Privacy Policy v1.0
Key Principle: zkOrigoPlus operates a stateless architecture. We do NOT store personally identifiable information (PII), wallet addresses, or transaction details.
1. Information We Do NOT Collect
zkOrigoPlus does NOT collect, store, or process:
- Wallet addresses or private keys
- Transaction hashes or blockchain data
- Personally identifiable information (PII)
- User identity documents or KYC data
- Financial account information
- Geolocation data
2. Information We DO Collect
2.1 Aggregated Telemetry (Non-PII)
We collect minimal, aggregated telemetry for service improvement:
- API request timestamps (no wallet addresses)
- Compliance module usage (AML, ISO, RWA, ZK, KYC, CBP)
- Risk scores (numeric values only, no identifiers)
- API response times and error rates
2.2 API Key Metadata
For paid subscribers:
- Email address (for billing and support)
- Subscription tier and usage limits
- API key identifiers (hashed, not reversible)
2.3 Technical Logs
Standard web server logs (retained 7 days):
- IP addresses (for rate limiting and abuse prevention)
- User-agent strings
- HTTP request/response codes
3. How We Use Information
Aggregated telemetry is used solely for:
- Service performance monitoring
- AI advisory model training (statistical patterns only)
- Abuse detection and rate limiting
- Billing and usage tracking (paid tiers)
4. Data Retention
| Data Type |
Retention Period |
| Aggregated telemetry |
90 days |
| Technical logs (IP, user-agent) |
7 days |
| API key metadata |
Duration of subscription + 1 year |
| Wallet addresses, PII |
NOT STORED (stateless) |
5. Data Sharing
We do NOT sell, rent, or share user data with third parties, except:
- AWS Infrastructure: Data stored on AWS (us-east-1, ap-southeast-2)
- Payment Processor: Stripe (for billing, email only)
- Legal Obligations: If required by law or court order
6. External RPC Providers
zkOrigoPlus queries public blockchain RPC endpoints. These providers may log requests:
- eth.llamarpc.com (Ethereum)
- blockstream.info (Bitcoin)
- polygon-rpc.com (Polygon)
- horizon.stellar.org (Stellar)
- xrplcluster.com (XRP Ledger)
- mainnet-public.mirrornode.hedera.com (Hedera)
We do NOT control these providers' privacy practices. Refer to their respective privacy policies.
7. GDPR Compliance
Data Controller: ADCX LAB HUB, Malaysia
Legal Basis: Legitimate interest (service operation)
User Rights:
- Right to access: Email admin@autodigitalcoin.com
- Right to deletion: API keys can be deleted on request
- Right to portability: Aggregated data available on request
Note: Since we do not store PII or wallet addresses, most GDPR rights are not applicable.
8. CCPA Compliance (California)
zkOrigoPlus does NOT sell personal information. California residents have the right to:
- Request disclosure of data collected (email admin@autodigitalcoin.com)
- Request deletion of API key metadata
- Opt-out of data sale (not applicable - we do not sell data)
9. Cookies and Tracking
zkOrigoPlus does NOT use cookies or tracking pixels. No third-party analytics (Google Analytics, etc.).
10. Security
Data security measures:
- TLS 1.2+ encryption for all API traffic
- AWS KMS encryption for stored data
- API keys hashed with bcrypt
- Rate limiting and DDoS protection via AWS WAF
See Security Disclosure for details.
11. Children's Privacy
zkOrigoPlus is NOT intended for users under 18. We do not knowingly collect data from minors.
12. International Data Transfers
Data is stored in AWS regions:
- Primary: us-east-1 (United States)
- Secondary: ap-southeast-2 (Australia)
By using the service, you consent to data transfer to these regions.
13. Changes to This Policy
We may update this policy with 30 days notice via email and website announcement. Continued use constitutes acceptance.
14. Contact
Privacy Inquiries: admin@autodigitalcoin.com
Data Protection Officer: Not appointed (not required under current regulations)