Back to Home Privacy Policy

Privacy Policy (v1.6)

Last Updated: November 30, 2025 | Effective Date: Immediately upon account creation

1. Our Core Privacy Philosophy: Non-Custodial & Zero-Knowledge

Nodency Labs Ltd (The Protocol) is a decentralized technology provider committed to privacy by design. We operate a Non-Custodial and Zero-Knowledge architecture:

  • We do NOT store your money (crypto or fiat).
  • We do NOT store your raw biometric data (FaceID/TouchID/VoiceID).
  • We do NOT hold your private keys.

2. Data We Collect (Protocol vs. Partner)

We collect only the minimum data necessary to operate the smart contract functions, but we facilitate the collection of regulated data for our Licensed Partner.

2.1 Information Collected by Nodency Protocol

  • Decentralized Identity (DID): Your unique on-chain ID (`did:kash:alice`) and associated Wallet Address.
  • Biometric Proof: A cryptographic hash derived inside your Secure Enclave (a token of "Yes, this person is authorized"), not the raw biometric data itself.
  • Geo-Location: Only collected when you actively use the "Find Agent" feature or opt-in for location-based services (e.g., Zone Multipliers for Service Nodes). We do not track your location in the background.

2.2 Regulated Data Facilitated by Agents (KYC/AML)

This data is collected by the Field Agent and stored off-chain for the Licensed Partner's regulatory compliance, but its hash is recorded on the blockchain.

  • National ID / Passport Data: Collected by the Identity Signer for initial KYC verification.
  • Fiat Conversion Record Data: For KASH-to-Fiat transfers, the Field Agent records customer ID proof, source of funds, and the recipient's bank/e-money details (`fiatDestination`).
  • IPFS Metadata: The hash link (`complianceDataIpfs` from `ConversionRecord` struct) that points to the secure, off-chain storage of the customer's regulated data.

3. Data Flow & Compliance Segmentation

Our structure ensures Nodency maintains its non-licensed status by outsourcing regulated data handling:

3.1 Role of the Licensed Partner

The Licensed Partner Role is the legal entity responsible for receiving and storing regulated data (like KYC and AML records) collected by the Field Agent. They use this data to comply with government law and execute the final fiat payment.

3.2 DeFi and Transactional Data

When you use the Liquidity Engine to borrow or deposit, the smart contract permanently records the following on the public ledger:

  • The amount of collateral provided.
  • The current state of your debt position (`scaledDebt`).
  • The timestamps of deposits and repayments.

4. Data Sharing & Third Parties

We do not sell your data. We share only with necessary parties who uphold strict security standards:

  • Licensed Partner: Shares necessary compliance data (Section 2.2) to facilitate your KASH-to-fiat conversion.
  • Trusted Signers: Shares your personal identification data for initial verification.
  • Law Enforcement: If compelled by a valid court order or subpoena, we may disclose the link between your Phone Number and Wallet Address to legal authorities.

5. Security and Your Rights

We employ military-grade encryption (TLS 1.3/AES-256). However, because we are non-custodial, we cannot recover your funds if you lose your private key or backup phrase.

Your Rights

  • Access: Request a copy of the off-chain personal data we or our partners hold.
  • Deletion: Request deletion of your off-chain account data. (Note: We cannot delete transactions or IPFS hashes recorded on the blockchain).