Privacy Policy

Last Updated: April 10, 2026

1. Introduction

This Privacy Policy (this “Policy”) describes how Movement Network Foundation, a Cayman Islands foundation company (“Foundation”, “we”, “us”, or “our”), collects, uses, discloses, and handles information in connection with the websites, interfaces, APIs, and related services we make available (collectively, the “Services”), including without limitation:

  • https://www.movementnetwork.xyz/
  • https://staking.movementnetwork.xyz/
  • https://bridge.movementnetwork.xyz/

any block explorer interfaces, name service interfaces, subdomains, APIs, and related applications that link to or reference this Policy.

We are committed to handling information responsibly and transparently. The Services operate on a non-custodial architecture—we do not hold your digital assets, do not control your transactions, and do not link your on-chain identity to offline personal identifiers such as your name or email address. This Policy describes accurately and completely what data we do collect, including public wallet addresses used for protocol interaction and operational analytics.

By accessing or using the Services, you acknowledge that you have read and understood this Policy. If you do not agree, please do not access or use the Services.

2. Scope of This Policy

This Policy applies to information processed by the Foundation through the Services. The Services may integrate with or link to third-party wallet providers, bridge infrastructure providers, community support tools, notification services, and other external services. These services are operated independently and are governed by their own privacy policies.

The Foundation makes no representation, warranty, or guarantee regarding the privacy or security practices of any third party. References to, or integration with, third-party services do not constitute endorsement or approval of their data practices. We encourage you to review the privacy policies of each third-party service you use in connection with the Services.

3. Information We Collect

3(A) Information You Voluntarily Provide

The Services do not include a user account system, and we do not collect email addresses or other personal identifiers as part of standard website use. Limited exceptions exist through third-party-controlled tools:

Notification services (Parthenon interface). If you opt in to email notifications on our Parthenon staking interface, your email address is submitted to and processed by a third-party notification service provider. The Foundation does not directly receive, store, or control that data. The applicable provider’s privacy policy governs its processing.

Community support tools. If you interact with our community support function, a third-party support platform may collect your email address, social account identifiers, and—if you choose to provide it—your wallet address. The Foundation does not directly control that collection. If you voluntarily provide a wallet address through a support tool, that information is processed solely by the applicable third-party provider and is not received or stored by the Foundation. You should review that provider’s privacy policy before providing any wallet address in that context.

To the extent any such tool passes data to us, it is limited to what is reasonably necessary to fulfill your support request or notification preference.

3(B) Wallet Addresses and Blockchain Data

The Services support non-custodial wallet connections via third-party self-custody wallet providers. In connection with your use of the Services, the Foundation processes public wallet address data as follows:

  • Interface display. When you connect a wallet, your public wallet address is displayed within the interface (including the Parthenon interface) to support protocol interaction and session management.
  • Operational storage. Public wallet addresses connected to or interacting with the Services—including through the Parthenon interface—are stored in Foundation-controlled systems for operational purposes, including to support interface functionality, maintain service integrity, and conduct analytics as described in Section 3(C).
  • On-chain data. Blockchain transactions you initiate are broadcast to, and permanently recorded on, public blockchain networks. That data is public, immutable, and outside the Foundation’s control.

What we do not do with wallet addresses: For users of the current Services, we do not link your public wallet address to your offline personal identifiers (such as your legal name, email address, or government-issued ID). We do not use wallet address data for targeted advertising. We do not sell wallet address data to third parties. Note: participants in the MoveDrop Program who provided registration data (including social handles and, in some cases, name or email) are subject to the additional disclosures in Section 3(E) below.

Public wallet addresses are pseudonymous identifiers. While they do not directly identify you by name, they may constitute personal data under applicable privacy law (including GDPR) because they can potentially be associated with a natural person through on-chain analysis or other means. We treat wallet addresses accordingly.

3(C) Automatically Collected Technical Data

When you access the Services, certain technical data is collected automatically:

Website Analytics. We use a third-party website analytics provider to understand aggregate usage of the Services. IP anonymization is enabled, meaning full IP addresses are not retained; approximate geographic location (typically at region level) is derived from truncated IP data. Analytics data collected may include:

  • approximate geographic location (region level, derived from anonymized IP data),
  • device and browser type and version,
  • pages visited, time on page, and navigation paths,
  • referring URLs,
  • public wallet addresses, where submitted as part of interface interactions that generate analytics events.

