Privacy Policy

Effective Date: February 12, 2026  |  Last Updated: February 12, 2026

JIL Sovereign Technologies, Inc. (“JIL Sovereign,” “we,” “us,” or “our”) respects your privacy and is committed to protecting the personal data you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use the JIL Sovereign platform, websites, applications, APIs, and related services (collectively, the “Services”).

By accessing or using the Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Services.

1. Scope and Applicability

This Privacy Policy applies to all users of the Services, including but not limited to individual wallet holders, institutional clients, developers accessing our APIs, token holders, validators, and visitors to our websites. This policy does not apply to third-party websites, platforms, or services linked from the Services, which are governed by their own privacy policies.

2. Data Controller

The data controller responsible for your personal data is:

JIL Sovereign Technologies, Inc.
Wilmington, Delaware, United States (Incorporated Headquarters)
Hubs: Texas · Switzerland · UAE · Singapore
Email: contact@jilsovereign.com

3. Information We Collect

3.1 Information You Provide Directly

• Account Registration Data: Email address, username, public wallet address(es), and authentication credentials (including WebAuthn/biometric registrations).
• Identity Verification (KYC/AML): Government-issued identification documents, proof of address, date of birth, nationality, tax identification numbers, and selfie/liveness verification data, as required by applicable regulations.
• Institutional Onboarding: Corporate registration documents, beneficial ownership information, authorized signatory details, and corporate wallet addresses.
• Communications: Correspondence sent to us via email, support tickets, or contact forms, including any personal data contained therein.
• Validator Applications: Jurisdiction of operation, organizational information, infrastructure specifications, and compliance certifications.

3.2 Information Collected Automatically

• Device and Browser Data: IP address, browser type and version, operating system, device identifiers, screen resolution, and language preferences.
• Usage Data: Pages viewed, features accessed, timestamps, click patterns, session duration, and referral URLs.
• Transaction Metadata: Transaction hashes, timestamps, gas fees, and settlement statuses associated with your wallet address(es).
• API Usage Data: Endpoint calls, request volumes, authentication tokens used, error logs, and rate-limit events.

3.3 Information from Third Parties

• KYC/AML Providers: Identity verification results, sanctions screening outcomes, and risk scores from our compliance partners.
• Blockchain Networks: Publicly available on-chain data from Ethereum, Solana, XDC, and other EVM-compatible networks used by our bridge infrastructure.
• Analytics Providers: Aggregated and anonymized usage statistics from third-party analytics services.

4. How We Use Your Information

We process your personal data for the following purposes:

• Service Provision: To create and maintain your account, process transactions, operate the self-custody wallet, execute cross-chain bridge transfers, and provide settlement services.
• MPC Key Management: To facilitate 2-of-3 multi-party computation (MPC) key generation and threshold signing. We store one encrypted key shard; you retain custody of a separate shard. We never have access to your complete private key.
• Compliance and Legal Obligations: To perform KYC/AML verification, sanctions screening, Travel Rule compliance (FATF), suspicious activity monitoring, and regulatory reporting as required by applicable law in each operating jurisdiction.
• Security and Fraud Prevention: To detect, prevent, and investigate unauthorized access, fraud, abuse, and security incidents.
• Insurance Processing: To administer wallet protection coverage claims for eligible Premium and Protected tier accounts (up to $250,000 per incident).
• Platform Improvement: To analyze usage patterns, diagnose technical issues, and improve the performance, functionality, and security of our Services.
• Communications: To send transactional notifications (transaction confirmations, security alerts, account updates) and, with your consent, marketing communications about new features and services.
• Governance: To facilitate on-chain governance voting and validator consensus operations.

5. Legal Basis for Processing

We process your personal data under the following legal bases, as applicable under the EU General Data Protection Regulation (GDPR), the Swiss Federal Act on Data Protection (FADP), and equivalent legislation:

• Contractual Necessity: Processing required to perform our obligations under the Terms of Service (e.g., account creation, transaction processing, wallet services).
• Legal Obligation: Processing required to comply with applicable laws, including KYC/AML regulations, sanctions laws, tax reporting, and data retention mandates.
• Legitimate Interests: Processing necessary for our legitimate business interests, including fraud prevention, platform security, analytics, and service improvement, provided these interests are not overridden by your rights and freedoms.
• Consent: Where required by law, we obtain your explicit consent for specific processing activities, such as marketing communications or optional analytics. You may withdraw consent at any time.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share your information in the following limited circumstances:

• Service Providers: With trusted third-party vendors who assist in operating our platform (cloud hosting, KYC verification, analytics, customer support), subject to strict confidentiality agreements and data processing addenda.
• Regulatory and Law Enforcement: With government authorities, regulators, or law enforcement agencies when required by applicable law, subpoena, court order, or regulatory investigation.
• Insurance Partners: With insurance providers in connection with wallet protection coverage claims, limited to information necessary to process the claim.
• Validators: Transaction data necessary for block validation and consensus is shared with the 20-validator network as part of normal protocol operations. Validators do not receive your personal identity information.
• Corporate Transactions: In the event of a merger, acquisition, reorganization, or asset sale, your personal data may be transferred as part of the transaction, subject to the same privacy protections described herein.

7. Blockchain and On-Chain Data

Important: The JIL settlement ledger is a public, immutable record. Transaction records, wallet addresses, transaction amounts, and timestamps recorded on-chain are publicly visible and cannot be modified or deleted after confirmation. This is inherent to blockchain technology and is not subject to erasure requests.

We employ ZK (zero-knowledge) compliance proofs to enable regulatory verification without exposing underlying personal data on-chain. However, any data you voluntarily broadcast to the blockchain becomes permanently public.

8. Data Security

We implement industry-leading security measures to protect your data, including:

• MPC 2-of-3 Key Management: Your private key is split into three shards using multi-party computation. You hold one shard, an HSM-secured enclave holds one, and a geographically distributed backup holds one. No single party can access your full key.
• Post-Quantum Cryptography: Dilithium digital signatures and Kyber key encapsulation protect against both classical and quantum computing attacks.
• Encryption: All data in transit is encrypted via TLS 1.3. Data at rest is encrypted using AES-256. Key shards are stored in hardware security modules (HSMs).
• Infrastructure Security: Multi-region hosting, DDoS mitigation, intrusion detection systems, regular penetration testing, and SOC 2-aligned operational controls.
• Access Controls: Role-based access control (RBAC), multi-factor authentication for all administrative access, and audit logging of all data access events.

Despite these measures, no system is completely secure. We cannot guarantee absolute security of your data and encourage you to take steps to protect your credentials.

9. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law:

• Account Data: Retained for the duration of your active account and for 5 years following account closure, as required by financial recordkeeping regulations.
• KYC/AML Records: Retained for a minimum of 5 years (or longer where required by jurisdiction-specific regulations, e.g., 10 years under Swiss AMLA).
• Transaction Records: On-chain transaction data is permanent and immutable. Off-chain transaction metadata is retained for 7 years.
• Usage and Analytics Data: Aggregated and anonymized data may be retained indefinitely. Identifiable usage data is retained for up to 2 years.
• Communications: Support correspondence is retained for 3 years following resolution.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure (“Right to Be Forgotten”): Request deletion of your personal data, subject to legal retention obligations and the immutability of on-chain data.
• Right to Restrict Processing: Request that we limit the processing of your data under certain circumstances.
• Right to Data Portability: Request that your data be provided in a structured, commonly used, machine-readable format.
• Right to Object: Object to processing based on legitimate interests, including direct marketing.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: File a complaint with a supervisory authority (e.g., the Swiss FDPIC, EU data protection authority, or equivalent in your jurisdiction).

To exercise any of these rights, contact us at contact@jilsovereign.com. We will respond within 30 days (or sooner where required by law). We may request verification of your identity before processing your request.

10.1 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to delete, the right to opt out of the sale or sharing of personal information (we do not sell personal information), and the right to non-discrimination for exercising your privacy rights.

11. International Data Transfers

JIL Sovereign operates globally with offices in Zurich (Switzerland), Dallas (USA), Abu Dhabi (UAE), and Singapore. Your personal data may be transferred to and processed in jurisdictions other than your own. When transferring data outside the EEA or Switzerland, we rely on:

• EU Standard Contractual Clauses (SCCs)
• Swiss Federal Data Protection Act adequacy determinations
• Binding corporate rules or equivalent safeguards

We ensure that all international transfers are subject to appropriate safeguards in compliance with applicable data protection laws.

12. Cookies and Tracking Technologies

We use the following categories of cookies and similar technologies:

• Strictly Necessary Cookies: Essential for website functionality, authentication, and security. Cannot be disabled.
• Analytics Cookies: Used to understand how visitors interact with our website, helping us improve user experience. Data is anonymized where possible.
• Preference Cookies: Store your settings and preferences (e.g., language, theme) across sessions.

We do not use advertising or tracking cookies. You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Services.

13. Children's Privacy

The Services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a person under 18, we will take steps to delete such data promptly. If you believe a minor has provided us with personal data, please contact us immediately.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website with a revised “Last Updated” date. Where required by law, we will provide additional notice (e.g., via email). Your continued use of the Services after the effective date of any changes constitutes your acceptance of the revised policy.

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

JIL Sovereign Technologies, Inc.
Email: contact@jilsovereign.com
Wilmington, Delaware (Incorporated Headquarters)
Hubs: Texas · Switzerland · UAE · Singapore

For data protection inquiries within the European Economic Area, you may also contact the Swiss Federal Data Protection and Information Commissioner (FDPIC) or your local supervisory authority.