# Privacy Policy - Public Beta Version ## Introduction At Timpi International Ltd ("we," "us," or "our"), your privacy is a priority. This Privacy Policy explains how we collect, use, store, and share your information when you use our search engine and related services (collectively, the "Service"). It also outlines your rights under applicable laws. This policy applies to all users of the Service globally and is intended to comply with the New Zealand Privacy Act 2020, the General Data Protection Regulation (GDPR) for users in the European Economic Area, the UK GDPR for users in the United Kingdom, and the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) for California residents. By accessing or using the Service, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree, please refrain from using the Service. ## Information We Collect We collect information in the following ways: ### When You Visit Our Website • IP Address: We may store your IP address temporarily to detect malicious activity and to determine a rough geographic location. IP addresses are not linked to individual user profiles. • Search Queries: Search queries are stored in anonymous form only. They are not combined with, or linked to, any user-identifiable information, profile, or session. See Section 5 for details on how we use and retain search queries. • Server Log Data: Our servers automatically record information including server log data, crash reports, system activity, request dates and times, and referring/exit pages. ### While Your Session is Active (Not Stored) • Language Detection: We detect your browser's language to provide localised services. This is not stored beyond your session. • Web3 Wallet Detection: If a Web3 wallet add-on is installed in your browser, we may detect its presence to enable relevant features. We do not store this information. ### When You Create a Profile Profiles are stored initially on our servers and later transferred to decentralised guardian nodes for enhanced privacy and security. The information collected depends on your account type: • Web3 Users: ◦ Wallet address ◦ Nickname ◦ Email address (if voluntarily provided) • Web2 Users: ◦ Email address ◦ Nickname ## Legal Basis for Processing (GDPR) For users in the European Economic Area (EEA) and United Kingdom, we process your personal data on the following lawful bases under Article 6 of the GDPR: • Legitimate Interests (Article 6(1)(f)): Processing of IP addresses and server log data for fraud detection, security, and service improvement. Processing of anonymous search queries for service improvement and index development. These interests are not overridden by your data protection rights given the anonymous nature of query data. • Contract Performance (Article 6(1)(b)): Processing of profile data (email, nickname, wallet address) necessary to create and maintain your account and provide the Service. • Legal Obligation (Article 6(1)(c)): Disclosure of information where required by applicable law, court order, or regulatory authority. • Consent (Article 6(1)(a)): Where we rely on consent for any specific processing activity (such as optional communications), you may withdraw consent at any time without affecting the lawfulness of prior processing. ## How We Use Your Information We use the information collected for the following purposes: • To provide, maintain, and improve the Service • To personalise user experiences based on location or language preferences • To detect and prevent fraudulent or malicious activities • To improve our search index and result quality using anonymous query data • To comply with legal obligations • To respond to rights requests and support queries ## Search Query Data Search queries submitted through the Service are anonymous. They are not linked to your identity, profile, IP address, or any other identifying information. We do not attempt to re-identify anonymous query data. We retain anonymous search queries indefinitely. The purpose of retaining this data is to improve the quality and relevance of the Service, including improving our search index, understanding usage patterns, and developing new features. Because search queries are not linked to any individual user or profile, they do not constitute personal data for the purposes of the GDPR, the NZ Privacy Act 2020, or the CCPA. Accordingly, rights of access, deletion, or portability do not apply to anonymous query data. We do not sell anonymous query data to third parties. Queries may be shared in aggregate, anonymised form for advertising and service improvement purposes as described in Section 6. ## Data Sharing Practices ### What We Share • Ad Clicks: Information about ad clicks for advertiser reporting. • Geolocation: Location data. • Search Queries: Shared in aggregate, anonymous form only. Not combined with user-identifiable data. • Keywords: Shared for ad targeting purposes in aggregate form. ### What We Do Not Do • We do NOT match sessions across different visits. • We do NOT allow retargeting by advertisers or third parties. • We do NOT share profile data (email address, nickname, wallet address) unless required by law. • We do NOT sell personal data as defined under the CCPA or equivalent legislation. ### Third-Party Service Providers We may share general, non-profiled information with third-party vendors and service providers who help us provide and improve the Service, including providers of: • Data analysis • Payment processing • Customer service • Email delivery • Hosting services • Technical infrastructure • Feedback tools These service providers are authorised to use information only as necessary to provide services to us and are contractually required to protect your information. ### Legal Disclosure We may disclose your information if required to do so by law or in response to valid requests by public authorities, such as a court order or government agency request. We will, where permitted by law, notify you of such requests. ### Business Transfers If Timpi International Ltd is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you via the Service or by email (if provided) prior to your information becoming subject to a different privacy policy. ## Cookies and Similar Technologies We use cookies and similar tracking technologies to operate and improve the Service. The cookies we use include: • Session Cookies: Used to maintain your session while you use the Service. These expire when you close your browser. • Preference Cookies: Used to remember your acknowledgement of the Public Beta notice and your language or regional