Privacy Policy

1. Introduction

Mida Labs s.r.l. (“Mida Labs,” “we,” “us,” or “our”) respects your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website and use our Spark Node service (“Service”). It also describes your rights and how to exercise them under applicable data protection laws, including the EU General Data Protection Regulation (“GDPR”).

Note: This Privacy Policy is provided in English. If any translation is made available, the English version shall prevail in case of inconsistencies.

2. Data Controller

For the purposes of the GDPR and any other applicable data protection legislation, the Data Controller is:
Mida Labs s.r.l.
Via S. Leonardo, 81, 80044 Ottaviano (NA), Italy
VAT/P.IVA: 10768521212
Email: legal@midalabs.xyz

3. Personal Data We Collect

We collect or receive various categories of personal data when you interact with our website and Service, specifically:

• Discord Login Data:
  • Discord Username and Discord ID: Collected when you log in via Discord OAuth.
  • Email Address (from Discord): Accessed upon login for billing purposes but not stored persistently in our database.
• Wallet and NFT-Related Data:
  • Wallet Addresses: You may connect your Solana wallet(s) by signing a message.
  • NFT Ownership: We track whether you hold an NFT from the required collection to enable subscription status checks (e.g., subscription linking).
• IP Whitelist and Usage Data:
  • Whitelisted IP Addresses: You can add IP addresses to your account to control who can access the private RPC.
  • Server Logs: We may store server logs (e.g., timestamps, request data) for technical troubleshooting, security, and audit purposes.
• Session Cookies: We use technical/session cookies (e.g., from NextAuth or similar libraries) to maintain your login session. For more information on how we use cookies, please see our separate Cookie Policy.
• Payment Information: All payments are processed on-chain in USDC via hel.io or similar third-party processors. Mida Labs does not directly handle or store your payment credentials (crypto private keys, credit card numbers, etc.), but we may receive transaction IDs, wallet addresses, or confirmations of payment status.
• Analytics and Performance Data: We use Vercel Analytics and/or other server-side analytics tools for performance monitoring. As of now, Vercel Analytics does not store any additional cookies on your device; data is collected in an aggregated form to help us understand site performance (e.g., page load times, number of visits).
• Contact or Support Data: If you contact us via email or open a support ticket on Discord, we may collect the information you provide to respond to your inquiry or issue.

4. Purpose and Legal Basis of Processing

We process your personal data for the following purposes and under the legal bases set out by the GDPR (Article 6):

• Provision of the Service: To authenticate you via Discord, validate your NFT ownership, manage subscriptions, enable IP whitelisting, and generally provide access to Spark Node.
  Legal Basis: Performance of a contract (Art. 6(1)(b) GDPR) — providing the Service you request.
• Billing and Invoicing: To process your subscription payments (on-chain) and, if necessary, issue invoices or receipts.
  Legal Basis: Performance of a contract (Art. 6(1)(b)) and Compliance with legal obligations (Art. 6(1)(c)) related to financial record-keeping.
• Security and Fraud Prevention: To monitor, prevent, and detect fraudulent or malicious activities (e.g., unauthorized use, hacking attempts).
  Legal Basis: Legitimate interests (Art. 6(1)(f)) — ensuring the security and integrity of our infrastructure.
• Analytics and Performance: To measure and improve the performance of our website, server load, and user experience.
  Legal Basis: Legitimate interests (Art. 6(1)(f)) — provided such processing does not override your fundamental rights.
• Communications and Support: To respond to inquiries or support tickets (e.g., via Discord or email).
  Legal Basis: Legitimate interests (Art. 6(1)(f)) or Performance of a contract (Art. 6(1)(b)) when directly related to providing the Service you requested.
• Legal Compliance: To fulfill our legal obligations under applicable laws, regulations, or court orders (e.g., record-keeping, tax, anti-money laundering).
  Legal Basis: Compliance with legal obligations (Art. 6(1)(c)).

