Solomon Labs — Privacy Policy
Last updated: 15 July 2026
1. Scope and responsible Operator
This Privacy Policy explains how Genesee Holdings Corporation, a company incorporated under the laws of the Republic of Panama (the “Operator”, “we”, “us”, or “our”), processes personal data in connection with the public-facing main website located at solomonlabs.org (the “Main Website”).
Key points:
- The Operator is the person responsible for determining the purposes and means of personal-data processing covered by this Policy.
- This Policy applies only to the Main Website. APIs, subdomains, applications, dashboards, documentation sites, restricted areas, programs, issuer arrangements, and other separately identified properties may have different operators, providers, counterparties, and privacy notices.
- The Main Website is non-custodial. We do not need, request, or take custody of your private keys, seed phrases, signing credentials, or digital assets.
- Public blockchain information may be visible permanently and is not controlled by the Operator.
- We do not sell or rent personal data.
This Policy is intended to provide an accessible privacy notice under Panama Law 81 of 2019 on Personal Data Protection and Executive Decree 285 of 2021. It is a notice, not a request for consent. Where consent is required for a particular processing activity, the Operator will request it separately through a clear control, notice, or other affirmative mechanism.
This Policy applies to personal data processed by the Operator through the Main Website, except for any page, section, flow, feature, or property that expressly identifies a different or additional privacy notice, controller, operator, provider, or counterparty.
This Policy does not automatically apply to an API or API endpoint, SDK, developer service, subdomain, application, dashboard, portal, documentation site, restricted-access area, rewards or allocation program, redemption arrangement, issuer service, wallet service, implementation, venue, product, or other service, even where it:
- is linked from the Main Website;
- uses related branding or intellectual property;
- shares technical infrastructure;
- is accessible through the same root domain; or
- can be reached using the same wallet, account, or browser session.
Each such property or service is a “Separate Property.” A Separate Property may be operated by a different legal person and may collect or use information for different purposes under its own privacy notice. The notice presented on or for that Separate Property controls in relation to it.
“Solomon Labs” is a brand term only and is not a legal entity. Ownership, authorship, publication, or licensing of intellectual property referenced by the Main Website does not, without an actual data-processing role, make an intellectual-property owner or licensor the controller, custodian, processor, recipient, or operator of personal data covered by this Policy.
Service providers that process personal data only on the Operator’s instructions may act as custodians of databases or processors. A third party that determines its own purposes and means of processing acts independently and is responsible for its own privacy practices.
2. Personal data we process
“Personal data” means information concerning a natural person that identifies that person or makes that person identifiable.
The categories below apply only when the relevant feature is used or the relevant data is generated.
2.1 Information you provide
We may process:
- your name, email address, or other contact details when you contact us, request support, join a mailing list, or submit feedback;
- the content of messages, support requests, reports, and other communications you send to us;
- preferences or choices you submit through the Main Website; and
- information reasonably necessary to verify and respond to a privacy-rights request.
2.2 Technical, device, and usage information
When you access the Main Website, we or our service providers may process:
- IP address;
- browser, operating-system, and device information;
- request timestamps, pages or resources requested, referring URLs, and response status;
- approximate location derived from IP address;
- session, local-storage, or cookie identifiers;
- network, performance, diagnostic, crash, and availability information; and
- security, anti-bot, rate-limiting, fraud, abuse, and access-control signals.
2.3 Wallet and blockchain-interaction information
If you connect a wallet or use an interface feature, we may process:
- a public wallet address presented to the Main Website;
- the blockchain network selected;
- transaction parameters or metadata submitted through the Main Website;
- transaction signatures, program or contract identifiers, instruction types, and status information; and
- interface-level telemetry concerning use of the relevant wallet or transaction feature.
We do not need or request your private keys, seed phrase, recovery phrase, signing credentials, or custody of your assets. You must never send those credentials to us.
A wallet address or public blockchain record may constitute personal data where it identifies or can reasonably be linked to a natural person.
2.4 Cookies and similar technologies
The Main Website may use cookies, local storage, pixels, or similar technologies for:
- essential operation and security;
- session continuity and preferences;
- fraud, abuse, and bot prevention; and
- optional measurement or analytics, where enabled.
Further details are set out in Section 5.
2.5 Information received from third parties
We may receive limited information from:
- hosting, content-delivery, infrastructure, security, and anti-abuse providers;
- analytics providers, where optional analytics are enabled;
- communications and support providers;
- public blockchain networks and public data sources; and
- a person who submits a report, support request, or communication concerning you.
2.6 Information not intended for the Main Website
The Main Website is not intended to collect government identity documents, biometric information, health information, financial-account credentials, or other sensitive personal data.
Do not submit such information through the Main Website unless a specific flow expressly requests it and presents an applicable privacy notice. A Separate Property may collect additional information under separate terms and a separate privacy notice.
