Naoris Protocol Testnet Privacy Notice

Effective Date: 31st January 2025

Last Updated: 13 February 2025

1. About this notice

This privacy notice ("Notice") explains how and why NDSE Cyber Ltd and our group companies (also referred to as "COMPANY", "we", "our" and "us") use data in connection with our TestNet version of the Protocol (the "TestNet").

Data Protection law requires that all information we process must be:

  • Used lawfully, fairly and in a transparent way;
  • Collected only for valid purposes that we have clearly explained to you;
  • Relevant to the purposes we have told you about and limited only to those purposes;
  • Accurate and kept up to date;
  • Kept only as long as necessary for the purposes we have told you about;
  • Kept securely using industry-standard encryption and protection measures.

2. Data Controller Information

We are NDSE Cyber, Ltd (a corporation incorporated under the law of the Bahamas, with Head Office at Albany Financial Center, Suite 502, South Ocean Boulevard, Nassau, Bahamas SP-63158, with contact email at support.tn@naoris.com

Our contact for data protection purposes is João Ferreira Santos, Head of Compliance. joaosantos@naoris.com.

Data Processing Principles

Core Commitments:

  • We process only data necessary for TestNet functionality;
  • We do not collect or store personal data beyond what is essential;
  • We do not share data with third parties;
  • We maintain end-to-end encryption for all data processing;
  • We do not retain data beyond operational necessity;
  • We do not conduct profiling or automated decision-making;
  • We do not perform creditworthiness assessments;
  • We do not sell or monetize data.

4. Data Categories and Legal Basis for Processing

Under GDPR (Article 6), we process data based on:

  • Contractual Necessity (Art. 6(1)(b)) -- Required for TestNet operation;
  • Legitimate Interest (Art. 6(1)(f)) -- Necessary for security and functionality;
  • Consent (Art. 6(1)(a)) -- For specific optional features.

Data Categories

All data is processed in encrypted format following industry best practices:

CategoryDescription Legal BasisPurpose
Browsing HistoryURLs visited while using the ExtensionLegitimate InterestSecurity risk assessment and protection optimization
Installed ExtensionList of Chrome extensions, name, ID, version, permissionsLegitimate InterestCompatibility and security verification
Unique User IDRandom identifier for session tracking based on browser unique fingerprintLegitimate InterestSession management without personal identifiers
Browser InformationBrowser type, rendering engine (e.g., Chrome, Blink)Legitimate InterestService optimization
PluginsBrowser plugins and versionsLegitimate InterestFunctionality and compatibility
Operating SystemOS type and version detailsLegitimate InterestPerformance optimization
Device InformationDevice type, CPU architecture, screen resolutionLegitimate InterestHardware optimization
IP AddressesPublic and private IP addressesLegitimate InterestLocation approximation and connectivity
Battery InformationCharging state and battery levelLegitimate InterestPerformance management
Mouse PointerPointer coordinates for securityLegitimate InterestBot detection
Network InformationNetwork type, speed, Bluetooth supportLegitimate InterestConnectivity optimization
Geolocation DataCity, country (IP-based lookup)Legitimate InterestLocation-based services
Memory & StorageRAM and storage capacityLegitimate InterestResource optimization
Canvas & LanguageCanvas fingerprinting, system languageLegitimate InterestFraud prevention
Wallet AddressCryptocurrency wallet addressContractual NecessityTransaction processing

5. Security and Data Protection

Encryption and Security Measures:

  • End-to-end encryption for all data processing;
  • Industry-standard cryptographic protocols;
  • Secure, encrypted storage systems;
  • Regular security audits and updates;
  • Automated security monitoring;
  • Access controls and authentication systems;
  • No unencrypted data storage;
  • No third-party access.

Encryption and Security Measures:

  • All data transmission uses TLS 1.3 or higher;
  • Storage encryption using AES-256;
  • Regular key rotation and management;
  • Secure key storage and handling;
  • Automated threat detection;
  • Real-time security monitoring;
  • Regular penetration testing;
  • Continuous security updates.

6. Data Retention Periods

We maintain strict retention periods for different data types:

  • Session Data: Duration of active session only;
  • Technical Data: Only while necessary for TestNet operation;
  • Security Logs: Up to 30 days for security monitoring;
  • Transaction Data: As required by applicable regulations;
  • Wallet Information: While account is active.

7. Your Rights Under GDPR

You maintain comprehensive rights:

  • Right to Access -- Request information about your data;
  • Right to Erasure -- Request deletion of your data;
  • Right to Withdraw Consent -- Stop using TestNet at any time;
  • Right to Object -- Object to specific processing;
  • Right to Restrict Processing -- Request processing limitations;
  • Right to Data Portability -- Receive your data in a structured format;
  • Right to Be Informed -- Receive clear information about processing.

8. Mouse Pointer Coordinates and Event Tracking

As specified in the original Privacy_Policy.doc, we collect mouse pointer coordinates and related event data solely for:

  • Security purposes (bot detection);
  • Interface optimization;
  • User experience improvement.

This data is processed in real-time and is not stored beyond the immediate session requirements.

9. Canvas and Browser Fingerprinting

Our use of canvas fingerprinting and browser capabilities detection is strictly limited to:

  • Fraud prevention;
  • Security enhancement;
  • Performance optimization.

No fingerprinting data is stored beyond the immediate session requirements or shared with any third parties.

10. Consent and Usage

By installing and using the TestNet, you explicitly consent to:

Technical Data Processing Consent: ☐ I agree to the processing of technical data as described in this Privacy Policy, solely for enabling TestNet functionality.

If you decline, you cannot use the TestNet as this technical data processing is essential for its operation.

11. Updates to Privacy Notice

We will notify users of material changes to:

  • Data processing methods;
  • Security measures;
  • Technical requirements;
  • Privacy practices;

12. Contact Information

For privacy inquiries or to exercise your rights:

  • Email: support.tn@naoris.com;
  • Data Protection Officer: João Ferreira Santos;
  • Head Office: Albany Financial Center, Suite 502, South Ocean Boulevard, Nassau, Bahamas SP-63158.

13. Technical Operations and Securitye

Our technical operations follow:

  • ISO 27001 security guidelines
  • GDPR requirements;
  • Industry best practices for encryption;
  • Regular security audits;
  • Continuous monitoring;
  • Threat detection and prevention.

14. Jurisdiction and Compliance

This privacy notice and our data processing practices comply with:

  • GDPR requirements;
  • Applicable data protection laws;
  • Industry security standards;
  • Regulatory requirements.