Paxeer. All documents
PRIVACY

On-Chain Data Privacy Notice

Controller
PaxLabs Inc., a Delaware corporation ("PaxLabs," "we," "us," or "our")
Applies to
all Onchain Activity conducted through or in connection with the Services, including transactions, state changes, signed intents, smart-contract interactions, and any other data committed to the Paxeer Network.
Version
1.0
Effective Date
June 10, 2026

1Purpose

1.1 This On-Chain Data Privacy Notice (the "Notice") explains the specific and irreversible privacy implications of data committed to the Paxeer Network — a public, decentralized, immutable blockchain. It supplements the Privacy Policy, which governs PaxLabs' processing of personal data generally, and the Terms of Service. Capitalized terms not defined here have the meanings given in the Terms of Service.

1.2 Why a separate notice. The Privacy Policy describes how PaxLabs collects, uses, shares, and protects personal data in its operated systems. This Notice addresses a fundamentally different category of data — data that, once committed to the Paxeer Network, is permanently public, cannot be edited or deleted by anyone, and exists outside the control of any single entity. The privacy implications are sufficiently distinct and consequential that they warrant dedicated, prominent disclosure.

1.3 Who should read this Notice. Every User of the Services, including Developers, Operators of Agents, Providers, Consumers, and any person whose wallet address interacts with the Paxeer Network. If you submit transactions, deploy Agents, co-sign DeusVouchers, or otherwise commit data to the Network, this Notice applies to you.

2The Nature of Onchain Data

2.1 What is onchain data.

Onchain data is any data committed to the Paxeer Network through a confirmed transaction or state change. Once confirmed by the Network's consensus mechanism, onchain data becomes part of the permanent, immutable public ledger. Examples of onchain data include:

  • (i)Transaction records — sender and recipient wallet addresses, transaction amounts (in PAX or other tokens), timestamps, gas fees, and transaction hashes;
  • (ii)Signed intents — typed, authorized intents committed through the Matrix runtime, including the parameters, verb, and execution record of each intent;
  • (iii)Smart-contract interactions — function calls, input parameters, output values, event logs, and state changes resulting from interactions with smart contracts deployed on the Paxeer Network;
  • (iv)DeusVoucher records — bilaterally co-signed vouchers, including the parties' wallet addresses, the obligation terms, and the co-signing signatures;
  • (v)Settlement records — lazy-net settlement transactions, netting results, and direct onchain settlement;
  • (vi)Agent actions — any Onchain Activity executed by an Agent on behalf of its Operator, including transaction signatures and execution records;
  • (vii)Token operations — token transfers, approvals, delegations, and other token-related state changes;
  • (viii)Deployment records — smart-contract deployment transactions, including bytecode and constructor parameters; and
  • (ix)Any other data embedded in transaction payloads, call data, event logs, or state storage on the Paxeer Network.

2.2 Characteristics of onchain data.

Onchain data has the following characteristics, which are inherent properties of the Paxeer Network's blockchain architecture:

  • (i)Public. The Paxeer Network is a public blockchain. All onchain data is visible to anyone with access to a node, block explorer, or analytics tool. There is no access control, permission gate, or privacy layer that restricts who can read confirmed onchain data.
  • (ii)Permanent. Onchain data persists for the lifetime of the Network. It is stored in every full node and cannot be expired, archived, or scheduled for deletion.
  • (iii)Immutable. Once confirmed by the Network's consensus mechanism, onchain data cannot be edited, modified, overwritten, or corrected. This is a fundamental security property of the blockchain, not a limitation that can be engineered away.
  • (iv)Irreversible. Confirmed transactions cannot be reversed, cancelled, or undone. There is no "undo" function, chargeback mechanism, or reversal process at the protocol level.
  • (v)Replicated. Onchain data is replicated across every full node in the Network. Deletion from one node does not affect copies on other nodes, and any participant can reconstruct the full ledger from genesis.
  • (vi)Pseudonymous, not anonymous. Onchain data is associated with wallet addresses, which are pseudonymous. However, wallet addresses can be linked to real-world identities through blockchain analytics, transaction patterns, address reuse, on/off-ramp activity, public disclosures, or law-enforcement investigation. You should not assume that the pseudonymity of a wallet address provides meaningful anonymity.

3What PaxLabs Cannot Do with Onchain Data

3.1 PaxLabs operates services on top of the Paxeer Network but does not control the Network itself. With respect to onchain data, PaxLabs cannot:

  • (i)Delete onchain data or any portion of it;
  • (ii)Edit or correct onchain data, including erroneous transactions, incorrect amounts, or mistaken addresses;
  • (iii)Redact wallet addresses, transaction details, or any other onchain information;
  • (iv)Reverse confirmed transactions, including transactions resulting from fraud, error, unauthorized access, or Agent malfunction;
  • (v)Restrict access to onchain data or prevent any person from reading the public ledger;
  • (vi)Anonymize onchain data after it has been committed;
  • (vii)De-index onchain data from third-party block explorers, analytics platforms, or indexing services; or
  • (viii)Override consensus to modify the state of the ledger.

3.2 These limitations apply equally to PaxLabs, the Paxeer Network Foundation, OpenChain Labs Inc., and every other entity in the ecosystem. No single entity — and no combination of entities — can unilaterally alter confirmed onchain state on the Paxeer Network.

4Impact on Your Privacy Rights

4.1 General principle.

Where applicable data-protection law (including the GDPR and CCPA/CPRA) grants you rights with respect to your personal data, those rights can only be exercised to the extent that PaxLabs has the technical and legal ability to fulfill them. The immutable nature of the Paxeer Network limits what is possible for onchain data.

4.2 Rights that can be exercised for off-chain data.

The following rights apply fully to off-chain personal data held by PaxLabs (account information, support communications, Credit Ledger records, server logs, identity-verification data, and similar data on PaxLabs-controlled systems), as described in the Privacy Policy:

  • (i)Right of access;
  • (ii)Right to rectification / correction;
  • (iii)Right to erasure / deletion;
  • (iv)Right to restriction of processing;
  • (v)Right to data portability;
  • (vi)Right to object;
  • (vii)Right to withdraw consent; and
  • (viii)Right not to be subject to solely automated decision-making.

4.3 Rights that are limited for onchain data.

The following rights cannot, by the nature of the technology, be fully exercised with respect to data committed to the Paxeer Network:

  • (i)Right to erasure (GDPR Article 17; CCPA/CPRA deletion right). PaxLabs cannot delete data from the Paxeer Network. Where you exercise a deletion request, PaxLabs will delete or anonymize all off-chain personal data associated with your account (subject to legal retention obligations) but cannot delete onchain records. PaxLabs will inform you of this limitation when responding to your request.
  • (ii)Right to rectification (GDPR Article 16). PaxLabs cannot correct or modify data committed to the Paxeer Network. Where an error exists in onchain data, PaxLabs may, where technically feasible, append a corrective annotation or note in its off-chain systems, but the original onchain record remains unchanged and publicly visible.
  • (iii)Right to restriction of processing (GDPR Article 18). PaxLabs can restrict its own processing of your off-chain data but cannot restrict third parties from reading or processing your publicly available onchain data.
  • (iv)Right to object (GDPR Article 21). PaxLabs can cease its own processing of your off-chain data based on legitimate interests, but cannot prevent the public availability of onchain data or its processing by third parties.

4.4 GDPR-specific analysis.

  • (i)PaxLabs acknowledges that wallet addresses, transaction records, and signed intents may constitute personal data under the GDPR where they relate to an identified or identifiable natural person (consistent with CJEU and supervisory-authority guidance that pseudonymous data remains personal data where re-identification is reasonably possible).
  • (ii)PaxLabs' legal basis for processing onchain data it initiates or facilitates is performance of a contract (Article 6(1)(b)) — the User instructs PaxLabs to execute a transaction, and the transaction is committed to the Network as an inherent part of delivering the Service.
  • (iii)PaxLabs takes the position that the technical impossibility of erasure and rectification on a public, decentralized blockchain constitutes a recognized limitation under GDPR recitals and supervisory-authority guidance, and that PaxLabs fulfills its obligations by: (a) providing clear, prominent, advance notice of the onchain data's characteristics (this Notice); (b) deleting or anonymizing all off-chain personal data upon request (subject to legal retention); and (c) minimizing the personal data committed onchain to what is necessary for the transaction.
  • (iv)This position is informed by, among other sources, guidance from the French CNIL, the EU Blockchain Observatory, and academic and regulatory commentary on GDPR and blockchain. [Counsel to confirm this position remains aligned with current supervisory-authority guidance and CJEU jurisprudence at the time of publication.]

