Curyo logo
CURYO (BETA)A Better Web
← Back to Legal

Privacy Notice

Last updated: March 2026

1. Introduction

This Privacy Notice explains how this interface ("the Interface"), operated by Hawig Ventures UG (haftungsbeschränkt), Herzogin-Juliana-Straße 7, 55469 Simmern, Germany ("we", "us", "the data controller"), handles information when you use it to access the Curyo Protocol. We are committed to transparency about our data practices.

Important Distinction: This Privacy Notice applies only to this Interface (the website). The Curyo Protocol is a set of decentralized smart contracts that operate independently on the blockchain. The Interface operator does not control the Protocol and cannot access, modify, or delete any data recorded on the blockchain.

2. Protocol Data vs Interface Data

2.1 Protocol Data (Blockchain - NOT Controlled by Us)

When you interact with the Curyo Protocol through any interface, the following information is recorded directly on the public blockchain:

  • Your wallet address
  • Voting transactions (stakes, votes, claims)
  • Content submission transactions
  • Transaction timestamps and amounts
  • Smart contract interaction history

Important: Blockchain data is permanent, public, and immutable. Neither this Interface nor any other party can modify or delete this data. This data exists independently of this Interface and would continue to exist even if this Interface ceased to operate.

2.2 Interface Data (Controlled by Us)

This Interface may collect or process the following information:

  • Browser Storage Data: Terms acceptance status, onboarding state, interface preferences, temporary wallet-display and notification state, referral information, locally tracked content-interaction data, and similar functional data stored in your browser via local storage or session storage.
  • Wallet-Linked Application Data: Watchlist entries, followed wallet addresses, notification preferences, and related timestamps needed to provide those features.
  • Signed Authorization Data: Short-lived signature challenges and read/write session records used to authorize wallet-bound features. These records may include wallet address, feature scope, nonce or token material, payload hashes, and creation/expiry timestamps.
  • Email Notification Data (Optional): If you enable email notifications, we process your email address, notification preferences, verification status, verification token, and related timestamps.
  • Security and Abuse-Prevention Data: Temporary rate-limit and replay-protection records, which may be derived from trusted IP headers or fallback request fingerprints plus route metadata.

2.3 What We Do NOT Collect

This Interface does not use analytics or advertising cookies. We do use limited, strictly-necessary cookies or similar session tokens for wallet-bound features such as watchlists, follows, and notification settings. These cookies are used for security and feature operation, not for cross-site tracking or advertising.

This Interface also does not collect:

  • Name, phone number, postal address, or similar offline contact details
  • Passport or government ID document data from Self.xyz
  • Analytics, advertising, or cross-site behavioral tracking profiles
  • Biometric data
  • Your wallet private keys, seed phrases, or custody of your assets

3. How We Use Information

3.1 Browser Storage and Necessary Session Cookies

Browser-side data and necessary session cookies are used for:

  • Remembering your acceptance of Terms of Service and Privacy Notice
  • Preserving interface preferences and onboarding context
  • Supporting wallet-bound signed sessions for watchlists, follows, and notification settings
  • Reducing duplicate notices or preserving short-lived UI state between refreshes

Local and session storage can be cleared through your browser settings at any time.

3.2 Server-Side Feature Data

Wallet-linked application data is used to operate optional interface features, including:

  • Saving and retrieving watched content
  • Saving and retrieving followed curator wallets
  • Saving and retrieving in-app notification preferences
  • Verifying wallet-scoped read and write sessions for protected interface actions

3.3 Email Notification Data

If you opt into email notifications, we use your email-related data to:

  • Store your chosen delivery address and notification preferences
  • Send verification emails and verify control of the address
  • Deliver product emails that you explicitly enabled

3.4 Security and Abuse Prevention

Security-related data is used to:

  • Rate-limit API endpoints
  • Prevent replay or reuse of signed authorization challenges
  • Investigate operational issues and protect the Interface from abuse

4. Third-Party Services

The Interface may interact with the following third-party services:

