Privacy Policy

1. Introduction

Nebula Genesis Tech, LLC ("we," "our," or "us") operates the Nebula Genesis Pet Ledger mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

Data Controller (GDPR Article 13(1)(a)): Nebula Genesis Tech, LLC is the data controller responsible for the processing of your personal data as described in this Privacy Policy. For data protection inquiries, contact [email protected].

By using the App, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, do not download, install, or use the App.

Related Documents: This Privacy Policy should be read together with our Terms of Service, which govern your use of the App and include important information about user responsibilities, liability limitations, and dispute resolution, and our Non-Binding Technical Overview for supplemental architecture context.

1.1 Definitions

"Digital Record" means a soulbound, non-transferable digital token minted on a blockchain. The term "Verified" refers to the cryptographic verifiability of the record's existence and integrity on the blockchain, not to independent verification of the accuracy of the information contained within the record, which is provided by the user.

2. Information We Collect

2.1 Account Information

We may collect basic account details such as name and email address (where provided). Authentication credentials are optional. You may create and use the App with minimal personal information. Most account data is stored locally on your device.

2.2 Pet and Health Information

To provide pet health management services, we may collect pet name, species, breed, age, health records, appointment information, and photos. Pet photos and health records are stored locally on your device. When you use blockchain minting or photo features, limited pet metadata (such as species, breed, and related attributes) may be processed and retained on our servers as necessary to complete the transaction. If you upload pet photos for use with Digital Records, those photos may be stored on decentralized long-duration storage (see Section 5 and Section 7.3).

2.2.1 Health Record Hash Registration (Integrity Checking)

When you create or update health records, the App may compute a SHA-256 cryptographic hash (a one-way digital fingerprint) of the record content on your device and register that hash with our backend. This allows you to later confirm that a record has not been modified. It does not confirm the truthfulness or clinical accuracy of the record.

What we receive: Only the hash, the record type (e.g., "vaccination"), the record date, and the associated mint address. We do not receive or store the health record content itself — diagnoses, treatments, medications, veterinarian names, and notes remain on your device.

What we do NOT receive: The actual content of any health record. Hashes are non-reversible and cannot be used to reconstruct the original record.

2.3 Blockchain Features

If you choose to use blockchain features, we may collect or generate public wallet addresses, on-chain transaction records, and technical identifiers necessary for minting, verification, and fraud prevention of Digital Records.

All on-chain data is publicly visible and intended to be irreversible under normal operation, subject to network and ecosystem availability. Pet names are not stored on the blockchain.

By requesting a Digital Record or using these features, you acknowledge and accept that certain information will be durably recorded on the blockchain and that your deletion rights under applicable law are limited accordingly (see Section 6.2). We do not have access to your unencrypted private keys or recovery phrase. Where supported on your device, we may prompt biometric or device authentication for blockchain operations performed through the App.

2.4 Usage, Technical, and Promotional Data (Optional)

Depending on your region and privacy settings, we may collect usage patterns, crash reports, general device information, survey responses, and promotional data. You can disable analytics and related collection at any time in Settings > Privacy.

2.5 Other Voluntarily Provided Information

We may collect additional information you choose to provide, such as when generating lost pet flyers.

2.6 Push Notification Data

If you enable push notifications, we collect and store on our servers a device push token (a technical identifier assigned by your device's operating system), your platform (iOS or Android), app version, and an association with your wallet address. This data is used solely to deliver push notifications to your device. Push tokens are sent to a third-party push notification delivery service (see Section 5). You can disable push notifications at any time through your device settings or in-app notification preferences.

2.7 In-App Purchase and Subscription Data

If you make in-app purchases or subscribe to premium features, we collect and store on our servers transaction identifiers, receipt data provided by the platform (Apple App Store or Google Play), product identifiers, platform type, transaction amounts, and an association with your wallet address. This data is used for transaction validation, subscription management, and refund or dispute processing. Receipt data may be retained indefinitely as required for chargeback and dispute resolution. See Section 5 for third-party payment processor disclosures.

2.8 AI-Powered Features Data (Planned)

Note: AI-powered features are planned for future release and are not currently active. When available, the following data practices will apply:

• Photos Sent to AI Providers: If you use AI portrait or style features, the pet photo you select will be transmitted to a third-party AI service provider for image generation. No personally identifiable information (name, email, wallet address, health data) is sent to AI providers — only the photo.
• AI Provider Data Handling: Third-party AI providers process photos under their own privacy policies. We select providers whose policies include prompt deletion of submitted images after processing.
• Generated Images: AI-generated images are stored locally on your device. If you choose to pin a generated image, it may be uploaded to decentralized long-duration storage (see Section 5) and become publicly accessible.
• Usage Tracking: We track AI feature usage (generation count, style selected, cost tier, provider used) associated with your wallet address for subscription entitlement management and service improvement. We do not retain the photos you submit or the images generated.

We do not control how third-party AI providers use or retain data beyond their stated policies. Provider policies may change, and we are not responsible for their data practices or compliance. We will update this Privacy Policy with specific provider disclosures before any AI features are activated.

2.9 Device and Fraud Prevention Data

When you use blockchain minting features, we may collect device characteristics for fraud and abuse prevention, including operating system type and version, screen dimensions, app version, timezone, language, and biometric enrollment status. This data is hashed on your device before transmission and further salted on our servers before storage. We do not collect device serial numbers, advertising identifiers, or unique hardware identifiers. Collection of enhanced device signals requires your acknowledgment of a transparency disclosure presented in the App.

2.10 Promotional Program Data

If you participate in promotional events or giveaways, we may collect your email address, promotional codes, and social media handles. This data is collected with your consent (GDPR Article 6(1)(a)) and is used solely for administering the promotional program. Promotional data is retained for the duration of the promotion plus 90 days for audit purposes, after which it is deleted. You may withdraw consent at any time by contacting us.

2.11 GEN Credit Transaction Data

When you purchase or use GEN credits, we store transaction data on our servers, including your wallet address, credit tier, transaction amount, Stripe session ID, transaction type, and running balance. This data is processed under contractual necessity (GDPR Article 6(1)(b)) to operate the credit system. Transaction records are retained for the duration of your account plus 7 years for tax compliance purposes.

2.12 Device Fingerprint Data

During blockchain minting operations, device characteristics (device type, model, OS version, app version, timezone, language, and screen dimensions) are hashed client-side using SHA-256. The resulting hash is further salted server-side before being written to the blockchain as part of your digital record's on-chain metadata. This process is one-way; the original device characteristics cannot be recovered from the stored hash. Device fingerprint hashes stored on the blockchain are on-chain, tamper-evident, and durable — they cannot be deleted or modified after they are written. GDPR lawful basis: Legitimate interest (Article 6(1)(f)) for fraud prevention. CCPA classification: Device fingerprint hashes may constitute a "unique personal identifier" under Section 1798.140(o)(1)(A).

2.13 Transfer-Mint Data

When a pet's digital record is transferred between devices, we collect and process transfer session metadata, including time-limited transfer codes, session identifiers, digital record references, and transfer status. The original digital record is frozen on-chain and a new soulbound digital record is minted to the receiving wallet. Transfer session metadata is retained on our servers for 12 months after the transfer completes, or 12 months post-account deletion, for fraud prevention and dispute resolution purposes.

3. How We Use Your Information

We may use the information we collect for purposes such as operating and maintaining the App, providing pet health management and blockchain features, processing transactions, sending reminders and notifications, improving the service, aggregating and de-identifying data for public health analytics (where you have not opted out), and complying with legal obligations.

4. Data Storage and Security

4.1 Data Storage

The App uses a local-first architecture. Pet records, photos, and health information are stored primarily on your device. We do not provide cloud backup services. To operate certain features (blockchain minting, push notifications, in-app purchases, fraud prevention, and legal compliance), we process and retain limited operational data on our servers, including transaction records, push notification tokens, device fraud-prevention signals, and audit logs (see Sections 2.6–2.9 and 7).

