# Privacy policy Noir Privacy Wallet - Privacy Policy Last updated: 14 May 2026 This Privacy Policy explains how Ref Labs Ltd., a British Virgin Islands company (registration no. 2100091), with its registered office at Craigmur Chambers, Road Town, Tortola, VG 1110, British Virgin Islands ("Company", "we", "our" or "us"), collects, uses, discloses, stores and protects information in connection with Noir Privacy Wallet, which may also be referred to as Noir Wallet or Noir. This Privacy Policy applies to the Noir Privacy Wallet Chrome browser extension, related websites, software, APIs, smart contract integrations, Zcash functionality, Rhea Finance CrossChainLending integrations, NEAR Intents integrations, ZECFi Integrations, support channels and related interfaces that we currently control or expressly designate as Noir Privacy Wallet services (collectively, the "App"). This Privacy Policy is incorporated into the Noir Privacy Wallet Terms of Service. Capitalised terms not defined in this Privacy Policy have the meanings given in the Terms of Service. 1. Summary Noir Privacy Wallet is designed as a self-custodial wallet and privacy-preserving software interface. We do not custody your digital assets. We do not collect or store your private keys, seed phrase, recovery phrase, spending keys or password on Company-controlled servers. We do not sell user personal data. The App does not require you to create an account with an email address, phone number, username or password by default. The App is designed to minimise data collection, but it may process limited technical, usage, public blockchain, support, security and compliance information as described in this Privacy Policy. Public blockchain activity, including transparent Zcash activity, may be publicly visible. Shielded or privacy-enhanced activity may still reveal metadata or become linkable depending on your behaviour, device, network, counterparties, bridges, solvers, RPC providers, indexers, analytics tools, exchanges, legal requests or other third-party systems. Third-party services such as Google Chrome, the Chrome Web Store, Zcash infrastructure, RPC providers, indexers, Rhea Finance, NEAR Intents, bridges, solvers, relayers, liquidity providers, lending protocols, decentralised applications and analytics providers may collect or process information according to their own terms and privacy policies. 2. Information We Do Not Collect by Default The Company does not collect or store the following information on Company-controlled servers by default: (a) private keys; (b) seed phrases or recovery phrases; (c) Zcash spending keys; (d) wallet passwords; (e) decrypted encrypted key material; (f) full local wallet backup files; or (g) shielded transaction memos or shielded transaction details that remain only in your local wallet and are not otherwise made available to us. You should never send us your private key, seed phrase, recovery phrase, spending key or wallet password. The Company will never ask you for this information. If you voluntarily provide sensitive wallet information to us, a support provider or any third party, you may permanently compromise your wallet, assets or privacy. 3. Information You Provide to Us We may collect information that you voluntarily provide, including: (a) support requests, bug reports, dispute communications, security reports or other messages you send to us; (b) email address, social media handle, username or other contact information if you choose to provide it; (c) feedback, survey responses, campaign entries, community messages or extension-store reviews; (d) information you provide when participating in optional programs, beta testing, promotions, allowlists, referral programs, quests or similar activities; (e) documents or information you provide if we request information for legal, sanctions, security, fraud prevention, compliance or dispute-resolution purposes; and (f) any other information you choose to provide to us or our service providers. Do not provide confidential, personal or sensitive information unless it is necessary for the relevant request or feature. 4. Wallet, Blockchain and Transaction Information When you use the App, we or our service providers may process certain wallet, blockchain or transaction information to provide, secure, debug, support and improve the App. Depending on the feature and configuration, this may include: (a) public wallet addresses; (b) public Zcash transparent addresses and transparent transaction data; (c) transaction hashes, timestamps, block numbers, chain identifiers, token identifiers, contract addresses, public balances, public approvals and public event logs; (d) Rhea Finance CrossChainLending position information, such as public supply, borrow, collateral, liquidation, interest rate, oracle or account abstraction data; (e) NEAR Intents, swap, bridge, solver, relayer, route, quote, deposit, withdrawal or settlement information; (f) public blockchain data related to ZECFi Integrations, cross-chain swaps, bridges, lending protocols or decentralised applications; (g) transaction status information, failed transaction diagnostics, routing diagnostics and error information; and (h) wallet preferences, settings, account labels, address labels or other wallet metadata if you choose to sync, submit, export, back up or share them through a feature controlled by us. The App may process and store wallet data, encrypted key material, viewing data, note-management information, settings, labels, transaction data, cached blockchain data and related information locally in your browser, device, browser profile, browser extension storage, local storage, indexed databases, cloud backups or other user-controlled environments. Local storage and browser sync are controlled by your device, browser, operating system and chosen settings, not by the Company. 