Privacy Policy

Kerne Labs ("Kerne Protocol," "we," "us," or "our") operates the kerne.fi website and the Kerne Protocol decentralized application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our protocol.

By accessing or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

1. Information We Collect

We may collect information about you in a variety of ways. The information we may collect via the Service includes:

Information You Provide

• Contact Information: If you contact us directly, we may receive additional information about you such as your email address and the contents of any message or attachments you may send us.
• Feedback and Correspondence: Information you provide when participating in surveys, promotions, or community channels (Discord, X / Twitter, Farcaster, or similar).

Information Collected Automatically

• Device and Usage Data: Browser type, operating system, device identifiers, pages visited, time spent on pages, and referring URL.
• IP Address: Your IP address may be collected automatically when you access the Service. We may use this information for analytics, security, and compliance purposes.
• Log Data: Server logs that record requests made to our infrastructure, including timestamps and request metadata.

Geolocation and Access Restrictions

Our hosting provider (Vercel) processes IP addresses at the network edge to derive country-level geolocation. This geolocation data is used to restrict access to the Service from sanctioned and restricted jurisdictions in compliance with applicable U.S. sanctions regulations. IP addresses are not stored by us for geo-blocking purposes beyond the request lifecycle. Vercel processes IP addresses as an infrastructure provider; see Vercel's privacy policy for details on their data practices.

Rewards and Referral Data

If you participate in the Opal Rewards program, we process your wallet address and deposit activity to calculate fragment balances, tier levels, duration multipliers, leaderboard rankings, and referral statistics. This data is stored off-chain (not on the blockchain) and is polled at regular intervals while the application is open.

If you participate in the referral program, referral relationships (referrer address, referee address, and timestamp) are permanently recorded on the Base blockchain via the KerneReferral smart contract. This data is immutable and publicly visible. Referral codes, referral counts, bonus amounts, and referee lists are also processed off-chain by the Opal Rewards API.

2. How We Use Information

We use the information we collect for the following purposes:

• To operate, maintain, and improve the Service.
• To monitor and analyze usage patterns and trends.
• To detect, prevent, and address technical issues, fraud, or security vulnerabilities.
• To comply with applicable legal obligations, including anti-money laundering (AML) and know-your-customer (KYC) requirements where applicable.
• To restrict access from sanctioned jurisdictions in compliance with U.S. sanctions regulations.
• To communicate with you, including responding to inquiries and sending service-related notifications.
• To calculate and distribute rewards, referral bonuses, and leaderboard rankings.
• To enforce our Terms of Service and other legal agreements.

3. Wallet & Blockchain Data

Kerne Protocol is a decentralized finance (DeFi) protocol. When you interact with our smart contracts, certain information is inherently public on the blockchain:

• Wallet Addresses: Your public wallet address is visible on the blockchain when you execute transactions through the protocol. We do not control or store your private keys.
• Transaction Data: All transactions executed on public blockchains (including deposits, withdrawals, minting of kUSD, and referral registrations) are publicly visible and immutable. This data is not collected by us. It exists on the blockchain independently.
• Referral Relationships: If you register a referral, the referrer-referee relationship and timestamp are permanently recorded on-chain and cannot be deleted or modified.
• No Private Key Access: We never have access to your private keys or seed phrases. Wallet connections are facilitated through third-party providers and are non-custodial.

We may index publicly available blockchain data to provide protocol analytics, display user balances within the application interface, and generate aggregate statistics.

4. Cookies, Local Storage & Analytics

We use cookies, local storage, and similar technologies to operate the Service. The following specific items are stored:

• Wallet State Cookies: When you connect your wallet, cookies are set to store your connected wallet address, active blockchain network, and wallet connector type. These are strictly functional cookies used for server-side rendering hydration to prevent a disconnected state on page load. These cookies expire when the browser session ends or when you disconnect your wallet.
• Referral Code (localStorage): If you arrive via a referral link (e.g., a URL containing a "?ref=" parameter), the referral code and a timestamp are stored in your browser's localStorage under the key "kerne_pending_referral." This data automatically expires and is deleted after 7 days. It is used to register the referral on-chain when you connect your wallet.
• Referral Modal State (localStorage): If you dismiss the referral confirmation modal, the dismissal is recorded in localStorage under the key "kerne_ref_modal_dismissed" to prevent the modal from reappearing. This persists until you manually clear your browser data.

