Privacy Policy

1. Introduction: Your Privacy is Foundational

Welcome to Banza. Banza is a product of Hailstone Software Development Ltd. ("Hailstone," "we," "our," "us"), the registered entity responsible for operating the Banza app and associated services. At Hailstone, your privacy isn't just a feature; it's the foundation of everything we do. We are committed to empowering you to securely control, integrate, and benefit from your personal digital footprint. This Privacy Policy outlines how we handle your information with transparency and respect, leveraging advanced privacy-enhancing technologies like zero-knowledge proofs (including zkTLS for data attestation) and secure computation environments.

This policy explains how information is managed when you use our mobile application ("App") and associated services. By using our App, you agree to the practices described in this policy. For the purposes of applicable data protection laws, the data controller of your information is Hailstone Software Development Ltd.

2. Information Under Your Control

Banza is designed so that you, the user, are in control of your data. We facilitate the secure integration and management of your information, rather than collecting it directly without your explicit action.

• User-Attested Data: Banza enables you to self-attest data from various third-party applications and sources you use (e.g., media consumption activity, wellness and fitness data, purchase histories, social interactions). This process uses technologies like zkTLS (Zero-Knowledge Transport Layer Security) to allow you to prove facts about your data from these sources in a private, encrypted, and verifiable manner, without revealing the underlying raw data to us or unnecessary parties.
• Private Data Vault: All attested data and associated cryptographic proofs are stored in private data vaults that are under your direct control. These vaults are maintained using industry best practices for security, with continuous monitoring and regular security audits to ensure the highest level of protection for your information.
• Profile Information: Basic information you provide for account setup and profile personalization (e.g., username, profile picture if chosen).
• Usage Data (Anonymized): We collect anonymized or aggregated data about how you interact with the Banza App itself (e.g., feature usage frequency, performance metrics) to improve the service. This does not include the content of your attested data.
• Contact List (Optional): We may request access to your device's contact list only if you choose to use specific features, such as our referral program. We will clearly ask for your permission before accessing your contacts.
• Unique Identifiers: For veracity and verification purposes, we store certain unique identifiers. Depending on the platform you connect with, this may include your email address. These identifiers help ensure the security and integrity of your data attestations while maintaining privacy protections.

We Do Not Collect: Banza is architected to respect your privacy boundaries. We do not collect, access, or store:

• Login credentials (usernames, passwords) for your third-party accounts.
• The content of your private messages or emails.
• Raw, detailed browsing history or precise, continuous location data.

3. How We Use Information (With Your Control)

Our use of information is centered around providing value back to you while rigorously protecting your privacy. We primarily use processed or anonymized data derived from your self-attested information:

• Powering Your AI Twin: Anonymized and securely processed data helps build and refine your personalized AI Twin, which you can nickname, enabling it to provide relevant insights and proactive assistance based on your integrated digital footprint.
• Personalized Insights, Recommendations & Rewards: We use patterns derived from your controlled data to power our universal recommendation engine and offer personalized insights, suggestions, and potential rewards (e.g., through our tokenized system) based on your preferences and activities, all while preserving privacy.
• Improving AI Models and Services: Aggregated and anonymized data helps us train and improve our core AI models (including the Super Agent and specialized sub-agents) and enhance the features, usability, and performance of the Banza App. This may include generating high-quality synthetic data for developers using our platform, derived from anonymized patterns.
• Enabling Privacy-Preserving Interactions: We facilitate secure and privacy-preserving interactions, such as:
  • Ethical Data Monetization: Allowing you to opt-in to opportunities where anonymized insights from your data can generate value or rewards for you, without selling your raw personal data.
  • Contextual Enhancement for Enterprises: Enabling businesses you interact with (with your permission) to enhance your user profile contextually or utilize private inference and RAG systems for better personalization, using only the necessary, privacy-protected information.
  • Agent-to-Agent Interactions: Facilitating secure communication between AI agents for automated tasks or business processes, based on predefined rules and user permissions.

Secure Processing: Critically, your raw attested data is processed within secure, isolated environments like Trusted Execution Environments (TEEs) whenever computation is needed. Your data is never sold in raw form to any third party.

4. Your Control and Rights

You are always in command of your data within Banza. We are building tools to make managing your privacy intuitive and comprehensive.