Website analytics data is not linked to your offline personal identifiers. Our analytics provider operates under its own privacy policy and data processing terms, and is configured to restrict data use for advertising purposes. Where required by applicable law, we rely on appropriate consent mechanisms or other lawful bases for this processing, as described in Section 4(A).

Protocol Analytics. Public wallet addresses that interact with the Services may be stored and analyzed in our analytics infrastructure for operational and protocol improvement purposes. This includes understanding how the protocol is used—for example, aggregating transaction volume, staking activity patterns, and bridge usage by wallet address. This analysis is conducted at the pseudonymous wallet address level and is not linked to your offline personal identity.

Error Monitoring. We use a third-party application monitoring provider for error tracking and performance diagnostics. This provider operates at the application level and captures error logs, stack traces, device and browser information, and technical diagnostics. Because it monitors application-level events, error logs may incidentally contain public wallet addresses where those addresses are part of an application event or user-initiated transaction that generates an error. We do not configure error monitoring to specifically collect wallet addresses, and such capture, where it occurs, involves only the public wallet address associated with the relevant interaction. Error monitoring data is not used for behavioral profiling, advertising, or identity linkage.

We do not control how third-party analytics or monitoring providers independently process data within their own systems. Such processing is governed by their respective privacy policies.

3(D) Data Received from Third-Party Services

In the course of providing the Services, we may receive limited data from the following categories of third parties:

  • Third-party wallet providers. Wallet connection libraries may transmit technical connection status information to facilitate your interface session.
  • Bridge infrastructure providers. When you use the bridge interface, transaction status and messaging data is sourced from third-party bridge APIs and from publicly available on-chain data. The Foundation does not log bridge activity independently.
  • Support and notification providers. As described in Section 3(A), these tools may relay limited data to us in connection with support or notification functions.

3(E) Promotional Programs and Airdrop Registration Data

The Foundation has operated promotional token distribution programs, including the MoveDrop Program (claims.movementnetwork.xyz), through which participants registered to receive $MOVE tokens. Participation in such programs was governed by program-specific terms and a separate privacy policy applicable at the time of registration (the “MoveDrop Privacy Policy”, last updated July 18, 2024). The following disclosures apply to data collected in connection with such programs:

Data collected. In connection with the MoveDrop Program, participants voluntarily provided registration data that may include: cryptocurrency wallet addresses; social media handles (such as X/Twitter, Discord, and Telegram usernames); and, in some cases, name and email address. This data was collected under the MoveDrop Privacy Policy and with participant consent obtained at the time of registration.

Storage and current use. MoveDrop registration data is stored in Foundation-controlled analytics infrastructure alongside other operational data. The Foundation uses this data for ongoing compliance and security purposes, including cross-checking wallet addresses against applicable sanctions lists and screening for potentially illicit activity in connection with Foundation programs and initiatives. Participants expressly consented to this use under the MoveDrop Program Terms (Participant Representation 6).

Nature of this data. Unlike the pseudonymous wallet address data described in Section 3(B), MoveDrop registration data may constitute directly identifiable personal data where it includes a name, email address, or social media handle that can be associated with a real individual. The Foundation treats this data with heightened care and does not use it for advertising or commercial profiling purposes.

Governing policy. MoveDrop registration data was collected under, and remains subject to, the MoveDrop Privacy Policy applicable at the time of collection. This Policy applies to the Foundation’s current processing of that data to the extent consistent with the original collection purpose and applicable law. If there is any conflict between the MoveDrop Privacy Policy and this Policy with respect to MoveDrop registration data, the MoveDrop Privacy Policy controls to the extent of that conflict.

4. How We Use Information

We use the information described in Section 3 for the following purposes:

  • Operating the Services. To display the interface, facilitate wallet connections, and support protocol interactions.
  • Protocol analytics and improvement. To analyze aggregate and wallet-level usage patterns at the pseudonymous address level for the purpose of understanding protocol usage, improving functionality, and supporting network operations. This analysis is conducted at the pseudonymous wallet address level and is not linked to your offline personal identity.
  • Error monitoring and diagnostics. To identify, investigate, and resolve technical errors, crashes, and performance issues. As described in Section 3(C), error logs may incidentally contain public wallet addresses.
  • Security. To detect and address unauthorized access, abuse, or other security threats affecting the Services.
  • Legal and compliance. To comply with applicable laws, respond to lawful requests from governmental or regulatory authorities, enforce our Terms of Service, and protect our legal rights and those of our users.
  • Communications. To respond to inquiries submitted through support tools, to the extent information is passed to us.