4.2 Security

We implement reasonable safeguards to protect your information, including device-level security features and, where available, device authentication prompts for certain sensitive operations. No system is completely secure. We do not control third-party networks or platforms. Security is a shared responsibility.

For additional non-binding technical information regarding our architecture and security practices, see our Non-Binding Technical Overview.

4.3 Your Responsibilities

You are responsible for maintaining the security of your device and for regularly backing up any data you wish to preserve.

5. Sharing and Third-Party Services

We may share limited information in the following circumstances, using data minimization appropriate to the purpose:

• With service providers who perform services on our behalf under contractual protections
• To comply with legal obligations or respond to valid legal requests
• To protect rights, property, or safety
• In connection with a business transfer
• In aggregated, de-identified form for research or public health purposes (subject to opt-out where available)

We engage third-party services to support certain functions, including payment processing, web security, content delivery, blockchain infrastructure, push notification delivery, in-app purchase validation, and decentralized file storage. We do not control these third-party services or networks and are not responsible for their data practices or security measures.

The following categories of third-party services may process your data:

• Payment Processing: We use Stripe for payment processing and the Apple App Store and Google Play for in-app purchases. These services receive transaction data (purchase amounts, product identifiers, receipt data) necessary to validate and fulfill your purchases. Wallet addresses are not shared with payment processors. These services retain data in accordance with their own privacy policies and legal obligations.
• Decentralized Long-Duration Storage: If you upload photos for use with Digital Records (including pet profile photos and album photos), those photos are uploaded to a decentralized storage network (Arweave, accessed via the Irys gateway). Photos stored on this network are publicly accessible and intended to be durably stored — they generally cannot be modified or deleted by us or any party, subject to network availability. Documents uploaded through the App are encrypted before storage on this network. See Section 7.3 for retention implications.
• Push Notification Delivery: If you enable push notifications, your device push token and notification content (title and message text) are transmitted to a third-party push notification delivery service (Expo) to deliver notifications to your device. No personal information beyond the device token and message content is shared with this service.
• Web Security and Content Delivery: We use web security and content delivery services that may process IP addresses, HTTP headers, and TLS metadata for threat mitigation and service protection.
• Blockchain Infrastructure: Blockchain transactions are processed by decentralized validator networks. On-chain data is publicly visible and intended to be irreversible under normal operation (see Section 2.3).

Photo Upload Advisory: We strongly advise you not to upload any photo you consider private, sensitive, or confidential, as such photos may be publicly accessible to anyone with the storage URL and generally cannot be removed once uploaded.

For a non-binding technical description of our third-party integrations, see our Non-Binding Technical Overview.

6. Your Rights and Choices

6.1 Access Your Data

You can access all your data through the App or export it:

• In-App: View all pets, health records, appointments, and settings
• Export: Settings → Export Data (downloads all data as JSON, with optional encryption)

6.2 Delete Your Data (Right to Be Forgotten)

You may request deletion of your personal data under applicable law, including GDPR (Article 17) and CCPA (Section 1798.105). Because most app data is stored locally on your device, you can directly delete local records in-app.

Method 1: User-Initiated Deletion (In-App)

The fastest and most secure method is to delete your data directly through the app:

• Delete Individual Records: Delete pets, health records, or appointments individually
• Delete Account: Settings → Clear All Data to delete your locally stored account data, wallet keys, app-generated device authentication secrets, and associated files. This action deletes data on your device only; it does not delete server-side operational data (see below). Back up your seed phrase before proceeding — wallet keys cannot be recovered after deletion.
• Delete App: Uninstalling the app is intended to remove local app data from active storage on your device; residual copies may persist in device or system backups outside our control.

What Gets Deleted (Device):

• User account data (name, email, preferences)
• Pet information (profiles, photos, metadata)
• Health records (vaccinations, checkups, medications, etc.)
• Appointments (dates, veterinarians, notes)
• App settings and preferences
• Wallet private keys, authentication tokens, and app-generated device authentication secrets stored in SecureStore
• Photos, attachments, and temporary files stored on device
• All local storage data

What Is Not Deleted by Clear All Data:

• Server-side operational data associated with your wallet address, including transaction records, push notification tokens, credit ledger entries, fraud-prevention signals, and audit logs (see Sections 2.6–2.9)
• Blockchain data (Digital Records, transactions, wallet addresses) — see below
• Photos stored on decentralized long-duration storage (Arweave) — see below

To request deletion of server-side operational data associated with your wallet address, contact us using Method 2 below.

Method 2: Request-Based Deletion (Including Server-Side Data)

To request deletion of server-side data, or if you cannot access the app, you can request deletion by email:

• Contact: [email protected]
• Required Information: Your name, email address, wallet address (if known), and explicit deletion request specifying whether you are requesting deletion of server-side data, local data guidance, or both
• Identity Verification: We may confirm your identity before processing (where required by applicable law)
• Response Timeline: We aim to acknowledge requests promptly and process them within timelines required by applicable law, subject to identity verification and permitted extensions
• Scope: Server-side deletion covers operational data tied to your wallet address (transaction records, push tokens, analytics preferences, and fraud-prevention data). It does not cover blockchain data or data on decentralized storage networks, which cannot be deleted (see below)

Note: Since most data is stored locally on your device, we cannot delete it remotely. For local data, we may provide instructions for in-app deletion and document your request for compliance purposes.

Blockchain and Decentralized Storage Data Cannot Be Deleted:

Important Limitations:

• Blockchain Data is On-Chain and Durable: Digital records, transactions, and wallet addresses on the blockchain are intended to be irreversible under normal operation and generally cannot be deleted, subject to network and ecosystem availability
• Decentralized Storage is Durable: Photos uploaded for use with Digital Records (including pet profile photos and album photos) are stored on a long-duration decentralized storage network (Arweave). These photos are publicly accessible via their storage URL and generally cannot be modified or deleted by us or any party
• Tamper-Evident by Design: Both blockchain data and decentralized storage data are designed to be tamper-evident and append-only, subject to network and ecosystem availability
• Not Under Our Control: This is a fundamental characteristic of blockchain and decentralized storage technology, not a policy choice
• What Remains: Created digital records, blockchain transactions, public wallet addresses, and uploaded photos will remain on these networks indefinitely
• Encrypted Documents: Documents uploaded through the App are encrypted before storage on the decentralized network. While the encrypted data is durably stored, the content is not publicly readable without the decryption key

Your Options:

• Stop using blockchain features (wallet remains on blockchain but inactive)
• Revoke (permanently destroy) digital records you no longer want, though the historical record and any associated photos remain on their respective networks
• Accept that blockchain data and uploaded photos are durably stored on-chain and digital records are non-transferable (soulbound)
• Consider these limitations before uploading photos or creating digital records

Legal Compliance: We clearly disclose these limitations in our Terms of Service (Section 5.4) and this Privacy Policy. Users acknowledge this when creating digital records.

Exceptions to Deletion Rights:

We may retain data if required by:

• Legal compliance (tax records, legal obligations)
• Legal proceedings or regulatory requirements
• Security or fraud prevention purposes
• Public health or safety requirements

Note: We use local-first storage and do not retain pet data or account information on our servers except as reasonably necessary to operate the service, comply with legal obligations, and support transactions and security controls, as described in Sections 2.6–2.9, 4, and 5.

6.3 Data Portability

• Export Feature: Settings → Export Data
• Format: JSON file containing all your data
• Use: Backup, transfer to another device, or use with other services

6.4 Privacy Controls

In Settings → Privacy, you can control:

• Analytics data collection
• Crash reporting
• Data Sharing — control email communications and aggregated data sharing with research partners (see Section 5)
• Data Analytics — opt out of having wallet-linked data included in aggregated public health analytics after your preference is successfully synced to our backend (see Section 3)
• Data Sharing — opt out of having wallet-linked data included in aggregated datasets shared with government agencies and research institutions after your preference is successfully synced to our backend (see Section 5)

7. Data Retention Policy

7.1 Local-First Architecture and User Control

Your Data, Your Control:

Since we use a local-first architecture, your personal data is stored locally on your device. This means:

• You Control Retention: You can manage retention by deleting local data in-app or by uninstalling the App
• No Automatic Deletion: Local data is not automatically deleted on a time schedule; you control deletion through your device and in-app settings
• Minimal Server Storage: We do not store pet data or account information on our servers except as reasonably necessary for security, transaction processing, and legal compliance (see Sections 2.6–2.9, 4, and 5)
• Device-Based: Data retention is tied to your device and your choices

7.2 How Long We Keep Your Data

Active Accounts:

• Your local data remains on your device while you continue to use the App, unless you delete it
• We do not apply automatic time-based deletion to locally stored data
• You can delete your data at any time through Settings → Clear All Data

Inactive Accounts:

• Since data is stored locally, inactive accounts do not affect data retention
• If you stop using the App, local data may remain on your device unless you remove it
• We do not delete data based on account inactivity
• You are responsible for managing your own data retention

Deleted Accounts:

• When you delete your account or clear all data, local app data is removed from active app storage on your device
• Deletion of locally stored data is intended to take effect promptly on the device; residual copies may persist in device/system backups outside our control. Server-side data (including IP addresses) is de-identified or deleted on the schedules described in Section 7.5
• We cannot recover deleted data

7.3 Blockchain and Decentralized Storage Data Retention

On-Chain and Durably Stored Data:

The following data is stored on the blockchain or decentralized storage networks and is generally not deletable, subject to network and ecosystem availability:

• Digital Records: Created digital records are intended to remain on the blockchain indefinitely under normal operation
• Blockchain Transactions: All blockchain transactions are on-chain, tamper-evident, and intended to be irreversible
• Wallet Addresses: Your wallet address and transaction history are public and on-chain
• Uploaded Photos: Pet photos uploaded for Digital Records and album photos are durably stored on a decentralized storage network (Arweave) and are publicly accessible to anyone with the storage URL. Do not upload photos you consider private, sensitive, or confidential
• Encrypted Documents: Documents are encrypted before upload to the decentralized network; the encrypted data is durably stored but the content is not publicly readable
• Deletion Generally Not Possible: This is a fundamental characteristic of blockchain and decentralized storage technology, not a policy choice

What This Means:

• Even if you delete the App and all local data, blockchain data and uploaded photos remain on their respective networks
• Blockchain and decentralized storage data is independent of your App account
• Digital records are soulbound (non-transferable) and tied to the wallet that created them
• See Section 6.2 for more information about these data limitations

7.4 Third-Party Data Retention

Payment Processing:

• Third-party payment services may retain payment data in accordance with their own policies and legal requirements
• Payment data may be retained for legal compliance (tax records, fraud prevention)
• See Section 5 for third-party service and sharing disclosures

Analytics and Crash Reporting:

• If analytics is enabled, provider retention terms apply; where supported by provider tooling, we request deletion or apply maximum retention caps. Opt-out stops future collection and does not automatically remove data already processed.
• You can opt-out at any time through Settings → Privacy

7.5 Server-Side Operational Data Retention

For server-side operational data described in Sections 2.6–2.9, the following retention practices apply:

• IP Addresses (User-Facing): IP addresses collected for session management, authentication, API usage, and verification logging are de-identified (replaced with a non-reversible hash that preserves grouping for analytics but removes personally identifiable information) after 30 days
• IP Addresses (Security): IP addresses collected for security event detection and threat monitoring are de-identified after 90 days. IP addresses collected for threat intelligence (such as interactions with security traps) may be retained in identifiable form for longer periods as necessary for ongoing threat analysis and fraud prevention
• Transaction Records: In-app purchase receipts, credit ledger entries, and payment metadata are retained for the duration of your account plus the period required by applicable tax and financial regulations
• Push Notification Tokens: Retained while your account is active; tokens become stale if you uninstall the App or revoke notification permissions
• Fraud-Prevention Signals: Device fingerprint hashes and associated signals are retained for the period necessary to detect and investigate abuse patterns

7.6 Legal and Compliance Retention

Retention periods vary by data category, service needs, and legal obligations. We keep data for the period reasonably needed for the described purpose or where required by applicable law, including tax, dispute, fraud-prevention, and security obligations. Audit and security logs may be retained for up to seven years for critical events, as required for legal compliance and security investigation purposes.

7.7 Your Responsibilities

Data Backup:

• You are responsible for backing up your data
• Use the Export Data feature (Settings → Export Data) to create backups
• We do not provide cloud backup services
• If your device is lost, stolen, or reset, data may be permanently lost

Data Management:

• You control when to delete your data
• You are responsible for managing your own data retention
• Consider exporting your data before deleting the App

7.8 GDPR Compliance

For users in the European Economic Area (EEA), this data retention policy complies with GDPR requirements:

• Data Minimization: We apply retention limits by data category and purpose, including local device data, server-side operational records, and legally required records
• User Control: You have full control over data retention through deletion
• Transparency: This policy clearly explains our data retention practices
• Right to Erasure: You can delete your data at any time (see Section 6.2)

See Section 10 (European Privacy Rights) for more information about your GDPR rights.

8. Children's Privacy

Age Requirement:

The App is rated E for Everyone in app stores. The age requirements below are for legal and contractual compliance (including COPPA) and do not change the content rating.

By using this App, you represent that you are not under 13 years of age. If you are under the age of majority in your jurisdiction, you may use the App only if permitted by applicable law and with involvement of a parent or legal guardian. We do not currently confirm parental consent through the Service. We may collect age-verification information that you provide (such as date of birth and/or age confirmation) to support eligibility checks and legal compliance.

COPPA Compliance:

The App is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected].

If we discover that we have collected information from a child under 13, we may take commercially reasonable steps to delete that information as soon as reasonably practicable and as required by applicable law, and may notify the parent or guardian if contact information is available.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, "CCPA"):

• Right to Know (Section 1798.100): You can request information about what personal information we collect, use, and disclose
• Right to Delete (Section 1798.105): You can request deletion of your personal information
• Right to Correct (Section 1798.106): You can request correction of inaccurate personal information we maintain about you. Since pet data is stored locally on your device, you can correct it directly in the App. For any server-side data (e.g., GEN Credit transaction records), contact us and we aim to correct inaccurate information within timelines required by applicable law, subject to verification and any extensions permitted by law
• Right to Opt-Out of Sale or Sharing (Section 1798.120): You can opt out of the sale or sharing of personal information. We do not sell personal information as defined by CCPA Section 1798.140(ad), and we do not "share" personal information for cross-context behavioral advertising as defined by CCPA Section 1798.140(ah). We may share aggregated, de-identified data with research or public health recipients as described in Section 5. Because such data is de-identified and cannot reasonably identify any individual, this sharing does not constitute a "sale" or "sharing" under CCPA
• Right to Limit Use of Sensitive Personal Information (Section 1798.121): You can direct us to limit the use and disclosure of your sensitive personal information to purposes necessary to provide the services. We process the following categories that may constitute sensitive personal information under CPRA Section 1798.140(ae): health-related data (veterinary records, diagnoses), biometric data (device-level authentication), and account identifiers (wallet addresses). We use this information only for providing and improving App services — we do not use sensitive personal information for purposes beyond what is necessary to perform the services or as otherwise permitted by CCPA Section 1798.121(a). You may exercise this right via Settings > Privacy or by contacting us
• Non-Discrimination (Section 1798.125): We do not discriminate against you for exercising your privacy rights

9.1 Do Not Sell or Share My Personal Information

We do not sell your personal information as defined by CCPA Section 1798.140(ad). We do not share your personal information for cross-context behavioral advertising as defined by CCPA Section 1798.140(ah). Because we do not engage in these practices, a "Do Not Sell or Share My Personal Information" link is not required under CCPA Section 1798.135. If our practices change, we may provide such a link and update this Privacy Policy accordingly.

To exercise any of these rights, contact us at [email protected]. We may confirm your identity before processing your request and aim to respond consistent with timelines required by applicable law, subject to identity verification and any extensions permitted by law.

9.2 Global Privacy Control and Do Not Track Signals

Global Privacy Control (GPC): Where technically supported, valid GPC signals may be treated as opt-out signals for sale/sharing contexts under applicable law. Because we do not sell or share personal information for cross-context behavioral advertising (see Section 9.1), GPC signals may not materially change processing in our current configuration.

Do Not Track (DNT): Some browsers transmit a "Do Not Track" (DNT) header. There is currently no universally accepted standard for how to respond to DNT signals. We do not currently alter our data collection or processing practices in response to DNT signals. If a uniform standard is adopted, we may update this policy to describe our compliance approach.

9.3 Additional U.S. State Privacy Rights

If you reside in any of the following states, you may have additional privacy rights under your state's consumer privacy law. Because we do not sell personal information, do not engage in targeted advertising, and do not profile consumers for decisions with legal or similarly significant effects, many of these rights have limited practical impact on our processing. Nonetheless, we recognize and will honor them where required by applicable law, to the extent technically supported.

Virginia (VCDPA, effective Jan 1, 2023): Virginia residents have the right to access, correct, delete, obtain a copy of, and opt out of the processing of personal data for targeted advertising, sale, or profiling. To exercise these rights or appeal a denied request, contact [email protected]. We aim to respond consistent with timelines required by applicable law, subject to identity verification and any extensions permitted by law. If your appeal is denied, you may contact the Virginia Attorney General.

Colorado (CPA, effective Jul 1, 2023): Colorado residents have the right to access, correct, delete, obtain a portable copy of, and opt out of targeted advertising, sale of personal data, or profiling. We may support certain universal opt-out mechanisms (including Global Privacy Control) where technically supported by our web properties and processing flows, and we may update this Policy if and when such support materially changes. To exercise rights or appeal, contact [email protected]. We aim to respond consistent with timelines required by applicable law, subject to identity verification and any extensions permitted by law.

Connecticut (CTDPA, effective Jul 1, 2023): Connecticut residents have the right to access, correct, delete, obtain a portable copy of, and opt out of targeted advertising, sale of personal data, or profiling. We may support certain universal opt-out mechanisms (including Global Privacy Control) where technically supported by our web properties and processing flows, and we may update this Policy if and when such support materially changes. To exercise rights or appeal, contact [email protected]. We aim to respond consistent with timelines required by applicable law, subject to identity verification and any extensions permitted by law. If your appeal is denied, you may contact the Connecticut Attorney General.

Texas (TDPSA, effective Jul 1, 2024): Texas residents have the right to access, correct, delete, and obtain a portable copy of personal data, and to opt out of targeted advertising, sale of personal data, or profiling. To exercise rights, contact [email protected]. We aim to respond consistent with timelines required by applicable law, subject to identity verification and any extensions permitted by law. If your request is denied, you may appeal by contacting us; if the appeal is denied, you may file a complaint with the Texas Attorney General.

10. European Privacy Rights (GDPR) and International Users

10.1 Applicability

If you are located in the European Economic Area (EEA), the following provisions apply in addition to your other privacy rights.

Important: These Terms and Privacy Policy are governed by Illinois law regardless of your location. See Terms of Service Section 12 (International Users & Jurisdiction) for complete information.

10.2 GDPR User Rights

If you are located in the EEA, you have the following rights under GDPR:

• Right of Access (Article 15): Request a copy of your personal data. You can access your data through the App or export it (Settings → Export Data). We aim to provide a copy within timelines required by applicable law, subject to verification and any extensions permitted by law.
• Right to Rectification (Article 16): Request correction of inaccurate data. You can update your data directly through the App. We aim to correct inaccurate data within timelines required by applicable law, subject to verification and any extensions permitted by law.
• Right to Erasure (Article 17) - Right to Be Forgotten: Request deletion of your personal data. You can delete your data through the App (Settings → Clear All Data). See Section 6.2 for detailed deletion process. Note: Blockchain data (digital records, transactions) is on-chain and generally not deletable due to the append-only nature of blockchain technology.
• Right to Restrict Processing (Article 18): Request limitation of data processing. Contact us at [email protected] to request restriction. We aim to process restriction requests within timelines required by applicable law, subject to verification and any extensions permitted by law.
• Right to Data Portability (Article 20): Receive your data in a portable format. Use the Export Data feature (Settings → Export Data) to download your data in JSON format.
• Right to Object (Article 21): Object to processing of your personal data. You can opt out of data aggregation via Settings > Privacy > Data Analytics, and opt out of third-party data sharing via Settings > Privacy > Data Sharing. Contact us to object to other processing.
• Right to Withdraw Consent: Withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal. You can withdraw consent through Settings → Privacy or by contacting us.
• Right to Lodge a Complaint: Lodge a complaint with your local data protection authority. Contact information: https://edpb.europa.eu/about-edpb/board/members_en

10.3 Exercising Your GDPR Rights

To exercise your GDPR rights:

• Contact: [email protected]
• Response Time: We aim to respond consistent with timelines required by applicable law, subject to identity verification and any extensions permitted by law
• Identity Verification: We may require identity verification before processing requests
• No Fee: Exercising your rights is free, unless requests are manifestly unfounded or excessive

10.4 Lawful Basis for Aggregated Data and Government Sharing

For users in the EEA, the following lawful bases apply to our aggregated data processing and sharing activities:

• Aggregated analytics (Section 3): Legitimate interest (Article 6(1)(f)) for contributing to animal public health surveillance and improving veterinary care outcomes, where users have not opted out
• Data sharing with service providers and research/public health recipients (Section 5): Legitimate interest (Article 6(1)(f)), legal obligation (Article 6(1)(c)), or public interest (Article 6(1)(e)) where applicable
• Optional promotional and survey participation (Section 2.4): Consent (Article 6(1)(a)) at the time of participation

Right to Object: You have the right to object to processing based on legitimate interest (Article 21). To exercise this right, use Settings > Privacy > Data Analytics (for aggregation) or Settings > Privacy > Data Sharing (for third-party sharing), or contact [email protected]. We may cease processing your data for aggregation purposes unless we demonstrate compelling legitimate grounds that override your interests.

10.5 Consolidated Lawful Basis Summary

The following table summarizes the GDPR Article 6 lawful basis for each category of processing activity. For full details, see the referenced section.

10.6 Data Transfer Disclaimers

Local-First Architecture:

• Your data is stored locally on your device
• We minimize server-side processing of personal data, but may transfer limited operational data (for example, wallet-related preferences, transaction/payment metadata, security and fraud-prevention signals, and legally required records) to our servers or processors as described in this Policy; aggregated datasets shared for analytics/public health purposes are de-identified before external sharing
• This local-first architecture minimizes data transfer risks

Third-Party Services:

• Payment processing (Stripe, Apple App Store, Google Play) may involve data transfer to servers outside the EEA
• Push notification delivery (Expo) involves transfer of device tokens and message content to US-based servers
• Decentralized long-duration storage (Arweave/Irys) involves distribution of uploaded photos across a global decentralized network
• Blockchain transactions involve decentralized validator networks across multiple jurisdictions
• Third-party services process data in accordance with their own privacy policies
• See Section 5 for third-party service disclosures

Data Transfer Outside EEA: We do not transfer your personal data outside the EEA for processing on our servers — all app data processing occurs locally on your device. However, the following transfers may occur outside the EEA where necessary to perform the services you request and where permitted by applicable law: blockchain transactions via decentralized validator networks (see Section 2.3), payment and in-app purchase processing via US-based payment services, push notification delivery via US-based notification services, and photo storage via decentralized global storage networks (see Section 5).

10.7 International Users

Jurisdiction: These Terms and Privacy Policy are governed by Illinois law regardless of your location. See Terms of Service Section 12 for complete information about international users and jurisdiction.

U.S. Law: U.S. laws and regulations may apply to your use of the App. You are responsible for compliance with export control laws and determining whether use of the App is legal in your jurisdiction.

Language: These Terms and Privacy Policy are provided in English. Any translations are for convenience only. The English version controls in case of conflict.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time in our sole discretion. We may notify you of material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Providing an in-app notification for significant changes
• Requiring re-acceptance through affirmative consent for material changes that affect data processing purposes, user rights, or the lawful bases under which we process your data

For material changes that affect data processing purposes, user rights, or lawful bases, we may require re-acceptance of the updated Privacy Policy through the same affirmative consent mechanism used for initial acceptance. Your continued use of the App after non-material changes become effective constitutes acceptance of those updates. If you do not agree with the modified Privacy Policy, you must stop using the App and may delete your account as described in Section 6.2. See Section 7 (Data Retention Policy) for information about data retention.

11.1 Regulatory Monitoring and Updates

We monitor changes in applicable laws and regulations (including GDPR, CCPA, COPPA, SEC guidance, and other relevant regulations) and will update this Privacy Policy as needed to maintain compliance. Significant regulatory changes that affect user rights or our data practices will be communicated through:

• Updated Privacy Policy with clear change log entries
• In-app notifications for material changes
• Email notifications (if you have provided an email address)

We maintain documentation of user consents and policy updates to demonstrate compliance in regulatory audits. All changes are tracked in the Change Log (Section 15) for transparency.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

We aim to respond consistent with timelines required by applicable law, subject to identity verification and any extensions permitted by law.

13. Cookies and Tracking Technologies

13.1 Our Use of Cookies

First-Party Cookies: We do not use first-party cookies in our App or web version. We use local-first storage (localStorage on web, SQLite on mobile) to store your data locally on your device.

13.2 Third-Party Cookies

Some third-party services we use may set cookies for payment processing, error tracking, or analytics (if enabled). On web properties where optional analytics are offered, we may present a consent banner before enabling them. You can opt out of analytics in Settings → Privacy. We do not control third-party cookies. These services operate independently and have their own privacy policies.

13.3 Local Storage (Not Cookies)

Web Version: On the web version, we use localStorage (a browser storage mechanism) to store your data locally. This is NOT a cookie and is stored only on your device. You can clear localStorage by clearing your browser data.

Mobile Version: On mobile devices, we use SQLite database storage, which is also stored locally on your device.

No Tracking: We do not use localStorage or any storage mechanism for tracking purposes. All data stored is for App functionality only.

13.4 Cookie Consent

GDPR Compliance: Since we do not use first-party tracking cookies for core functionality, consent is handled only for optional analytics or comparable non-essential technologies on applicable web properties. However:

• If you are in the EEA and use third-party services (such as payment processing, error tracking, or analytics), those services may require their own consent mechanisms
• You can opt-out of analytics (which may use cookies) in Settings → Privacy
• You can disable third-party services by not using payment features or disabling analytics

13.5 Managing Cookies

Browser Settings: You can manage cookies through your browser settings:

• Chrome: Settings → Privacy and Security → Cookies and other site data
• Firefox: Options → Privacy & Security → Cookies and Site Data
• Safari: Preferences → Privacy → Cookies and website data
• Edge: Settings → Privacy, Search, and Services → Cookies and site permissions

App Settings: In the App, you can:

• Disable analytics in Settings → Privacy (stops analytics cookies if enabled)
• Clear all data in Settings → Clear All Data (removes locally stored browser data used by the app on web)

13.6 Essential vs. Non-Essential Cookies

Essential Cookies: We do not rely on first-party tracking cookies for core App functionality, but our website and infrastructure providers may set essential security cookies (for example, Cloudflare) for threat mitigation and service protection.

Non-Essential Cookies: Third-party services may use non-essential cookies:

• Payment Processing: Third-party services may use cookies for payment processing (essential for payment functionality)
• Error Tracking: Error tracking providers may use cookies for diagnostics (non-essential, can be disabled)
• Analytics: May use cookies for analytics when analytics features are enabled; defaults may vary by region (for example, EEA opt-in defaults vs non-EEA defaults) and can be changed in Settings → Privacy

13.7 Cookie Policy Updates

If we begin using cookies in the future, we may:

• Update this Privacy Policy
• Add a cookie consent banner if required
• Provide clear information about cookie usage
• Allow users to manage cookie preferences

13.8 Contact About Cookies

If you have questions about our cookie usage or third-party cookies, please contact us:

• Email: [email protected]
• Subject: Cookie Policy Inquiry

14. Accessibility Compliance

14.1 Our Commitment to Accessibility

Nebula Genesis Tech, LLC is committed to ensuring digital accessibility for people with disabilities. We are continually improving the user experience for everyone and applying the relevant accessibility standards to achieve these goals.

14.2 Accessibility Standards

We design with accessibility in mind and work toward the following standards:

• Web Content Accessibility Guidelines (WCAG): We incorporate WCAG 2.1 Level AA principles in our design and development process. A formal third-party accessibility audit has not yet been completed; we plan to conduct one as the platform matures and will disclose the results in this section
• Americans with Disabilities Act (ADA): We work toward ADA compliance for digital accessibility
• Section 508: We apply Section 508 principles where applicable

Note: As a mobile application, some web accessibility standards may not directly apply, but we apply accessibility principles to support App usability by people with disabilities.

14.3 Accessibility Features

The App includes the following accessibility features:

• Screen Reader Support: The App is compatible with screen readers including VoiceOver (iOS) and TalkBack (Android)
• Accessibility Labels: All interactive elements include accessibility labels and roles
• Font Size Adjustment: Users can adjust font size through Settings → Accessibility (small, medium, large, extra-large)
• High Contrast Mode: High contrast mode is available for improved visibility
• Reduce Motion: Option to reduce animations and motion effects
• Touch Target Sizes: All interactive elements meet minimum touch target size requirements (44x44 points)
• Keyboard Navigation: Keyboard navigation support where applicable
• Color Contrast: Text and background colors meet WCAG contrast ratio requirements

14.4 Known Limitations

While we strive to support accessibility, there may be some limitations:

• Some third-party services (e.g., payment processing) may have their own accessibility features and limitations
• Blockchain transaction interfaces may have accessibility limitations inherent to blockchain technology
• Some features may require updates to improve accessibility

We are committed to addressing accessibility issues as they are identified. If you encounter an accessibility barrier, please contact us (see Section 14.6).

14.5 Feedback and Continuous Improvement

We welcome feedback on the accessibility of the App. If you encounter accessibility barriers or have suggestions for improvement, please contact us:

• Email: [email protected]
• General Contact: [email protected]

We may review and address accessibility feedback in a timely manner.

14.6 Reporting Accessibility Issues

If you experience difficulty accessing any part of the App due to an accessibility issue, please contact us:

• Email: [email protected]
• Response Time: We aim to respond to accessibility inquiries within timelines required by applicable law, subject to verification and any extensions permitted by law
• Information to Include: Please include:
  • Description of the accessibility issue
  • Location in the App where the issue occurs
  • Device and operating system information
  • Any assistive technology you are using

14.7 Third-Party Accessibility

Some features of the App rely on third-party services:

• Payment Processing: Third-party payment interfaces may have their own accessibility features and limitations
• Blockchain Networks: Blockchain transaction interfaces may have accessibility limitations. We work to make our App's blockchain features as accessible as possible

We are not responsible for the accessibility of third-party services, but we work with our partners to support the best possible accessibility experience.

14.8 Updates and Improvements

We are committed to continuously improving accessibility:

• We regularly review and update accessibility features
• We test the App with assistive technologies
• We incorporate accessibility best practices into new features
• We respond to user feedback on accessibility issues

This accessibility statement will be updated as we make improvements or as accessibility standards evolve.