3. Purposes and conditions of lawfulness
We process personal data only for identified purposes and under a condition of lawfulness permitted by applicable law. The applicable condition depends on the context.
| Purpose | Personal data commonly involved | Condition of lawfulness commonly relied upon |
|---|---|---|
| Deliver, maintain, and troubleshoot the Main Website | Technical, device, request, session, and diagnostic information | Performance of the relationship with the user; legitimate interests in providing a reliable website |
| Enable wallet-connection and transaction-preparation features | Public wallet address, network, transaction parameters, signatures, and interface telemetry | Performance of the user-requested functionality; legitimate interests in operating and securing the interface |
| Protect the Main Website, users, and infrastructure | IP address, security events, anti-bot signals, access-control information, and logs | Legitimate interests in security, fraud and abuse prevention, and enforcement of the Terms; legal obligation where applicable |
| Respond to support, feedback, legal notices, and privacy requests | Contact details, communications, request-verification information | Steps taken at your request; performance of the relationship; legal obligation; legitimate interests in responding and keeping appropriate records |
| Apply geolocation, sanctions, wallet-risk, fraud, abuse, rate-limiting, and access controls | IP-derived location, public wallet address, wallet-risk signals, device, connection, security, and access-control information | Legitimate interests in protecting, restricting, and administering access; compliance with legal obligations and establishment, exercise, or defence of legal rights where applicable |
| Measure and improve use of the Main Website | Usage events, device and session information | Consent for optional non-essential analytics where required; legitimate interests in limited measurement and improvement where permitted by applicable law and balanced against user rights |
| Send optional marketing or publication updates | Email address and subscription preferences | Prior, informed, unequivocal, and traceable consent |
| Comply with law and protect legal rights | Relevant account, communication, technical, security, or transaction information | Legal obligation; legitimate interests in establishing, exercising, or defending legal rights |
| Complete a corporate reorganisation or transfer of the Main Website business | Relevant records reasonably necessary for the transaction | Legitimate interests, contractual necessity, legal obligation, or consent, as applicable, subject to confidentiality and transfer safeguards |
Where we rely on consent, consent may be revoked prospectively through the relevant control or by contacting us. Revocation does not invalidate processing lawfully completed before the revocation.
Where we rely on legitimate interests, those interests are assessed against the rights and interests of affected persons. We do not rely on a legitimate interest where those rights and interests override the proposed processing under applicable law.
4. Public blockchains and third-party systems
Blockchain networks are generally public or publicly observable systems. Wallet addresses, transaction signatures, transaction contents, balances, smart-contract interactions, timestamps, and related information may be visible permanently to anyone.
The Operator does not control and generally cannot alter, suppress, or delete information recorded on a public blockchain. A request to delete or correct information held by the Operator applies to the Operator’s off-chain records and does not require the Operator to alter an independent public ledger.
The Main Website may communicate with or link to independent wallets, wallet extensions, blockchain networks, smart contracts, RPC providers, validators, indexers, analytics services, and other third-party systems. Those third parties may process information under their own privacy notices. A link, integration, or technical communication does not make the Operator responsible for a third party’s independent processing or make that third party subject to this Policy.
6. How we disclose personal data
We may disclose personal data only as reasonably necessary for the purposes described in this Policy, including to:
- hosting, infrastructure, content-delivery, security, and anti-abuse providers;
- analytics providers, where optional analytics are enabled;
- communications and support providers used to receive or respond to messages;
- professional advisers, including lawyers, auditors, accountants, and insurers, subject to professional or contractual confidentiality duties;
- courts, regulators, law-enforcement bodies, and public authorities where disclosure is required or permitted by law, or reasonably necessary to protect legal rights, security, users, or the public; and
- a purchaser, successor, or transaction participant in connection with a proposed or completed merger, reorganisation, financing, insolvency, transfer, or sale involving the Main Website or the Operator, subject to appropriate confidentiality and data-protection measures.
A service provider acting only on the Operator’s instructions is required to process personal data for the authorised service and to apply appropriate confidentiality and security measures.
We do not sell or rent personal data.
We do not disclose personal data to an intellectual-property owner or licensor merely because the Main Website uses or references that person’s intellectual property. Any such disclosure would require an actual purpose, a lawful basis, and disclosure under this Policy or another applicable notice.
7. International and cross-border processing
The Operator and its service providers may process personal data in Panama and in other countries where infrastructure or service providers operate.
Where personal data is transferred or made accessible outside Panama, the Operator will use a condition and safeguards permitted by applicable law. Depending on the circumstances, these may include:
- a destination providing an equivalent level of protection;
- contractual data-protection obligations and appropriate technical or organisational safeguards;
- your prior, informed, and unequivocal consent;
- necessity for a contract requested by or concluded in the interest of the relevant person;
- necessity to establish, exercise, or defend legal rights; or
- another condition expressly permitted by law.
The Operator will maintain records of covered transfers as required. You may request further information about the categories of recipient, destination, and safeguards applicable to your personal data by contacting us.