4.5 CCPA/CPRA-specific analysis.

  • (i)Under the CCPA/CPRA, California residents have the right to request deletion of personal information. PaxLabs will honor deletion requests for off-chain personal information but cannot delete onchain records for the reasons described in this Notice.
  • (ii)PaxLabs does not "sell" onchain data. Onchain data is inherently public by the nature of the technology; its availability is not a commercial decision by PaxLabs.
  • (iii)PaxLabs will disclose, upon request, the categories and specific pieces of personal information collected, consistent with the CCPA/CPRA, including an explanation of which data is held off-chain (and subject to deletion) and which is onchain (and permanent).

5Data Minimization for Onchain Activity

5.1 PaxLabs' commitment.

PaxLabs designs the Services to minimize the personal data committed to the Paxeer Network to what is technically necessary for the transaction or operation. Specific measures include:

  • (i)Off-chain by default. Account information, identity-verification data, support communications, preferences, and other personal data that does not need to be onchain is stored exclusively in PaxLabs' off-chain systems, where it can be managed, corrected, and deleted.
  • (ii)Address-based identification. Onchain transactions are identified by wallet addresses, not by names, emails, or other directly identifying information. The link between a wallet address and an identity exists in PaxLabs' off-chain records (where subject to data-protection controls) and not in the onchain record itself.
  • (iii)Minimal onchain payloads. The Matrix runtime's typed intent representation is designed to include only the parameters necessary for execution, rather than embedding extraneous metadata or personal data in transaction payloads.
  • (iv)Credit Ledger off-chain. Metering, billing, and usage records are maintained in the off-chain Credit Ledger, not on the public ledger, reducing the personal data committed onchain.

5.2 User responsibility.

Despite PaxLabs' data-minimization measures, you control what you commit to the Network. Certain actions may embed data in onchain payloads, including:

  • (i)Custom data included in smart-contract calls, event parameters, or transaction metadata;
  • (ii)Content embedded in onchain storage or logs by Developer APIs or Agents you deploy;
  • (iii)Patterns of transaction activity that, in aggregate, may reveal information about your behavior, preferences, or financial position; and
  • (iv)Any data you include in DeusVoucher parameters, Agent configurations committed onchain, or other user-initiated onchain records.

You are solely responsible for evaluating what data your actions commit to the Network. Do not commit data to the Paxeer Network that you are unwilling to make permanently and publicly visible.

6Blockchain Analytics and Re-Identification Risk

6.1 Analytics and tracing.

Third parties — including blockchain-analytics firms, law-enforcement agencies, researchers, and other Users — can and do analyze onchain data. Analytics techniques can link wallet addresses to each other, identify transaction patterns, trace the flow of funds, and in some cases associate wallet addresses with real-world identities.

6.2 Re-identification risk.

The pseudonymity of a wallet address is not a reliable privacy protection. Re-identification may occur through:

  • (i)On/off-ramp activity — using a centralized exchange or fiat gateway that links your identity to a wallet address;
  • (ii)Address reuse — using the same wallet address across multiple services, transactions, or contexts;
  • (iii)Transaction-graph analysis — tracing the flow of funds between addresses to identify clusters and patterns;
  • (iv)Public disclosure — voluntarily associating your wallet address with your identity (e.g., in a social media profile, ENS name, or public listing);
  • (v)Counterparty knowledge — transacting with a counterparty who knows your identity and wallet address;
  • (vi)Metadata correlation — correlating onchain timestamps, amounts, or patterns with off-chain information; and
  • (vii)Law-enforcement tools — law-enforcement agencies use specialized blockchain-analytics tools and legal process (subpoenas, court orders) to link addresses to identities.

6.3 PaxLabs' use of analytics.

PaxLabs and ChainFlow use blockchain-analytics providers for sanctions screening, AML/CFT transaction monitoring, and risk assessment, as described in the AML/KYC Policy and Privacy Policy. This may involve associating your wallet address with risk scores, transaction-pattern data, and counterparty-exposure information.

6.4 Third-party analytics.

PaxLabs does not control and cannot prevent third parties from analyzing publicly available onchain data. The availability of onchain data to third-party analytics is an inherent property of a public blockchain, not a disclosure decision by PaxLabs.

