Privacy Policy
Dated September 5th, 2025
Company: Nuts Labs LTD (“Nuts,” “we,” “us,” or “our”) a company incorporated in the British Virgin Islands. Scope: This Privacy Policy explains how we collect, use, disclose, and protect information in connection with our mobile apps and websites (the “Platform”) and related software services (the “Services”). Capitalized terms not defined here have the meanings in our Terms of Use.
When you visit the Site or employ any of the Services, you're agreeing that your user data (encompassing your personal data and personally identifiable information, which we'll refer to as "personal information") will be managed as outlined in this Policy. Your utilization of the Site or the Services, as well as any disagreements regarding privacy, fall under the jurisdiction of this Policy (including any applicable modifications) and the relevant Terms of Use, which include specific limitations on damages and provisions for resolving disputes.
WHO THIS APPLIES TO
Users of the Platform/Services who are 18+ and not in Restricted Jurisdictions.
Visitors to our websites and recipients of our communications.
People who contact us (e.g., support, legal, abuse reports).
The Services are not directed to children under 18, and we do not knowingly collect information from minors. If you believe a minor provided Personal Data, contact us at privacy@nuts.trading and we will delete it.
KEY DEFINITIONS
“Personal Data” means information that identifies or can reasonably be linked to a specific individual.
“Blockchain Data” means publicly available on-chain information, including wallet addresses and transaction hashes.
“User Content” has the meaning in the Terms (e.g., lists, comments you share).
“Restricted Jurisdictions/Persons” as described in the Terms.
WHAT WE DON’T COLLECT OR STORE
Private keys, seed phrases, recovery materials.
Fiat payment details (e.g., card numbers).
Custodial balances (we do not hold your assets).
INFORMATION WE COLLECT
Depending on how you use the Services, we may collect:
A. Account & Identifiers
- Optional account/email/handle, profile settings, referral codes.
- Wallet addresses you connect or create via the UI (address only).
B. Technical & Usage Data
- Device/OS info, app version, language, time zone, country/region, IP-derived general location (city/region level), performance and crash logs, diagnostics, feature interaction events, and session metadata.
C. Blockchain Data (public)
- On-chain transactions you initiate (hashes, addresses, token amounts), which are inherently public and may be associated with your wallet.
D. Communications & Support
- Messages you send us (support tickets, emails), and related metadata.
E. Points, Waitlists, Promotions (if enabled)
- Program participation metadata (e.g., points balance, eligibility status).
F. KYC/AML (only if required by law or risk review)
- If we request verification, we may collect government ID, proof of address, selfies, date of birth, and screening results from a verification provider. We request this only where legally required or prudent for sanctions/AML compliance. If you decline to provide requested verification information when legally required, we may suspend or deny access to some or all Services.
G. Cookies/SDKs (web/app)
- Web: essential cookies; with consent (where applicable), analytics cookies.
- Apps: essential SDKs for crash reporting, analytics, and performance. You can control app-level permissions in your OS settings.
H. Social Logins
- Provider user ID, email (or Apple relay email), display name, avatar, and OAuth tokens/expiry from the social provider you choose to use for sign-in.
SOCIAL LOGINS
If you choose to register or sign in using a third-party account (for example, Apple, Google, or X/Twitter), we receive limited profile information from that provider. The exact data depends on the provider and your settings, but may include:
Identifiers (provider user ID, email, display name, avatar);
Tokens (OAuth access/refresh tokens and their expiry, used only to authenticate you);
Relay email in the case of Sign in with Apple if you choose to hide your email.
We use this information only to authenticate you, create/maintain your account, prevent fraud/abuse, and (if you opt in) to communicate with you. We do not receive your social network passwords, and we do not post on your behalf.
Disconnecting Social Login. You can disconnect a social login at any time by emailing privacy@nuts.trading. Disconnecting prevents new data pulls from that provider; we may retain account identifiers we need for security, audit, or legal obligations. You can also revoke our access in your social provider’s own settings.
HOW WE USE INFORMATION (PURPOSES)
We use information to:
Provide and improve the Services (operate features, route requests to supported networks, measure reliability, fix bugs) including to authenticate you via social login and maintain your session.
Security & abuse prevention (detect spam/malware, prevent fraud, protect accounts, enforce sanctions/geoblocking and Acceptable Use) including to detect suspicious login patterns and prevent account takeover.
Provide single-sign-on (SSO) via supported social providers at your request.
Compliance (sanctions screening, KYC/AML when required, recordkeeping, responding to lawful requests).
Communicate with you (service notices, updates, support replies).
Insights & analytics (aggregate usage trends to improve UX and performance).
Marketing (limited) with your consent where required; you can opt out.
Enforce our Terms; protect rights (investigate and defend claims).
Corporate transactions (e.g., merger, acquisition) subject to this Policy.
We do not provide investment, legal, or tax advice. Any market/price data is informational and may differ from execution or settlement amounts.
LEGAL BASES (IF YOU’RE IN THE EEA/UK OR SIMILAR REGIMES)
Where required by law, we process Personal Data under these bases:
Contract (to provide the Services you request).
Legitimate interests (e.g., product security, analytics, preventing abuse) balanced against your rights.
Consent (e.g., non-essential cookies/marketing).
Legal obligations (e.g., sanctions/KYC/AML recordkeeping, responding to authorities).
You can withdraw consent at any time (this does not affect prior lawful processing).
DISCLOSURE OF INFORMATION
We may share information with:
Service providers (infrastructure hosting, analytics, crash reporting, customer support, KYC/AML verification, sanctions screening, email delivery) this includes identity/authentication providers (e.g., social login providers) that authenticate you and return limited profile information per the scopes you approve.
Compliance and law enforcement where legally required or to protect rights, property, and safety.
Corporate transactions (due diligence, transfer) subject to confidentiality and this Policy.
Public blockchains: when you submit a transaction, associated Blockchain Data is public by design.
We do not sell Personal Data. We also do not “share” Personal Data for cross-context behavioural advertising as those terms are defined in certain U.S. state privacy laws.
INTERNATIONAL TRANSFERS
We operate globally. Where applicable, we rely on appropriate transfer mechanisms (e.g., Standard Contractual Clauses) for cross-border data transfers. By using the Services, you understand your information may be processed outside your country of residence, subject to appropriate safeguards.
DATA RETENTION
We keep Personal Data only as long as necessary for the purposes above, including:
Account/usage logs: typically 12 months (shorter or longer where needed for security or troubleshooting).
Support records: typically 24 months after resolution.
Marketing preferences: until you opt out or delete your account.
KYC/AML records (if collected): for the period required by law (often 5–7 years after last interaction).
Blockchain Data: lives indefinitely on public networks; we do not control on-chain retention.
Social login tokens/IDs: retained while your account is active and for up to 12 months after last activity (or earlier upon disconnection), unless we must retain longer for security or legal obligations.
We may retain limited information to comply with legal obligations, resolve disputes, and enforce agreements.
SECURITY
We use technical and organizational measures appropriate to the risk (encryption in transit, segmented infrastructure, access controls, auditing, rate-limiting, and monitoring).
You are responsible for your device security, wallet security, and backups. We cannot recover lost keys or seed phrases.
YOUR PRIVACY CHOICES
App permissions: use OS settings to control notifications, analytics, and device permissions.
Marketing emails: use the unsubscribe link or contact us.
Cookies: use site controls and your browser settings; where required, we request consent for non-essential cookies.
Do Not Track / GPC: There’s no industry standard for DNT signals; we don’t respond to DNT at this time. We honor Global Privacy Control (GPC) where legally required.
Social login controls: disconnect a social login or revoke access in the provider’s settings; you may also email privacy@nuts.trading.You are responsible for your device security, wallet security, and backups. We cannot recover lost keys or seed phrases.
We do not use SDKs for cross-context behavioral advertising.
YOUR RIGHTS
Depending on your location, you may have rights to:
Access and port your Personal Data;
Correct inaccuracies;
Delete Personal Data (subject to legal exceptions, e.g., AML);
Object or restrict certain processing;
Withdraw consent where processing is based on consent.
How to exercise: email privacy@nuts.trading (or use in-app controls, where available). We will verify your request consistent with local law. Authorized agents may submit requests with valid authorization.
Your Rights Under GDPR
If you are located in the European Economic Area (EEA), you have certain rights under the General Data Protection Regulation (GDPR), including:
The right to access the personal data we hold about you
The right to correct or update inaccurate data
The right to request deletion of your personal data (subject to limitations described below)
The right to restrict or object to certain processing activities
The right to data portability
The right to lodge a complaint with a supervisory authority
Important limitations: Your right to deletion may be limited where we need to retain data for compliance with legal obligations, financial regulations, or legitimate business interests. This includes public blockchain data, which is immutable and permanently recorded on public blockchains, and transaction data that we are required to retain for the periods specified in our data retention policy for regulatory compliance and fraud prevention purposes.
To exercise any of these rights, please contact us at privacy@nuts.trading . We may ask you to verify your identity before processing your request.
California Privacy Rights
Under California Civil Code §1798.83, California residents who have provided personal information to Nuts Labs LTD. may obtain information regarding Nuts Labs LTD's disclosures, if any, of personal information to third parties for third-party direct marketing purposes. Requests must be submitted to the following address: privacy@nuts.trading. Within 30 days of receiving such a request, we will provide a California Privacy Disclosure, which will include a list of certain categories of personal information disclosed during the preceding calendar year to third parties for their direct marketing purposes, along with the names and addresses of the third parties. This request may be made no more than once per calendar year.
U.S. State Notices (CA, CO, CT, UT, VA)
We do not sell Personal Data and do not share it for cross-context behavioural advertising.
You can request access, deletion, and correction as above.
California residents may request a list of data categories collected/disclosed in the past 12 months; we respond within statutory timeframes.
Right to appeal (VA/CO/CT): If we deny your request, you may appeal by emailing privacy@nuts.trading with “Appeal” in the subject. We will respond within the timelines required by law with our decision and reasoning.
BVI Note
We handle Personal Data consistent with the BVI Data Protection Act, 2021, applying principles of lawfulness, fairness, purpose limitation, data minimization, accuracy, security, and retention.
SANCTIONS & GEO-COMPLIANCE
We use technical and administrative measures (e.g., IP-based geolocation, sanctions screening via providers) to comply with export control and sanctions regimes and to enforce our Restricted Jurisdictions policy.
THIRD-PARTY LINKS & RESOURCES
The Platform may contain links to third-party sites, tools, or networks. We don’t control those services and aren’t responsible for their privacy practices. Review their policies before using them.
AUTOMATED DECISIONS
We do not use automated decision-making that produces legal or similarly significant effects without human involvement. We may use automated logic for fraud prevention, sanctions/geofencing, and abuse detection; you can contact us to request human review where applicable.
CHANGES TO THIS POLICY
We may update this Policy from time to time. If we make material changes, we will post the updated Policy and update the Effective Date. Your continued use of the Services after the update constitutes acceptance.
CONTACT US
Email: privacy@nuts.trading (privacy requests)
Legal: legal@nuts.trading
If you believe your privacy rights have been violated, you may also lodge a complaint with your local data protection authority. We encourage you to contact us first so we can address your concerns.