Privacy Policy

1. Information We Collect

We collect the following data when you use Arkena:

  • X (Twitter) account info — username, display name, profile image, and account ID, collected when you connect your X account to join the waitlist.
  • IP address — collected automatically for rate limiting, abuse prevention, and session security. Stored alongside waitlist entries, application submissions, and authentication sessions.
  • Wallet address — your Canton Network party ID, used to identify you on the platform and authenticate your session.
  • Referral code — provided during wallet creation to track invitation usage.
  • Collection application data — name, description, images, contact info, and social links you provide when applying to create a collection.
  • Transaction data — recorded on the Canton Network when minting, trading, swapping, or transferring assets.

2. Information We Do Not Collect

We want to be explicit about what we never collect or have access to:

  • Private keys — your signing keys are generated and stored locally on your device. They are never transmitted to our servers.
  • Seed phrases — your recovery phrase is encrypted on your device and never leaves it.
  • Wallet passwords — your wallet unlock password is used locally to decrypt your keys. We do not store or process it.
  • Bank or financial account information — we do not collect traditional financial data.

3. How We Use Your Data

  • X account info — to manage your waitlist registration and notify you at launch. We do not share your data with third parties.
  • IP address — for rate limiting (preventing abuse), session security (binding sessions to IPs), and fraud detection. We do not use IP addresses for tracking or advertising.
  • Wallet address — to facilitate platform functionality, authenticate sessions, and process NFT transactions.
  • Application data — to review and process your collection creation requests.

4. Legal Basis (GDPR)

We process your data under the following legal bases:

  • Consent — X account connection (you actively authorize via OAuth).
  • Legitimate interest — IP address collection for security and abuse prevention.
  • Contract performance — wallet address and transaction data to provide platform services.

5. Data on Canton Network

Transaction data on the Canton Network benefits from its privacy-first architecture. Unlike public blockchains, Canton provides sub-transaction privacy — only parties involved in a transaction can see its details.

6. Data Storage & Security

  • Data is stored in Supabase (EU region) with Row-Level Security enabled.
  • Authentication uses Ed25519 cryptographic signatures — no passwords are stored.
  • Session cookies are httpOnly, Secure, and SameSite=Strict.
  • All connections use HTTPS/TLS encryption.

7. Third-Party Services

We use the following third-party services:

  • Vercel — hosting and first-party analytics (no tracking cookies, privacy-friendly).
  • Supabase — database and file storage (EU region).
  • Upstash — rate limiting infrastructure.

We do not sell your personal information to third parties.

8. Cookies & Local Storage

We use httpOnly session cookies for authentication only. No tracking or advertising cookies are used. Vercel Analytics is cookie-free and privacy-compliant. Local storage is used minimally for UI preferences (e.g., wallet connection state).

9. Data Retention

  • Waitlist data — retained until platform launch or until you request deletion.
  • Application data — retained for the duration of the review process and platform operation.
  • Session data — automatically expires (1 hour for users, 4 hours for admins).
  • IP addresses — stored with associated records, deleted when the record is deleted.

10. Your Rights

Under GDPR and applicable data protection laws, you have the right to:

  • Access — request a copy of the data we hold about you.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion of your waitlist and application data.
  • Portability — receive your data in a structured format.
  • Objection — object to processing based on legitimate interest.

On-chain transaction data cannot be deleted due to the nature of distributed ledgers.

11. Children's Privacy

Arkena is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a person under 18, we will take steps to delete that information promptly.

12. Contact

For privacy-related inquiries or to exercise your rights, reach out through our X (Twitter) or Telegram.

Last updated: April 2026