Legal

Privacy Policy

Last updated: March 18, 2026

Introduction

Welcome to Privara. We are committed to protecting your privacy and ensuring transparency about how we handle your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your information.

Privara is currently in private alpha, developed by Reineira Labs FZE ("Developer"), a company registered in RAK DAO, Ras Al Khaimah, United Arab Emirates, as a research and technology demonstration project built on the ReineiraOS protocol. Reineira Labs FZE serves as the development company and is not the operator of the platform as a financial service. The platform operates exclusively on the Arbitrum Sepolia testnet for demonstration purposes.

By accessing our website, submitting a waitlist request, creating an account, or using any features of the Privara platform, you agree to the terms outlined in this policy.

Information We Collect

We collect minimal information necessary to operate our services. The scope of data collected depends on how you interact with Privara:

Waitlist Registration

  • Email address: When you submit our waitlist form, we collect your email address to communicate with you about your access request and Privara updates.
  • IP address: Automatically collected when you submit the waitlist form, for security purposes, fraud prevention, and to help us understand our user base geographically.
  • Source: We record whether you signed up via the personal or business waitlist to tailor communications.

Platform Account & Authentication

If you are granted access to the platform, we additionally collect:

  • Email address: Used for account identification, authentication (OTP verification), and communication.
  • Authentication credentials: We facilitate passkey (WebAuthn) registration which involves your device generating cryptographic key pairs. The private key never leaves your device. We receive and store only the public key component and credential metadata necessary for authentication.
  • Device identifiers: Technical identifiers associated with your device, generated during wallet setup, used for account security.
  • Wallet addresses: Blockchain wallet addresses generated through or connected to the platform. These are public blockchain identifiers, not private keys.

Invoice & Payment Data

When you use the platform's invoicing features:

  • Invoice details: Client name, client email, service description, invoice amount, due date, and optional messages. When Privacy Shield is enabled, these details are encrypted client-side using FHE before being stored on-chain.
  • Transaction references: On-chain transaction hashes, invoice identifiers, and payment status information.
  • Withdrawal information: Destination wallet addresses, selected blockchain networks, and bridge transaction references.

Technical Data

  • Server logs: Standard HTTP request data including IP addresses, browser type, referring pages, and timestamps. These logs are retained for a limited period for security and debugging purposes.
  • Local storage data: The platform stores certain data locally on your device (in browser localStorage) including authentication tokens, wallet provider preferences, and encryption keys. This data is not transmitted to our servers except as needed for authentication.

Blockchain & On-Chain Data

Privara interacts with public blockchain networks. You should be aware of the following regarding on-chain data:

  • Public by nature: Blockchain transactions, wallet addresses, and smart contract interactions are publicly visible on the blockchain. This is an inherent property of blockchain technology that Privara cannot alter.
  • Privacy Shield encryption: When enabled, the Privacy Shield feature encrypts sensitive invoice data (client details, service description, amounts) using Fully Homomorphic Encryption (FHE) before submission to the blockchain. Encrypted data can only be decrypted by authorized parties holding the appropriate keys.
  • Privara does not decrypt: Privara does not hold decryption keys for Privacy Shield-encrypted data and cannot access the encrypted content of your invoices.
  • Immutability: Data written to the blockchain (even on testnet) is generally immutable and cannot be deleted or modified after confirmation. Testnet data may be removed only if the network itself is reset.
  • Metadata visibility: Even with Privacy Shield enabled, certain metadata remains publicly visible, including transaction hashes, timestamps, wallet addresses, and smart contract interaction patterns.

How We Use Your Information

We use the information we collect for the following purposes:

  • Service operation: To authenticate your identity, process your requests, facilitate invoice creation and payment workflows, and provide the core platform functionality.
  • Waitlist management: To process your request for early access and manage our waitlist queue.
  • Communication: To send you updates about your waitlist status, notify you when access is granted, and share important information about Privara including service changes and security notices.
  • Security: To protect against fraudulent or malicious activity, prevent abuse, and maintain the security and integrity of our services.
  • Service improvement: To understand aggregate usage patterns and improve our services.
  • Legal compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.

We will not sell, rent, or share your personal information with third parties for their marketing or advertising purposes. We do not engage in profiling or targeted advertising.

What We Do Not Collect

For transparency, we explicitly confirm that Privara does not collect:

  • Tracking cookies or advertising pixels
  • Cross-site tracking data
  • Financial information (bank accounts, credit cards)
  • Government-issued identification documents
  • Biometric data (your biometrics are processed entirely on your device during passkey authentication and are never transmitted to Privara)
  • KYC/AML verification data (no identity verification is performed in the current testnet phase)
  • Social media profiles or contacts
  • Location data beyond IP-derived geographic region

Data Storage and Security

We take the security of your personal information seriously. Your data is protected using industry-standard security measures, including:

  • Encrypted data transmission (HTTPS/TLS) for all communications
  • Secure cloud infrastructure with access controls and monitoring
  • Limited access to personal data on a need-to-know basis
  • Client-side FHE encryption for sensitive on-chain data (Privacy Shield)
  • Passkey-based authentication with no server-side storage of private keys or biometric data

While we implement reasonable technical and organizational security measures, please be aware that no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of your data. In the event of a data breach affecting your personal information, we will notify affected users in accordance with applicable law.