What we do not do: For users of the current Services, we do not link wallet addresses to your offline personal identifiers such as your legal name or email address. We do not use any information we collect to serve targeted advertising, to track users across unaffiliated third-party services, or to sell personal data to third parties. MoveDrop Program participants should refer to Section 3(E) for disclosures specific to registration data collected under that program, which may include identifiable information such as social handles or email addresses held in combination with wallet addresses.

4(A) Lawful Basis for Processing (EU/UK/Swiss Users)

Where applicable law requires identification of a lawful basis for processing personal data, we rely on the following:

  • Consent — for the placement of non-essential cookies and analytics tracking for users in the EU, EEA, UK, and Switzerland. You may withdraw consent at any time as described in Section 9.
  • Legitimate interests — for security monitoring, error diagnostics, fraud prevention, protocol analytics at the pseudonymous wallet address level, and service improvement, where such interests are not overridden by your data protection rights. Our legitimate interest is in maintaining the security and functionality of a public blockchain protocol interface.
  • Legal obligation — for processing required to comply with applicable law, respond to lawful governmental requests, and fulfill regulatory obligations.
  • Performance of a contract or pre-contractual steps — where processing is necessary to provide a feature or service you have specifically requested.
  • Consent (promotional program data) — for processing of MoveDrop Program registration data (including wallet addresses, social handles, and other information provided at registration) for compliance screening and related purposes, where participants expressly consented to such processing under the MoveDrop Program Terms. Where consent is the applicable basis, you may withdraw it by contacting us as described in Section 16, subject to any overriding legal obligation basis.
  • Legal obligation and legitimate interests (sanctions and compliance screening) — for cross-checking wallet addresses and associated registration data against applicable sanctions lists (including OFAC, UN, EU, and other relevant authorities) and for screening to prevent money laundering, terrorist financing, and other illicit activity, in connection with Foundation programs and initiatives. This processing is necessary to comply with applicable economic sanctions and anti-money laundering obligations and to protect the integrity of Foundation programs.

5. Blockchain Transparency Disclosure

THIS SECTION CONTAINS IMPORTANT DISCLOSURES ABOUT THE NATURE OF BLOCKCHAIN DATA. PLEASE READ CAREFULLY.

5.1 Public and Immutable Nature of Blockchain Data. When you interact with a blockchain protocol through the Services—including by staking, bridging, or executing any on-chain transaction—information such as your public wallet address, transaction amounts, timestamps, and smart contract interactions is recorded on a public blockchain network. This data is:

  • publicly accessible to anyone with internet access,
  • permanently stored on the blockchain,
  • outside the Foundation’s ability to modify, restrict, or delete,
  • generally not capable of deletion, erasure, or modification in response to privacy rights requests, to the extent recorded on-chain; the Foundation has no technical ability to effect such changes.

5.2 Deanonymization Risk. Although blockchain addresses are pseudonymous (not directly tied to a legal name), they are not anonymous. Third parties—including analytics firms, chain analysis companies, regulators, and law enforcement—may be able to correlate your wallet address with your real-world identity through transaction patterns, IP address analysis, exchange records, or other means. The Foundation has no control over such deanonymization activities and is not responsible for them. You should transact on public blockchains with full awareness that your activity is permanently public.

5.3 No Foundation Control Over On-Chain Data. The Foundation does not control, monitor, or have the ability to reverse, alter, or delete on-chain data. Information submitted to a blockchain through the Services is governed by the applicable protocol, not by this Policy.

6. Non-Custodial Architecture

The Services are designed and operated on a non-custodial basis:

  • The Foundation does not custody, hold, control, or safeguard your digital assets at any time.
  • The Foundation does not have access to your private keys, seed phrases, or wallet credentials.
  • The Foundation cannot initiate, authorize, reverse, cancel, or otherwise control blockchain transactions on your behalf.
  • The Foundation does not act as a custodian, broker, dealer, exchange, investment adviser, or money transmitter.

Because we do not hold your assets or credentials, the privacy implications of our Services differ materially from those of custodial exchanges or financial institutions. Our data collection is limited to public, pseudonymous wallet address data and technical usage information as described in this Policy.

