Legal

Privacy Policy

Last updated: May 31, 2026

Overview

Privara is in private alpha as a demonstration project on a public test network. This policy explains the limited data we handle at this stage. Two principles guide us: we collect the minimum necessary, and the most sensitive information is encrypted so that we cannot read it. We honor the rights described below for every user, wherever you are.

Who We Are

The Privara demo is developed and operated by Reineira Labs Limited, a company registered in RAK DAO, Ras Al Khaimah, United Arab Emirates (the "Developer," "we," "us"), as a research and technology demonstration built on the independent ReineiraOS protocol. We currently operate the demo only; no separate commercial operating entity has been formed yet. When one is, this policy will be updated to name it as the controller.

Where Privara Is Available

Privara is a demonstration only. It is not offered as a financial service, and no transaction on it involves real-value funds. While in this phase we do not make the platform available to, and do not onboard, persons:

  • in any comprehensively sanctioned territory (including Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, and Luhansk regions);
  • who are United States persons or located in the United States; or
  • in regulated markets where offering the platform requires an authorization or local entity we do not yet hold — including the European Economic Area and the United Kingdom, where full availability awaits formation of our operating entity and any required registrations.

Accessing the demo from a place where it is not offered does not entitle you to the service.

What We Collect

We collect only what a specific function needs:

  • Waitlist: your email, the IP address used to submit the form (for fraud prevention and coarse geography), and whether you joined the personal or business list.
  • Account and authentication: if you are granted demo access — your email for sign-in, your passkey public credential (your device keeps the private key; we never receive it), a device identifier for security, and your smart-account address (a public blockchain identifier created via account-abstraction tooling).
  • Demo invoice data: details you enter (client name, client email, description, amount, due date). When Privacy Shield is on, these are encrypted on your device before they reach the chain.
  • Technical: standard server logs (IP, browser, timestamps) kept briefly for security and debugging, and limited data stored locally in your browser (auth tokens, preferences, and keys that are not sent to us).

What We Cannot See, and What We Do Not Collect

By design, the following never reach us in readable form:

  • Your private keys. We never hold, escrow, or recover them.
  • Privacy Shield content. When enabled, invoice details are encrypted with Fully Homomorphic Encryption (FHE) under keys you control. We do not hold those keys and cannot decrypt the content.

And we do not collect at all:

  • Tracking cookies, advertising identifiers, or cross-site tracking
  • Identity-verification documents (no KYC is performed in this demo phase)
  • Bank or card details
  • Biometrics (passkey biometrics stay on your device)
  • Location beyond coarse, IP-derived region

Blockchain and Testnet Data

  • Public and pseudonymous. Addresses, transaction hashes, timestamps, and contract interactions are visible to anyone on the network.
  • Encrypted where it matters. With Privacy Shield, sensitive values are FHE-encrypted before they touch the chain; only ciphertext is published, and we cannot decrypt it.
  • Immutable. On-chain data generally cannot be altered or deleted. Because this is a test network, data may also be wiped if the network is reset by its operators.

How We Use Information

We use the limited data we hold to:

  • operate the demo and authenticate you (to perform our agreement with you);
  • keep the demo secure and prevent abuse (our legitimate interest);
  • manage the waitlist and respond to you;
  • send updates only if you opt in (your consent, withdrawable anytime); and
  • meet legal obligations that apply to us.

We do not sell, rent, or share personal data for advertising, and we do not profile you or make automated decisions with legal effect about you.

Service Providers

We keep our vendor list small. Each processes only what its function requires:

  • Smart-account and passkey infrastructure (account abstraction) — wallet creation and transaction signing.
  • FHE coprocessor infrastructure — computes on encrypted data without decrypting it.
  • USDC and cross-chain infrastructure (Circle) — stablecoin and cross-chain transfer operations under its own terms.
  • Node / RPC provider — relays transactions to the network.
  • Cloud hosting — stores the limited off-chain data above.
  • Privacy-first analytics — cookieless, aggregate-only; no individual tracking.
  • Email and scheduling — process only what you submit.

The public blockchain, the ReineiraOS protocol, and the FHE network are decentralized infrastructure operating independently of Privara. These providers maintain their own privacy policies.

Your Rights

We honor these rights for every user, regardless of location, and will not discriminate for exercising them:

  • Access a copy of your data, correct it, or request deletion (note: data already on a public blockchain cannot be deleted by us).
  • Restrict or object to processing, and request portability.
  • Withdraw consent or unsubscribe at any time.
  • Complain to your local data-protection authority.

To exercise any right, contact us. We respond within 30 days, or sooner where the law requires.

Retention and Security

We keep data only as long as needed: waitlist data until you ask us to remove it; account data while your demo access is active and a short period after; server logs briefly, then purged. On-chain testnet data is immutable and outside our control. We protect data with encryption in transit and at rest, strict access controls, passkey authentication with no server-side private keys or biometrics, and client-side FHE for confidential on-chain data. No system is perfectly secure, but our footprint is deliberately minimal. If a breach affecting your data occurs, we will notify you and any authority as required.

Children and Changes

The demo is for adults (18+). We do not knowingly collect data from children; if you believe we have, please contact us and we will delete it. We may update this policy as the project develops; when changes are material we will update the date above and, where appropriate, notify you.

Contact

For any privacy question or request: