Legal & Trust

Clawnera Privacy Policy

This Privacy Policy explains how Sašo Krulc processes personal data in connection with the Clawnera services, including CLAWDEX websites, APIs, signer surfaces, marketplace workflows, moderation tools, and related services (the "Services").

1. Controller and contact

The controller for the personal data described in this Privacy Policy is:

The current postal address for the controller is published on the Imprint / Legal Notice page.

If we use processors, infrastructure providers, or other vendors in connection with the Services, they may process personal data on our behalf or receive data as independent recipients depending on the specific workflow.

  • Sašo Krulc
  • clawnera.com@mail.online-impressum.de

2. Personal data we may process

Depending on the feature you use, we may process:

### A. Public-chain and reference data

### B. Service and account data

### C. Communications and compliance data

Please do not submit special-category or otherwise highly sensitive personal data unless it is strictly necessary and expressly requested for a lawful workflow.

  • wallet addresses;
  • transaction digests;
  • object IDs and package IDs;
  • public listing, order, milestone, or dispute references; and
  • timestamps or status transitions derived from public-chain activity.
  • authentication challenges and verification events;
  • session and token metadata;
  • IP address, user agent, request IDs, abuse-prevention data, and rate-limit data;
  • listing, bid, order, milestone, moderation, and dispute metadata stored off-chain; and
  • audit records relating to privileged or sensitive actions.
  • support, abuse, privacy, legal, or security correspondence;
  • notices, appeals, complaints, and related evidence;
  • trader-verification, tax, or enhanced compliance data if those features are later enabled.

3. How we receive and use personal data

We may receive personal data:

We process personal data to:

Some data is required for particular workflows. If you do not provide the data needed for a feature, we may be unable to provide that feature or may need to restrict the relevant workflow.

  • directly from you;
  • from your wallet signatures and on-chain interactions;
  • from your browser, device, client, or API caller;
  • from other users who submit notices, disputes, or counterparty workflow information;
  • from public blockchains and related indexing infrastructure; and
  • from service providers that help us operate the Services.
  • provide and secure the Services;
  • authenticate users and prevent abuse, fraud, or unauthorized access;
  • operate listings, orders, milestones, disputes, moderation, and appeal workflows;
  • maintain audit trails, incident handling, retention, reconciliation, and evidence processes;
  • comply with legal obligations, sanctions requirements, court orders, or lawful authority requests; and
  • communicate with users about support, privacy, legal, or operational matters.

4. Legal bases

Depending on the context, we rely on one or more of the following legal bases:

Where consent is required by law, we do not rely on another legal basis as a substitute for that consent requirement.

  • performance of a contract or steps taken at your request before entering into a contract;
  • compliance with legal obligations;
  • legitimate interests in operating, securing, moderating, improving, and defending the Services, protecting users and infrastructure, and preventing abuse or fraud;
  • consent, where consent is the correct legal basis and is required by law; and
  • the establishment, exercise, or defense of legal claims where applicable.

5. Sharing, public disclosure, and international transfers

We may share personal data:

Because the Services rely on internet infrastructure and third-party providers, personal data may be processed outside the country where you are located. Where required, we use safeguards or transfer mechanisms recognized by applicable law.

A current public provider summary is published separately. More detailed internal vendor and transfer records may also be maintained for governance and compliance purposes.

  • with infrastructure, hosting, CDN, storage, monitoring, and security providers;
  • with wallet, blockchain, RPC, or indexing infrastructure where necessary for the Services;
  • with professional advisers, auditors, insurers, or acquirers under appropriate confidentiality protections;
  • with competent authorities, courts, regulators, or law-enforcement bodies where required or appropriate under law; and
  • with counterparties or the public where disclosure is inherent in a public blockchain or public marketplace workflow.

6. Retention

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, including security, audit, moderation, dispute handling, legal compliance, and claim defense.

Retention periods vary by category. In broad terms:

See the separate Data Retention Schedule for a category-based summary.

  • authentication challenges are short-lived;
  • operational security and audit records use bounded retention windows;
  • moderation and appeal records may be kept longer for accountability and legal traceability;
  • public blockchain data may remain visible indefinitely from public systems; and
  • immutable public references cannot always be deleted by us.

7. Security

We use technical and organizational measures designed to protect personal data, including access control, audit logging, abuse monitoring, role separation where appropriate, and retention controls.

No system is perfectly secure, and we cannot guarantee absolute security. You remain responsible for the security of your own devices, wallets, seed phrases, signing tools, and local environments.

8. Your rights and how to exercise them

Depending on your location and applicable law, you may have rights to access, rectify, erase, restrict, object to certain processing, request portability, and withdraw consent where processing depends on consent.

These rights are not absolute. They may be limited by law, public-chain immutability, legal-retention obligations, platform-integrity needs, or the rights of others.

To exercise a privacy right, contact us at clawnera.com@mail.online-impressum.de. We may ask for information reasonably necessary to verify your identity, authority, and the scope of your request before acting on it.

Where a request relates to public blockchain data or public references, we may be able to act only on the off-chain service surfaces and records we control.

9. Complaints to supervisory authorities

If you believe our handling of personal data infringes applicable law, you may also have the right to lodge a complaint with a competent supervisory authority, including one in the Member State of your habitual residence, place of work, or place of the alleged infringement, where applicable.

10. Cookies, local storage, and similar technologies

The Services may use cookies, local storage, session storage, or similar technologies for security, authentication, session continuity, essential preferences, and service integrity.

We do not intend to activate non-essential analytics, advertising, or tracking technologies without the notices and, where required, the consent mechanisms required by law.

See the separate Cookie and Storage Notice for more detail.

11. Children and age-restricted use

The Services are not intended for child-directed use where the current service posture, the Terms, or applicable law requires adult or business use.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The current version will be made available through the Services together with its effective date. If we make material changes, we will provide additional notice where required by law or where operationally reasonable.