This Privacy Policy describes how Prometeo Chain System KZ Ltd ("we", "us", "the Company") collects, uses, stores, and protects personal data when you use the Savitri Network website, browser extension, mobile application, and associated services (collectively, the "Services"). By accessing or using our Services, you acknowledge that you have read, understood, and agree to the practices described herein.
This Policy applies to all users of the Savitri Network website (savitrinetwork.com), the Savitri Wallet browser extension, the Savitri Network mobile application, and any related services operated by Prometeo Chain System KZ Ltd.
Where applicable, we process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Republic of Kazakhstan Law on Personal Data and Their Protection (Law No. 94-V), and other applicable data protection legislation. The legal bases for processing are: (a) performance of a contract or pre-contractual measures; (b) compliance with legal obligations; (c) our legitimate interests in operating and improving the Services; and (d) your consent, where specifically obtained.
2.1 β Website (savitrinetwork.com)
When you visit our website, we automatically collect the following data through server logs and analytics tools:
| Category | Legal basis | Retention |
|---|---|---|
| IP address | Legitimate interest (security, fraud prevention) | 30 days |
| Pages visited, session duration | Legitimate interest (service improvement) | Aggregated and anonymized |
| Browser type, operating system, device type | Legitimate interest (compatibility) | Aggregated and anonymized |
| Referral source | Legitimate interest (marketing analysis) | Aggregated and anonymized |
2.2 β Data we do not collect through the website
2.3 β Newsletter
If you voluntarily subscribe to our newsletter, we collect your email address and subscription date solely for the purpose of delivering the newsletter. Your email address is not shared with, sold to, or disclosed to any third party. You may unsubscribe at any time via the link included in each communication.
2.4 β Direct communications
If you contact us by email or other means, we process only the personal data you voluntarily include in your communication, for the sole purpose of responding to your inquiry.
We process personal data strictly for the following purposes:
We maintain the following binding commitments regarding your personal data:
We may disclose personal data only: (a) to comply with a valid legal obligation, court order, or regulatory request; (b) to protect the rights, safety, or property of the Company, our users, or the public; or (c) to third-party service providers acting strictly as data processors under our instructions, subject to appropriate contractual safeguards.
Strictly necessary cookies
These cookies are essential for the website to function correctly and include storage of user preferences such as language and theme. Pursuant to applicable law, these cookies do not require user consent as they are necessary for the provision of the service.
Analytics cookies
We use analytics cookies to collect aggregated, non-personally-identifiable usage data. These cookies are placed only with your prior consent, which you may grant or decline upon your first visit. You may withdraw consent at any time by clearing your browser cookies.
Third-party cookies
We do not deploy third-party tracking cookies, advertising pixels, or cross-site tracking technologies. Should this change in the future, this Policy will be updated and users will be notified at least thirty (30) days in advance.
If you operate a Savitri Network node, certain data is inherently public as a function of the decentralized protocol architecture:
The Company does not collect, store, or process node operator data beyond what is inherently required by the public protocol. The Company has no ability to modify, delete, or restrict access to data recorded on the blockchain.
The Savitri Wallet browser extension is a non-custodial wallet. All cryptographic material and user data is processed and stored exclusively on your local device. The Company does not have access to your vault, private keys, mnemonic phrases, or passwords at any time.
7.1 β Data stored locally on your device
| Data category | Encryption method | Purpose |
|---|---|---|
| Mnemonic phrase and private keys | AES-256-GCM with PBKDF2 key derivation (600,000 iterations, SHA-256) | Wallet creation and transaction signing |
| Wallet addresses and public keys | Encrypted vault (chrome.storage.local) | Account identification and management |
| Transaction history | chrome.storage.local | User activity log and reference |
| User preferences | chrome.storage.local | Language, display theme, currency, auto-lock timeout |
| Connected dApp permissions | chrome.storage.local | Authorization management for connected websites |
| WebAuthn credential identifier | chrome.storage.local | Optional two-factor authentication (biometric data remains on hardware) |
7.2 β Third-party services accessed by the extension
In the course of providing wallet functionality, the extension communicates with the following third-party services. These communications are initiated only by user action and are necessary for the requested operation:
| Service provider | Data transmitted | Purpose |
|---|---|---|
| Blockchain RPC providers (Savitri, Ethereum, Bitcoin, Solana, and supported networks) | Wallet addresses, signed transactions | Balance queries, transaction broadcasting, network state |
| CoinGecko API | Token identifiers only (no wallet addresses) | Real-time price data |
| 0x Protocol | Wallet address, token addresses, trade parameters | Decentralized token swap quotes and execution |
| Li.Fi Protocol | Wallet address, source/destination chain, token addresses | Cross-chain bridge quotes and execution |
| WalletConnect (Web3Modal) | Wallet addresses, session metadata | Decentralized application connectivity |
Each third-party service is governed by its own privacy policy. We encourage you to review the privacy practices of these providers. The Company is not responsible for the data handling practices of third-party RPC providers or protocol services.
7.3 β Data the extension does not collect or transmit
7.4 β Browser permissions
The extension requests the following browser permissions, each limited to the minimum scope required for its stated function:
7.5 β Data deletion
You may delete your vault, individual accounts, transaction history, connected dApp permissions, and custom token configurations at any time through the extension interface. Uninstalling the extension permanently removes all locally stored data. This action is irreversible.
The Savitri Network mobile application is a non-custodial wallet and incentivized testnet participation hub. All cryptographic material is stored exclusively on your device using platform-native secure storage. The Company does not have access to your private keys, mnemonic phrases, or PIN at any time.
8.1 β Data stored locally on your device
| Data category | Storage mechanism | Purpose |
|---|---|---|
| Private keys and mnemonic phrases | iOS Keychain (Secure Enclave) / Android Keystore (AES-256-GCM, hardware-backed) | Wallet access and transaction signing |
| App-lock PIN | PBKDF2-SHA256 hash in secure storage | Local device authentication |
| Transaction history and account balances | Encrypted SQLite database (256-bit key) | Offline access and transaction reference |
| Game progress, achievements, and narrative state | Encrypted SQLite database | KAIROS interactive experience |
| Peer cache and network metrics | Encrypted SQLite database | P2P node connectivity optimization |
| User preferences and settings | SharedPreferences / UserDefaults | Language, node mode, display currency, notification preferences |
8.2 β Network communications
The application communicates with the following services in the course of providing its functionality. All communications containing wallet addresses include cryptographic signatures for authentication:
| Service | Data transmitted | Purpose |
|---|---|---|
| Savitri Network RPC and WebSocket endpoints | Wallet address, signed transactions, Proof-of-Uptime attestations | Blockchain interaction, consensus participation, and node operation |
| Savitri Game API | Wallet address, game state, narrative progress, achievement data | KAIROS experience synchronization and leaderboard functionality |
| P2P gossipsub network | Peer ID, block headers, transaction propagation data | Decentralized network participation and block validation |
| Binance Smart Chain (BSC) RPC | BSC wallet address, token balance queries | Cross-chain token verification and multiplier calculation |
| 0x Protocol / Li.Fi / THORChain | Wallet address, swap and bridge parameters | Decentralized token swaps and cross-chain bridge operations |
| WalletConnect | Wallet addresses, session pairing data | External wallet connectivity (e.g., BSC address linking) |
| Google AdMob | Standard SDK advertising data (device identifiers per Google's policy) | Optional rewarded video advertisements for in-game boosts. Users may disable this feature in settings. |
8.3 β Device permissions
The application requests the following device permissions. Each permission is used solely for its stated purpose and may be revoked at any time through your device settings:
| Permission | Purpose and justification |
|---|---|
| Camera | QR code scanning for WalletConnect pairing and payment address input. No images are stored or transmitted. |
| Biometric authentication (fingerprint / facial recognition) | Optional application unlock. Biometric data is processed entirely by your device's operating system (iOS Secure Enclave / Android BiometricPrompt) and is never accessed, stored, or transmitted by the application. |
| Internet and network state | Blockchain connectivity, API communications, and peer-to-peer network participation. |
| Push notifications | Narrative event alerts and network status notifications. Configurable in application settings. |
| Background processing | Maintaining node uptime metrics and synchronizing blockchain data. |
| Wake lock and boot completed | Optional: keeping the P2P node active and auto-starting the node service on device reboot. |
8.4 β Device metrics
The application monitors the following device metrics locally to optimize node performance. This data is not transmitted to our servers unless expressly stated:
8.5 β In-app purchases
In-app purchases (including AURA packs) are processed exclusively through Apple Pay, Google Pay, or Stripe. All payment processing is handled by these third-party providers under their respective privacy policies. The Company does not receive, store, or have access to your payment card details, banking credentials, or billing address.
8.6 β Data the mobile application does not collect
8.7 β Data deletion
You may delete all cryptographic material and the local database at any time through the application settings. Uninstalling the application permanently removes all locally stored data. Game progress and narrative state that has been synchronized with our backend servers may be erased upon written request to [email protected]. Such requests will be processed within thirty (30) days.
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:
No method of electronic storage or transmission is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security.
Subject to applicable law, including the GDPR (where applicable) and the data protection laws of the Republic of Kazakhstan, you have the following rights with respect to your personal data:
To exercise any of these rights, please submit a written request to: [email protected]
We will respond to all verified requests within thirty (30) days of receipt. If we require additional time, we will notify you of the extension and the reasons for the delay.
If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the competent supervisory authority in your jurisdiction.
The Company is established in the Republic of Kazakhstan. If you access the Services from outside Kazakhstan, your personal data may be transferred to and processed in Kazakhstan and in the jurisdictions where our infrastructure providers operate. Where such transfers occur, we ensure that appropriate safeguards are in place, including standard contractual clauses or other mechanisms recognized by applicable law, to protect your personal data in accordance with this Policy.
Our Services are not directed to individuals under the age of eighteen (18). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child under 18, we will take reasonable steps to delete such data promptly. If you believe that a child under 18 has provided us with personal data, please contact us at [email protected].
We reserve the right to update or modify this Privacy Policy at any time. Material changes will be communicated by posting the revised Policy on our website with an updated effective date. For significant changes that affect the scope of data collection or sharing, we will provide at least thirty (30) days' prior notice. Your continued use of the Services after the effective date of a revised Policy constitutes acceptance of the updated terms.
Data controller
Prometeo Chain System KZ Ltd
Republic of Kazakhstan
[email protected]
Data protection inquiries
For all privacy-related inquiries, data subject access requests, or to exercise your rights under applicable data protection law:
[email protected]
Security incidents and data breach reports
To report a security vulnerability or suspected data breach:
[email protected]