14.9 Alternative Access Methods

If you are unable to access certain features of the App due to accessibility barriers, please contact us at [email protected]. We may work with you to find alternative ways to access the information or services you need.

15. Change Log

The following changes have been made to this Privacy Policy:

Version 1.8.0 (March 29, 2026)

• Language Sweep (AMENDED): Replaced "permanent", "immutable", and "immutability" with qualified alternatives ("on-chain", "tamper-evident", "durable", "intended to be irreversible under normal operation, subject to network and ecosystem availability") throughout all body sections. Change log entries from prior versions are unmodified for historical accuracy.
• Executive Summary (AMENDED): Updated "Blockchain Data" and "Your Rights" cards to use qualified language consistent with body sections
• Section 2.2.1 (NEW): Health Record Hash Registration — discloses on-device SHA-256 hash computation, hash-only transmission to backend, and explicit statements about what is and is not received (record content never transmitted)
• Section 2.8 (NEW): AI-Powered Features Data (Planned) — forward-looking disclosure for planned AI portrait features: photos sent to third-party providers, no PII transmitted, generated image handling, usage tracking. Marked as not currently active.
• Section 2.8 → 2.9 (RENUMBERED): Device and Fraud Prevention Data renumbered to accommodate new AI section
• Sections 5, 6.2, 7.3, 10 (AMENDED): "Decentralized Permanent Storage" renamed to "Decentralized Long-Duration Storage" throughout. Blockchain data descriptions updated to "on-chain and durable" or "tamper-evident and append-only"

Version 1.7.0 (March 19, 2026)

• Section 2.2 (AMENDED): Qualified "stored locally" language — discloses that limited pet metadata may be processed server-side for minting transactions and that photos may be stored on decentralized permanent storage
• Section 2.6 (NEW): Push Notification Data — discloses collection of device push tokens, platform, app version, and wallet address association for notification delivery
• Section 2.7 (NEW): In-App Purchase and Subscription Data — discloses collection of transaction identifiers, receipt data, product identifiers, platform type, transaction amounts, and wallet address for purchase validation and dispute processing
• Section 2.8 (NEW): Device and Fraud Prevention Data — restores device fingerprint disclosure (removed in v1.6.0 condensation); discloses collection of OS, screen dimensions, timezone, language, and biometric enrollment status, client-side hashing, and server-side salting for fraud prevention
• Section 4.1 (AMENDED): Updated local-first architecture description to explicitly list server-side operational data categories (transaction records, push tokens, fraud-prevention signals, audit logs) with cross-references to Sections 2.6–2.8 and 7
• Section 5 (AMENDED): Expanded third-party service disclosures with five named categories: Payment Processing (Stripe, Apple App Store, Google Play), Decentralized Permanent Storage (Arweave/Irys — with permanence and public accessibility warning), Push Notification Delivery (Expo), Web Security and Content Delivery, and Blockchain Infrastructure
• Section 6.2 (AMENDED): "Clear All Data" description now explicitly states device-only scope; added "What Is Not Deleted by Clear All Data" list covering server-side data, blockchain, and decentralized storage; Method 2 retitled to "Request-Based Deletion (Including Server-Side Data)" with wallet address as required information and explicit server-side deletion scope
• Section 6.2 (AMENDED): "Blockchain Data Cannot Be Deleted" expanded to "Blockchain and Decentralized Storage Data Cannot Be Deleted" — adds Arweave photo permanence, encrypted document disclosure, and updated options list
• Section 7.1 (AMENDED): "Minimal Server Storage" bullet updated to cross-reference new Sections 2.6–2.8
• Section 7.2 (AMENDED): "Deleted Accounts" server-side data reference updated from Section 4.1 to Section 7.5
• Section 7.3 (AMENDED): Retitled to "Blockchain and Decentralized Storage Data Retention" — adds uploaded photos (Arweave) and encrypted documents as permanent data categories alongside blockchain records
• Section 7.5 (NEW): Server-Side Operational Data Retention — discloses tiered IP retention (user-facing: 30 days, security: 90 days, threat intelligence: longer as necessary), transaction record retention, push token lifecycle, and fraud-prevention signal retention
• Section 7.6 (AMENDED, renumbered from 7.5): Added audit and security log retention disclosure (up to seven years for critical events)
• Sections 7.7–7.8 (RENUMBERED): Your Responsibilities (7.6→7.7), GDPR Compliance (7.7→7.8)
• Section 10.5 (AMENDED): Added four rows to GDPR lawful basis table: Push notification delivery (Art. 6(1)(b)), In-app purchase processing (Art. 6(1)(b)), Device fingerprint/fraud prevention (Art. 6(1)(f)), Audit logging (Art. 6(1)(f)/Art. 6(1)(c))
• Section 10.6 (AMENDED): Updated EEA data transfer disclosures to cover payment processors (US-based), push notification delivery (US-based), decentralized storage (global), and blockchain validators (multi-jurisdictional)
• Executive Summary (AMENDED): "Your Rights" card updated to reference decentralized storage alongside blockchain immutability

Version 1.6.2 (February 21, 2026)

• Added direct links to the Non-Binding Technical Overview in Sections 4.2 and 5, and refined Executive Summary blockchain wording for consistency.

Version 1.6.1 (February 21, 2026)

• Retention language hardening: Replaced fixed retention phrasing in Section 7.5 with necessity-based language ("as required by applicable law")
• Vendor-neutral cookie disclosures: Replaced provider names in operative cookie text with category-based descriptions (error tracking providers, analytics providers)
• Mechanism neutralization: Generalized Section 1.1 definition and Executive Summary wording to remove protocol-specific implementation details from operative policy text

Version 1.6.0 (February 21, 2026)

• Sections 2–5 condensed: Replaced detailed technical and vendor-specific disclosures with category-based language for data collection, use, storage, security, and sharing
• Technical specificity reduced: Removed implementation-level cryptography, protocol, and provider details from binding policy text and moved references to non-binding technical information available on request
• Cross-reference cleanup: Updated internal references and lawful-basis summary entries to align with the new section structure

Version 1.5.0 (February 21, 2026)

• Terminology rebrand: Rebranded "Pet Identity Certificate" to "Digital Record" throughout all non-changelog clause text. Updated definition in Section 1.1 to use "Digital Record" as the primary term with historical reference to "Pet Identity Certificate"
• Pet-context identity language: Changed "identity fingerprint" to "verification fingerprint," "pet's identity" to "pet's record," and "Core identity fields" to "Core record fields" in Section 2.5
• No substantive changes: No changes to rights, obligations, data collection, or data handling. This is a terminology update only

Version 1.4.3 (February 20, 2026)

• Section 6.2 (Clarified): Clear All Data now explicitly states wallet keys and SecureStore tokens are deleted; added seed phrase backup warning
• Section 6.2 (Added): "What Gets Deleted" list now includes wallet private keys, authentication tokens, photos, attachments, and temporary files
• Section 6.4 (Clarified): Data Sharing description now references email communications and aggregated research partner sharing (Section 5.6)
• Server-side enforcement: Added per-wallet analytics opt-out; opted-out wallets excluded from all aggregated analytics views

Version 1.4.2 (February 20, 2026)

• Section 8 (AMENDED): E-rating alignment — added statement that the App is rated E for Everyone and that age requirements are for legal/contractual compliance. Clarified that parent/guardian must have agreed to Terms of Service and this Privacy Policy. Added that we do not knowingly collect age/DOB and rely on user representation.

Version 1.4.1 (February 19, 2026)

• Section 8 (AMENDED): Simplified children's privacy section — removed unimplemented enforcement claims (automatic age blocking, DOB entry requirement, parental email verification flow). Replaced with standard age representation language ("you represent that you are at least 18, or at least 13 with parental consent"). COPPA safe harbor language retained. The App is a general-audience service not directed at children.