  • Blockchain RPC Providers: To read and write blockchain data (e.g., Alchemy, Infura, or similar). These providers may have their own privacy policies regarding request logging.
  • Wallet Providers: When you connect your wallet (e.g., MetaMask, WalletConnect, Rainbow), those services have their own data practices. We recommend reviewing their privacy policies.
  • Hosting Provider: Our frontend is hosted on infrastructure that may collect standard server logs (IP addresses, request timestamps). These logs are typically retained for 30-90 days and used only for security and debugging purposes.
  • Content Delivery Networks: We may use CDNs to deliver static assets, which may process requests according to their own policies.
  • Email Delivery Provider (Resend): If you enable email notifications, verification and notification emails may be delivered through Resend, which processes your email address and the email content needed to deliver that message.
  • Identity Verification (Self.xyz): To claim tokens from the faucet, you may verify your identity through Self.xyz, a third-party passport verification service. Self.xyz uses zero-knowledge proofs — your passport data is processed entirely on your mobile device and is never shared with this Interface or stored on the blockchain. Only a cryptographic proof of humanity and an OFAC compliance result are transmitted on-chain. No personal information (name, passport number, date of birth, nationality, or gender) is collected, stored, or accessible by the Interface operator. Self.xyz has its own privacy policy which we recommend reviewing.

5. Data Retention

  • Blockchain data: Permanent and immutable (not controlled by us)
  • Local and session storage: Until you clear your browser data or the browser session ends, depending on the storage mechanism
  • Watchlists, follows, and notification preferences: Until you change or remove them, or we delete them in the ordinary course of operating the feature
  • Signed read/write sessions: Up to 7 days
  • Signed action challenges: Typically 5 minutes; used challenge records may be retained for up to 24 hours for replay protection
  • Email notification subscriptions: Until you remove or replace the address; verification tokens expire after 24 hours
  • Rate-limit records: Until the applicable rate-limit window expires
  • Server logs: Retained according to hosting provider policies (typically 30-90 days)

6. Your Rights

Due to the nature of blockchain technology and our minimal data collection:

  • Right to Access: All blockchain data is publicly accessible through any blockchain explorer. Browser storage data can be viewed in your browser's developer tools. Server-side feature data tied to optional interface features may be requested from us where applicable.
  • Right to Rectification and Update: You can change watchlists, follows, notification preferences, and email notification settings through the Interface.
  • Right to Deletion: Blockchain data cannot be deleted by anyone. Browser storage can be cleared by you at any time through your browser settings. Optional server-side interface data such as follows, watchlists, and notification settings can be removed through the Interface or by contacting us where applicable.
  • Right to Portability: You maintain full control of your wallet and can use it with any compatible service or interface.
  • Right to Object: You may stop using this Interface at any time. The Protocol remains accessible through other means.

For users in the European Union and Germany: Given that we do not collect or store personal data beyond what is described above, most rights under the GDPR and the German Federal Data Protection Act (BDSG) are either automatically satisfied or not applicable. If you have specific privacy concerns, please contact us at hawigxyz@proton.me or lodge a complaint with the competent supervisory authority. For our registered office in Rhineland-Palatinate, the responsible authority is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz
Hintere Bleiche 34, 55116 Mainz, Germany
www.datenschutz.rlp.de

7. Security

We implement reasonable security measures for our frontend infrastructure. However, the security of your tokens and wallet depends entirely on your own security practices.

We strongly recommend:

  • Using hardware wallets for significant holdings
  • Never sharing your private keys or seed phrases with anyone
  • Verifying you are on the correct website before connecting your wallet
  • Carefully reviewing all transaction details before signing
  • Being cautious of phishing attempts and fake interfaces

8. Children's Privacy

The Service is not intended for users under 18 years of age (or the age of majority in your jurisdiction). We do not knowingly collect information from minors. If you believe a minor has accessed the Service, please contact us.

9. International Users

This Interface is operated from Germany. If you access the Interface from other regions, please be aware that information may be transferred to, stored, and processed in Germany or other jurisdictions where our service providers operate, including hosting, RPC, CDN, and email delivery providers.

By using the Interface, you consent to such transfers. We note that blockchain data is stored on a globally distributed network and is not localized to any single jurisdiction.

10. Changes to This Notice

We may update this Privacy Notice from time to time. Changes will be posted on this page with an updated revision date. Material changes may require re-acceptance of Terms through the acceptance modal.

We recommend reviewing this Notice periodically to stay informed about our data practices.

11. Contact

For privacy-related questions or concerns, please contact: Hawig Ventures UG (haftungsbeschränkt), Herzogin-Juliana-Straße 7, 55469 Simmern, Germany. Email: hawigxyz@proton.me. See also our Imprint.