Privacy Policy

Effective: December 31, 2025 · Last Updated: February 12, 2026

1. Introduction

Our Commitment: We believe in financial privacy as a fundamental right. TWZRD is designed to minimize data collection and maximize user control. We will never build surveillance infrastructure or sell your data.

This Privacy Policy explains how TWZRD ("we," "our," or "Protocol") collects, uses, and protects information when you use TWZRD-operated websites and applications, including app.twzrd.xyz (the "Interface"), defi.twzrd.xyz (the DeFi gateway), and TWZRD-operated APIs at api.twzrd.xyz (collectively, the "Service"). By using the Interface, you agree to the collection and use of information in accordance with this policy.

If we make material changes to this Policy, we will provide notice through the Interface and update the "Last Updated" date above.

2. Data We Collect & Retention

We adhere to a strict "Data Minimization" standard. We only collect the absolute minimum data required to verify "Proof-of-Engagement" and execute blockchain transactions.

A. On-Chain Data (Public & Immutable)

• Wallet Address: When you connect your Solana wallet, your public address is visible to us and the public blockchain.
• Transaction History: Any interaction with the TWZRD smart contracts (staking, claiming rewards) is publicly recorded on the Solana blockchain.
• Note: We cannot delete or alter data once it is written to the blockchain.

B. Off-Chain Data (Ephemeral & Private)

• Engagement Signals: To verify eligibility and calculate rewards, we process limited engagement-related signals from supported platforms, such as platform identifiers, timestamps, and chat or interaction metadata necessary to validate participation and compute reward amounts.
• Referral Data: If you use or share an invite code, we store the code, the referring wallet address, and the timestamp of redemption to attribute referral rewards. Invite codes may be captured from URL parameters (e.g., ?ref=) and validated against our records.
• Swap & Trade Routing Data: If you use in-app swap functionality (including via defi.twzrd.xyz), your trade parameters (token mints, amounts, and slippage settings) are routed through TWZRD-operated API proxies to third-party decentralized exchange aggregators (e.g., Jupiter at jup.ag). We do not store completed trade parameters or transaction data beyond standard server logs (see "Server Logs" below), but this data transits our infrastructure during request processing. Swap history displayed in the Interface is stored client-side (localStorage) only and is not transmitted to or retained by TWZRD servers.
• Interface Metadata: To provide real-time visual feedback on the Interface, we temporarily cache limited engagement metadata. This data is ephemeral and is automatically deleted from active systems after a short duration. Long-term storage is limited to the cryptographic proofs or hashed identifiers necessary for settlement verification.
• Data Retention: We retain raw engagement event data only as long as necessary for settlement, fraud prevention, dispute resolution, and system integrity, and we delete or de-identify it on a rolling basis within a limited period. Aggregated and cryptographic outputs (e.g., reward totals, Merkle roots/proofs) may be retained longer to support claims, audits, and protocol integrity.
• Internal Mapping: We may maintain a strictly access-controlled internal mapping of platform identifiers to wallet addresses for protocol operation and indexing. Access is restricted to authorized engineering staff for maintenance only and protected by multi-factor authentication.
• Server Logs: We may rely on standard server logs (including IP address, user agent, and request metadata) for security, DDoS protection, and debugging. These logs are retained for a limited security window.

C. Cookies & Local Technologies

We may use local storage (e.g., to store your wallet connection preference) and strictly necessary technical cookies to operate the Interface. We do not use cookies for cross-site tracking or behavioral advertising. Third-party infrastructure providers (e.g., RPC nodes, security services) may utilize distinct technologies subject to their own policies.

3. Tax & Regulatory Status

Non-Custodial Nature: TWZRD is a non-custodial software protocol and is not a financial broker or exchange. We do not have custody of user assets at any time. Consequently, we do not collect Taxpayer Identification Numbers (TINs) nor issue IRS Form 1099s for tokens earned through network participation, except where explicitly required by valid, applicable law.

4. How We Use Your Data

We use your data for the following specific purposes:

• Protocol Execution: To verify engagement and generate the Merkle proofs required for the smart contract to release rewards.
• Compliance: We reserve the right to screen wallet addresses against applicable sanctions lists and to block access to the Interface as described in Section 9.
• Security: To detect botting, Sybil attacks, or manipulation of the oracle.

