PRIVACY POLICY

0. HOW THE NEFTWERK PROTOCOL WORKS

Neftwerk Inc. operates as blockchain protocol infrastructure. Neftwerk does not sell artworks, does not act as a payment processor, and does not collect or store payment instrument data. Payment processing, fiat in/out, and KYC/AML compliance are handled exclusively by Coinflow, our licensed third-party payment processing partner. Galleries and authorized sellers credentialed on the Neftwerk Protocol are the merchants of record for all artwork transactions. By using the Services, you acknowledge this layered structure and agree to also review Coinflow’s Privacy Policy and the terms of the gallery or seller from whom you are transacting. Gallery information and respective policies are available in-app.

Neftwerk Privacy Policy

Last updated June 23, 2026

This Privacy Notice for Neftwerk Inc. (“we,” “us,” or “our”) describes how and why we might access, collect, store, use, and/or share (“process”) your personal information when you use our services (“Services”), including when you:

  • Visit our website at https://www.neftwerk.com or any website of ours that links to this Privacy Notice

  • Download and use our mobile application (My Pocket Gallery), or any other application of ours that links to this Privacy Notice

  • Use My Pocket Gallery, an art wallet that helps galleries and collectors securely track provenance, execute seamless transactions, and digitally manage collections

  • Engage with us in other related ways, including any marketing or events

Reading this Privacy Notice will help you understand your privacy rights and choices. Contact us at neftwerk@neftwerk.com with all questions and concerns

1. WHAT INFORMATION DO WE COLLECT?

Personal Information You Disclose to Us

We collect personal information that you voluntarily provide when you register, express interest in our Services, participate in activities, or contact us. This may include:

  • Name, email address, username or display name

  • Profile information

  • Wallet addresses

  • Uploaded content (including artwork records and provenance data)

  • Communications with us

Payment Data

Neftwerk does not collect, process, or store payment instrument data, including credit card numbers, bank account information, or other financial data. All payment processing, fiat in/out, and KYC/AML compliance are handled exclusively by Coinflow, our licensed payment processing partner. By transacting through the Services, you agree to Coinflow’s Privacy Policy, available at https://coinflow.cash/privacy. Please review Coinflow’s policy to understand how your payment data is handled.

Blockchain and Transaction Information

Transactions conducted through blockchain-based systems may be publicly visible and permanently recorded on distributed ledgers. We may collect and process public wallet addresses, transaction hashes, blockchain metadata, and payment routing information. Because blockchain networks are decentralized and public, we cannot modify, delete, or control information stored on-chain.

Automatically Collected Information

When you use the Services, we may automatically collect device information, browser type, operating system, IP address, usage activity, referral URLs, crash logs and diagnostics, and analytics data.

Gallery Information

When you use the Services, you will be interacting with vendors not directly affiliated with Neftwerk.  Galleries may collect additional information with transactions.  For more information on a given vendor’s privacy policy and data usage, please navigate to their page in-app or contact them directly at listed contact information.

2. HOW DO WE PROCESS YOUR INFORMATION?

We process your personal information to: facilitate account creation and authentication; deliver and facilitate services; respond to user inquiries; send administrative information; fulfill and manage orders; enable user-to-user communications; and save or protect vital interests. We process information only when we have a valid legal reason to do so.

3. LEGAL BASES FOR PROCESSING

Under GDPR and UK GDPR, we rely on the following legal bases: Consent; Performance of a Contract; Legal Obligations; and Vital Interests. Canadian users: we rely on express or implied consent as applicable, with exceptions permitted by law.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

A. Service Providers

Third-party vendors including cloud hosting providers, analytics services, payment processors (see Section 1, Payment Data), customer support tools, and security and fraud prevention vendors.

B. Legal and Compliance Purposes

We may disclose information to comply with applicable law, respond to legal requests, protect rights, safety, or property, or investigate fraud or security incidents.

C. Business Transfers

Information may be transferred in connection with mergers, acquisitions, financing, asset sales, bankruptcy, or restructuring.

D. Public Blockchain Activity

Blockchain transaction data may be publicly accessible and visible to third parties by the nature of distributed ledger systems.

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

We use cookies and similar tracking technologies solely to maintain the security and operation of our Services, prevent crashes, fix bugs, and save your preferences. Neftwerk does not use behavioral tracking technologies for advertising purposes and does not permit third parties to serve targeted advertising through the Services.

6. INTERNATIONAL DATA TRANSFERS

Our servers are located in the United States. We comply with the EU-US Data Privacy Framework and Swiss-US Data Privacy Framework as set forth by the US Department of Commerce. If you are in the EEA, UK, or Switzerland, your information may be transferred to the US; we take all necessary measures to protect it in accordance with this Notice and applicable law.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

We keep personal information only as long as necessary for the purposes outlined in this Notice, unless a longer period is required by law. When there is no ongoing legitimate need to process your information, we will delete or anonymize it.

8. HOW DO WE KEEP YOUR INFORMATION SAFE?

We implement appropriate technical and organizational security measures. Neftwerk may utilize zero-knowledge proof systems and related cryptographic architectures to: authenticate or validate activities without exposing underlying personal information; reduce unnecessary transmission of sensitive data; support privacy-preserving protocol interactions; and enhance user control over digital identity and permissions.

