Back to Home

Privacy Policy

Last updated: March 26, 2026

1. Introduction

Priv Labs, Inc., a Delaware corporation ("Priv Labs," "we," "our," or "us"), operating under the brand name PRIV Protocol, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (privlabs.io), browser extension, mobile application, smart contracts, and related services (collectively, the "Services").

Unlike traditional data brokers, PRIV Protocol is built on the principle that you should own and control your data. We are transparent about what data we collect and ensure you are fairly compensated for any data you choose to share.

Key Principle: Data collection is OFF by default. We never collect any browsing or personal data unless you explicitly enable it in your settings.

2. Information We Collect

2.1 Information You Provide Directly

  • Wallet Address: Your Ethereum-compatible wallet address when connecting to our Services (required for earning PRIV tokens)
  • Email Address: Optional, only if you choose to receive notifications
  • Uploaded Content: Photos, videos, or voice recordings you voluntarily upload to our AI training marketplace
  • Support Communications: Messages you send to our support team

2.2 Browser Extension Data (Opt-In Only)

When you install our browser extension and explicitly enable data sharing, you can choose to share the following data types:

Browsing History

What we collect: Domain names and page paths (e.g., "example.com/products")
What we DON'T collect: URL query parameters (?id=123), fragments (#section), or any data that could identify specific pages you visited
Additional data: Time spent on page, scroll depth percentage, page category (social, shopping, news, etc.)

Search Patterns

What we collect: Search engine used (Google, Bing, etc.) and query length (number of characters)
What we DON'T collect: The actual search terms you type - we never see what you searched for

Social Media Activity

What we collect: Platform name (Twitter, Facebook, etc.) and page type (feed, profile, post)
What we DON'T collect: Your posts, messages, friends, followers, or any content you view

Content Preferences

What we collect: Platform name (YouTube, Netflix, Spotify) and content type (video, audio, article)
What we DON'T collect: Specific videos, songs, or articles you consume

Ad Impressions

What we collect: Number of ads on page, ad network names (Google Ads, Facebook Ads, etc.)
What we DON'T collect: The content of ads or what products/services are advertised to you

Shopping Behavior

What we collect: E-commerce platforms visited and general category browsing
What we DON'T collect: Specific products viewed, prices, purchases, or shopping cart contents

2.3 Automatic Privacy Protection

Our extension automatically applies the following privacy protections to all collected data:

  • URL Anonymization: Query parameters and URL fragments are stripped before any data leaves your browser
  • Title Redaction: Email addresses, phone numbers, and names detected in page titles are replaced with [email], [phone], [name]
  • Time Threshold: Pages visited for less than 3 seconds are not recorded
  • Deduplication: Repeated visits to the same page within 60 seconds are merged

2.4 Token Presale and Purchase Information

When you participate in our token presale or purchase PRIV tokens, we collect:

  • Wallet Address: Your Ethereum-compatible wallet address used for the purchase
  • Transaction Details: Amount purchased, payment method (ETH, USDC, or card), transaction hash, and presale stage
  • Third-Party Payment Data: If you use a card payment provider (e.g., MoonPay), that provider collects your payment and identity verification information under their own privacy policy. We receive only the transaction confirmation and wallet address — not your card details, government ID, or personal identity information

Purchase and allocation records are retained for a minimum of seven (7) years for tax and regulatory compliance purposes. On-chain transaction records are permanent and immutable on the Base blockchain.

2.5 Technical Information

  • Device type and operating system
  • Browser type and version
  • IP address (hashed, not stored in identifiable form)
  • Usage patterns within our dashboard and Services

3. Sites We Never Track

Even with data sharing enabled, our extension automatically excludes the following sensitive categories:

  • Banking & Financial Sites - Any URL containing "bank", "banking", or known financial institution domains
  • Healthcare & Medical Sites - Any URL containing "healthcare", "medical", "health", or medical provider domains
  • Email Services - Gmail (mail.google.com), Outlook, and other webmail services
  • Login & Authentication Pages - Any URL containing "login", "signin", "auth", "password", or "credential"
  • Local Files - file:// URLs are never accessed
  • Browser Internal Pages - chrome://, about:, edge:// pages
  • Google Account Pages - accounts.google.com and Google sign-in pages

