Privacy Policy

1. Information We Collect

We collect the following data when you use Arkena:

  • Email address — provided voluntarily through the waitlist form.
  • IP address — collected automatically for rate limiting, abuse prevention, and session security. Stored alongside waitlist entries, application submissions, and authentication sessions.
  • Wallet address — your Canton Network party ID, used to identify you on the platform and authenticate your session.
  • Collection application data — name, description, images, contact info, and social links you provide when applying to create a collection.
  • Transaction data — recorded on the Canton Network when minting, trading, or transferring NFTs.

2. How We Use Your Data

  • Email — to send waitlist notifications and launch updates. We do not share your email with third parties.
  • IP address — for rate limiting (preventing abuse), session security (binding sessions to IPs), and fraud detection. We do not use IP addresses for tracking or advertising.
  • Wallet address — to facilitate platform functionality, authenticate sessions, and process NFT transactions.
  • Application data — to review and process your collection creation requests.

3. Legal Basis (GDPR)

We process your data under the following legal bases:

  • Consent — email collection (you actively submit your email).
  • Legitimate interest — IP address collection for security and abuse prevention.
  • Contract performance — wallet address and transaction data to provide platform services.

4. Data on Canton Network

Transaction data on the Canton Network benefits from its privacy-first architecture. Unlike public blockchains, Canton provides sub-transaction privacy — only parties involved in a transaction can see its details.

5. Data Storage & Security

  • Data is stored in Supabase (EU region) with Row-Level Security enabled.
  • Authentication uses Ed25519 cryptographic signatures — no passwords are stored.
  • Session cookies are httpOnly, Secure, and SameSite=Strict.
  • All connections use HTTPS/TLS encryption.

6. Third-Party Services

We use the following third-party services:

  • Vercel — hosting and first-party analytics (no tracking cookies, privacy-friendly).
  • Supabase — database and file storage (EU region).
  • Upstash — rate limiting infrastructure.
  • Loop Wallet — wallet connection provider (cantonloop.com).

We do not sell your personal information to third parties.

7. Cookies & Local Storage

We use httpOnly session cookies for authentication only. No tracking or advertising cookies are used. Vercel Analytics is cookie-free and privacy-compliant. Local storage is used minimally for UI preferences (e.g., wallet connection state).

8. Data Retention

  • Waitlist emails — retained until platform launch or until you request deletion.
  • Application data — retained for the duration of the review process and platform operation.
  • Session data — automatically expires (1 hour for users, 4 hours for admins).
  • IP addresses — stored with associated records, deleted when the record is deleted.

9. Your Rights

Under GDPR and applicable data protection laws, you have the right to:

  • Access — request a copy of the data we hold about you.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion of your email and application data.
  • Portability — receive your data in a structured format.
  • Objection — object to processing based on legitimate interest.

On-chain transaction data cannot be deleted due to the nature of distributed ledgers.

10. Contact

For privacy-related inquiries or to exercise your rights, reach out through our Discord or Telegram channels.

Last updated: March 2026