8. Retention
We retain personal data only for the period reasonably necessary for the purpose for which it was processed, taking into account legal, security, operational, evidentiary, and dispute-resolution requirements.
The following retention criteria generally apply:
- technical and security logs: for the shortest period reasonably needed to maintain security, diagnose incidents, investigate abuse, and preserve service continuity;
- support and other communications: while the matter remains active and for a reasonable period afterward to maintain an appropriate record and address follow-up issues;
- marketing subscriptions: until you unsubscribe or withdraw consent, with a limited suppression record retained where needed to honour that choice;
- consent and privacy-preference records: for the period reasonably needed to implement and demonstrate the relevant choice;
- wallet and interface telemetry: for the shortest period reasonably needed for the relevant interface, security, troubleshooting, or disclosed analytics purpose, after which it is deleted, aggregated, or anonymised where reasonably possible; and
- legal or compliance records: for any longer period required by law, a legal hold, or the establishment, exercise, or defence of legal rights.
Where a fixed period cannot reasonably be stated, the criteria above determine the retention period. Data that is no longer required is deleted, anonymised, or placed beyond ordinary use, subject to lawful backup and archival cycles.
Public blockchain records are maintained by independent networks and are not subject to the Operator’s retention controls.
9. Security and incident response
We use reasonable technical and organisational measures designed to protect the confidentiality, integrity, availability, and resilience of personal data and the systems used to process it. Measures are selected having regard to the nature, scope, context, purposes, and risks of the processing.
No system is completely secure. You are responsible for maintaining the security of your wallet, device, private keys, seed phrase, signing credentials, and account credentials used with independent services.
If we become aware of a personal-data security incident, we will investigate, contain, document, and mitigate it. We will notify the competent authority and affected persons where and within the period required by applicable law.
10. Automated security and access controls
The Main Website may use automated rules for security, geolocation, sanctions or access screening, fraud and abuse prevention, rate limiting, anti-bot controls, and enforcement of published restrictions. These rules may restrict, challenge, or block a request or session.
The Main Website does not use personal data collected under this Policy to make a solely automated decision concerning entitlement to an independently offered financial product or service unless a specific feature expressly states otherwise and provides an applicable notice.
Where applicable law gives you a right concerning an automated decision, you may contact us to request information or appropriate review, subject to security and legal restrictions.
11. Your rights and choices
Subject to applicable law and lawful exceptions, you may have rights to:
- obtain information about whether and how we process your personal data;
- access personal data held about you;
- rectify or update inaccurate or incomplete personal data;
- request cancellation, deletion, suppression, or blocking where applicable;
- oppose particular processing;
- receive a portable copy of personal data where the portability right applies;
- revoke consent prospectively where processing is based on consent; and
- complain to the competent data-protection authority.
These rights are not waived or restricted by the Terms of Use or another agreement where applicable law makes them non-waivable.
To exercise a right, contact privacy@solomonlabs.org and describe the request. We may request information reasonably necessary to verify your identity, authority, and connection to the data. We may deny, limit, or defer a request only where applicable law permits or requires it, and will provide an explanation where required.
Rights concerning information held by the Operator apply to the Operator’s off-chain records. The Operator cannot alter an independent public blockchain or require an independent third party to alter its own records.
You may also submit a complaint to the Autoridad Nacional de Transparencia y Acceso a la Información (ANTAI) through its official channels if you believe your rights under Panama data-protection law have been infringed.
12. Marketing choices
Where you have opted to receive marketing or publication updates, you may unsubscribe using the link in the message or by contacting us. We may continue to send non-marketing communications reasonably necessary to respond to your request, administer a relationship you initiated, give legal or security notices, or honour an unsubscribe or privacy choice.
13. Children
The Main Website is not directed to persons under 18 years of age. Do not submit personal data through the Main Website if you are under 18. If we learn that personal data was collected from a person under 18 in circumstances requiring deletion or other action, we will take appropriate steps.
14. Changes to this Policy
We may update this Policy to reflect changes in the Main Website, processing activities, service providers, security practices, or applicable law. The updated version will state its effective date.
Where a change is material, we may provide a prominent notice on the Main Website or use another appropriate means of notice. Where the change requires new consent, we will request that consent separately. Continued use of the Main Website does not by itself constitute consent to a new processing activity where applicable law requires affirmative consent.
15. Relationship with other laws and notices
This Policy does not voluntarily adopt or incorporate the privacy regime of another jurisdiction merely because the Main Website is technically accessible there. If another privacy law applies to particular processing by its own mandatory terms, the Operator will comply with that law to the extent required.
A more specific privacy notice presented for a particular feature or Separate Property controls for that feature or Separate Property to the extent of any inconsistency.
16. Contact
Controller / responsible Operator: Genesee Holdings Corporation
Privacy email: privacy@solomonlabs.org
Legal-notice email: notices@solomonlabs.org
This Policy should be read together with the Terms of Use applicable to the Main Website.