← Back to Home

Privacy Policy

Version 1.2 — February 14, 2026

1. Controller

The data controller is identified in the Impressum.

2. Overview

NANOGATE is designed with privacy in mind. We do not use cookies, tracking tools, or analytics. We collect only the minimum data necessary to provide the service.

3. Data We Collect

3.1 Principal IDs

We store your Internet Computer Principal ID to allocate and manage your credits. This data is stored permanently in stable memory on the Internet Computer Protocol (ICP) infrastructure.

Legal basis: Contract fulfillment (Art. 6(1)(b) GDPR)

3.2 Nano Addresses and Transaction Hashes

When you purchase credits or make a donation, we store:

• Nano deposit addresses assigned to your purchases or donations
• Transaction hashes for confirmed Nano payments
• Payment amounts and exchange rates at the time of the order

This data allows us to verify your payments and provide you with a purchase and donation history. Note: We do not store the Nano addresses or transaction data from RPC requests you make through the gateway (e.g., checking balances or sending transactions) - those are processed and forwarded without logging.

Legal basis: Contract fulfillment (Art. 6(1)(b) GDPR)

3.3 Credit Transaction History

We maintain records of your credit usage, including which RPC actions were called, how many credits were charged, your credit balance before and after, which node was used, response time, and when. This internal transaction history helps you track your credit spending.

If you transfer credits to or receive credits from another user, we store a record of that transfer in a permanent, append-only log. This includes the Principal IDs of both parties, the amount, the timestamp, and any optional note you provide.

Legal basis: Contract fulfillment (Art. 6(1)(b) GDPR)

3.4 Abuse Prevention

To protect the service from misuse, we track the number of cancelled and expired orders associated with your Principal ID. If abuse thresholds are exceeded, your account may be temporarily blocked. Blocking records include the abuse count, the timestamp, and the reason.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR)

3.5 Private Nodes

If you register a private Nano node, we store the node URL, any API key you provide, and your authentication header configuration. This data is linked to your Principal ID and stored in stable memory.

Legal basis: Contract fulfillment (Art. 6(1)(b) GDPR)

3.6 Canister Delegation

If you delegate canisters to use your credits, we store the canister IDs, spending limits, and usage statistics (credits used, last activity) linked to your Principal ID.

Legal basis: Contract fulfillment (Art. 6(1)(b) GDPR)

3.7 Operational Logs

The gateway maintains a temporary log of system events (up to 5,000 entries in a circular buffer). Each log entry includes a timestamp, event level, the action performed, a description, and the caller's Principal ID. These logs are stored in volatile memory and may be lost during canister upgrades. They are only accessible to the service administrator and are used for debugging and monitoring.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR)

3.8 Proof-of-Work Challenges

When you create a purchase order or a donation, a Proof-of-Work challenge may be issued. The challenge data, including your Principal ID, is stored temporarily in volatile memory for up to 5 minutes. It is automatically deleted after use or expiration.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) - spam prevention

3.9 Local Browser Storage

During purchases and donations, minimal session data is temporarily stored in your browser's local storage to allow resumption after page refresh. This data is automatically removed once the transaction completes.

Legal basis: Contract fulfillment (Art. 6(1)(b) GDPR)

3.10 Rate Limiting

To protect the service from overload and ensure fair usage, we temporarily track per-user request counts and timestamps in volatile memory. This data is linked to your Principal ID and is used solely for enforcing rate limits. It is not persisted to stable memory and may be lost during canister upgrades.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) - service protection

3.11 Aggregated Metrics

We collect aggregated, non-personal usage statistics such as total request counts, success rates, and hourly/daily request volumes. To calculate unique user counts, Principal IDs are temporarily held in volatile memory but are not included in the stored aggregates. The persisted metrics do not contain Principal IDs or other personal identifiers and are used solely for service monitoring and capacity planning.

3.12 Contact Inquiries

If you contact us via email or phone, your email address or phone number and message content are stored to process your inquiry.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR)

4. Data We Do Not Collect

• IP addresses (not logged by our gateway)
• Cookies (none used; only minimal local storage for session continuity during purchases and donations)
• Analytics or tracking data (no tracking tools)
• Private keys or seed phrases (non-custodial service)

5. Data Storage and Infrastructure

Your data is stored on the Internet Computer Protocol (ICP), a decentralized blockchain infrastructure. ICP nodes are operated globally by independent node providers. For more information about ICP's infrastructure, visit https://internetcomputer.org.

6. Data Retention

• Principal IDs and credit balances: Stored indefinitely until your account is deleted by an administrator. Credits do not currently expire automatically, though this may change in the future (see Terms of Service). When an account is deleted, historical records such as transaction history, purchases, donations, and credit transfers are preserved.
• Nano addresses and transaction hashes: Stored indefinitely to maintain your purchase and donation history
• Credit transaction history: Stored indefinitely, but may be pruned by administrators to retain only recent records
• Credit transfers: Stored permanently in an append-only log that cannot be modified or deleted
• Private node configuration: Stored until you remove your private node or your account is deleted
• Canister delegation data: Stored until the delegation is removed by you or your account is deleted
• Operational logs: Stored temporarily in a circular buffer (max 5,000 entries). Older entries are automatically overwritten. Logs may be lost during canister upgrades
• Proof-of-Work challenges: Stored temporarily in volatile memory for up to 5 minutes, then automatically deleted
• Aggregated metrics: Hourly metrics retained for up to 24 hours, daily aggregates stored indefinitely. No personal data included
• Abuse prevention records: Stored indefinitely. Blocking entries may be removed by administrators
• Contact inquiries: Stored for the duration necessary to handle your inquiry, then deleted

Note on blockchain storage: Due to the technical nature of blockchain infrastructure, certain data stored on the Internet Computer Protocol may not be fully erasable. Where deletion is technically impossible, this constitutes an exception under Art. 17(3) GDPR. In such cases, we will restrict the processing of your data to the extent technically feasible.

7. Your Rights

Under the GDPR, you have the following rights:

• Right of access (Art. 15 GDPR): Request information about your stored data
• Right to rectification (Art. 16 GDPR): Request correction of inaccurate data
• Right to erasure (Art. 17 GDPR): Request deletion of your data, subject to legal retention requirements
• Right to restriction (Art. 18 GDPR): Request restricted processing of your data
• Right to data portability (Art. 20 GDPR): Request your data in a portable format
• Right to object (Art. 21 GDPR): Object to processing based on legitimate interest
• Right to lodge a complaint: You may file a complaint with a supervisory authority, e.g., the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)

To exercise your rights, contact us at: info@nanogate.run

Please note that as a small, independently operated service, processing your request may take some time. We will respond as soon as reasonably possible.

8. Data Transfers

Data is stored on the ICP network, which operates globally through decentralized node providers. This may involve data transfers outside the European Economic Area (EEA). The decentralized nature of blockchain technology means data is replicated across multiple nodes for integrity and availability.

These transfers are necessary for the performance of the contract between you and us (Art. 49(1)(b) GDPR), as the service inherently relies on the decentralized ICP infrastructure. Using a blockchain-based service requires data replication across globally distributed nodes, and there is no equivalent centralized alternative that would provide the same functionality.

9. Security

We implement appropriate technical measures to protect your data, including cryptographic security provided by the ICP infrastructure. However, no system is completely secure. You are responsible for safeguarding your own private keys and credentials.

10. Third-Party Services and External Infrastructure

NANOGATE interacts with:

• Internet Computer Protocol (ICP): For canister hosting and data storage
• Nano RPC Nodes: Your RPC requests (e.g., checking balances, sending transactions) are forwarded to Nano nodes. These nodes may be operated by us or by independent community members. The request data, including Nano addresses and transaction details, is visible to the node operator processing your request. NANOGATE does not add personal identifiers such as your Principal ID or IP address to these requests.
• Price Oracle: Our own supporting service for fetching current cryptocurrency prices (Nano, ICP, Bitcoin) used to calculate credit package prices. No personal data is transmitted.
• Proof-of-Work Servers: Servers used to generate computational proofs required for Nano transactions. These servers may be operated by us or by independent community members. Only the block hash and difficulty are transmitted. No personal data is transmitted.
• Deposit Address Service: Our own supporting service for generating Nano deposit addresses used in purchases and donations. No personal data is transmitted - only a request for a new address.

We do not share personal data (such as your Principal ID) with advertising networks, analytics providers, or node operators. However, Nano-specific request data (addresses, block hashes, transaction details) is inherently visible to the node processing your request. This applies equally to any Nano RPC request, whether made through NANOGATE or directly to a node.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date.

12. Contact

For privacy-related questions or to exercise your rights:

Email: info@nanogate.run

← Back to Home