7. Sharing and Disclosure of Information

We do not sell your personal information. We do not share personal information with third parties for their own marketing or advertising purposes. We may share information in the following limited circumstances:

7.1 Service Providers. We share data with third-party service providers who process data on our behalf, including analytics providers, error monitoring providers, and infrastructure or hosting partners. We take commercially reasonable steps to ensure these providers process data only as necessary to provide services to us, including through appropriate contractual arrangements where required by applicable law.

7.2 Legal Disclosures. We may disclose information if required to do so by applicable law, regulation, court order, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, protect the safety of users, investigate fraud or security incidents, or respond to a lawful request by public authorities.

7.3 Business Transfers. If the Foundation undergoes a merger, acquisition, restructuring, or sale of assets, information we hold may be transferred as part of that transaction. We will provide notice of any such transfer and any material resulting changes to data practices in accordance with applicable law.

7.4 Aggregated or De-Identified Data. We may share aggregated or de-identified data (from which individual identity cannot reasonably be determined) with third parties for research, analytics, or industry purposes. Such data is not personal information.

8. Third-Party Services

The Services interact with a number of independent third-party services, including wallet providers, analytics providers, bridge infrastructure providers, support tools, and other service providers. These third parties operate under their own terms and privacy policies, over which the Foundation has no control. The Foundation makes no representation, warranty, or guarantee regarding the privacy or security practices of any third party, and references to or integration with any third-party service do not constitute endorsement or approval of that party’s data practices.

Your use of any third-party service is at your own risk and is subject to that party’s terms and privacy practices. The Foundation is not responsible for the data practices of any third party.

9. Cookies and Analytics

9.1 Use of Cookies and Similar Technologies. We and our analytics providers use cookies and similar tracking technologies to collect technical usage data about how users interact with the Services. These technologies may include browser cookies, pixel tags, and local storage.

9.2 What We Collect. Via cookies and analytics technologies, we may collect: approximate geographic location derived from anonymized IP address data (at approximately city or region level); device and browser type; pages visited and session duration; referral sources; and navigation behavior within the Services.

9.3 Consent. Where required by applicable law—including the GDPR, UK GDPR, the Swiss Federal Act on Data Protection (nFADP), and similar applicable laws—we will obtain your consent before placing non-essential cookies. You may withdraw consent or manage cookie preferences at any time through your browser settings. Instructions for managing cookies in common browsers are available from the respective browser providers. Note that disabling certain cookies may affect some features of the Services.

9.4 Analytics Opt-Out. You may opt out of certain analytics data collection by configuring your browser to reject cookies or by using browser-level opt-out tools provided by your analytics provider via their respective privacy documentation.

10. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy or as required by applicable law. In practice:

  • Website analytics data is retained in accordance with our analytics provider’s data retention settings, which we configure to the minimum period reasonably necessary for analytics purposes.
  • Protocol analytics data (including public wallet addresses stored in our analytics infrastructure) is retained for the period reasonably necessary for protocol operations, security, and service improvement purposes.
  • Promotional program and sanctions screening data (including MoveDrop registration data such as wallet addresses, social handles, and where provided, name and email) is retained for as long as necessary to fulfill the purposes for which it was collected, including ongoing compliance screening obligations. Data used for sanctions screening and AML compliance purposes may be retained for extended periods as required or permitted by applicable law and regulatory guidance.
  • Error monitoring data is retained for the period reasonably necessary to investigate and resolve technical issues, after which it is deleted or anonymized.
  • Support communications are retained for the period necessary to resolve your inquiry and comply with applicable legal obligations.
  • Legal compliance records may be retained for longer periods as required by applicable law, regulatory requirements, or legal proceedings.

Blockchain exception: Data recorded on a public blockchain is immutable and permanent. The Foundation cannot delete or alter on-chain data, regardless of any retention period or data subject request.

11. International Data Transfers

The Foundation is a Cayman Islands entity. Our service providers and infrastructure partners operate in various jurisdictions, including the United States and elsewhere globally. As a result, personal data we collect may be transferred to, stored in, or processed in countries other than your country of residence, including countries that may not provide the same level of data protection as your home jurisdiction.