Version 1.4.0 (February 19, 2026)

• Section 2.5 (AMENDED): Changed GDPR lawful basis for blockchain operations from consent (Article 6(1)(a)) to contractual necessity (Article 6(1)(b)) — on-chain data storage is an inherent technical requirement of the certificate minting service, not a processing activity requiring separate consent. Consent can be withdrawn under Article 7(3), creating an unresolvable tension with blockchain immutability; contractual necessity addresses this risk
• Section 2.5 (AMENDED): Renamed "Consent for Permanent Storage" to "Acknowledgment of Permanent Storage" — reframed from consent-based language to service-characteristic acknowledgment
• Section 2.5 (AMENDED): Changed cross-border validator transfer basis from explicit consent (Article 49(1)(a)) to contractual necessity (Article 49(1)(b)) with public interest fallback (Article 49(1)(d))
• Section 2.5 (NEW): Off-Chain Metadata Accessibility — discloses that off-chain metadata (including pet images) hosted on Nebula infrastructure is publicly accessible via the certificate URI and the Pet Ledger Explorer
• Section 4.3 (AMENDED): Updated DPIA user acknowledgment to reflect contractual necessity basis — removed "consent to processing" language
• Section 10.5 (AMENDED): Updated lawful basis table — blockchain operations row changed from "Consent (Art. 6(1)(a))" to "Contractual necessity (Art. 6(1)(b))"
• Section 10.6 (AMENDED): Updated EEA data transfer language from consent-based to acknowledgment of inherent service requirement
• Section 13.2 (FIX): Replaced ambiguous "Firebase, Mixpanel, or Amplitude" analytics provider list with "Firebase Analytics or a comparable provider" — reflects actual implementation. Added commitment to update policy if provider changes

Version 1.3.9 (February 19, 2026)

• Section 2.5 (AMENDED): Added explicit on-chain metadata field enumeration — lists all Token-2022 metadata fields stored permanently on the Solana blockchain (name, symbol, uri, species, breed, color, dob, sex, microchip, deviceFingerprint, mintedAt, kennel) and clarifies what is NOT stored on-chain
• Section 2.13 (NEW): Transfer-Mint Data — discloses TOTP-based device-to-phone pet transfer mechanism, data collected during transfer (TOTP codes, session metadata, certificate references), processing flow, and retention policy
• Section 9.2 (NEW): Global Privacy Control and Do Not Track Signals — discloses honoring of GPC signals per CPRA Section 1798.135(e) and CPA Section 6-1-1306(1)(a)(IV); DNT signal handling disclosed
• Section 9.3 (NEW): Additional U.S. State Privacy Rights — covers Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and Texas (TDPSA) resident rights including access, correction, deletion, portability, and opt-out mechanisms

Version 1.3.8 (February 19, 2026)

• Section 2.12 (NEW): Device Fingerprint Data — discloses collection of device characteristics, client-side SHA-256 hashing, server-side salting, and permanent on-chain storage of fingerprint hashes. Includes GDPR lawful basis (legitimate interest for fraud prevention), CCPA classification as potential "unique personal identifier" per Section 1798.140(o)(1)(A), and blockchain permanence notice
• Section 5.3 (NEW): Web Security and Content Delivery (Cloudflare) — discloses Cloudflare as third-party data processor for DDoS protection, WAF, bot mitigation, and CDN. Lists data processed (IP addresses, HTTP headers, TLS metadata), security cookies, and links Cloudflare Privacy Policy
• Sections 5.4–5.9 (RENUMBERED): Analytics (5.3→5.4), Third-Party Service Disclaimer (5.4→5.5, including 5.4.1→5.5.1, 5.4.2→5.5.2, 5.4.3→5.5.3), Government and Research Data Sharing (5.5→5.6), Data Partnership Governance (5.6→5.7), Breach Notification (5.7→5.8), EU Representative (5.8→5.9) renumbered to accommodate new Section 5.3
• Cross-references updated: All body-text references to Sections 5.4–5.8 updated to reflect new numbering (5.5–5.9). Change log entries retain original section numbers for historical accuracy

Version 1.3.7 (February 18, 2026)

• Section 1 (AMENDED): Added explicit "Data Controller" identification per GDPR Article 13(1)(a) — identifies Nebula Genesis Tech, LLC as the data controller
• Section 10.5 (NEW): Consolidated Lawful Basis Summary — table mapping each processing activity to its GDPR Article 6 lawful basis with section references, per EDPB best practice recommendations
• Section 14.2 (AMENDED): Updated WCAG disclosure — now specifies Level AA target, adds commitment to conduct and disclose formal third-party audit results as platform matures
• Sections 10.5–10.6 (RENUMBERED): Data Transfer Disclaimers (10.5→10.6), International Users (10.6→10.7) renumbered to accommodate new Section 10.5

Version 1.3.6 (February 18, 2026)

• Section 9 (AMENDED): Expanded CCPA section to CCPA/CPRA — added Right to Correct (Section 1798.106), Right to Limit Use of Sensitive Personal Information (Section 1798.121) with enumeration of sensitive PI categories (health data, biometric data, wallet addresses), and updated Right to Opt-Out to cover both "sale" and "sharing" (Section 1798.140(ah))
• Section 9.1 (NEW): Do Not Sell or Share My Personal Information — explicit statement that we do not sell or share personal information for cross-context behavioral advertising, with explanation of why a DNSS link is not required under Section 1798.135
• Section 2.7 (AMENDED): Added CCPA Section 1798.125 financial incentive disclosure for surveys-for-free-credits program — material terms, value relationship, opt-in/voluntary nature, and non-discrimination statement
• Section 5.1 (AMENDED): Named Stripe as payment processor, linked Stripe Privacy Policy, added cross-reference to ToS Section 5.9.2
• Section 8 (AMENDED): Strengthened COPPA compliance — added FTC guidance citation (16 CFR 312) for age gate method, added parent notification for discovered underage data collection, strengthened parental consent process with email verification link requirement, added parental consent revocation mechanism

Version 1.3.5 (February 18, 2026)

• Section 4.3 (AMENDED): Added DPO assessment disclosure pursuant to GDPR Article 37 — determined DPO not required based on local-first architecture and limited scale of special category processing; reassessment commitment included
• Section 5.7 (NEW): Breach Notification — commitment to notify supervisory authorities within 72 hours (GDPR Article 33) and affected users without undue delay for high-risk breaches (GDPR Article 34). Includes U.S. state breach notification law compliance
• Section 5.8 (NEW): EU Representative (GDPR Article 27) — assessment disclosure that Art 27 representative is not currently required based on incidental EEA processing; reassessment commitment if EEA targeting begins
• Section 11 (AMENDED): Removed "if implemented" parenthetical from re-acceptance clause — material changes affecting data processing purposes, user rights, or lawful bases now require affirmative re-consent (not passive continued-use acceptance), consistent with GDPR requirements

Version 1.3.4 (February 18, 2026)

• Section 2.11 (NEW): GEN Credit Transaction Data — discloses server-side storage of wallet address, credit tier, transaction amount, Stripe session ID, transaction type, and running balance. GDPR lawful basis: contractual necessity (Article 6(1)(b)). Retention: duration of account + 7 years for tax compliance
• Section 4.1 (FIX): Changed "anonymized" to "de-identified" in IP address disclosure to align with document-wide terminology standard
• Executive Summary (FIX): Qualified "Data Storage" card — now says "Pet data stored locally" with reference to minimal server-side data and Section 4.1
• Section 7.1 (FIX): Replaced "No Server Storage" with "Minimal Server Storage" — now discloses IP address collection with 30-day de-identification and GEN credit transaction records
• Section 7.2 (FIX): Qualified "deletion is immediate and permanent" — now specifies this applies to locally stored data; server-side IP data follows Section 4.1 de-identification schedule
• Section 6.2 (FIX): Replaced hedging "typically do not retain" with accurate statement about local-first pet data and references to server-side data in Sections 4.1 and 2.11
• Section 7.5 (FIX): Same qualification as 6.2 — removed "if we do retain any data" hedging language
• Section 10.2 (FIX): Updated Right to Object (Article 21) to reference both specific opt-out toggles (Data Analytics, Data Sharing), matching ToS 12.3 pattern
• Sections 2.5, 4.1, 4.2, 5.4 (FIX): Removed [ENHANCED] and [CRITICAL WARNING] development markers from 5 clause text locations
• Footer version (FIX): Updated from 1.3.1 to match header version

