Privacy Policy

Last Updated: November 29, 2025

SolNinja is committed to privacy, transparency, and data minimization. This policy describes how we collect, use, and protect information across our website, optional client applications, and non-custodial privacy protocol.

TechnologyWhitepaperFAQGlossary

Scope

Protocol: SolNinja is a non-custodial privacy tooling protocol on Solana. On-chain activity is subject to network visibility and validation. We do not operate a custodial service, and we do not control or store your private keys.

Website & Client UI: This policy governs data collected via our marketing website and any optional client interfaces we provide for interacting with the protocol.

Data We Collect

Wallet-Level Data

  • Public Keys: Only when you connect a wallet; used for session UX and displaying balances. We never access or store private keys.
  • Transaction Metadata: Generated by your client; we do not persist proofs or private state off-chain unless you explicitly opt in (e.g., exportable receipts for compliance).

On-Chain / Network Data

  • Public ledger events (commitments, nullifiers, program logs) are visible on-chain to all network participants.
  • We do not de-anonymize or re-link shielded flows beyond what the protocol design permits for integrity checks.

Site & App Telemetry

  • Basic Analytics: Pages visited, referrers, device types via privacy-preserving analytics (or self-hosted solutions). No cross-site identifiers or user-level tracking.
  • Cookies & Local Storage: For preferences (theme, language) and session state (connected wallet). Essential cookies only; non-essential cookies require consent.

Support & Contact

  • Email or form submissions: name, email, message content for support inquiries and compliance requests.

What We Don't Collect

  • No private keys or seed phrases.
  • No plaintext transaction details from the shielded set.
  • No biometric or sensitive category data.
  • No data brokerage, ad-tech identifiers, or cross-site tracking pixels.

Use of Data

  • Provide Core Functionality: UI state, feature performance, session management.
  • Improve Reliability & UX: Aggregate telemetry to monitor error rates and optimize performance.
  • Security Evaluations: Detect abuse patterns without de-anonymizing legitimate users.
  • Legal Compliance: Respond to lawful requests with minimal disclosure as required by applicable law.

Opt-In Disclosures & Receipts

Users may generate exportable proofs or receipts for independent reviews, tax filings, or compliance purposes. These artifacts are client-side by default. If we offer optional server-side storage or submission features, participation is strictly opt-in and limited to the payload you choose to share.

Legal Bases (GDPR)

  • Performance of Contract: Delivering app functionality you request.
  • Legitimate Interests: Protecting service integrity, improving performance, and ensuring security.
  • Consent: Non-essential cookies, optional telemetry, and any optional receipt uploads.

Your Rights (GDPR / CCPA)

You have the right to:

  • Access, rectify, erase, restrict processing, or request portability of your personal data.
  • Object to processing based on legitimate interests.
  • Opt out of sale or sharing of personal data (we do not sell personal data).
  • Withdraw consent at any time for consent-based processing.

To exercise your rights, contact us via the method listed below. We respond within statutory timelines.

Data Retention

  • Telemetry: Aggregate metrics retained for trend analysis with minimal granularity; rotated regularly.
  • Support Tickets: Retained as long as needed to resolve inquiries and meet legal requirements.
  • Cookies & Local Storage: Controlled by you; may be cleared at any time via browser settings.

Security

We employ encryption in transit, hardened access controls, and follow the principle of data minimization. Regular independent security reviews are conducted to maintain protocol and infrastructure integrity. While we cannot guarantee perfect security, we are committed to continuous improvement and transparency.

International Transfers

If applicable, we use standard contractual clauses and regional hosting preferences to safeguard data transferred outside your jurisdiction. Details provided upon request.

Children's Privacy

Our services are not directed to persons under applicable age thresholds (typically 13, 16, or 18 depending on jurisdiction). We do not knowingly collect data from children.

Disclosures

We may disclose limited information:

  • To comply with lawful requests and applicable law.
  • To protect users and platform integrity against abuse, fraud, or security threats.
  • In connection with a merger, acquisition, or asset sale, subject to successor commitments consistent with this policy.

Third-Party Services

We may use third-party providers for hosting, analytics, and error monitoring under data processing agreements. We do not use ad-tech networks or targeted advertising vendors.

Do Not Track & Preferences

We honor browser-level Do Not Track (DNT) signals or global privacy controls for non-essential tracking where feasible. An in-app toggle for telemetry and cookies is available in our client interface.

Changes to This Policy

We may update this policy for material changes. The "Last Updated" date at the top will reflect modifications. Major changes may prompt an in-app notice or banner on our website.

Contact Us

For privacy inquiries, data subject requests, or questions about this policy:

Email: solninjacoin@proton.me

We aim to respond to all inquiries within 30 days, or as required by applicable law.