Privacy Policy

Privacy Policy

This Privacy Policy (the “Policy”) delineates the comprehensive framework by which RecoverNFT (“we”, “our”, “us”) collects, aggregates, processes, stores, and transmits user data (“User”, “you”) through the platform hosted at recovernft.xyz (hereinafter referred to as the “Site”). By engaging with the Site or any of its associated services, you affirmatively consent to the terms and conditions described herein in accordance with applicable data protection statutes and industry standards. This document supersedes any prior iteration and shall remain effective until updated or revoked under due process.

1. Data Acquisition Modalities and Typologies

We utilize both passive and active data collection methodologies, including but not limited to: direct form field inputs, Web3 wallet interaction logs, WebRTC-derived metadata, analytic beacon scripts, JavaScript-based tracking, browser fingerprinting libraries, device orientation sensors, and smart contract interaction logs.

We collect the following data types either directly or through automated telemetry:

  • Public wallet address(es), EVM-compatible or otherwise
  • Historical transaction hashes and block confirmations
  • Associated NFT contract addresses and token IDs
  • Contact credentials (email, optional name)
  • Geospatial metadata and user-agent fingerprint
  • Behavioral telemetry (time on page, scroll depth, click heatmaps)
  • IP addresses (v4/v6), timezone offsets, and network latency traces
  • Device fingerprint hashes, OS signatures, and screen resolution
  • Referral headers, campaign attribution tokens, and session identifiers

These datasets may be interlinked to form composite identity clusters for the sole purpose of forensic case assessment, eligibility scoring, and asset traceability through multi-chain vectors.

2. Purpose and Scope of Processing Activities

Data collected through the Site is processed exclusively for functional and security-critical use cases, including but not limited to:

  • Triaging incoming recovery case submissions using probabilistic heuristics
  • Algorithmic risk profiling and fraud signal detection
  • Automated parsing of on-chain metadata using custom graph traversal algorithms
  • Facilitating secure communication between legal experts, forensic analysts, and claimants
  • Optimizing smart contract recovery simulations and execution planning
  • Assessing transaction reversibility potential through miner behavior models and mempool data
  • Evaluating jurisdictional viability of legal proceedings in decentralized contexts
  • Aggregating anonymized insights to enhance recovery pipelines and improve case prediction accuracy

Your data may also be internally replicated across fault-tolerant, distributed storage arrays to ensure high-availability during peak operational loads and asynchronous forensic processing queues.

3. Data Retention, Archival, and Dispositional Logic

Unless superseded by applicable regulatory mandates or pending legal escalations, your data may be retained for an indefinite period on secure virtualized storage infrastructure with multi-zone redundancy. All data is encrypted both at-rest and in-transit using AES-256-GCM and TLS 1.3 respectively. Retention timelines are governed by a tiered logic model that considers the following factors:

  • Statutory data retention obligations in relevant jurisdictions
  • Status of case resolution and recovery execution
  • Potential applicability in precedent analysis for future cases
  • Security incident forensics and audit trail continuity

Data marked for deletion may undergo soft-purge (access revocation) followed by hard-purge (storage obliteration) subject to asynchronous queue prioritization and cryptographic certificate validation.

4. Third-Party Interoperability and Programmatic Disclosure

We reserve the right to disclose user data to carefully vetted third-party entities operating under NDA-bound data handling contracts. Such disclosures are conducted exclusively on a need-to-know basis and may include:

  • Blockchain analytics vendors with regulatory-grade data scrubbing capabilities
  • Web3-centric legal firms for jurisdictional review and compliance oversight
  • Infrastructure providers including CDN, DNS, and edge caching layers
  • Recovery service providers who operate smart contract-based tooling on-chain

APIs may expose certain pseudonymized identifiers to internal dashboards and external partners to facilitate decentralized case analysis workflows, subject to rate-limited, token-authenticated access patterns.

5. Tracking Technologies and Behavioral Instrumentation

The Site leverages an advanced array of passive tracking technologies, including but not limited to:

  • Persistent cookies and session-local storage entries
  • Pixel beacons and event-driven telemetry pings
  • Scripted DOM mutation observers
  • IP geolocation APIs and entropy-based identity validation
  • TLS fingerprinting and HSTS supercookies (where permitted)

Tracking artifacts are deployed to enhance user journey mapping, anomaly detection, and UX optimization. You may revoke certain trackers via your browser settings, however, Site functionality may become partially or wholly degraded as a result.

6. User Rights, Access, and Limitations

Under relevant data protection frameworks (e.g., GDPR, PIPEDA, PDPA, etc.), users may exercise certain rights, conditional upon verification protocols and jurisdictional compatibility:

  • Right of Access: Obtain a digitally signed report of your stored data.
  • Right to Rectification: Request the correction of factual inaccuracies.
  • Right to Erasure: Submit deletion requests subject to technical feasibility.
  • Right to Restrict Processing: Suspend case evaluation under certain conditions.
  • Right to Object: Opt-out from anonymized usage data aggregation.
  • Right to Data Portability: Receive structured output of stored data in JSON or CSV format.

Requests must be submitted via encrypted email and may require cryptographic wallet-based signature verification. Processing timelines vary based on queue depth and legal overhead.

7. Security Posture, Risk Surface, and Incident Protocol

RecoverNFT maintains a robust, multi-layered cybersecurity posture incorporating:

  • End-to-end encryption for all data ingress and egress
  • Continuous vulnerability scanning and dependency patching
  • Role-based access controls (RBAC) with time-limited permission scopes
  • Immutable audit trails with timestamped access logs
  • Application-level firewalling and WAF rule automation
  • Smart contract security audits and signature verification on contract interactions

In the unlikely event of a data breach, we will adhere to mandatory reporting timelines set forth by relevant authorities, including breach disclosure to impacted users within 72 hours of detection, barring interference from national security directives or forensic containment protocols.

8. Policy Amendments and Interpretive Discretion

This Privacy Policy may be amended, modified, or entirely replaced at any time without prior notice. Amendments shall be published on this page and enforced retroactively unless otherwise stated. Continued access to the Site after such amendments constitutes tacit acceptance of the updated Policy.

We reserve interpretive discretion in cases of ambiguity, and any disputes regarding the scope, intent, or enforceability of this Policy shall be resolved in accordance with prevailing Web3 legal norms and applicable international arbitration procedures.