Where feasible, our systems are designed to minimize direct access to user data by Neftwerk itself. However, no electronic transmission or information storage can be guaranteed 100% secure. You should only access the Services within a secure environment.

9. DO WE COLLECT INFORMATION FROM MINORS?

We do not knowingly collect data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 years old. If we learn that data from users under 18 has been collected, we will deactivate the account and delete such data. Please contact neftwerk@neftwerk.com for minor data concerns.

10. WHAT ARE YOUR PRIVACY RIGHTS?

In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; (iv) if applicable, to data portability; and (v) not to be subject to automated decision-making. If a decision that produces legal or similarly significant effects is made solely by automated means, we will inform you, explain the main factors, and offer a simple way to request human review. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us by using the contact details provided in the section "CONTACT" below.

We will consider and act upon any request in accordance with applicable data protection laws.

If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority.

If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.

Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in the section "CONTACT" below or updating your preferences.

However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can:

  • Log in to your account settings and update your user account.

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies.

If you have questions or comments about your privacy rights, you may email us at neftwerk@neftwerk.com.

11. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice.

California law requires us to let you know how we respond to web browser DNT signals. Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not respond to them at this time.

12. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have the right to request access to and receive details about the personal information we maintain about you and how we have processed it, correct inaccuracies, get a copy of, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. More information is provided below.

Categories of Personal Information We Collect

The table below shows the categories of personal information we have collected in the past twelve (12) months. The table includes illustrative examples of each category and does not reflect the personal information we collect from you. For a comprehensive inventory of all personal information we process, please refer to the section "WHAT INFORMATION DO WE COLLECT?"

We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:
  • Receiving help through our customer support channels;
  • Participation in customer surveys or contests; and
  • Facilitation in the delivery of our Services and to respond to your inquiries.
We will use and retain the collected personal information as needed to provide the Services or for:
  • Category A - As long as the user has an account with us
  • Category B - As long as the user has an account with us
  • Category D - As long as the user has an account with us

Sources of Personal Information

Learn more about the sources of personal information we collect in "WHAT INFORMATION DO WE COLLECT?"

How We Use and Share Personal Information

Learn more about how we use your personal information in the section, "HOW DO WE PROCESS YOUR INFORMATION?"

Will your information be shared with anyone else?

We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Learn more about how we disclose personal information to in the section, "WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?"

We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be "selling" of your personal information.

We have not disclosed, sold, or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. We will not sell or share personal information in the future belonging to website visitors, users, and other consumers.

Your Rights

You have rights under certain US state data protection laws. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law. These rights include:

  • Right to know whether or not we are processing your personal data

  • Right to access your personal data

  • Right to correct inaccuracies in your personal data

  • Right to request the deletion of your personal data

  • Right to obtain a copy of the personal data you previously shared with us

  • Right to non-discrimination for exercising your rights

  • Right to opt out of the processing of your personal data if it is used for targeted advertising (or sharing as defined under California’s privacy law), the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ("profiling")

Depending upon the state where you live, you may also have the following rights:

  • Right to access the categories of personal data being processed (as permitted by applicable law, including the privacy law in Minnesota)

  • Right to obtain a list of the categories of third parties to which we have disclosed personal data (as permitted by applicable law, including the privacy law in California, Delaware, and Maryland)

  • Right to obtain a list of specific third parties to which we have disclosed personal data (as permitted by applicable law, including the privacy law in Minnesota and Oregon)

  • Right to obtain a list of third parties to which we have sold personal data (as permitted by applicable law, including the privacy law in Connecticut)

  • Right to review, understand, question, and depending on where you live, correct how personal data has been profiled (as permitted by applicable law, including the privacy law in Connecticut and Minnesota)

  • Right to limit use and disclosure of sensitive personal data (as permitted by applicable law, including the privacy law in California)

  • Right to opt out of the collection of sensitive data and personal data collected through the operation of a voice or facial recognition feature (as permitted by applicable law, including the privacy law in Florida)

How to Exercise Your Rights

To exercise these rights, you can contact us by submitting a data subject access request, by emailing us at neftwerk@neftwerk.com, by visiting https://www.neftwerk.com/contact-us, or by referring to the contact details at the bottom of this document.

Under certain US state data protection laws, you can designate an authorized agent to make a request on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with applicable laws.

Request Verification

Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. We will only use personal information provided in your request to verify your identity or authority to make the request. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes.

If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request and the agent will need to provide a written and signed permission from you to submit such request on your behalf.

Appeals

Under certain US state data protection laws, if we decline to take action regarding your request, you may appeal our decision by emailing us at neftwerk@neftwerk.com. We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may submit a complaint to your state attorney general.

California "Shine The Light" Law

California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us by using the contact details provided in the section "CONTACT"

13. DO WE MAKE UPDATES TO THIS NOTICE?

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Revised" date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.

14. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

You have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to request we limit the use or disclosure of your personal information or withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, please fill out and submit a data subject access request.

15. CONTACT

If you have questions or comments about this notice, you may contact us at:

Neftwerk Inc., 1316 S Mole St, Philadelphia, PA 19146, United States. neftwerk@neftwerk.com

16. POLICY REVIEW AND UPDATES 

This Policy is reviewed and approved by the Chief Executive Officer, Francesca Augustine at least annually, and updated upon material regulatory changes, new product launches, or significant findings from independent reviews.