This Privacy Policy (this "Privacy Policy") describes how Nautilus Labs Inc., a Texas corporation ("Nautilus," "we," "us," or "our"), collects, receives, accesses, uses, stores, discloses, transfers, and otherwise processes information in connection with the websites, applications, dashboards, analytics, application programming interfaces, documentation, and related services made available by Nautilus from time to time (collectively, the "Services").

This Privacy Policy is incorporated into and forms part of the Nautilus Terms of Service (the "Terms of Service"). Capitalized terms not defined herein shall have the meanings set forth in the Terms of Service.

BY ACCESSING OR USING THE SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREED TO THIS PRIVACY POLICY.

1. Scope and Applicability

This Privacy Policy applies to information processed by Nautilus in connection with the Services, including information collected:

(a) through Nautilus-operated websites and dashboards;
(b) through APIs, integrations, and data feeds;
(c) through communications with Nautilus; and
(d) through Customer's interaction with the Services or Third Party Services in connection with the Services.

This Privacy Policy does not apply to information collected by Third Party Services, including exchanges, custodians, vault operators, wallet providers, or other third parties, which are governed by their own privacy policies and practices. Nautilus does not control and is not responsible for the privacy practices of Third Party Services.

2. Categories of Information Collected

Nautilus may collect, receive, or access the following categories of information in connection with the Services. The specific categories collected depend on how the Services are used.

2.1 Account and Contact Information

Information that may be provided directly by Customer or authorized users, including names, email addresses, organizational affiliations, account identifiers, usernames, and other contact or registration information.

2.2 Authentication and Access Information

Information used to authenticate access to the Services, including login credentials, API keys, authentication tokens, access logs, and security-related metadata.

2.3 Usage, Telemetry, and Technical Information

Information generated automatically in connection with use of the Services, including IP addresses, device identifiers, browser types, operating systems, timestamps, logs, session data, interaction data, error reports, latency metrics, and other diagnostic or telemetry data.

2.4 Customer Data

As defined in the Terms of Service, Customer Data may include inputs, configurations, instructions, API calls, execution acknowledgements, order or trade confirmations, post-back data, wallet addresses (if provided), and other information transmitted or made available in connection with Customer's use of the Services.

2.5 Performance, Analytics, and Model-Related Data

Information relating to the performance, behavior, or evaluation of signals, analytics, or models, including aggregated metrics, performance statistics, signal timing, latency data, and model diagnostics.

2.6 Communications

Information contained in communications with Nautilus, including emails, messages, support requests, and feedback.

2.7 On-Chain and Publicly Available Data

The Services may reference or process publicly available blockchain data or other public information. Nautilus does not control the availability or accuracy of such data.

3. Use of Information

Nautilus may use the information described above for the following purposes:

(a) operating, maintaining, and providing the Services;
(b) authenticating access and enforcing security controls;
(c) monitoring performance, reliability, availability, and integrity of the Services;
(d) developing, testing, improving, and optimizing analytics, models, algorithms, and methodologies;
(e) conducting internal research, analysis, and business planning;
(f) responding to inquiries, providing support, and communicating with users;
(g) enforcing the Terms of Service and other agreements;
(h) complying with legal, regulatory, or contractual obligations; and (i) protecting the rights, property, and safety of Nautilus, its users, and others.

Information may be aggregated, anonymized, or de-identified and used without restriction.

4. AI, Analytics, and Model Training

Customer acknowledges and agrees that Nautilus may use Usage Data, Performance Data, and Customer Data to train, evaluate, validate, refine, and improve analytical models, algorithms, and methodologies used in the Services.

Such use may include statistical analysis, machine learning, simulation, backtesting, and other analytical techniques. Nautilus will not intentionally disclose Customer-specific confidential or personal information in identifiable form as part of such activities, except as permitted by this Privacy Policy or required by law.

5. Disclosure of Information

Nautilus may disclose information as follows:

5.1 Service Providers

To contractors, service providers, and vendors performing services on Nautilus' behalf, subject to confidentiality and data protection obligations.

5.2 Legal and Regulatory Disclosures

To comply with applicable law, regulation, subpoena, court order, or governmental request, or to protect the rights, property, or safety of Nautilus or others.

5.3 Business Transactions

In connection with a merger, acquisition, financing, reorganization, sale of assets, or similar transaction, including due diligence activities.

5.4 Aggregated or Anonymized Information

Nautilus may disclose aggregated or anonymized information that does not reasonably identify an individual or Customer.

Nautilus does not sell personal information.

6. Data Retention

Nautilus retains information for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, comply with legal or regulatory obligations, resolve disputes, and enforce agreements.

Retention periods may vary based on the nature of the information and applicable legal requirements.

7. Data Security

Nautilus employs reasonable administrative, technical, and organizational measures designed to protect information against unauthorized access, disclosure, alteration, or destruction.

However, no security measure is perfect, and Nautilus does not guarantee absolute security. Customer acknowledges and accepts the inherent risks associated with electronic transmission and storage of information.

8. International Data Transfers

Information processed by Nautilus may be transferred to and processed in jurisdictions outside Customer's country of residence, including the United States, which may have data protection laws that differ from those of Customer's jurisdiction.

By accessing or using the Services, Customer consents to such transfers.

9. Rights of Individuals

Depending on jurisdiction and applicable law, individuals may have certain rights with respect to personal information, including rights to access, correct, delete, restrict processing, or object to certain processing activities.

Requests to exercise such rights may be submitted in accordance with applicable law. Nautilus may require verification of identity and may deny requests where permitted by law.

10. California Privacy Rights

Where applicable, California residents may have rights under the California Consumer Privacy Act and the California Privacy Rights Act, including rights to know, access, delete, or correct personal information. Nautilus does not sell personal information and does not knowingly share personal information for cross-context behavioral advertising.

11. European Economic Area and United Kingdom

Where applicable, Nautilus processes personal data in accordance with the General Data Protection Regulation and applicable UK data protection laws.

Nautilus processes such data based on lawful grounds, including performance of a contract, legitimate interests, compliance with legal obligations, or consent where required.

12. Children's Information

The Services are not directed to individuals under the age of 18, and Nautilus does not knowingly collect personal information from children.

13. Third Party Links and Services

The Services may contain links to or integrations with Third Party Services. Nautilus is not responsible for the privacy practices of such Third Party Services.

14. Changes to this Privacy Policy

Nautilus may update this Privacy Policy from time to time. Changes will be effective upon posting. Continued use of the Services constitutes acceptance of the updated Privacy Policy.

15. Contact Information

Questions or requests regarding this Privacy Policy may be directed to Nautilus using the contact information provided on the Services.