4. How We Use Your Information

  • Service Operation: To provide and maintain our Services
  • Token Rewards: To process PRIV token rewards for data you choose to share
  • Data Marketplace: To aggregate and anonymize data for sale to verified buyers
  • Service Improvement: To improve our Services and develop new features
  • Communications: To send updates and opportunities (with your consent)
  • Security: To detect and prevent fraud, abuse, or manipulation
  • Legal Compliance: To comply with applicable laws and regulations

5. Data Sharing and Disclosure

5.1 Data Marketplace

When you opt-in to share data, your anonymized and aggregated data may be sold to verified buyers including research institutions, AI companies, and enterprises. You receive PRIV tokens as compensation. Your personal identity is never revealed to data buyers.

5.2 Service Providers

We work with trusted service providers to operate our Services:

  • Supabase: Database hosting and authentication
  • Vercel: Website and API hosting
  • Base (Coinbase L2): Blockchain infrastructure for PRIV token
  • MoonPay: Fiat-to-crypto transactions (optional)

5.3 Legal Requirements

We may disclose information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6. Data Retention

We retain your data for the following periods:

  • Wallet Address: Retained while your account is active, deleted upon request
  • Browsing Data: Aggregated within 24 hours, individual records deleted after 30 days
  • Uploaded Content: Retained until you delete it or request deletion
  • Transaction Records: Retained for 7 years for legal and tax compliance
  • Support Communications: Retained for 2 years after resolution

Blockchain transactions (token transfers, staking) are permanently recorded on the Base blockchain and cannot be deleted due to the immutable nature of blockchain technology.

7. Your Rights and Choices

7.1 Data Control

  • Access: View all data we have collected about you in your dashboard
  • Correction: Update or correct inaccurate data
  • Deletion: Request deletion of your data by disconnecting your wallet or contacting us
  • Portability: Export your data in a machine-readable format
  • Opt-out: Disable data collection instantly via the extension toggle
  • Granular Control: Enable or disable each data type individually

7.2 GDPR Rights (EU/EEA Users)

If you are in the European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to object to processing
  • Right to restrict processing
  • Right not to be subject to automated decision-making
  • Right to lodge a complaint with a supervisory authority

Legal Basis for Processing: We process your data based on your explicit consent (Article 6(1)(a) GDPR). You can withdraw consent at any time by disabling data sharing in the extension.

7.3 CCPA Rights (California Users)

California residents have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to request deletion of personal information
  • Right to opt-out of the "sale" of personal information
  • Right to non-discrimination for exercising your rights

Note: When you actively choose to share your data through our marketplace and receive PRIV tokens, this is a consensual value exchange, not a "sale" under CCPA. You initiate and control this exchange.

8. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption at Rest: AES-256 encryption for stored data
  • Encryption in Transit: TLS 1.3 for all data transmissions
  • On-Device Processing: URL anonymization and PII redaction happen in your browser before any data is transmitted
  • Local Storage: Data is batched locally and only sent every 5 minutes
  • Security Audits: Regular third-party security assessments
  • No Plaintext Secrets: We never store passwords or private keys

9. Cookies and Tracking

Our website uses only essential cookies required to operate the Services (authentication, preferences). We do not use third-party advertising or tracking cookies. You can control cookie preferences through your browser settings.

Our browser extension does not use cookies. It uses Chrome's local storage API to store your preferences and cached data locally on your device.

10. Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@privlabs.io.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses (SCCs) where required by GDPR.

12. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will:

  • Post the updated policy on this page with a new "Last updated" date
  • Notify you via email (if provided) or through the extension
  • Provide at least 30 days notice before changes take effect

Your continued use of the Services after the effective date constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have a privacy concern, please contact us:

  • Privacy Inquiries: privacy@privlabs.io
  • Data Rights Requests: datarights@privlabs.io
  • Website: https://privlabs.io
  • Twitter / X: @privlabs

We aim to respond to all privacy-related inquiries within 30 days.