5. How We Share Your Data

We do not sell or rent your personal data. However, we may share certain data with:

• Service Providers:
  • Hosting: Our front-end is hosted on Vercel; backend servers and databases are hosted on physical servers in the United States operated by Latitude.
  • Payment Processing: We use hel.io or similar blockchain payment facilitators for on-chain subscriptions.
  • Analytics: Vercel Analytics may collect aggregated performance data.
• Corporate Transactions: If Mida Labs undergoes a merger, acquisition, or any form of sale of some or all of its assets, we may transfer your data to the acquiring entity, subject to confidentiality agreements.
• Legal and Regulatory Authorities: We may disclose data if required to comply with applicable laws, regulations, or to respond to a court order, governmental request, or legal process.

6. International Data Transfers

Because our servers and certain service providers (e.g., Vercel, Latitude) are located in the United States, personal data may be transferred from your country of residence to the U.S. and possibly other non-EEA jurisdictions. Where such transfers occur, we take steps to ensure an adequate level of data protection, which may include:

• Implementing Standard Contractual Clauses (SCCs) or equivalent data transfer mechanisms as approved by the European Commission.
• Requiring our service providers to adhere to strict data protection standards, consistent with GDPR principles.

By using our Service, you acknowledge that your data may be processed outside your country of residence. We remain responsible for ensuring that our service providers comply with applicable data protection requirements.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal, accounting, or reporting requirements. For example:

• Discord Login Data: Retained as long as your account is active or until you request deletion.
• Billing/Transaction Records: Stored for the minimum period required by tax or financial regulations (e.g., 5-10 years, depending on jurisdiction).
• IP Whitelist / Server Logs: Typically retained for a shorter period (e.g., a few months) unless needed for security investigations or legal purposes.

We periodically review the data we hold, and securely delete or anonymize it when no longer needed.

8. Your Rights Under the GDPR (EU/EEA Users)

If you reside in the European Union or European Economic Area, you have the right to:

• Access Your Data: Obtain confirmation as to whether or not personal data concerning you is being processed, and request a copy of such data (Art. 15 GDPR).
• Rectify Inaccuracies: Request correction of inaccurate personal data (Art. 16 GDPR).
• Erase Your Data: Request erasure of personal data (“right to be forgotten”), subject to certain legal exceptions (Art. 17 GDPR).
• Restrict Processing: Request restriction of processing where the accuracy of data is contested, or the processing is unlawful (Art. 18 GDPR).
• Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller (Art. 20 GDPR).
• Object to Processing: Object to the processing of your personal data where processing is based on legitimate interests (Art. 21 GDPR).
• Withdraw Consent: If you have given us consent for specific processing, you can withdraw it at any time, without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at legal@midalabs.xyz. We will respond within the timeframes set forth by applicable data protection laws. You also have the right to lodge a complaint with a supervisory authority in your EU member state of residence.

9. Children’s Privacy

Our Service is not intended for individuals under the age of legal majority in their respective jurisdictions. We do not knowingly collect or process personal data from minors. If you believe we have inadvertently processed personal data of a minor, please contact us so we can promptly delete such data.

10. Data Security

We implement reasonable technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:

• Encrypted connections (HTTPS) for data in transit.
• Restricted access to databases on secure servers located in the U.S.
• Regularly updated firewalls and intrusion detection systems.
• Access controls and authentication mechanisms for internal systems.

However, no security system is entirely foolproof. We cannot guarantee absolute security, especially regarding blockchain interactions, which remain subject to inherent risks and potential vulnerabilities.

11. Third-Party Links and Services

Our website may contain links to third-party websites or services that operate under different privacy practices. We are not responsible for the content or privacy policies of these third-party websites or services, and we encourage you to review their policies before sharing any personal data.

12. Updates to This Privacy Policy

We may update this Privacy Policy to reflect changes in our data practices, technology, or legal requirements. If we make material changes, we will provide notice (e.g., by email or posting a prominent notice on our website) prior to the change becoming effective. Your continued use of our Service after any updates become effective constitutes acceptance of those changes.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please reach out to us:
Mida Labs s.r.l.
Via S. Leonardo, 81, 80044 Ottaviano (NA), Italy
Email: legal@midalabs.xyz

By using our Service, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of your personal data as outlined herein, in accordance with applicable law.