Privacy Policy • NHBCoin

Privacy Policy

Effective: January 1, 2025

Last Updated: January 1, 2025

We do not sell or rent personal information. We process only what’s needed to operate the Services, verify identity (when required), secure the platform, and comply with law.
Mandatory Privacy Rights: Certain jurisdictions (such as the EU, UK, UAE, or others) grant individuals non-waivable statutory privacy and data protection rights. Nothing in this Privacy Policy is intended to exclude or limit those rights. Where such laws apply to you, they will apply in addition to this Policy, but only to the minimum extent required by law.

1. Who We Are

NHBCoin is operated by Nehborly, Inc. (“we,” “us,” “our”). This Privacy Policy (“Policy”) explains how we collect, use, disclose, and safeguard information related to the NHBCoin website, interfaces, and related services (collectively, the “Services”).

2. Scope & Relationship to Terms

This Policy applies to personal data processed through the Services. It should be read together with our Terms & Conditions. Capitalized terms not defined here have the meanings in the Terms.

3. Information We Collect

  • Contact Data: Email address and basic account info.
  • Wallet/On-Chain Data: Public wallet addresses, transaction hashes, balances displayed via our UI.
  • KYC/AML Data (Tiered): When required by law or risk tiers—government ID, selfies/liveness checks, proofs of address, sanctions screening results.
  • Technical Data: IP address, device/browser details, cookies, analytics events, logs (for security, abuse prevention, and debugging).
  • Support Data: Messages you send to support and related metadata needed to resolve issues.

4. How We Use Information (Purposes & Legal Bases)

  • Operate and improve the Services and UI (contract performance; legitimate interests).
  • Enable purchases, transfers, staking/rewards where applicable (contract performance; legitimate interests).
  • Conduct KYC/AML checks, enforce limits, and comply with legal obligations (legal obligation; public interest where applicable).
  • Detect/prevent fraud, abuse, and security incidents (legitimate interests; legal obligation).
  • Send service, security, and policy notices (contract performance; legal obligation; legitimate interests).
  • Perform aggregated/analytics to understand usage (legitimate interests; consent where required).

5. Sharing & Disclosure

  • No Sale or Rental. We do not sell or rent personal information.
  • Service Providers. We share data with vetted processors (cloud, analytics, security, KYC vendors) under contractual confidentiality and data-processing terms.
  • Legal/Compliance. We may disclose if required by law, regulation, subpoena, or to protect rights, safety, and security.
  • Business Transfers. In a merger/acquisition, data may transfer subject to this Policy.

6. Cookies & Tracking

We use essential cookies for security and session management, and limited analytics for performance and abuse prevention. You can manage cookies in your browser; disabling may impact functionality.

7. Data Security

We implement administrative, technical, and physical safeguards proportionate to the risks (e.g., encryption in transit, access controls, logging). No method is 100% secure; residual risk remains.

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy, including legal, tax, accounting, security, and compliance requirements. On-chain data may persist publicly indefinitely.

9. International Data Transfers & Safeguards

We may process and store personal data outside your country of residence, including in the United States and other jurisdictions where we or our service providers operate. Where cross-border transfer restrictions apply (e.g., EEA/UK), we implement safeguards designed to comply with applicable legal requirements.

Transfer From Transfer To Safeguard Mechanism
EEA / UK United States (Nehborly, Inc.) EU Standard Contractual Clauses (SCCs) + UK Addendum and supplementary measures (encryption, access controls).
EEA / UK Third-Party Vendors (Cloud, Analytics, KYC, Email) SCCs or equivalent mechanisms; vendor due diligence; contractual data protection obligations.
Global Other jurisdictions where vendors operate Adequacy decisions where available, or SCCs/approved safeguards.

We monitor legal developments (e.g., Schrems II) and update safeguards as required. To request a copy of SCCs (subject to redaction), contact privacy@nehborly.net.

10. Your Rights

Subject to law and jurisdiction, you may request access, correction, deletion, restriction, portability, or objection to certain processing. Contact: privacy@nehborly.net. We may need to verify your identity and will respond within timelines required by applicable law.

For marketing or non-essential email preferences, use the unsubscribe link in those emails. Service/transactional emails may still be required.