5. Zcash, Shielded Activity and Viewing Information Noir Privacy Wallet may support transparent Zcash addresses, shielded Zcash addresses, unified addresses, shielded assets, shielded transactions, shielding, deshielding, memos, viewing keys, note management, transaction construction, transaction signing and transaction broadcast. Transparent Zcash addresses and transactions may be publicly visible. Shielded or privacy-enhanced transactions may provide stronger privacy properties than transparent transactions, but they do not guarantee anonymity, unlinkability, confidentiality, untraceability, legal compliance or protection from all forms of tracing or analysis. Depending on how you use the App, the Company may not be able to access your shielded transaction details, shielded memos or private wallet activity beyond information that is publicly available on supported blockchain networks, information processed locally by the App, information you voluntarily provide, or information necessary to provide, secure, debug, support, maintain or improve the App. Viewing keys and viewing data may reveal sensitive information about shielded activity. The App may process viewing keys or viewing data locally to provide wallet functionality. We do not collect or store your viewing keys on Company-controlled servers by default. If an optional feature, support workflow or third-party service asks you to provide a viewing key or viewing data, you should carefully consider the privacy consequences before doing so. Privacy can be reduced or defeated by user behaviour, address reuse, shielding or deshielding patterns, timing analysis, amount correlation, memo disclosure, viewing key disclosure, device compromise, browser compromise, malware, screenshots, cloud backups, RPC metadata, indexer metadata, exchange deposits or withdrawals, cross-chain swaps, bridge activity, intent-based settlement, counterparties, legal requests or other information outside the App. 6. Technical and Usage Information We may automatically collect or receive limited technical and usage information, including: (a) app version, extension version and feature configuration; (b) device type, operating system, browser type and browser version; (c) crash reports, error logs, performance logs and diagnostic information; (d) feature usage, aggregated wallet setup metrics, session events and interaction events; (e) approximate location derived from IP address or device/network information, such as country or region; (f) IP address, which may be temporarily processed where necessary to provide the App, establish network connections, prevent DDoS attacks, route requests, secure the App, detect abuse, comply with sanctions or other legal obligations, or support optional third-party functionality; (g) cookies, pixels, local storage identifiers or similar technologies on websites or web-based interfaces controlled by us; and (h) information about External Sites or decentralised applications that you connect to or interact with through the App, to the extent necessary to provide the requested functionality, security protections, routing or transaction display. Where practical, we use aggregated, de-identified or pseudonymous information for analytics and product improvement. If analytics controls are made available in the App, you may opt out of non-essential analytics through those controls. 7. Information from Third Parties We may receive information from third parties, including: (a) browser providers, extension stores, device providers and operating systems; (b) RPC providers, indexers, Zcash nodes, blockchain explorers and other blockchain infrastructure providers; (c) Rhea Finance, NEAR Intents, solvers, relayers, bridges, liquidity providers, lending protocols, decentralised applications and other ZECFi Integration providers; (d) analytics, crash reporting, security, fraud prevention, hosting, support and communications providers; (e) sanctions, compliance, abuse-prevention, security or public blockchain analytics providers; (f) affiliates, business partners, professional advisers or service providers; and (g) public sources, including public blockchains and public websites. Third-party services may independently collect information from you under their own terms and privacy policies. We do not control their privacy practices. 8. How We Use Information We may use information for the following purposes: (a) to provide, operate, maintain, secure and improve the App; (b) to create, import, display, route, construct, sign, broadcast, monitor, index, troubleshoot or support wallet, Zcash, Rhea Finance, NEAR Intents, ZECFi Integration or other supported transactions; (c) to display balances, transaction history, transaction status, quotes, routes, fees, lending rates, borrow rates, liquidation information, risk information, public blockchain data and other App information; (d) to process your requests, provide customer support, respond to communications and resolve technical issues; (e) to detect, prevent, investigate and respond to fraud, abuse, spam, security incidents, privacy incidents, sanctions violations, prohibited use, market manipulation, attacks, unauthorised access or other harmful activity; (f) to comply with applicable law, legal process, sanctions, export controls, regulatory requests, court orders, subpoenas, warrants, tax obligations, reporting obligations or other legal obligations; (g) to enforce the Terms of Service and other policies; (h) to analyse, develop, test and improve the App, including through aggregated, de-identified or pseudonymous analytics; (i) to communicate with you about the App, updates, security notices, support responses, policy changes, optional programs or other information you request; (j) to provide optional features or third-party integrations you choose to use; (k) to protect the rights, property, security and safety of the Company, users, third parties or the public; and (l) for any other purpose disclosed to you when information is collected or with your consent. 9. Legal Bases for Processing Where applicable data protection law requires a legal basis for processing, we may rely on one or more of the following legal bases: (a) performance of a contract, including providing the App and related services under the Terms of Service; (b) legitimate interests, including operating, securing, improving, debugging and protecting the App, preventing abuse, communicating with users, and protecting legal rights, provided those interests are not overridden by your rights and freedoms; (c) consent, where we ask for your consent for optional analytics, marketing, optional features, certain cookies or other processing; (d) legal obligations, including sanctions, export controls, compliance, tax, regulatory, court order, law enforcement and similar obligations; and (e) vital interests or public interest, where applicable law recognises those bases and the circumstances require them. 10. How We Share Information We may disclose information as follows: (a) Service providers. We may share information with service providers that help us provide hosting, infrastructure, analytics, crash reporting, security, compliance, customer support, communications, monitoring, storage, software development, product improvement or similar services. (b) User-directed third-party integrations. When you use Rhea Services, NEAR Intents, ZECFi Integrations, bridges, solvers, relayers, liquidity providers, lending protocols, decentralised applications, RPC providers, indexers, wallets or other third-party services, you may direct the App to share or transmit information needed to provide the requested functionality, including wallet addresses, transaction data, quotes, routes, chain identifiers, amounts, public blockchain data, device/network information or other necessary data. (c) Affiliates and business partners. We may share information with affiliates and business partners where necessary to provide, support, secure, improve or operate the App, or to evaluate or complete corporate transactions. (d) Legal, compliance and safety. We may preserve, disclose or transfer information if we believe it is necessary or appropriate to comply with law, legal process, sanctions, export controls, regulatory requests, court orders, subpoenas, warrants, tax obligations, law enforcement requests, or to detect, prevent or address fraud, security issues, privacy incidents, prohibited use, illegal activity or threats to safety. (e) Professional advisers. We may share information with lawyers, auditors, accountants, insurers, bankers and other professional advisers. (f) Corporate transactions. If we are involved in a merger, acquisition, financing, reorganisation, sale of assets, bankruptcy, change of control or similar transaction, information may be disclosed or transferred as part of that transaction. (g) Consent or direction. We may share information where you consent to or direct the sharing. We do not sell user personal data. We do not knowingly share personal data for cross-context behavioural advertising unless we provide legally required notice and choice. 11. Cookies and Similar Technologies The Extension itself may use local storage, browser extension storage, indexed databases or similar technologies to provide wallet functionality. Websites or web-based interfaces controlled by us may use cookies, pixels, local storage or similar technologies to provide essential site functionality, remember preferences, secure the App, understand usage, measure performance or support optional analytics. You may be able to control cookies through browser settings. Disabling cookies or local storage may affect the functionality of the App. 12. Analytics and Product Improvement We may use analytics, crash reporting and diagnostic tools to understand how the App performs, identify bugs, measure reliability, improve user experience, detect abuse and develop new features. Where practical, analytics will be aggregated, de-identified or pseudonymous. If the App provides analytics settings, you may disable non-essential analytics through those settings. Certain technical logs, security logs or transaction-related diagnostics may still be processed where necessary to provide, secure, debug, or comply with legal obligations relating to the App. 13. Security We use reasonable technical and organisational measures designed to protect information under our control. However, no method of transmission, processing or storage is completely secure. The App may rely on your browser, device, operating system, browser profile, extension storage, local storage, password manager, cloud backup, hardware wallet, network connection and third-party services. You are responsible for securing your device, browser profile, wallet, passwords, seed phrase, recovery phrase, spending keys, viewing keys, backups, approvals and connected applications. 