may have the following rights over your personal data:

  • Right of access — request a copy of all personal data we hold about you.
  • Right to erasure — request deletion of your personal data from Supabase (note: on-chain data cannot be erased as it is permanent and public).
  • Right to correction — request correction of inaccurate personal data.
  • Right to data portability — request your data in a machine-readable format.
  • Right to object — object to processing of your personal data in certain circumstances.

To exercise any of these rights, contact us via Discord or email at info@zentorylabs.com. We will respond within 30 days.

EU users: ZENTORY Labs is the data controller for purposes of the General Data Protection Regulation (EU) 2016/679 (GDPR).

6. Cookies & Tracking

We use a minimal cookie set:

  • Session cookies — required for wallet connect session state. These are session-only (deleted when you close your browser) and do not track you across sites.
  • Google Analytics (if configured) — collects aggregate, non-personally-identifying usage data. You can opt out via your browser's cookie settings or by installing the Google Analytics Opt-out Browser Add-on.

We do not use advertising cookies, retargeting scripts, or social media trackers.

To disable cookies entirely, use your browser's privacy settings to block all cookies or block cookies only from zentorylabs.com.

7. International Data Transfers

ZENTORY Labs is based in the United Kingdom. Our infrastructure — Supabase and Vercel — is primarily hosted in the United States. When we transfer personal data from the EU or EEA to the US, we rely on Standard Contractual Clauses (SCCs) as the transfer mechanism, in compliance with GDPR Chapter V.

8. Data Retention

We retain different categories of data for different periods:

  • Wallet addresses — retained indefinitely in Supabase for as long as your account exists. You may request deletion (see Section 5).
  • Research contributions — retained indefinitely because they are recorded on-chain and are permanent and public.
  • Subscription data — retained in Supabase until you delete your account or request deletion.
  • Server logs — retained for a maximum of 90 days for security and debugging purposes.
  • Geo-compliance data — country codes derived from IP addresses are retained until account deletion or until no longer needed for compliance.

9. Children's Privacy

The Protocol is not intended for users under the age of 18, or under the age of majority in your jurisdiction. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a user under 18, we will delete that data promptly. Parents or guardians who believe their child has provided us with personal data should contact us at info@zentorylabs.com.

10. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority (e.g., the ICO in the UK) within 72 hours of becoming aware, in accordance with GDPR Article 33. Where the breach is high-risk, we will also notify affected users directly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. Where changes are material, we will make reasonable efforts to notify users via the Protocol website or our communication channels. Continued use of the Protocol after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

For privacy questions, data subject requests, or to report a concern, contact ZENTORY Labs:

← Back to home