Privacy Policy
Last updated: April 11, 2026
This Privacy Policy is provided in both English and Traditional Chinese. In the event of any discrepancy or ambiguity between the two versions, the Traditional Chinese version shall prevail.
1. Data Controller
MidnightZK is operated by Xuan Jie Technology Co., Ltd. (hereinafter "the Company"). For any privacy-related inquiries, please contact us at the email address listed in the Contact section below.
2. Personal Data We Collect
2.1 Contact Form
When you submit the contact form on our website, we collect the following information (Category: C001 — Data identifying individuals):
- Name (required)
- Email address (required)
- Company name (optional)
- Subject and message content (required)
- IP address (for security and anti-abuse purposes)
2.2 API Service (Business Clients)
For business clients using our API service, we collect company name, contact email, tax identification number (Category: C102 — Government identifiers), and billing information as part of the service agreement. Client data submitted via the API (data hashes) is processed under a zero-retention architecture — raw payloads are held in memory for a maximum of 300 seconds and physically wiped after processing. Only the cryptographic hash (SHA-256) is stored on the Midnight blockchain.
3. Purpose of Collection
- To respond to your business inquiries and provide customer support
- To provide, maintain, and improve the MidnightZK API service
- To prevent fraud and abuse (bot detection, rate limiting)
- To comply with applicable legal obligations
4. Data Retention
| Data Type | Retention Period |
|---|---|
| Contact form submissions | 90 days from submission, then automatically deleted |
| API client raw payloads | Maximum 300 seconds (zero-retention) |
| On-chain hash (SHA-256) | Permanent (blockchain immutability) |
| Business client account data | Duration of service agreement + 5 years |
5. Blockchain Data and Immutability
Data submitted through our API is cryptographically hashed (SHA-256) before being anchored to the Midnight blockchain. Due to the inherent immutability of blockchain technology, hash values recorded on-chain cannot be modified or deleted. These hash values are irreversible and cannot be used to reconstruct or identify the original data. By using our service, you acknowledge and consent to this characteristic of blockchain-based data anchoring.
6. Data Sharing and Transfer
We do not sell, rent, or trade your personal data. Your data may be shared only in the following circumstances:
6.1 Data Recipients
- The Company and its authorized personnel
- Infrastructure service providers entrusted by the Company (e.g., DigitalOcean)
- Judicial or regulatory authorities when required by law
6.2 Data Regions
- Republic of China (Taiwan) — Company registration and operations
- Singapore — Server infrastructure (DigitalOcean SGP1 data center)
- Global — Midnight blockchain nodes (for on-chain hash anchoring only; hashes are irreversible and non-identifiable)
6.3 Data Sharing Methods
- Encrypted transmission (TLS) for all data in transit
- Blockchain anchoring: Only cryptographic hashes (SHA-256, non-reversible) are written on-chain
7. Your Rights
Under the Taiwan Personal Data Protection Act and applicable laws, you have the following rights regarding your personal data:
- Right to access: Request a copy of the personal data we hold about you
- Right to correction: Request correction of inaccurate or incomplete data
- Right to deletion: Request deletion of your personal data (subject to legal retention requirements)
- Right to cease use: Request that we stop processing your personal data
To exercise any of these rights, please contact us using the information provided below. We will respond within 30 days.
8. Security Measures
We implement industry-standard security measures including: encrypted data transmission (TLS), zero-retention architecture for sensitive payloads, isolated multi-tenant infrastructure, API key authentication with scope-based access control, and regular security audits.
9. Contact Us
If you have any questions or concerns about this Privacy Policy or wish to exercise your data rights, please contact us:
Xuan Jie Technology Co., Ltd.
Email: [email protected]
10. Changes to This Policy
We may update this Privacy Policy from time to time. Any material changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.