Solomon Labs — Privacy Policy

Last updated: 15 July 2026


1. Scope and responsible Operator

This Privacy Policy explains how Genesee Holdings Corporation, a company incorporated under the laws of the Republic of Panama (the “Operator”, “we”, “us”, or “our”), processes personal data in connection with the public-facing main website located at solomonlabs.org (the “Main Website”).

Key points:

  • The Operator is the person responsible for determining the purposes and means of personal-data processing covered by this Policy.
  • This Policy applies only to the Main Website. APIs, subdomains, applications, dashboards, documentation sites, restricted areas, programs, issuer arrangements, and other separately identified properties may have different operators, providers, counterparties, and privacy notices.
  • The Main Website is non-custodial. We do not need, request, or take custody of your private keys, seed phrases, signing credentials, or digital assets.
  • Public blockchain information may be visible permanently and is not controlled by the Operator.
  • We do not sell or rent personal data.

This Policy is intended to provide an accessible privacy notice under Panama Law 81 of 2019 on Personal Data Protection and Executive Decree 285 of 2021. It is a notice, not a request for consent. Where consent is required for a particular processing activity, the Operator will request it separately through a clear control, notice, or other affirmative mechanism.

This Policy applies to personal data processed by the Operator through the Main Website, except for any page, section, flow, feature, or property that expressly identifies a different or additional privacy notice, controller, operator, provider, or counterparty.

This Policy does not automatically apply to an API or API endpoint, SDK, developer service, subdomain, application, dashboard, portal, documentation site, restricted-access area, rewards or allocation program, redemption arrangement, issuer service, wallet service, implementation, venue, product, or other service, even where it:

Each such property or service is a “Separate Property.” A Separate Property may be operated by a different legal person and may collect or use information for different purposes under its own privacy notice. The notice presented on or for that Separate Property controls in relation to it.

“Solomon Labs” is a brand term only and is not a legal entity. Ownership, authorship, publication, or licensing of intellectual property referenced by the Main Website does not, without an actual data-processing role, make an intellectual-property owner or licensor the controller, custodian, processor, recipient, or operator of personal data covered by this Policy.

Service providers that process personal data only on the Operator’s instructions may act as custodians of databases or processors. A third party that determines its own purposes and means of processing acts independently and is responsible for its own privacy practices.

2. Personal data we process

“Personal data” means information concerning a natural person that identifies that person or makes that person identifiable.

The categories below apply only when the relevant feature is used or the relevant data is generated.

2.1 Information you provide

We may process:

2.2 Technical, device, and usage information

When you access the Main Website, we or our service providers may process:

2.3 Wallet and blockchain-interaction information

If you connect a wallet or use an interface feature, we may process:

We do not need or request your private keys, seed phrase, recovery phrase, signing credentials, or custody of your assets. You must never send those credentials to us.

A wallet address or public blockchain record may constitute personal data where it identifies or can reasonably be linked to a natural person.

2.4 Cookies and similar technologies

The Main Website may use cookies, local storage, pixels, or similar technologies for:

Further details are set out in Section 5.

2.5 Information received from third parties

We may receive limited information from:

2.6 Information not intended for the Main Website

The Main Website is not intended to collect government identity documents, biometric information, health information, financial-account credentials, or other sensitive personal data.

Do not submit such information through the Main Website unless a specific flow expressly requests it and presents an applicable privacy notice. A Separate Property may collect additional information under separate terms and a separate privacy notice.

3. Purposes and conditions of lawfulness

We process personal data only for identified purposes and under a condition of lawfulness permitted by applicable law. The applicable condition depends on the context.

