Privacy Policy

Last updated: March 1, 2026

1. Information We Collect

NexusForge collects and processes the following categories of information when you use our Services:

  • Wallet Addresses: When you connect a cryptocurrency wallet to interact with the protocol, we collect and store your public wallet address(es). We do not collect or have access to your private keys.
  • API Usage Data: We log API requests, including endpoints accessed, request timestamps, response codes, rate limit usage, and associated API key identifiers. This data is used for service monitoring, billing, and abuse prevention.
  • Agent Configurations: When you deploy agents through the protocol, we process agent manifest data including execution parameters, model specifications, target Solana programs (PDA references), and scheduling configurations.
  • Account Information: If you create a dashboard account, we may collect your email address, organization name, and billing information for subscription management.
  • Technical Data: We automatically collect device type, browser version, operating system, IP address, referring URLs, and page interaction data when you visit our website or dashboard.
  • Communication Data: If you contact our support team or participate in community channels, we retain the content of those communications.

2. How We Use Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, operate, maintain, and improve the NexusForge protocol, dashboard, APIs, and related infrastructure.
  • Agent Execution: To process and execute your agent deployments inside SEV-SNP enclaves, generate SP1 zkVM proofs, land Jito bundles on Solana, and verify proofs on-chain.
  • Billing & Usage: To calculate compute costs denominated in $FORGE, process subscription payments, and provide usage analytics through the dashboard.
  • Security & Integrity: To detect, investigate, and prevent fraudulent, unauthorized, or illegal activity, including violations of our Acceptable Use Policy.
  • Product Improvement: To analyze usage patterns, identify performance bottlenecks, and develop new features and capabilities.
  • Communications: To send service notifications, security alerts, protocol updates, and (with your consent) marketing communications.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes, and to enforce our Terms of Service.

3. On-Chain Data

Due to the fundamental nature of Solana, you should be aware that:

  • Public by Nature: All transactions, proof submissions, and on-chain interactions are publicly visible on Solana mainnet-beta. This includes wallet addresses, transaction amounts, Groth16 proof digests, PDA writes, and agent execution attestations.
  • Permanent Records: Proofs and execution attestations finalized on Solana are permanent. Once a slot is finalized (single-slot finality, ~400ms), records cannot be modified, deleted, or removed by NexusForge or any other party. Light Protocol ZK-compressed commitments are likewise permanent.
  • Pseudonymous, Not Anonymous: While on-chain activity is associated with wallet addresses rather than personal identities, sophisticated analysis techniques may allow third parties to link wallet addresses to real-world identities.
  • Cross-Program Visibility: Agent actions that compose via CPI into Jupiter, Pyth, Kamino, Drift, Squads v4, Realms, and other Solana programs leave on-chain traces in each program's logs, increasing the public data footprint.

NexusForge cannot comply with data deletion requests for information that has been recorded on Solana mainnet-beta. We recommend that you carefully consider the implications of on-chain activity before using the Services.

4. Data Retention

We retain your information for as long as necessary to provide the Services and fulfill the purposes described in this Privacy Policy. Specific retention periods include:

  • Account Data: Retained for the duration of your account and for 90 days after account deletion to allow for reactivation.
  • API Logs: Detailed request logs are retained for 90 days. Aggregated usage statistics are retained for up to 3 years.
  • Agent Configurations: Active agent manifests are retained while deployed. Archived configurations are retained for 1 year after deactivation.
  • Technical Logs: Server logs, error reports, and performance data are retained for 30 days in detailed form and 1 year in aggregated form.
  • Billing Records: Financial transaction records are retained for 7 years to comply with tax and accounting regulations.

On-chain data, including proofs and attestations, is retained permanently on Solana mainnet-beta as an inherent property of the network.

5. Third-Party Services

The Services integrate with and rely upon the following categories of third-party providers:

  • RPC Providers: We use third-party Solana RPC providers (Helius and Triton) and the Jito block engine to submit transactions and bundles. Your transaction data passes through these providers' infrastructure. Each provider has its own privacy policy governing the data they process.
  • Cloud Infrastructure: Our off-chain services are hosted on enterprise cloud infrastructure (AWS and GCP), with data centers located in the United States and Europe. These providers comply with SOC 2 Type II standards.
  • Analytics Services: We use privacy-respecting analytics tools to understand how users interact with our website and dashboard. See Section 8 (Cookies) for more details.
  • Payment Processors: Fiat payments for subscription plans are processed by Stripe, Inc. NexusForge does not store credit card numbers or banking details. Stripe's privacy policy governs the processing of your payment information.
  • Communication Tools: We use third-party services for email delivery (SendGrid) and customer support (Intercom). These providers process communication data on our behalf.

We require all third-party processors to handle your data in accordance with applicable data protection laws and our contractual data processing agreements.

6. Security Measures

NexusForge implements comprehensive technical and organizational measures to protect your information, including:

  • Encryption in transit (TLS 1.3) and at rest (AES-256) for all off-chain data.
  • SOC 2 Type II and ISO 27001 certified infrastructure and operational processes.
  • Regular penetration testing and security audits by independent third-party firms.
  • Role-based access controls with multi-factor authentication for all internal systems.
  • Continuous monitoring and anomaly detection across all service components.
  • Incident response procedures with defined escalation paths and notification timelines.

While we employ industry-leading security practices, no system is completely secure. In the event of a data breach affecting your personal information, we will notify you and the relevant supervisory authorities as required by applicable law.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

Under the General Data Protection Regulation (GDPR):

  • Right of access to your personal data.
  • Right to rectification of inaccurate data.
  • Right to erasure ("right to be forgotten"), subject to the limitations described in Section 3 regarding on-chain data.
  • Right to restriction of processing.
  • Right to data portability.
  • Right to object to processing based on legitimate interests.
  • Right to withdraw consent at any time.

Under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, and shared.
  • Right to delete personal information, subject to applicable exceptions.
  • Right to opt-out of the sale of personal information. NexusForge does not sell personal information.
  • Right to non-discrimination for exercising your privacy rights.

To exercise any of these rights, please contact us at privacy@nexusforge.io. We will respond to verified requests within 30 days.

8. Cookies

NexusForge uses cookies and similar technologies on our website and dashboard. Our cookie usage is limited to:

  • Essential Cookies: Required for authentication, session management, and security. These cookies are strictly necessary and cannot be disabled.
  • Analytics Cookies (Optional): We use privacy-respecting analytics (Plausible) to understand aggregate usage patterns. Analytics cookies are loaded only with your explicit consent. No personal data is transmitted to third-party advertising networks.

We do not use advertising cookies, tracking pixels, or cross-site tracking technologies. You can manage your cookie preferences at any time through the cookie settings accessible from the footer of our website.

9. Changes to Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page.
  • Provide a prominent notice on our website or dashboard.
  • Send an email notification to registered users for significant changes affecting data processing practices.

We encourage you to review this Privacy Policy periodically. Your continued use of the Services after any changes constitutes acceptance of the revised policy.

10. Contact

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer:

Email: privacy@nexusforge.io

NexusForge Labs, Inc.
Attn: Data Protection Officer
251 Little Falls Drive
Wilmington, DE 19808
United States

If you are located in the European Economic Area and believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with your local supervisory authority.