10A. Summary of Data Subject Rights (GDPR / UK-GDPR / Comparable Laws)

If you are in the EEA, UK, or another jurisdiction with comparable laws, the following apply only to the minimum extent required by law and subject to legal limits:

Right Description
Access Request confirmation of processing and obtain a copy of personal data.
Rectification Correct inaccurate or incomplete personal data.
Erasure (“Right to be Forgotten”) Request deletion in certain circumstances (e.g., no longer necessary, consent withdrawn, unlawful processing).
Restriction Request restriction of processing in certain cases (e.g., contested accuracy, pending objection).
Portability Receive data provided by you in a structured, commonly used, machine-readable format; request transfer where feasible.
Objection Object to processing based on legitimate interests or direct marketing, to the extent permitted by law.
Withdraw Consent Withdraw consent at any time where processing is based on consent (does not affect prior lawful processing).
Complaint Lodge a complaint with your supervisory authority if you believe your rights are violated.

11. Do Not Track / Preference Signals

Our Services do not currently respond to browser “Do Not Track” signals. We honor applicable privacy rights provided by law where we operate.

12. EEA & UK Data Protection Representative

For purposes of Article 27 of the EU GDPR and the UK GDPR, Nehborly, Inc. has appointed the following representative for individuals and supervisory authorities in the EEA and the UK:

Data Protection Representative (EEA & UK)
Email: uk@nehborly.net

EEA/UK residents may contact our representative on issues related to processing of personal data and GDPR/UK-GDPR compliance.

13. Summary of Our Data Processing Activities (ROPA)

In accordance with Articles 13, 14, and 30 of the EU GDPR and UK GDPR, we maintain internal Records of Processing Activities. The following is a public summary of primary categories of processing:

Category Types of Data Purpose of Processing Legal Basis (where applicable) Retention
User Accounts Email, login data, preferences Create/manage accounts; provide Services Contract performance; legitimate interests Active account + up to 3 years after closure
Wallet & On-Chain Data Public wallet address, transaction hashes Display balances; facilitate on-chain actions Contract performance; legitimate interests Indefinite (public blockchain)
KYC / AML Verification ID, proof of address, sanctions-screening data Regulatory compliance; fraud prevention Legal obligation As required by AML laws (typically 5–7 years)
Communications Email messages, support requests Respond to inquiries; send notices; support Legitimate interests; contract performance Up to 3 years after correspondence closes
Marketing (optional) Email, cookies/analytics Send promotional content (with opt-in consent) Consent Until consent is withdrawn
Security & Compliance Logs IP addresses, device/browser info, audit logs Detect/prevent abuse; protect security Legitimate interests; legal obligation Typically 12–24 months, unless required longer

This summary is not exhaustive. Detailed records are maintained internally to comply with Article 30 and may be provided to supervisory authorities upon lawful request.

14. Data Breach Notification

We maintain safeguards to protect personal data; however, incidents may occur. In the event of a personal data breach, we will:

  • Assess promptly to determine scope, impact, and legal obligations.
  • Notify supervisory authorities where required (generally within 72 hours under GDPR/UK-GDPR) unless unlikely to risk individuals’ rights and freedoms.
  • Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms, including recommended protective steps.
  • Document all breaches internally, regardless of whether notification is legally required.

Notification may be delivered by email, website notice, or other legally permissible means. We may delay notification at the request of law enforcement where immediate disclosure could jeopardize an investigation or national security.

15. Children’s Data

Our Services are not directed to or intended for children under 18. We do not knowingly collect personal data from individuals under 13 (COPPA – US) or below the age of digital consent set by local law (typically 13–16 under GDPR/UK-GDPR).

  • If you are under the applicable age threshold, do not use the Services or provide personal data.
  • If we learn we collected personal data from a child without lawful parental consent, we will delete it promptly.
  • Parents/guardians may contact privacy@nehborly.net to request deletion.

By using the Services, you represent and warrant that you meet the minimum age requirement in your jurisdiction.

16. Mandatory Privacy Law Savings Clause

Nothing in this Policy shall exclude, limit, or restrict any rights, remedies, or protections you may have under mandatory, non-waivable data protection, privacy, or consumer laws in your jurisdiction (“Mandatory Privacy Laws”).

  • Examples include the EU GDPR, the UK GDPR, and comparable non-waivable laws in the UAE or elsewhere.
  • Where Mandatory Privacy Laws require disclosures or rights (access, deletion, portability, objection, etc.), those apply only to the minimum extent required by law.
  • This clause does not create any new rights beyond those required by Mandatory Privacy Laws and does not expand any remedies otherwise disclaimed in this Policy.
  • If a provision conflicts with Mandatory Privacy Laws, it shall be interpreted and, if necessary, modified to comply, while the remainder remains fully enforceable.

17. Changes

We may update this Policy and will post the new Effective Date. Material changes will be communicated by email and/or website notices. Continued use of the Services after changes constitutes acceptance.

18. Contact

Privacy inquiries and data subject requests: privacy@nehborly.net

Nehborly, Inc., Delaware, USA