• Upcoming Privacy Dashboard: We are developing an in-app Privacy Dashboard which will serve as your central hub for managing your data relationship with Banza. Once launched, it will allow you to easily:
  • View the data sources you have connected and attested.
  • Manage permissions for how insights derived from your data are used (e.g., for personalization, rewards programs, or specific Banza features).
  • Initiate requests for the deletion of your attested data and account directly within the app.
  We are working diligently to bring this feature to you soon.
• Self-Custody Vault Keyrings: Your fundamental control is secured today through cryptography. Your private keys, which grant access to your private data vault, are managed via self-custody vault keyrings (designed to meet standards like FIPS-140). This ensures that you, and only you, hold the ultimate keys to your raw attested data. Hailstone cannot access your raw vault data without your cryptographic approval.
• Managing Your Data Today: While the Privacy Dashboard is under development:
  • Data Deletion: You can request the deletion of your account and associated attested data at any time by contacting us directly through the contact information provided in Section 10 ("Contact Us"). Upon receiving your request, we will take steps to delete your information from our active systems and interact with the private data vault regarding your data. Please note that anonymized or aggregated data used for model improvement may persist as it cannot be linked back to you.
  • Permissions Management: Control over specific data usage permissions will be primarily managed through the Privacy Dashboard once available. In the interim, default permissions necessary for core app functionality (like powering your AI Twin and basic personalization) will apply as described in Section 3. For specific concerns about permissions before the dashboard launch, please reach out to our support team.

We are committed to providing you with robust tools for data control and transparency. The future Privacy Dashboard will significantly enhance your ability to manage your digital footprint within Banza seamlessly.

5. Data Security: A Multi-Layered Approach

Securing your data is paramount. We employ multiple layers of advanced security measures:

• End-to-End Encryption: All data, both in transit and at rest within your vault, is encrypted.
• Zero-Knowledge Proofs (zkP): Technologies like zkTLS are used for secure and private data attestation, proving facts without revealing underlying sensitive information.
• Private Data Vaults: Storing attested data in highly secure, user-controlled private data vaults with continuous monitoring and regular security audits enhances security compared to traditional databases.
• Trusted Execution Environments (TEE): Sensitive computations on data are performed within hardware-secured TEEs, isolating the process from the host system.
• Self-Custody Key Management: Ensuring only you have access to your private keys via secure keyrings.
• Future Enhancements: We are actively researching and plan to integrate technologies like Fully Homomorphic Encryption (FHE) where applicable, which would allow computation on encrypted data without ever decrypting it, further enhancing privacy.

6. Data Sharing and Disclosure

We limit data sharing and prioritize your privacy:

• No Sale of Raw Data: We reiterate: We do not sell your raw personal data.
• Anonymized/Aggregated Data: We may share anonymized or aggregated data (which cannot identify you) with partners, developers (e.g., for synthetic data access), or for research and reporting purposes.
• Service Providers: We may engage trusted third-party service providers to assist with specific operations (e.g., cloud infrastructure for TEEs, analytics for app performance). These providers are bound by strict confidentiality agreements and are only given access to the minimum information necessary to perform their services. They do not have access to your raw, user-controlled vault data.
• Legal Requirements: We may disclose information if required by law, subpoena, or other legal processes, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. We will attempt to notify users about legal demands for their data when appropriate, unless prohibited by law or court order.
• Business Transfers: If Hailstone Software Development Ltd. (the operator of Banza) is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy, and the acquiring entity will be required to uphold the commitments made in this policy.

7. Third-Party Services and Data Sources

When you use Banza to self-attest data from third-party applications or services, your interaction with those services remains governed by their respective privacy policies and terms of service. Banza securely facilitates the attestation process based on your authorization but does not control the data practices of these external services.

8. Children's Privacy

Banza is not intended for use by individuals under the age of 16 (or the relevant age of consent in your jurisdiction). We do not knowingly collect personal information from children. If we learn that we have inadvertently collected personal information from a child under the age of consent, we will take steps to delete that information promptly.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. We will notify you of any material changes by posting the new policy within the App and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically. Your continued use of the App after changes become effective constitutes your acceptance of the revised policy.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: