Privacy Policy

1. Information We Collect

We may collect the following categories of information:

• Email address and login credentials for account creation, authentication, and account recovery.
• Email verification metadata, including registration OTP, login OTP, seed-view OTP, PIN reset OTP, and account-restore OTP status, attempt counters, and expiration timestamps.
• Device, IP, and session identifiers used to secure accounts, apply trusted-device logic, detect abuse, and maintain service integrity.
• Mining activity data, including session start/completion, elapsed time checks, heartbeat validation, successful session counters, ANTS balances, and claim-related audit signals.
• Wallet addresses, migration wallet addresses, wallet PIN status, encrypted seed vault metadata, or related wallet identifiers when users access Web3 or migration features.
• Phase 5 mining proof data, including proof hashes, difficulty levels, nonce counters, and proof submission timestamps when users generate and submit decentralized proofs to the chain.
• Support or contact information when users communicate with us.

2. How We Use Information

We use information we collect to:

• Provide, operate, maintain, and secure the application.
• Authenticate users, verify email ownership with OTP flows, process one-time account-restore requests, and manage trusted-device sessions.
• Operate mining features, ANTS-first reward accounting, referral activation logic, anti-abuse checks, and supply protection controls.
• Support Phase 5 decentralized proof generation, signing, submission to blockchain validators, and proof verification on the Layer 1 chain.
• Support app features across off-chain Web2 services, on-chain Web3 visibility, migration wallet handling, and future Web4 preparation.
• Improve functionality, performance, user experience, and fraud detection.
• Comply with legal obligations and protect the integrity of the ecosystem.

3. Permissions and Minimum Scope

The current mobile-app release is designed to operate without broad access to sensitive device datasets.

• Current Android permissions are limited to internet access, local notification support, boot-complete handling for notification scheduling, and advertising identifier support for ad services where permitted.
• The current release does not request broad contacts access, precise location, background location, geofencing, SMS, call logs, photo-library access, all-files access, or broad package visibility.
• If a future feature needs contact sharing, we intend to use minimum-scope system flows such as Android Contact Picker where available instead of broad address-book access unless broader access is strictly required for a core, user-facing function.
• If a future feature needs location, we intend to request the minimum scope needed, such as coarse location, foreground-only access, or Android's location button for one-time precise location flows where available, rather than persistent precise or background access unless strictly required for a core, user-initiated function.

4. Web2, Web3, and Web4 Context

A Network may include separate but linked product layers:

• Web2 off-chain features, including app-native account systems and service logic.
• Web3 on-chain features, including wallet displays, migration wallet references, and token-related blockchain information.
• Web4 coordination concepts that connect Web2 and Web3 through migration planning, habitat design, and governed product logic.

Not all app activity is blockchain activity. Some features are off-chain, some are on-chain, and some may connect both systems.

4A. Protocol Execution and Sensitive Key Material

Current production policy separates public market visibility from authenticated settlement execution.

• Public web pages may show market data, quotes, and chain visibility.
• Execute settlement flows are policy-gated and intended for authenticated wallet paths.
• First NFT profile activation depends on successful authenticated settlement conditions and related eligibility checks.
• For production safety, users should not transmit seed phrase or private key material through public web requests.

When sandbox or integration pages are used for testing, submitted values may be processed according to test-environment behavior. Users should avoid using production secret material in test surfaces.

4B. Phase 5: Decentralized Proof Generation and Submission

Phase 5 introduces decentralized mining proofs, enabling miners to generate proofs locally and submit them directly to community validators on the Layer 1 blockchain.

• Proof generation occurs entirely on the user's device using SHA256 hashing; the mobile app does not transmit partial proofs or intermediate data to the server.
• Once a proof is generated, the user signs it with their secp256k1 private key (derived from their BIP39 seed phrase) before submission.
• Signed proofs are submitted to the Layer 1 blockchain validators, not to a central mining server. Validators independently verify the signature and proof difficulty.
• Accepted proofs are included in blockchain blocks and become part of the permanent, distributed ledger. This means proof data (miner address, proof hash, difficulty, and timestamp) becomes publicly visible on the blockchain.
• Proof nonce values are tracked persistently in the chain's database to prevent replay attacks. A miner cannot submit the same proof twice.
• The private key used for proof signing remains under the user's control and is never transmitted to our servers or to validators; only the signature is submitted.

5. Account Recovery and Wallet Continuity

The current release includes account-continuity and wallet-security features designed to reduce accidental loss without turning the service into a custodial wallet provider.

• Scheduled account deletion may support a one-time restore flow through email OTP before final deletion completes.
• Wallet PIN set, change, and reset flows may require email-based verification.
• Seed phrase access controls may use encrypted server-side seed vault fields, email OTP verification, PIN checks, and audit logging.
• Legacy local device fallback behavior may exist for users whose older seed backups were not migrated to newer encrypted storage flows.

6. Advertising

We may use Google AdMob or related advertising services. These services may collect and process data according to their own policies and technologies, including advertising identifiers, app interaction signals, and device-level metadata used for ad delivery, measurement, and fraud prevention.

Learn more: https://policies.google.com/technologies/ads

7. Data Sharing

We do not sell users' personal information. We may share limited information with service providers, hosting providers, analytics providers, ad partners, email/OTP delivery providers, blockchain data providers, or legal authorities when reasonably necessary for service operation, wallet/account recovery flows, security, compliance, or fraud prevention.

8. Data Security

We use reasonable technical and organizational measures to protect information. These may include hashed passwords, hashed OTP values, trusted-device checks, rate limiting, abuse monitoring, and encrypted wallet seed vault fields where supported by the current product architecture. However, no method of internet transmission or electronic storage is completely secure, and we cannot guarantee absolute security.

9. Children's Privacy

This service is not directed to children under 13. We do not knowingly collect personal data from children under 13. If we become aware that such data has been provided, we will take reasonable steps to remove it.

10. Data Retention

We retain information for as long as necessary to operate the service, resolve disputes, enforce agreements, maintain security, and comply with applicable law. Security-sensitive records such as OTP verification data, mining session logs, restore attempts, device-trust state, and abuse-prevention signals may be retained for security and audit purposes. Account deletion and scheduled-deletion workflows may also require temporary retention windows before records are fully removed or anonymized, subject to system, legal, and security requirements.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any updated version will be posted on this page with a revised effective date.

12. Contact Us

If you have any questions about this Privacy Policy, contact us at info@a-network.net.