Privacy Policy

Last Updated: April 2nd, 2026

Introduction

This Privacy Policy explains how NexaID collects, uses, and handles information when users access or interact with the NexaID website, browser extension, APIs, and related services (collectively, the “Service”). NexaID is designed as a privacy-preserving infrastructure that enables users to generate cryptographic attestations without directly disclosing underlying personal data. NexaID does not provide identity verification, identity certification, or KYC services.

Information We Do Not Collect

NexaID is designed to minimize the collection of personal information. When using the Service, NexaID does not collect or store:

names or real-world identity information;
government identification numbers;
contact information voluntarily provided by users;
passwords or login credentials for third-party services;
personal financial information.

Authentication with third-party services is performed on the user’s device through the browser extension or other user-side software.

Information We May Process

To operate the Service, NexaID may process limited technical information, including:

wallet addresses associated with attestations;
cryptographic proof data or proof metadata;
timestamps associated with proof generation or verification;
technical logs necessary for system operation and security;
device or browser-related information required for the extension to function.

This information is used only to operate, secure, and improve the Service. Information that is publicly available on blockchain networks (such as wallet addresses or transaction identifiers) may be processed as part of the operation of the Service.

Zero-Knowledge Proofs and Attestations

NexaID enables users to generate cryptographic proofs based on interactions with third-party services. The Service is designed so that:

the underlying personal data used to generate a proof remains on the user’s device;
NexaID does not access the user’s login credentials for third-party services;
NexaID does not store the personal information contained in third-party accounts.

NexaID only processes the resulting proof or attestation necessary for verification. Attestations generated through NexaID do not constitute confirmation of a user’s legal identity or eligibility for any regulatory purpose.

Blockchain Data

Certain information related to attestations may be recorded on public blockchain networks. Such information may be publicly visible and cannot be altered or deleted by NexaID.

Third-Party Services

The Service may interact with third-party platforms, websites, or services. When users access third-party services through the browser extension or related tools:

those services operate under their own privacy policies and terms;
NexaID does not control how those services collect or process user information.

Users should review the privacy policies of such third-party services before interacting with them. Authentication interactions with third-party services occur directly between the user and the relevant service provider through the user’s device.

Use of Information

NexaID uses the limited information described above for the following purposes:

operating and maintaining the Service;
verifying attestations and proofs;
preventing fraud, abuse, or misuse of the Service;
improving system performance and reliability;
complying with applicable legal obligations.

Data Retention

NexaID retains technical information only for as long as reasonably necessary to operate and secure the Service. Attestation-related data may be stored in connection with verification functionality, system integrity, and security monitoring.

Data Security

NexaID implements reasonable technical and organizational measures to protect the integrity and security of the Service. However, no system can guarantee absolute security. Users are responsible for protecting their own devices, accounts, and credentials.

International Data Processing

Because the Service operates on a decentralized infrastructure and may interact with globally distributed systems, information processed by NexaID may be transmitted or processed in multiple jurisdictions. NexaID may use globally distributed infrastructure providers or cloud services. As a result, limited technical information may be processed in jurisdictions outside the user’s country of residence.

Children

The Service is not intended for children. We do not knowingly collect personal data from children without appropriate authorization. If you believe a child has provided personal data, contact us and we will take appropriate steps.

Contact Us

If you have questions or requests regarding this Privacy Policy or our personal data practices, contact: Email: caas_service@haskey.com

Changes to This Privacy Policy

NexaID may update this Privacy Policy from time to time to reflect changes in the Service or applicable legal requirements. Users will be notified of material changes through the website or other appropriate channels.

Documentation Index

​Introduction

​Information We Do Not Collect

​Information We May Process

​Zero-Knowledge Proofs and Attestations

​Blockchain Data

​Third-Party Services

​Use of Information

​Data Retention

​Data Security

​International Data Processing

​Children

​Contact Us

​Changes to This Privacy Policy