NEUS NetworkDevelopersGitHub

Privacy Policy

NEUS Network, Inc. ("NEUS," "we," "us," or "our") enables cryptographic proof of facts with minimal data collection. We are committed to transparency, user control, and trust through technology. This document outlines our data handling practices, privacy protections, and regulatory compliance approach.

What NEUS Is and Is Not

What NEUS Is

  • Technical Infrastructure: A protocol for creating cryptographic proofs of verifiable claims

  • Verification Framework: Tools for developers to integrate verification into applications

  • Zero-Knowledge System: Technology that proves facts without revealing underlying data

  • Decentralized Network: Protocol that operates across multiple blockchains

What NEUS Is NOT

  • Identity Provider: We do not verify, validate, or store personal identity information beyond what users choose to share

  • KYC Service: We do not perform Know Your Customer verification or compliance services (we integrate with third-party KYC providers)

  • Financial Service: We are not a Money Service Business (MSB) or regulated financial institution

  • Centralized Authority: We do not make authoritative claims about user identity or compliance

What We Collect

Technical Analytics (No Personal Data)

  • API Usage Metrics: Request counts, response times, error rates

  • Wallet Addresses: Public blockchain addresses (already public information)

  • Request Metadata: Timestamps, request types, success/failure status

  • Network Information: Chain IDs, transaction hashes (public blockchain data)

User-Provided Profile Data (Optional)

When users choose to create profiles or link social accounts, we store:

  • Display Names: User-provided names (may be real names or pseudonyms)

  • Bios: User-provided biographies

  • Avatars: Profile image URLs

  • Social Account Links: Social media handles/usernames (GitHub username, Discord ID, Twitter handle)

  • Social Account Metadata: Public account information (follower counts, verification status, account creation dates)

Profile Auto-Creation: For new users accessing profile features, a minimal profile is automatically created to ensure seamless user experience. This auto-created profile contains only essential data (wallet address, default display name derived from wallet address). Users can update, customize, or delete this profile at any time.

User Control: All profile data is optional and user-controlled. Users can:

  • Choose not to create a profile (profiles are optional for core verification features)

  • Choose not to link social accounts

  • Update or delete profile data at any time

  • Revoke social account links

  • Delete their profile entirely

Credit Purchase History

  • Records of credit purchases (ETH transaction hashes, package types)

  • Credit usage and balance information

What We DO NOT Collect

  • Email addresses (unless provided by OAuth providers during social linking)

  • Phone numbers

  • Physical addresses

  • Government IDs or KYC documents (KYC is handled by third-party providers)

  • Private keys or seed phrases

Cookies

NEUS Network uses stateless authentication and does not use persistent cookies. We do not use:

  • Server-side sessions

  • Persistent cookies

  • Session tracking

All authentication is stateless and user-controlled.

Data Processing

Legal Basis

  • Legitimate Interest: Technical analytics to maintain and improve services

  • User Consent: Explicit consent via wallet signatures for verification requests

  • User Consent: Explicit consent for profile data when users choose to create profiles

  • Legal Obligation: Compliance with applicable laws and regulations

Data Retention

Verification Proofs

On-Chain Proofs: Proofs with on-chain references are stored permanently on public blockchains and cannot be deleted. This is inherent to blockchain technology. Users can revoke proofs, which removes them from all public feeds and interfaces, hides proof content from non-owners, and prevents further public access.

Off-Chain Proofs: Proofs stored only in our database can be revoked, which removes them from public interfaces.

IPFS Content: When proofs use IPFS, content is pinned via third-party services. Revoked proofs mark IPFS content as inaccessible. Users can request IPFS unpinning, but content may remain accessible via IPFS gateways until pin expires.

User Consent: By creating proofs, users acknowledge that on-chain proofs are permanent and cannot be deleted, but can be revoked to remove public visibility.

Profile Data

  • Active Profiles: Retained until user deletion request

  • Deleted Profiles: Deleted upon user request

  • Social Links: Deleted when profile is deleted or social link is revoked

API Logs

  • Retention Period: 30 days for technical debugging and security monitoring

  • Automated Cleanup: Logs older than 30 days are automatically deleted

  • Exception: Security-related logs may be retained longer for investigation purposes

Analytics Data

  • Internal Analytics Only: NEUS Network uses internal analytics only. We do not currently use third-party analytics services. All analytics are processed internally and do not involve external data processors.

  • Aggregated Data: Retained indefinitely in anonymized form

  • Raw Logs: Deleted after 30 days

Temporary Tokens

  • OAuth Tokens: Deleted immediately after use

  • Internal Tokens: Expire within 60 seconds, automatically invalidated

  • Authentication Signatures: Not stored (stateless authentication)

GDPR Compliance

GDPR Rights

Right to Access: Users can access their profile data through their account settings.

Right to Rectification: Users can update their profile data at any time.

Right to Erasure (Right to Be Forgotten): Users can request deletion of their profile data. This will permanently delete profile data from our database, delete all social account links, revoke all proofs (hide them from public view), and invalidate all caches.

Proofs: Proofs with on-chain references cannot be deleted (they are permanent on public blockchains). However, users can revoke proofs to remove them from public interfaces, which satisfies GDPR visibility requirements.

How to Request Deletion: Contact [email protected] with your request and account information.

Right to Data Portability: Users control their verification proofs directly through wallet-based authentication. Proofs can be exported.

Right to Object: Users can opt out of profile creation and social account linking. All profile data is optional.

Legal Basis for Processing

  • User Consent: Explicit consent via wallet signatures for verification requests

  • User Consent: Explicit consent for profile data when users choose to create profiles

  • Legitimate Interest: Technical analytics to maintain and improve services

  • Legal Obligation: Compliance with applicable laws and regulations

Data Minimization

NEUS is designed around the principle of data minimization. We collect only:

  • Technical analytics necessary for service operation

  • User-provided profile data (when users choose to share)

  • Credit purchase history (for service functionality)

CCPA Compliance

California Consumer Rights

Right to Know: Users can access their profile data through their account settings.

Right to Delete: Users can request deletion of their profile data. Contact [email protected] with your request.

Right to Opt-Out: Users can opt out of profile creation and social account linking. All profile data is optional.

No Sale of Data: NEUS Network does not sell personal information. We do not share personal information with third parties except as necessary for service operation (see Subprocessors section).

Subprocessors

NEUS Network uses the following third-party service providers to deliver our services:

Data Storage

  • Microsoft Azure (Cosmos DB, Redis Cache) - East US

    • Purpose: Proof and profile data storage, caching, rate limiting

    • Data Types: Proofs, profiles, engagement metrics, cached responses

    • GDPR: Microsoft Azure is GDPR compliant. Microsoft DPA available upon request.

Content Storage

  • Pinata IPFS - Global

    • Purpose: IPFS content pinning for proof snapshots and public content

    • Data Types: IPFS CIDs and pinned content

    • GDPR: DPA required for EU users. Contact [email protected] for DPA.

Zero-Knowledge Processing

  • RISC Zero (Bonsai) - US

    • Purpose: Zero-knowledge proof generation for verification

    • Data Types: Verification inputs (processed in ZK circuits, not stored)

    • GDPR: May require DPA if processes EU user data. Contact [email protected].

Social Verification

  • Neynar API - US

    • Purpose: Farcaster social account verification

    • Data Types: Farcaster user IDs and wallet addresses

  • OAuth Providers (GitHub, Discord, X/Twitter, Coinbase, Google, Microsoft)

    • Purpose: Social account ownership verification

    • Data Types: Social account IDs, handles, verification status

    • GDPR: Each provider operates under their own privacy policy and GDPR compliance.

All subprocessors are required to maintain GDPR/CCPA compliance. We maintain Data Processing Agreements (DPAs) with subprocessors where required by law.

Subprocessor Updates: We will notify users of material changes to subprocessors via our documentation site.

Third-Party Integrations

OAuth Providers

NEUS integrates with OAuth providers (Coinbase, GitHub, Discord, X, Google, Microsoft) to verify user authentication with third-party services. Temporary tokens are exchanged for user verification status only. No long-term storage of OAuth credentials or user data occurs.

Identity Verification Services

NEUS integrates with KYC providers (like Coinbase) for identity verification. We receive:

  • Verification Status: Confirmation that KYC verification occurred

  • User Identifiers: Provider user IDs for verification linking

  • Wallet Linkage: Association between verified identity and wallet address

We do NOT receive:

  • Full KYC documentation (names, addresses, government IDs, SSNs)

  • Detailed identity information beyond verification status

  • Personal information beyond what is necessary for verification

All identity verification is performed by third-party providers under their own regulatory framework. We act as a verification aggregator, not a KYC provider.

Zero-Knowledge Privacy Protection

NEUS uses zero-knowledge proof technology to verify claims without revealing underlying data. Personal data is never transmitted to NEUS servers unless users choose to create profiles. Verification occurs without data exposure, and proofs can be verified by anyone without accessing underlying information. Users maintain full control over their data at all times.

Your Rights

Data Control

  • Minimal Collection: We collect only essential technical data and user-provided profile data

  • User Ownership: You control your verification data through wallet signatures

  • Opt-Out: Discontinue service use at any time

  • Profile Deletion: Delete your profile and associated data at any time

  • Transparency: All data practices are publicly documented

Privacy Settings

  • Private by Default: All verifications are private unless explicitly made public

  • Granular Control: Choose exactly what data to share

  • Wallet-Based: No accounts or profiles required (profiles are optional)

Contact Information

For privacy inquiries:

For GDPR/CCPA requests:

Legal Disclaimer: This privacy policy is provided for informational purposes and does not constitute legal advice. Users should consult with qualified legal counsel regarding their specific compliance requirements and obligations.

Key Principle: NEUS is designed around the principle that the best way to protect user privacy is to minimize data collection. Our architecture ensures that privacy protection is user managed and built into the technical foundation of the protocol. We believe in transparency, user control, and trust through technology—bringing safety and security out of the darkness of opaque data practices.

PreviousTerms of UseNextSecurity Disclosure

Last updated

Was this helpful?