Analytics: Our wallet connection provider (Reown AppKit) has built-in analytics capabilities, but these are explicitly disabled in our configuration. We do not use Google Analytics, Mixpanel, Segment, or any other third-party behavioral analytics service. No cross-site tracking is performed.

You can instruct your browser to refuse all cookies or to clear localStorage. However, if you do so, some portions of the Service (such as wallet persistence across page loads) may not function correctly.

5. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share information in the following limited circumstances:

Third-Party Service Providers

The Service integrates with the following third-party providers, each of which may receive certain data in the course of providing their services:

• Reown AppKit / WalletConnect: Wallet connection infrastructure. Receives your wallet address and chain ID when you connect your wallet. Analytics features are disabled in our configuration.
• Relay Protocol: Cross-chain bridging and token swapping. Receives your wallet address, transaction data, and source chain when you perform cross-chain operations. Activity is associated with the kerne.fi domain in Relay's systems.
• Vercel: Website hosting and edge computing. Processes IP addresses, request metadata, and geolocation headers to serve the application and enforce access restrictions.
• Pyth Network / Chainlink: Price oracle providers. These operate at the smart contract level on-chain. No user personal data is transmitted to these providers off-chain.

Each third-party provider has its own privacy policy. We encourage you to review their policies.

Other Sharing

• Legal Requirements: We may disclose information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, respond to a court order, or protect our rights and safety.
• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.
• Aggregate Data: We may share anonymized, aggregated data that cannot reasonably be used to identify you for research, analytics, or marketing purposes.

6. Data Security

We implement commercially reasonable technical and organizational security measures designed to protect the information we collect. These measures include:

• Encryption of data in transit using TLS/SSL protocols.
• Regular security assessments and smart contract audits.
• Access controls and authentication mechanisms for internal systems.
• Monitoring for unauthorized access, use, or disclosure of information.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security. The decentralized nature of blockchain technology means that on-chain data is publicly accessible and immutable by design.

7. Data Retention

We retain information for the following periods:

• Blockchain Data: Permanent and immutable. Transactions, wallet addresses, and referral relationships recorded on public blockchains exist indefinitely and cannot be deleted by us or anyone.
• Wallet State Cookies: Session-scoped. Cleared when the browser session ends or when you disconnect your wallet.
• Referral Code (localStorage): 7-day time-to-live. Automatically cleared after expiry.
• Referral Modal State (localStorage): Persists indefinitely until you manually clear your browser data.
• Server and API Logs: Retained for a reasonable period for operational, security, and compliance purposes, then deleted.
• IP Geolocation Data: Not stored. Processed in-memory by our hosting provider's edge network per request and discarded.
• Opal Rewards Data: Retained for the duration of the rewards program and for a reasonable period thereafter for record-keeping purposes.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Right of Access: You may request access to the personal information we hold about you.
• Right of Rectification: You may request correction of any inaccurate personal information.
• Right of Erasure: You may request deletion of your personal information, subject to certain legal exceptions. Note that on-chain transaction data and referral relationships cannot be deleted as they are stored on public, immutable blockchains.
• Right to Object: You may object to the processing of your personal information in certain circumstances.
• Right to Data Portability: You may request a copy of your personal information in a structured, machine-readable format.

To exercise any of these rights, please contact us at kerne.systems@protonmail.com. We will respond to your request within the timeframe required by applicable law.

9. Third-Party Links

The Service may contain links to third-party websites, services, or applications that are not operated by us. This includes links to blockchain explorers, decentralized exchanges, wallet providers, and other DeFi protocols. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without verification of parental consent, we will take steps to remove that information.

11. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ from those of your jurisdiction. By using the Service, you consent to such transfers.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top. Changes are effective immediately upon posting. Your continued use of the Service after any modifications constitutes your acceptance of the revised Privacy Policy.

13. Contact Information

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us: