Privacy Policy

Privacy Statement

This Privacy Policy applies to Zap, a product developed and operated by Layer 3 Labs PTY LTD ("we", "our", or "us"), an Australian company. We are committed to protecting your privacy in accordance with:

• The Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth)
• The General Data Protection Regulation (GDPR) for European Union users
• Other applicable data protection laws in jurisdictions where our services are accessed

Layer 3 Labs PTY LTD is an Australian company that provides Web3 tools and services through the Zap platform. We believe in minimal data collection and maximum user privacy.

Information We Collect

We are committed to privacy by design. We do not collect, store, or process personal information about our users. However, for operational purposes only, we temporarily process certain technical information.

IP Addresses: We temporarily log IP addresses for rate limiting and security purposes. These logs are automatically deleted after seven (7) days and are not used for any purpose other than maintaining system integrity and preventing abuse.

Request Information: Technical data about API requests, including timestamps, endpoints accessed, and response codes, is collected for debugging and system monitoring purposes. This data is retained for a maximum of thirty (30) days and contains no personally identifiable information.

Blockchain Interactions: Any blockchain transaction data that you initiate through our services becomes part of the public blockchain record. This is publicly available information inherent to blockchain technology and is not privately collected or controlled by us.

We do not use cookies, tracking pixels, or any form of analytics that identifies individual users. We do not require account creation or collect email addresses, names, or any other personal identifiers.

How We Use Your Information

The limited technical information we process is used solely for the following purposes: (a) preventing abuse and ensuring fair usage through rate limiting; (b) identifying and resolving technical issues and bugs; (c) maintaining the security and integrity of our systems; and (d) complying with legal obligations under applicable law.

We expressly do not use this information for marketing, profiling, or selling to third parties. The technical data we process is never used to identify individual users or track user behavior across sessions.

Data Sharing and Disclosure

We do not sell, rent, or share any information with third parties except in the following limited circumstances:

Legal Requirements: We may disclose information when required by applicable law, court order, or regulatory authorities in any jurisdiction where we operate. Such disclosures will be limited to the minimum information required to comply with the legal obligation.

Infrastructure Providers: Our global hosting and infrastructure providers may have access to IP logs as part of DDoS protection and security services. These providers are bound by strict confidentiality agreements and are prohibited from using this data for any purpose other than providing their services to us.

Legal Basis: For users in the European Union, any processing of technical data is based on our legitimate interests in maintaining security and system integrity under Article 6(1)(f) of the GDPR.

Data Security

We implement industry-standard security measures to protect our systems, including but not limited to: encryption in transit using TLS/SSL protocols; regular security audits of our smart contracts and infrastructure; automated deletion of IP logs after seven (7) days; automated deletion of request logs after thirty (30) days; and strict access controls limiting who can view system logs.

As we do not collect personal data, there is minimal risk of data breaches affecting user privacy. In the unlikely event of a security incident affecting our systems, we will notify users via our website and social media channels in accordance with applicable breach notification requirements.

Your Rights

Your privacy rights depend on your location and applicable law:

Australian Residents

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the right to: (a) request information about what data we hold, though this will be minimal given our privacy-first approach; (b) request correction of any information we hold about you; and (c) lodge a complaint with us or the Office of the Australian Information Commissioner (OAIC) if you believe we have breached your privacy rights.

European Union Residents

Under the General Data Protection Regulation (GDPR), EU residents have the following rights: the right to access any personal data we hold about you; the right to rectification and erasure of such data; the right to restrict processing; the right to data portability; the right to object to processing; and the right to lodge a complaint with your local supervisory authority.

All Users

Given that we do not collect personal information beyond temporary IP addresses and request logs, traditional data subject rights have limited application. Nevertheless, we are committed to transparency and will respond to any privacy inquiries within thirty (30) days of receipt.

Cookies and Tracking

We do not use cookies or any tracking technologies. Our website and services function entirely without cookies, ensuring your browsing remains private. We specifically do not employ: Google Analytics or any analytics services; Facebook Pixel or social media tracking; third-party cookies; persistent session cookies; or advertising or marketing cookies of any kind.

Any essential security tokens used for service functionality expire immediately upon session termination and contain no personally identifiable information.

International Data Transfers

Our infrastructure and services operate globally across multiple regions including but not limited to Australia, the United States, European Union, and Asia-Pacific regions. The minimal technical data we process may be processed in any of these locations.

We ensure that all data transfers comply with applicable laws through the following measures: (a) using secure, encrypted connections for all data transfers; (b) only engaging infrastructure providers that maintain appropriate security standards and contractual commitments; (c) implementing appropriate safeguards as required under the Australian Privacy Principles for overseas data transfers; and (d) ensuring GDPR compliance for EU data subjects through appropriate technical and organizational measures.

As a blockchain-based service, transaction data you create is stored on public, decentralized networks that exist globally. This is inherent to blockchain technology and represents data that is publicly available by design, not a data transfer under our control.

Children's Privacy

Our services are not directed at individuals under the age of eighteen (18) years. We do not knowingly collect any information from children. As we do not collect personal information from any users, this protection extends to all age groups by default.

Updates to This Privacy Policy

We reserve the right to update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on this page with a new "Last Updated" date. The updated Privacy Policy will be effective immediately upon posting unless otherwise specified.

For material changes that might affect how we handle information, we will endeavor to provide notice through our website and social media channels at least thirty (30) days before such changes take effect, where practicable.

Contact Information

If you have any questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact us at:

For Australian residents: Complaints that cannot be resolved directly with us may be referred to:

For EU residents: You may lodge a complaint with your local data protection authority. Contact details can be found at:https://edpb.europa.eu/about-edpb/board/members_en