Version 1.3.3 (February 18, 2026)

• Section 4.1 (FIX): Qualified "no personal data on servers" claim — now discloses that IP addresses are collected for security and rate-limiting and automatically de-identified within 30 days

Version 1.3.2 (February 18, 2026)

• Executive Summary (FIX): Replaced redundant "Local Storage" card with "Data Aggregation" card disclosing aggregation, de-identification, and opt-out controls
• Section 3.3 (FIX): Added inline GDPR Article 21 right-to-object cross-reference to opt-out paragraph, matching ToS 9.4 pattern
• Section 5.5 (FIX): Added "LIA available on request" disclosure to lawful basis paragraph. Added inline GDPR Article 21 right-to-object cross-reference to opt-out paragraph, matching ToS 9.5 pattern
• Section 10.1 (FIX): Added hyperlink to Terms of Service Section 12
• Section 10.6 (FIX): Added hyperlink to Terms of Service Section 12
• Changelog fixes: Corrected v1.3.1 section reference (2.8 → 2.7). Corrected v1.3.0 renumbering note to include both 10.4→10.5 and 10.5→10.6

Version 1.3.1 (February 18, 2026)

• Terminology standardization: Replaced "anonymized" with "de-identified" in Sections 2.7, 3.3, and 5.5 to align with HIPAA Safe Harbor and CCPA standards. Exception: Section 2.5 "Wallet addresses cannot be anonymized or deleted" retained as technically accurate for blockchain data
• Section 3.3 (FIX): Added "LIA available on request" disclosure with contact email for GDPR transparency
• Section 5.5 (FIX): Added already-aggregated data caveat to opt-out paragraph — data shared prior to opt-out cannot be recalled
• Section 10.4 (FIX): Updated Right to Object paragraph to reference both opt-out toggles: Data Analytics (aggregation) and Data Sharing (third-party sharing)
• Section 10.5 (FIX): Added carve-out for de-identified data to "no third-party transfer" statement, referencing Sections 3.3 and 5.5

Version 1.3.0 (February 18, 2026)

• Section 2.10 (NEW): Promotional Program Data — discloses data collection for promotional events and giveaways (email, promo codes, social handles), with GDPR lawful basis (consent) and retention limits
• Section 3.3 (NEW): Aggregated Data and Public Health Analytics — full disclosure of disease surveillance system including what data is aggregated (condition codes, species, breed, state-level geography, severity, temporal trends), what is excluded (pet identifiers, wallet addresses, vet identities, clinic names), de-identification methodology (HIPAA Safe Harbor, minimum 5-record threshold), GDPR lawful basis (legitimate interest with LIA), and opt-out mechanism
• Section 4.3 (AMENDED): Added DPIA coverage for aggregated analytics derived from veterinary attestation data, including re-identification risk assessment for small-sample populations
• Section 5.5 (NEW): Government and Research Data Sharing — discloses that aggregated, de-identified data may be shared with USDA, state veterinarian offices, CDC, academic institutions, and veterinary industry organizations. Includes GDPR lawful basis (legitimate interest + public interest), GDPR Chapter V transfer mechanism (Article 49(1)(d)), CCPA "sale" analysis (not a sale per Section 1798.140(o)), and opt-out
• Section 5.6 (NEW): Data Partnership Governance — establishes framework for data sharing agreements (permitted uses, security requirements, re-identification prohibition, audit rights, 72-hour breach notification, data destruction on termination). Partnership registry maintained for transparency
• Section 6.4 (AMENDED): Added Data Analytics and Data Sharing opt-out controls to Privacy Controls list
• Section 9 (AMENDED): Strengthened CCPA "sale" analysis — clarified that de-identified data sharing for public health purposes does not constitute a "sale" under CCPA Section 1798.140(ad)
• Section 10.4 (NEW): Lawful Basis for Aggregated Data and Government Sharing — explicit GDPR Article 6 bases for each processing activity, Right to Object (Article 21) disclosure, cross-border transfer mechanisms
• Renumbered Section 10.4 (Data Transfer Disclaimers) to 10.5 and Section 10.5 (International Users) to 10.6

Version 1.2.4 (February 16, 2026)

• Section 1.1: Added Definitions clause — "Pet Identity Certificate" defined as soulbound, non-transferable digital token on Solana Token-2022
• Systematic language migration: replaced consumer-facing "NFT" / "NFTs" with "Pet Identity Certificate" / "certificates" throughout all non-changelog clause text
• Updated headings and labels: "NFT Records" → "Certificate Records", "Soulbound NFT Protection" → "Soulbound Certificate Protection", "NFTs" → "Certificates" in Section 7.3
• Replaced "NFT burning" / "burn" language with "certificate revocation" / "revoke" in Section 6.2
• Preserved all historical changelog entries as-is

Version 1.2.3 (February 16, 2026)

• Section 2.5: Fixed stale branding "pet's passport" to "pet's Pet Ledger NFT"
• Section 5.2: Identified Solana blockchain (mainnet-beta) as the specific network used for NFT operations
• Fixed header version mismatch (was displaying 1.2.1 instead of current version)

Version 1.2.2 (February 14, 2026)

• Section 2.5: Corrected wallet linkability language to reflect mandatory wallet rotation (per-pet wallet isolation)
• Section 2.9: Replaced "Beta Testing Status" with "Data Responsibility" — app is now publicly released
• Quick Summary: Replaced "Beta Status" card with "Local Storage" card
• Section 7.7: Fixed cross-reference from "Section 9 (European Privacy Rights)" to correct "Section 10"
• Section 10.4: Removed contradictory "no cross-border data transfer" bullet; clarified EEA transfer exceptions for blockchain and payment processing
• Added section anchor IDs to all 15 top-level sections for deep linking

Version 1.2.1 (February 8, 2026)

• Corrected NFT transfer language in Sections 6.2 and 7.3 to accurately reflect soulbound (non-transferable) design
• Fixed GDPR section numbering (Section 10 subsections corrected from 9.x to 10.x)

Version 1.2.0 (January 22, 2026)

• Added biometric authentication requirements for all blockchain operations
• Added soulbound NFT protection details (non-transferable even if recovery phrase compromised)
• Enhanced recovery phrase security disclosures with detailed compromise scenarios
• Clarified what attackers can and cannot do with compromised recovery phrase
• Added guidance for users if recovery phrase is compromised
• Updated security section to reflect device-level biometric protection
• Added cross-references to Terms of Service for better document integration
• Enhanced legal protection with improved cross-document linking
• Added Section 4.3: Data Protection Impact Assessment (DPIA) in accordance with GDPR Article 35 and EDPB Guidelines 02/2025
• Added Section 11.1: Regulatory Monitoring and Updates for ongoing compliance
• Added international standards compliance references (OECD Privacy Guidelines, UN resolutions, eIDAS 2.0)
• Enhanced wallet interoperability language aligning with emerging digital identity standards

Version 1.1.0 (January 9, 2026)

• Updated effective date to January 9, 2026
• Added user responsibility clarification for local storage
• Enhanced blockchain data disclosures in Section 2.5
• Expanded GDPR and CCPA user rights sections with detailed exercise instructions
• Added cross-references to Terms of Service
• Improved clarity on data access limitations
• Added Change Log section for transparency

Version 1.0.0 (Initial Release)

• Initial Privacy Policy publication