7Agents, M2M Interactions, and Onchain Data

7.1 Agent-generated onchain data.

Agents operating through Matrix may commit data to the Paxeer Network on behalf of their Operators, including transaction records, signed intents, DeusVoucher co-signatures, and settlement records. All onchain data generated by an Agent is subject to the same permanence, immutability, and public-visibility characteristics described in this Notice.

7.2 Operator responsibility.

The Operator of an Agent is responsible for understanding and accepting the onchain data implications of the Agent's authorized actions. This includes:

  • (i)Understanding that every onchain action the Agent takes creates a permanent public record;
  • (ii)Configuring the Agent to minimize unnecessary onchain data commitments;
  • (iii)Ensuring that the Agent does not embed personal data, confidential information, or sensitive content in onchain payloads, transaction metadata, or smart-contract parameters beyond what is necessary; and
  • (iv)Accepting that the volume, frequency, and pattern of an Agent's onchain activity may be analyzed by third parties and may reveal information about the Operator's strategy, counterparties, and financial position.

7.3 M2M onchain records.

Agent-to-agent interactions that result in Onchain Activity create permanent records of the interaction between the Agents (and by attribution, their Operators). These records include the counterparty addresses, transaction terms, co-signed vouchers, and settlement outcomes. Both Operators in an M2M interaction should understand that the record of their interaction is permanently and publicly visible.

8What You Should Do Before Committing Data Onchain

8.1 Before initiating any transaction or action that results in Onchain Activity, you should:

  • (i)Understand the permanence. Any data committed to the Paxeer Network is permanent, public, and irreversible. There is no mechanism to undo it.
  • (ii)Review transaction details. Verify all transaction parameters — including recipient addresses, amounts, and embedded data — before authorizing submission. Errors cannot be corrected after confirmation.
  • (iii)Minimize personal data. Do not include personal data, confidential business information, trade secrets, or sensitive content in onchain payloads, transaction metadata, or smart-contract parameters unless you intend for that data to be permanently and publicly visible.
  • (iv)Consider analytics exposure. Assume that your onchain activity will be analyzed by third parties and may be linked to your identity. Consider using separate wallet addresses for separate purposes, where appropriate, to limit the information that can be inferred from transaction-graph analysis.
  • (v)Configure Agents carefully. If you operate Agents, review and test the Agent's onchain behavior before granting authority over production transactions. Ensure the Agent does not commit unnecessary data to the Network.
  • (vi)Understand counterparty visibility. When you transact with another User or Agent, both parties' wallet addresses and the transaction terms become permanently visible. Consider this when engaging in sensitive or confidential transactions.
  • (vii)Preserve your own records. While onchain records are permanent, your ability to interpret and contextualize them depends on your own off-chain records. Maintain your own records of the business context, counterparties, and purposes behind your onchain activity.

9Children and Minors

9.1 The Services are not available to persons under the age of eighteen (18) or the age of legal majority in their jurisdiction, whichever is greater (Terms of Service, Section 4.1).

9.2 Given the permanent and irreversible nature of onchain data, PaxLabs emphasizes that minors must not use the Services or commit data to the Paxeer Network. If PaxLabs becomes aware that a minor's data has been committed onchain, PaxLabs will take all feasible off-chain measures (account termination, deletion of off-chain data) but cannot remove the onchain record.

10Changes to This Notice

10.1 PaxLabs may update this Notice from time to time to reflect changes in the Services, applicable law, regulatory guidance, or supervisory-authority positions regarding blockchain and data protection. When we make material changes, we will update the "Version" and "Effective Date" and provide notice through the Services or by other reasonable means.

10.2 Changes to this Notice do not and cannot change the characteristics of onchain data already committed to the Paxeer Network. Onchain data committed before a change to this Notice remains subject to the permanent, immutable, and public characteristics described herein.

11Contact

Data Protection Contact: [Email address to be inserted — same as Privacy Policy]

Privacy rights requests: [Dedicated email or web form — same as Privacy Policy, Section 16]

EU/UK Representative (GDPR Article 27): [Contact — same as Privacy Policy, Section 16]

Data Protection Officer: [Contact, if appointed — same as Privacy Policy, Section 16]

For general inquiries, see the contact information in the Terms of Service (Section 19).

Version 1.0 — Effective Date: June 10, 2026

↑ Top