Purpose Personal data commonly involved Condition of lawfulness commonly relied upon
Deliver, maintain, and troubleshoot the Main Website Technical, device, request, session, and diagnostic information Performance of the relationship with the user; legitimate interests in providing a reliable website
Enable wallet-connection and transaction-preparation features Public wallet address, network, transaction parameters, signatures, and interface telemetry Performance of the user-requested functionality; legitimate interests in operating and securing the interface
Protect the Main Website, users, and infrastructure IP address, security events, anti-bot signals, access-control information, and logs Legitimate interests in security, fraud and abuse prevention, and enforcement of the Terms; legal obligation where applicable
Respond to support, feedback, legal notices, and privacy requests Contact details, communications, request-verification information Steps taken at your request; performance of the relationship; legal obligation; legitimate interests in responding and keeping appropriate records
Apply geolocation, sanctions, wallet-risk, fraud, abuse, rate-limiting, and access controls IP-derived location, public wallet address, wallet-risk signals, device, connection, security, and access-control information Legitimate interests in protecting, restricting, and administering access; compliance with legal obligations and establishment, exercise, or defence of legal rights where applicable
Measure and improve use of the Main Website Usage events, device and session information Consent for optional non-essential analytics where required; legitimate interests in limited measurement and improvement where permitted by applicable law and balanced against user rights
Send optional marketing or publication updates Email address and subscription preferences Prior, informed, unequivocal, and traceable consent
Comply with law and protect legal rights Relevant account, communication, technical, security, or transaction information Legal obligation; legitimate interests in establishing, exercising, or defending legal rights
Complete a corporate reorganisation or transfer of the Main Website business Relevant records reasonably necessary for the transaction Legitimate interests, contractual necessity, legal obligation, or consent, as applicable, subject to confidentiality and transfer safeguards

Where we rely on consent, consent may be revoked prospectively through the relevant control or by contacting us. Revocation does not invalidate processing lawfully completed before the revocation.

Where we rely on legitimate interests, those interests are assessed against the rights and interests of affected persons. We do not rely on a legitimate interest where those rights and interests override the proposed processing under applicable law.

4. Public blockchains and third-party systems

Blockchain networks are generally public or publicly observable systems. Wallet addresses, transaction signatures, transaction contents, balances, smart-contract interactions, timestamps, and related information may be visible permanently to anyone.

The Operator does not control and generally cannot alter, suppress, or delete information recorded on a public blockchain. A request to delete or correct information held by the Operator applies to the Operator’s off-chain records and does not require the Operator to alter an independent public ledger.

The Main Website may communicate with or link to independent wallets, wallet extensions, blockchain networks, smart contracts, RPC providers, validators, indexers, analytics services, and other third-party systems. Those third parties may process information under their own privacy notices. A link, integration, or technical communication does not make the Operator responsible for a third party’s independent processing or make that third party subject to this Policy.

5. Cookies, local storage, and analytics controls

5.1 Essential technologies

We may use technologies that are reasonably necessary to:

Blocking essential technologies may prevent the Main Website from functioning correctly.

5.2 Optional analytics or similar technologies

Optional analytics or similar non-essential technologies will be controlled through a consent or preference mechanism where required. You may withdraw a prior choice through the available control or by clearing stored site data in your browser.

The Main Website uses cookies, local storage, and analytics technologies for the purposes described in this Policy. Non-essential technologies are controlled through an applicable consent or preference mechanism where required.

5.3 Browser signals

Browser-level privacy signals do not have a single universally accepted technical meaning. We will respond to a legally recognised signal where applicable law requires it and the Main Website can reasonably detect and implement it. The Main Website’s own cookie or privacy control remains the primary mechanism for recording site-specific choices.

6. How we disclose personal data

We may disclose personal data only as reasonably necessary for the purposes described in this Policy, including to:

A service provider acting only on the Operator’s instructions is required to process personal data for the authorised service and to apply appropriate confidentiality and security measures.

We do not sell or rent personal data.

We do not disclose personal data to an intellectual-property owner or licensor merely because the Main Website uses or references that person’s intellectual property. Any such disclosure would require an actual purpose, a lawful basis, and disclosure under this Policy or another applicable notice.

7. International and cross-border processing

The Operator and its service providers may process personal data in Panama and in other countries where infrastructure or service providers operate.

Where personal data is transferred or made accessible outside Panama, the Operator will use a condition and safeguards permitted by applicable law. Depending on the circumstances, these may include:

The Operator will maintain records of covered transfers as required. You may request further information about the categories of recipient, destination, and safeguards applicable to your personal data by contacting us.

8. Retention

We retain personal data only for the period reasonably necessary for the purpose for which it was processed, taking into account legal, security, operational, evidentiary, and dispute-resolution requirements.

The following retention criteria generally apply:

Where a fixed period cannot reasonably be stated, the criteria above determine the retention period. Data that is no longer required is deleted, anonymised, or placed beyond ordinary use, subject to lawful backup and archival cycles.

Public blockchain records are maintained by independent networks and are not subject to the Operator’s retention controls.

9. Security and incident response

We use reasonable technical and organisational measures designed to protect the confidentiality, integrity, availability, and resilience of personal data and the systems used to process it. Measures are selected having regard to the nature, scope, context, purposes, and risks of the processing.

No system is completely secure. You are responsible for maintaining the security of your wallet, device, private keys, seed phrase, signing credentials, and account credentials used with independent services.

If we become aware of a personal-data security incident, we will investigate, contain, document, and mitigate it. We will notify the competent authority and affected persons where and within the period required by applicable law.

10. Automated security and access controls

The Main Website may use automated rules for security, geolocation, sanctions or access screening, fraud and abuse prevention, rate limiting, anti-bot controls, and enforcement of published restrictions. These rules may restrict, challenge, or block a request or session.

The Main Website does not use personal data collected under this Policy to make a solely automated decision concerning entitlement to an independently offered financial product or service unless a specific feature expressly states otherwise and provides an applicable notice.

Where applicable law gives you a right concerning an automated decision, you may contact us to request information or appropriate review, subject to security and legal restrictions.

11. Your rights and choices

Subject to applicable law and lawful exceptions, you may have rights to:

These rights are not waived or restricted by the Terms of Use or another agreement where applicable law makes them non-waivable.

To exercise a right, contact privacy@solomonlabs.org and describe the request. We may request information reasonably necessary to verify your identity, authority, and connection to the data. We may deny, limit, or defer a request only where applicable law permits or requires it, and will provide an explanation where required.

Rights concerning information held by the Operator apply to the Operator’s off-chain records. The Operator cannot alter an independent public blockchain or require an independent third party to alter its own records.

You may also submit a complaint to the Autoridad Nacional de Transparencia y Acceso a la Información (ANTAI) through its official channels if you believe your rights under Panama data-protection law have been infringed.

12. Marketing choices

Where you have opted to receive marketing or publication updates, you may unsubscribe using the link in the message or by contacting us. We may continue to send non-marketing communications reasonably necessary to respond to your request, administer a relationship you initiated, give legal or security notices, or honour an unsubscribe or privacy choice.

13. Children

The Main Website is not directed to persons under 18 years of age. Do not submit personal data through the Main Website if you are under 18. If we learn that personal data was collected from a person under 18 in circumstances requiring deletion or other action, we will take appropriate steps.

14. Changes to this Policy

We may update this Policy to reflect changes in the Main Website, processing activities, service providers, security practices, or applicable law. The updated version will state its effective date.

Where a change is material, we may provide a prominent notice on the Main Website or use another appropriate means of notice. Where the change requires new consent, we will request that consent separately. Continued use of the Main Website does not by itself constitute consent to a new processing activity where applicable law requires affirmative consent.

15. Relationship with other laws and notices

This Policy does not voluntarily adopt or incorporate the privacy regime of another jurisdiction merely because the Main Website is technically accessible there. If another privacy law applies to particular processing by its own mandatory terms, the Operator will comply with that law to the extent required.

A more specific privacy notice presented for a particular feature or Separate Property controls for that feature or Separate Property to the extent of any inconsistency.

16. Contact

Controller / responsible Operator: Genesee Holdings Corporation
Privacy email: privacy@solomonlabs.org
Legal-notice email: notices@solomonlabs.org


This Policy should be read together with the Terms of Use applicable to the Main Website.