5. Third-Party Data Sharing

We do not sell your personal data. We only share data in the following instances:

• Service Providers: We may utilize third-party infrastructure providers (e.g., hosting, DDoS protection, RPC) who process data solely to provide technical services to the Protocol.
• Integrated Platforms: If you use engagement features through supported platforms, we access limited interaction metadata solely to validate Protocol eligibility criteria. Applicable platform providers are third-party beneficiaries of this Policy regarding their respective data.
• Optional Integrations: From time to time, TWZRD may support additional third-party platforms. If and when new integrations are enabled, your use may be subject to those third-party policies, and we will process only the minimum data required for the integration.
• DeFi Routing: Certain Interface features (e.g., in-app token swaps) route requests through TWZRD-operated API proxies to third-party decentralized exchange aggregators. Trade parameters transit our servers during processing but are not retained beyond standard server log windows. Your interactions with the underlying third-party protocols are governed by their respective policies; TWZRD does not control their data practices.
• Legal Compliance: We may disclose off-chain data if required by a valid court order or subpoena.

6. Your Rights (Right to Delete)

• Off-Chain Data: You have the right to request the deletion of your off-chain metadata (e.g., IP logs, cached session data) by contacting us. To protect your account, we may request that you sign a message with your wallet to verify ownership before processing deletion requests.
• On-Chain Data: Please be aware that we cannot delete data written to the blockchain. The blockchain is an immutable public ledger. By using the Protocol, you acknowledge that your public wallet address and transaction history are permanently public.
• Limitations: We respond to requests consistent with applicable law. Some rights may be limited by security requirements, fraud prevention, and legal retention obligations.

7. Data Security

We use industry-standard encryption for data in transit (TLS 1.3). However, no method of transmission over the Internet is 100% secure. You acknowledge that you use the Interface at your own risk.

8. Age Requirements

The Interface is not intended for users under the age of 18. We do not knowingly collect data from children.

9. Sanctions Screening

To support compliance with global sanctions regulations, we reserve the right to utilize third-party blockchain analytics tools to screen wallet addresses interacting with the Interface and to block addresses associated with the OFAC SDN List or other applicable sanctions lists. The scope and implementation of such screening may evolve over time.

10. No Surveillance & AI Training Prohibition

Except where required to comply with sanctions laws, we do not track your browsing history across other sites, fingerprint your device for ad targeting, or sell your behavioral profile.

• AI/ML No-License Notice: TWZRD does not grant any license to use TWZRD Data (as defined in the Terms of Service, including Interface content and TWZRD-produced datasets) for training, fine-tuning, or validating AI/ML models, except under an express written TWZRD Data License.
• Public Ledger Notice: Information recorded on public blockchains may be accessed independently of TWZRD; this Policy governs TWZRD's processing of off-chain data and your use of TWZRD-operated Interfaces and APIs.

11. International & State-Specific Rights

While TWZRD is a U.S.-based protocol, we respect the data sovereignty rights of our global user base.

• EEA/UK/Brazil Users: You may have the right to access, correct, or delete your off-chain personal data. You acknowledge that on-chain data is immutable and cannot be erased.
• California Users (CCPA/CPRA): We do not "sell" or "share" your personal information for cross-context behavioral advertising. You have the right to request disclosure of the categories of data we collect (as listed in Section 2).

12. Accessibility

• Commitment: TWZRD is committed to ensuring digital accessibility for people with disabilities. We aim to conform to the Web Content Accessibility Guidelines (WCAG) 2.2, Level AA.
• Status: We aim to maintain sufficient color contrast and the Interface is designed to support text resizing. We test with automated tooling and manual checks and are expanding structured screen reader testing.
• Accommodations: If you experience difficulty accessing any content on this site, or require this document in an alternative format, contact us at privacy@twzrd.xyz. We will work with you to provide the information in a format that meets your needs.

13. Contact & Jurisdiction

For privacy-related inquiries, contact: privacy@twzrd.xyz

This Policy is governed by the laws of the State of Delaware.