Third-Party Services

We use the following third-party services to operate our platform. Each processes data as described below:

Analytics

  • Fathom Analytics: We use Fathom Analytics for privacy-focused, cookieless website analytics. Fathom does not use cookies, does not track individual users, and provides only aggregated, anonymized data. Fathom is compliant with GDPR, ePrivacy, PECR, and CCPA.

Infrastructure & Hosting

  • Hosting providers: Our website and platform are hosted on secure cloud infrastructure.
  • IP lookup service: We use a third-party service to determine your IP address when you submit the waitlist form, solely for fraud prevention and geographic understanding.

Communication & Scheduling

  • Calendly: If you book a demo, your scheduling data is processed by Calendly under their own privacy policy. We receive only the meeting details you provide.
  • Email service providers: We may use third-party email services to communicate with you. These providers process your email address on our behalf.

Blockchain & Protocol Infrastructure

  • Arbitrum / Arbitrum Sepolia: The blockchain network processes your transactions publicly. Privara does not control blockchain data storage or retention.
  • Circle: Wallet infrastructure and USDC-related services. Circle may process device identifiers and wallet creation data under their own privacy policy.
  • Wallet infrastructure providers: Passkey validation and smart account services process public key credentials and transaction data.
  • Fhenix: FHE co-processor infrastructure processes encrypted data without decrypting it. Fhenix operates as a decentralized service.
  • ReineiraOS Protocol: The underlying protocol infrastructure. Protocol-level smart contracts are decentralized and operate independently of Privara.

These third-party services have their own privacy policies. We encourage you to review them. We select service providers that demonstrate commitment to data protection, but we cannot guarantee their practices.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information. We honor these rights for all users regardless of location:

  • Access: You can request a copy of the personal information we hold about you.
  • Correction: You can request that we correct any inaccurate information.
  • Deletion: You can request that we delete your personal information from our systems. Note that data already written to a public blockchain cannot be deleted by Privara.
  • Portability: You can request your data in a structured, commonly used, machine-readable format.
  • Restriction: You can request that we restrict processing of your personal information in certain circumstances.
  • Objection: You can object to the processing of your personal information in certain circumstances.
  • Withdrawal: You can withdraw from the waitlist or request account deletion at any time by contacting us.
  • Unsubscribe: You can unsubscribe from non-essential communications at any time.

To exercise any of these rights, please contact us. We will respond to your request within 30 days, or within the timeframe required by applicable law.

Applicable Data Protection Laws

Privara is developed by Reineira Labs FZE under the jurisdiction of the United Arab Emirates. We comply with UAE Federal Decree-Law No. 45 of 2021 (Personal Data Protection Law). Where applicable, we also respect the principles of the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Users in these jurisdictions may have additional rights under local law.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy:

  • Waitlist data: Retained until you request removal or the waitlist program ends.
  • Account data: Retained while your account is active and for a reasonable period thereafter to comply with legal obligations.
  • Server logs: Automatically purged within 30 days.
  • Analytics data: Aggregated and anonymized; contains no personally identifiable information.
  • Blockchain data: On-chain data is publicly available and immutable. Testnet data may be removed only if the testnet network itself is reset by the network operators.
  • Legal requirements: We may retain certain data as required by applicable laws, regulations, or legal proceedings.

If you request deletion of your information, we will remove it from our active systems within a reasonable timeframe, subject to any legal retention requirements and the immutability of blockchain data.

International Data Transfers

Privara is developed from the United Arab Emirates. Your information may be transferred to, stored, and processed in jurisdictions outside your country of residence, including the UAE and countries where our service providers operate.

We use appropriate legal mechanisms for cross-border data transfers and ensure that any transfer of personal data to a jurisdiction outside of your own is carried out in compliance with applicable data protection laws.

By using our services, you consent to the transfer of your information to jurisdictions that may have different data protection standards than your home jurisdiction.

Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information promptly. If you believe we may have collected information from a child, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or for legal, operational, or regulatory reasons. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Notify registered users by email where appropriate
  • Provide a prominent notice within the platform for material changes

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Data Controller: Reineira Labs FZE, RAK DAO, Ras Al Khaimah, United Arab Emirates

Email: [email protected]

Support: [email protected]

We will respond to your inquiry within 30 days.