Legal
Privacy Policy
Last Updated: 05/11/2025
1. Introduction
Mida Labs s.r.l. ("Mida Labs," "we," "us," or "our") respects your privacy and is committed to protecting your personal data.
This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you access our website or use the Spark Node service ("Service"). It also describes your rights and how to exercise them under applicable data protection laws, including the EU General Data Protection Regulation (GDPR).
Note: This Privacy Policy is provided in English. In case of discrepancies with any translation, the English version shall prevail.
2. Data Controller
Mida Labs s.r.l.
Via S. Leonardo, 81, 80044 Ottaviano (NA), Italy
VAT/P.IVA: 10768521212
Email: legal@midalabs.xyz
3. Personal Data We Collect
We collect or receive personal data as necessary to provide and maintain the Service, specifically:
a) Discord Login Data
- Discord Username and Discord ID – collected when you log in via Discord OAuth.
- Email Address (from Discord) – accessed for billing and invoicing purposes.
b) Wallet and NFT Data
- Wallet Address – used to authenticate ownership of NFTs or verify on-chain subscription validity.
- NFT Ownership Data – used to confirm eligibility for NFT-linked subscriptions.
c) Network and Usage Data
- Whitelisted IPs – managed by you through the dashboard.
- Proxy/Server Logs – may include timestamps, request headers, IP addresses, and endpoint usage.
Retention: 7 days for security and troubleshooting.
d) Payment and Billing Data
- Billing Details (name, address, VAT ID) – required for invoicing under Italian and EU tax law.
- Transaction Metadata – wallet address, transaction ID, payment status.
- Payments are processed via MoonPay Commerce (UK).
- Mida Labs does not access or store private keys, seed phrases, or credit card details.
- Billing records are retained for 10 years per Italian accounting regulations.
e) Support Communications
If you contact us via email or Discord Ticket Tool, we may collect your username, Discord ID, and the message content solely for resolving your request.
f) Technical and Performance Data
- We use Vercel Analytics for aggregated performance metrics (e.g., page load times, request latency).
- No marketing, behavioral, or advertising profiling is performed.
- Technical/session cookies are used strictly for authentication and service continuity (e.g., NextAuth).
4. Purpose and Legal Basis of Processing
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Provide and operate the Service (authentication, NFT validation, IP whitelisting, RPC access) | Contract performance (Art. 6(1)(b)) |
| Billing, invoicing, and tax compliance | Contract performance and legal obligation (Art. 6(1)(b)(c)) |
| Security monitoring and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Respond to support or technical inquiries | Legitimate interest / Contract performance (Art. 6(1)(f)(b)) |
| Maintain infrastructure and performance analytics | Legitimate interest (Art. 6(1)(f)) |
| Legal compliance (AML, tax, or accounting obligations) | Legal obligation (Art. 6(1)(c)) |
No automated decision-making or profiling under Art. 22 GDPR is carried out.
5. Data Sharing and Processors
We do not sell or rent your personal data.
We share limited data only with trusted processors that help operate the Service:
| Category | Provider | Location | Safeguards |
|---|---|---|---|
| Frontend Hosting & Analytics | Vercel Inc. | USA | Standard Contractual Clauses (SCCs) |
| RPC Infrastructure | Latitude.sh LLC | USA | SCCs |
| Validator Infrastructure | Cherry Servers UAB | Lithuania | EU-based |
| Backend / Database | Hetzner Online GmbH | Germany | EU-based |
| CDN, DNS, Load Balancing | Cloudflare Inc. | USA / EU | SCCs, DPA with Cloudflare |
| Payment Processing | Helio Fintech Limited, a wholly owned subsidiary of MoonPay, Inc | UK / USA | SCCs or UK Addendum |
| Email and Support Communications | Google Cloud Italy S.r.l. (Google Workspace / Gmail) – contractual partner; data may be processed by Google LLC (USA) | Italy / USA | DPA with Google; Standard Contractual Clauses (SCCs) |
Each provider processes data under a Data Processing Agreement (DPA) ensuring GDPR compliance and appropriate data transfer safeguards.
6. International Data Transfers
Personal data may be transferred to and processed in countries outside the EEA (e.g., USA, UK).
When this occurs, we rely on:
- Standard Contractual Clauses approved by the European Commission; or
- Equivalent data transfer mechanisms ensuring adequate protection.
We maintain responsibility for ensuring that all service providers adhere to GDPR-equivalent safeguards.
7. Data Retention
| Data Category | Retention Period | Purpose |
|---|---|---|
| Discord Login & Wallet Metadata | For the duration of your active account and until deletion is requested | Service continuity |
| Proxy / Server Logs | 7 days | Security, troubleshooting |
| Billing / Transaction Records | 10 years | Accounting and tax obligations |
| Support Tickets / Emails | Until account deletion or request for erasure | Customer support |
| Analytics Data (aggregated) | Non-personal / anonymized | Performance optimization |
After expiry, data is securely deleted or anonymized.
8. Your Rights Under the GDPR
If you are located in the EU/EEA, you have the right to:
- Access your data (Art. 15)
- Rectify inaccuracies (Art. 16)
- Erase data ("right to be forgotten") (Art. 17)
- Restrict processing (Art. 18)
- Data portability (Art. 20)
- Object to processing (Art. 21)
- Withdraw consent, if applicable, without affecting prior lawful processing
To exercise these rights, contact us at legal@midalabs.xyz.
You may also lodge a complaint with your national supervisory authority (in Italy: Garante per la Protezione dei Dati Personali).
9. Children's Privacy
Our Service is intended for users 18 years and older.
We do not knowingly collect or process data from minors.
If such data is discovered, we will promptly delete it.
10. Data Security
We employ technical and organizational measures including:
- HTTPS encryption for data in transit
- Cloudflare CDN/DDoS protection
- Restricted database access and audit controls
- Network segmentation for RPC infrastructure
- Regular security patching and vulnerability monitoring
However, blockchain interactions involve inherent public data exposure.
Users remain responsible for safeguarding their wallets and private keys.
11. Third-Party Links
Our site may contain links to third-party websites or services (e.g., Discord, NFT marketplaces).
We are not responsible for their content or privacy practices.
Please review their respective privacy policies before using them.
12. Policy Updates
We may revise this Policy periodically to reflect legal or operational changes.
Material updates will be notified via our website or email before taking effect.
Continued use of the Service after the effective date constitutes acceptance.
13. Contact
Mida Labs s.r.l.
Via S. Leonardo, 81, 80044 Ottaviano (NA), Italy
Email: legal@midalabs.xyz