preferences. These are retained for up to 90 days. • Analytics Cookies: Where analytics tools are used, these help us understand how the Service is being used in aggregate. No personal profiles are created from analytics data. You can control or disable cookies through your browser settings. Disabling certain cookies may affect the functionality of the Service. We do not use cookies for advertising profiling or cross-site tracking. ## Data Retention We retain different types of information for different periods: • IP Addresses: Retained temporarily for fraud detection and security purposes, typically for no longer than 90 days. • Server Log Data: Retained for up to 12 months for security and operational purposes. • Search Queries: Retained indefinitely in anonymous form, not linked to any user or profile. See Section 5. • Profile Data (email, nickname, wallet address): Retained for as long as your account is active, or as necessary to provide the Service. Deleted upon verified account deletion request subject to the limitations described below. • Session Data: Not retained beyond your active session. Additional criteria that may affect retention periods include legal obligations to which we are subject, and whether retention is advisable in light of our legal position such as in regard to applicable statutes of limitations, litigation, or regulatory investigations. Important note regarding decentralised storage: Profile data transferred to decentralised guardian nodes may present technical constraints on deletion. We will make best efforts to action deletion requests across all storage systems. Where full deletion is technically not immediately possible, we will document the limitation and take all available steps to suppress or anonymise the data. ## Data Security We implement appropriate technical and organisational measures to maintain the security of your personal information, including safeguards designed to protect against unauthorised or unlawful processing and against accidental loss, destruction, or damage. However, no method of electronic storage or transmission over the internet is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and relevant regulatory authorities as required by applicable law. ## Your Privacy Rights Depending on your location, you may have rights regarding your personal information. We will respond to all verified rights requests within 30 days of receipt. ### All Users • Access your personal information we hold about you • Correct inaccurate personal information • Request deletion of your personal information • Object to the processing of your personal information • Request restrictions on processing • Data portability (receive your data in a structured, machine-readable format) ### EEA and UK Residents (GDPR / UK GDPR) In addition to the above, you have the right to lodge a complaint with your local supervisory authority. In the EEA this is your national data protection authority. In the UK this is the Information Commissioner's Office (ICO). ### California Residents (CCPA / CPRA) California residents have additional rights including the right to opt out of the sale of personal information. We do not sell personal information as defined under the CCPA. You also have the right to non-discrimination for exercising your privacy rights. ### New Zealand Residents (Privacy Act 2020) New Zealand residents have rights under the Privacy Act 2020 including the right to access personal information held about you and to request correction of that information. You may also make a complaint to the Office of the Privacy Commissioner if you believe we have breached the Information Privacy Principles. ### Limitations on Query Data As set out in Section 5, anonymous search queries are not personal data and are not subject to individual access, deletion, or portability rights. This is because queries are not linked to any identifiable individual. To exercise any of your rights, please contact us at with the subject line "Privacy Rights Request". We may need to verify your identity before processing your request. ## Children's Privacy Our Service is not directed to children under the age of 18, and we do not knowingly collect personal information from anyone under 18. By using the Service, you represent that you are at least 18 years old. If you are a parent or guardian and believe we have collected information from your child, please contact us immediately at . We will take prompt steps to delete any such information. ## International Data Transfers Timpi International Ltd is incorporated in New Zealand. Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that differ from your own jurisdiction. Where we transfer personal data from the EEA or UK to countries not recognised as providing adequate protection, we implement appropriate safeguards including: • Standard contractual clauses approved by the European Commission (where applicable and in place) • Other legally approved transfer mechanisms under applicable data protection law If you would like further information about the safeguards we have in place for international transfers, please contact us at . ## Other Websites and Services Our Service may contain links to other websites and services not operated by us. We are not responsible for the privacy practices of those third-party services and this Privacy Policy does not apply to them. We encourage you to review the privacy policy of every website you visit. ## Changes to This Privacy Policy We may update this Privacy Policy from time to time. When we do, we will update the Effective Date at the top of this document and post the revised policy on this page. For material changes, we will provide prominent notice via the Service. Your continued use of the Service after any changes become effective constitutes your acceptance of the revised policy. If you do not agree to the updated policy, please stop using the Service. ## Contact Us If you have any questions about this Privacy Policy or our data practices, or to exercise any of your privacy rights, please contact us at: Email: Address: Suite 13297, PO Box 106910, Auckland, Auckland City, 1143, New Zealand For EEA/UK users: If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority. For New Zealand users: You may contact the Office of the Privacy Commissioner at [www.privacy.org.nz](http://www.privacy.org.nz). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://timpi.gitbook.io/timpi-policy-documentation/policy-documents/privacy-policy-public-beta-version.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.