Legal

Privacy Policy

Last updated: January 2026 · Layrs Protocol

Privacy by design: Layrs is built on the principle that financial privacy is a fundamental right. The Protocol's core architecture — zero-knowledge proofs verified via zkVerify on Horizen L3 — ensures your on-chain positions are shielded by mathematics, not promises. This Policy explains what data exists outside the blockchain and how we handle it.

1. Overview

This Privacy Policy explains how Layrs Protocol ("Layrs," "we," "us," "our") collects, uses, and protects information when you use our Protocol, web interfaces, and related services. This Policy applies to layrs.xyz, app.layrs.xyz, and any other Layrs-operated web properties.

We are committed to data minimization: we collect only what is necessary to operate the Protocol safely and legally, and we do not sell your data.

2. Information We Collect

2.1 Information You Provide

Category	Data	Purpose
Wallet address	Your public blockchain wallet address when you connect	Protocol interaction, sanctions screening, Shards tracking
Referral codes	Referral code you use or generate	Referral reward attribution
Task completions	Which Shards tasks you have completed	Shard reward calculation

2.2 Automatically Collected Information

Category	Data	Purpose
Log data	IP address, browser type, pages visited, timestamp	Security, abuse prevention, analytics
Device data	Operating system, screen size, browser version	Interface optimization
Usage data	Features used, navigation patterns, error logs	Product improvement
Cookies	Session tokens, preference settings	Interface functionality

2.3 Blockchain Data

All blockchain transactions are public by nature of the underlying networks (Horizen L3, Base L2). However, Layrs' zero-knowledge architecture shields:

Your deposit amount
Your vault balance
The link between your deposit and withdrawal transaction
Your yield accumulation

What remains public on-chain includes: your wallet address (when initiating transactions), proof hashes, nullifiers, and commitments (which are cryptographically unlinkable to amounts without the private witness).

2.4 Sanctions Screening

When you connect a wallet, we perform automated screening of your wallet address against:

OFAC Specially Designated Nationals (SDN) list
Other applicable international sanctions lists
Known blockchain addresses associated with illicit activity via third-party screening tools

This screening is performed to comply with applicable law. The result (pass/fail) is processed in real time. We do not store your wallet address in connection with screening results beyond what is required for audit and compliance purposes.

3. How We Use Information

Protocol operation: Enabling deposits, withdrawals, bridging, and Shards accumulation
Security and fraud prevention: Detecting and preventing unauthorized access and abuse
Legal compliance: Performing sanctions screening and meeting applicable legal obligations
Product improvement: Understanding how the Protocol is used to improve the interface and experience
Communications: Responding to support inquiries (only if you contact us)

We do not use your information for advertising, profiling, or sell it to third parties.

4. Information Sharing

We share information only in these limited circumstances:

Service providers: Infrastructure providers (hosting, CDN, analytics) who process data on our behalf under appropriate data protection agreements
Sanctions screening providers: Third-party blockchain analytics tools for wallet screening (wallet addresses only, no other personal data)
Legal compliance: When required by applicable law, court order, or government request, to the minimum extent required
Protection of rights: To enforce our Terms, protect our rights or property, or prevent fraud or illegal activity

5. Cookies and Tracking

We use minimal cookies for:

Session management: Keeping you connected within a browser session (cleared when you close the browser)
Preferences: Storing your display preferences (balance visibility, theme)
Analytics: Aggregated, anonymized usage data (no cross-site tracking)

We do not use third-party advertising cookies, tracking pixels, or behavioral profiling. You can disable cookies in your browser settings, though some Protocol functionality may be affected.

6. Local Storage

The Protocol app uses your browser's local storage to persist:

Your Shards balance and completed tasks (stored locally on your device)
Your referral code (if generated)
UI preferences

This data is stored only on your device and is not transmitted to our servers unless you take actions that require server-side processing.

7. Data Retention

Data Type	Retention Period
Log data (IP, browser)	90 days, then automatically deleted
Analytics data	13 months in aggregated form; individual events deleted after 90 days
Sanctions screening records	As required by applicable AML/sanctions law (typically 5 years)
Shards and task data	Until TGE, then migrated to on-chain records; 1 year after TGE
Support correspondence	3 years after last contact

8. Security

We implement technical and organizational measures to protect your information, including:

HTTPS encryption for all web traffic
Access controls and authentication for internal systems
Regular security reviews of our web infrastructure
No storage of private keys or sensitive cryptographic material on our servers

No system is perfectly secure. In the event of a data breach that materially affects your privacy, we will notify affected users and relevant authorities as required by law.

9. Your Rights

Depending on your jurisdiction, you may have rights regarding your personal data. Given the minimal data we collect, these primarily apply to web analytics and log data:

Access: Request a copy of data we hold about you
Deletion: Request deletion of your data (subject to legal retention requirements)
Correction: Request correction of inaccurate data
Objection: Object to processing based on legitimate interests
Portability: Request data in a portable format

Note: Blockchain data (on-chain transactions, proof hashes) is immutable by design and cannot be deleted.

To exercise your rights, contact us via @layrslab on X or GitHub.

10. Children's Privacy

The Protocol is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately and we will take steps to delete it.

11. International Transfers

Layrs operates globally. If you are located in a jurisdiction with data protection laws (such as the EU/EEA under GDPR), your data may be transferred to and processed in jurisdictions with different privacy laws. We take steps to ensure adequate protection for such transfers, including using standard contractual clauses where required.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date and, for material changes, provide notice through the Protocol interface. Your continued use of the Protocol after changes take effect constitutes acceptance of the updated Policy.

13. Contact

For privacy-related questions or to exercise your rights:

X / Twitter: @layrslab
GitHub: github.com/layrsxyz