14. Data Retention We retain information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide, secure, debug and improve the App, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud or abuse, and protect our rights and users. Retention periods may vary depending on the type of information, the feature used, legal requirements and operational needs. Information stored locally in the App may remain on your device until you delete it, uninstall the App, clear browser or extension storage, restore or reset your device, or otherwise remove it through available controls. Public blockchain data is generally public, immutable and outside our control. We cannot delete or modify information recorded on public blockchains. We may retain aggregated, de-identified or pseudonymous information where it no longer reasonably identifies you. 15. Your Choices and Privacy Rights Depending on your location and applicable law, you may have rights to request access to, correction of, deletion of, restriction of, portability of, or objection to certain processing of your personal information. You may also have the right to withdraw consent where processing is based on consent, and to opt out of certain sale, sharing, targeted advertising or profiling activities where applicable law provides those rights. You can exercise available rights by contacting us using the details in the "Contact Us" section. We may need to verify your request and may ask for information reasonably necessary to confirm your identity, authority or relationship to the relevant information. Some information may not be accessible, correctable or deletable by us, including information stored only locally on your device, information controlled by third parties, and public blockchain data. You may also have choices to: (a) disable non-essential analytics in the App, if such controls are available; (b) adjust browser cookie, extension, permission, notification or local storage settings; (c) avoid providing optional contact or support information; (d) uninstall the Extension; (e) delete local App data from your browser or device; and (f) avoid optional third-party integrations. 16. International Transfers We and our service providers may process, store and transfer information in countries other than the country where you are located. Those countries may have data protection laws different from the laws of your jurisdiction. Where required by applicable law, we use appropriate safeguards for international transfers, which may include standard contractual clauses or other lawful transfer mechanisms. 17. Children The App is not directed to children or persons under the age of 18, and we do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact us so that we can take appropriate action. 18. Third-Party Links and Services The App may link to, display, route through, integrate with or make available External Sites or Third-Party Content, including browser providers, extension stores, RPC providers, indexers, Zcash infrastructure, Rhea Finance, NEAR Intents, bridges, solvers, relayers, liquidity providers, lending protocols, decentralised applications, analytics providers, social-media services and other third-party services. This Privacy Policy does not apply to third-party services. Their own terms and privacy policies govern their collection, use, disclosure and retention of information. 19. Regional Privacy Notices EEA, UK and Switzerland. If you are located in the European Economic Area, the United Kingdom or Switzerland, the Company is the controller of personal information processed under this Privacy Policy, except where we act as a processor or service provider on behalf of another controller. You may have rights under applicable data protection laws, including rights of access, rectification, erasure, restriction, portability, objection and complaint to a supervisory authority. Where we rely on consent, you may withdraw consent at any time without affecting processing carried out before withdrawal. United States. If you are located in a U.S. state with applicable privacy laws, you may have rights to know, access, correct, delete or obtain a copy of certain personal information, and to opt out of certain sale, sharing, targeted advertising or profiling activities. We do not sell user personal data. We do not knowingly sell or share personal information of persons under 16. California. To the extent the California Consumer Privacy Act, as amended, applies, the categories of personal information we may collect include identifiers, internet or other electronic network activity information, geolocation information at an approximate level, commercial or transaction-related information, inferences from usage information, and any information you voluntarily provide. We collect, use and disclose those categories for the purposes described in this Privacy Policy. 20. Changes to This Privacy Policy We may update this Privacy Policy from time to time. When we update it, we will revise the "Last updated" date. Your continued use of the App after an updated Privacy Policy is posted means that you acknowledge the updated Privacy Policy. 21. Contact Us If you have questions about this Privacy Policy or want to submit a privacy request, please contact: Ref Labs Ltd. Craigmur Chambers, Road Town, Tortola, VG 1110 British Virgin Islands Email: --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.zknoir.com/privacy-policy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.