Where we transfer personal data originating from the European Economic Area (EEA), United Kingdom, or Switzerland to third countries, we rely on, or will rely on, appropriate safeguards as required by applicable law. These may include Standard Contractual Clauses approved by the European Commission or the UK Information Commissioner’s Office, adequacy decisions, or other lawful transfer mechanisms. You may request further information about our transfer mechanisms by contacting us as described in Section 16.

12. Your Privacy Rights

Depending on your jurisdiction, you may have certain rights with respect to personal data we hold about you. These rights may include:

  • Access. The right to request confirmation of whether we process personal data about you and to obtain a copy of that data.
  • Correction. The right to request correction of inaccurate or incomplete personal data.
  • Deletion / Erasure. The right to request deletion of personal data we hold about you, subject to applicable legal exceptions.
  • Restriction. The right to request that we restrict processing of your personal data in certain circumstances.
  • Portability. The right to receive personal data you have provided to us in a structured, commonly used, machine-readable format.
  • Objection. The right to object to processing of your personal data where we rely on legitimate interests as our legal basis.
  • Withdrawal of Consent. Where processing is based on your consent, the right to withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
  • California Rights (CPRA / CCPA). If you are a California resident, you have additional rights under the California Privacy Rights Act, including the right to know, delete, correct, limit use of sensitive personal information, and other rights provided under applicable state law. We do not sell personal information. We do not share personal information for cross-context behavioral advertising purposes as defined under the CPRA. Our analytics tools are configured to restrict use of data for advertising purposes to the extent technically available.
  • Other Applicable State Rights. Residents of other U.S. states with comprehensive privacy laws may have similar rights under applicable law. Please contact us to submit a request.

Data Controller. For the purposes of the EU General Data Protection Regulation (GDPR) and UK GDPR, the Foundation is the data controller of personal data processed through the Services, except where third-party services independently determine the purposes and means of processing as separate data controllers.

Important limitation: The rights described above apply only to off-chain personal data held by the Foundation. We are not technically able to fulfill deletion, correction, or restriction requests with respect to data recorded on a public blockchain, as that data is immutable and outside our control. Additionally, because wallet addresses are pseudonymous and not linked to your offline identity in our systems, we may not be able to fulfill certain rights requests related to wallet address data without additional verification information.

To exercise any of these rights, please contact us as described in Section 16. We will respond to verified requests within the timeframes required by applicable law. We may ask you to verify your identity before processing a request. We will not discriminate against you for exercising your privacy rights.

13. Security

We implement commercially reasonable technical and organizational measures designed to protect information against unauthorized access, disclosure, alteration, or destruction, including encrypted data transmission, access controls for internal systems, and the use of reputable third-party infrastructure providers with their own security programs.

However, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security. You are responsible for maintaining the security of your own devices, wallets, private keys, and credentials. If you believe your information has been compromised in connection with the Services, please contact us immediately at legal@moveindustries.xyz.

14. Children’s Privacy

The Services are not directed at children under the age of 18, and we do not knowingly collect personal information from anyone under 18. If you are under 18, please do not use the Services or provide any information through the Services. If we learn that we have collected personal information from a child under 18 without verifiable parental consent, we will take steps to delete that information. If you believe a child under 18 has provided us with personal information, please contact us as described in Section 16.

15. Changes to This Policy

We may update this Policy from time to time to reflect changes in our data practices, applicable law, or the Services. When we make material changes, we will update the “Last Updated” date at the top of this Policy and, where appropriate, provide additional notice (such as a banner or notification on the Services). Your continued use of the Services after a revised Policy is posted constitutes your acceptance of the updated Policy. If you do not agree to the updated Policy, you must stop using the Services.

16. Contact Us

If you have any questions, concerns, or requests regarding this Policy or our data practices, please contact us:

Movement Network Foundation
Attn: Privacy
1950 University Ave, Ste 506
East Palo Alto, CA 94303
Email: legal@moveindustries.xyz

For data subject requests under the GDPR, UK GDPR, CPRA, or other applicable privacy laws, please include “Privacy Request” in the subject line along with your jurisdiction of residence. We will endeavor to respond within the timeframe required by applicable law.

GDPR Article 27 — EU Representative. We are monitoring our data processing activities and applicable obligations under GDPR Article 27. To the extent required by applicable law, we will designate an EU or UK representative and update this Policy accordingly.

© 2026 Movement Network Foundation. All rights reserved.