Privacy Policy

Last updated: March 2026

1. Introduction

Schema Labs (“Company,” “we,” “us,” or “our”) operates Clue, an operating system for shared ownership of real-world assets, accessible at useclue.com (the “Platform”). We are committed to protecting your privacy and handling your personal data responsibly.

This Privacy Policy explains what information we collect, how we use it, how we share it, and what rights you have in relation to your data. By using the Platform, you consent to the practices described in this policy.

2. Information We Collect

We collect the following categories of information when you use the Platform:

Wallet & Account Information

• Blockchain wallet addresses connected through Privy authentication.
• Authentication session data managed by Privy, including login method and session tokens.

Identity Verification Data

• Government-issued identity documents (passport, national ID, or driver’s license) submitted during the KYC process through Didit.
• Biometric data including facial images captured during liveness detection and face-matching verification.
• AML screening results and verification status.

Usage Data

• Device information (browser type, operating system, screen resolution).
• IP address and approximate geographic location.
• Pages visited, features used, and interactions with the Platform.
• Referral sources and navigation patterns.

3. How We Use Information

We use the information we collect for the following purposes:

• Platform Operation: To authenticate users, process transactions, distribute payouts, and maintain the functionality of the Platform.
• KYC & Compliance: To verify your identity, screen against sanctions and watchlists, and record your verified status on-chain via the KYCRegistry smart contract as required by applicable regulations.
• Security: To detect, investigate, and prevent fraudulent activity, unauthorized access, and other security threats.
• Communication: To send you transaction confirmations, service updates, and important notices related to your account or the Platform.
• Improvement: To analyze usage patterns and improve the Platform’s features, performance, and user experience.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.

4. KYC Data Handling

Your identity verification data is handled with the highest level of care through a privacy-preserving architecture:

• Didit Processing: Identity documents and biometric data are submitted directly to Didit, our identity verification partner. Didit processes this data to perform identity verification, liveness detection, face matching, and AML screening. Schema Labs does not directly handle or view your raw identity documents.
• 0G Encrypted Storage: Verified KYC data is stored using 0G’s decentralized, encrypted storage infrastructure. This means your sensitive identity data is not held in a traditional centralized database, reducing the risk of data breaches.
• On-Chain Status Only: The only information recorded on the blockchain is your wallet address, your verification status (approved or not), and the expiry date of that approval. No personal identity details are stored on-chain.
• No Centralized Database: Schema Labs does not maintain a centralized database of identity documents or biometric data. Your raw verification data is processed by Didit and stored encrypted via 0G.

5. Blockchain Data

Certain data associated with your use of the Platform is recorded on the BNB Chain public blockchain. You should be aware of the following:

• Public Nature: Wallet addresses, token balances, transaction histories, and KYC approval status are publicly visible on the blockchain and accessible through any blockchain explorer.
• Immutability: Data recorded on the blockchain cannot be modified or deleted. Once a transaction is confirmed, it is permanently part of the public ledger.
• Pseudonymity: While wallet addresses are public, they are pseudonymous and are not inherently linked to your real-world identity on the blockchain. However, the connection between your wallet and your verified identity exists within the Platform’s KYC process.

6. Data Sharing

We share your information only in the following circumstances:

• Didit: Identity documents and biometric data are shared with Didit for the purpose of KYC and AML verification.
• 0G: Encrypted KYC data is stored on 0G’s decentralized storage network.
• Privy: Wallet authentication and session data are managed by Privy.
• BNB Chain: Transaction data, token balances, and KYC approval status are recorded on the public blockchain.
• Legal Obligations: We may disclose information when required by law, regulation, legal process, or governmental request.
• Protection of Rights: We may disclose information when we believe it is necessary to protect the rights, property, or safety of Schema Labs, our users, or the public.

We do not sell your personal information to third parties. We do not share your data with advertisers.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption of data in transit using TLS/SSL protocols.
• Decentralized encrypted storage of sensitive identity data via 0G, eliminating single points of failure.
• Secure wallet-based authentication through Privy, with no storage of private keys by Schema Labs.
• Regular security assessments and monitoring of our backend infrastructure.
• Access controls limiting internal access to personal data on a need-to-know basis.

While we take reasonable steps to protect your information, no method of electronic storage or transmission is completely secure. We cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: You may request a copy of the personal data we hold about you.
• Correction: You may request that we correct inaccurate or incomplete personal data.
• Deletion: You may request deletion of your personal data, subject to legal retention requirements. Note that data recorded on the blockchain cannot be deleted due to its immutable nature.
• Portability: You may request your data in a structured, commonly used, machine-readable format.
• Objection: You may object to the processing of your personal data in certain circumstances.
• Withdrawal of Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at hello@useclue.com. We will respond to your request within 30 days, or as required by applicable law.

9. Cookies & Analytics

The Platform may use cookies and similar tracking technologies to enhance your experience. These include:

• Essential Cookies: Required for Platform functionality, including authentication sessions and security features.
• Analytics Cookies: Used to understand how users interact with the Platform, helping us improve performance and usability. These may be provided by third-party analytics services.

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the Platform.

10. Third-Party Services

The Platform integrates with the following third-party services, each with their own privacy practices:

• Privy: Provides wallet-based authentication and session management. Privy processes authentication data in accordance with their own privacy policy.
• Didit: Handles identity verification, liveness detection, face matching, and AML screening. Didit processes identity documents and biometric data under their own data processing agreements.
• 0G: Provides decentralized, encrypted storage for verified KYC data. Data stored on 0G is encrypted and distributed across their network.
• BNB Chain: The public blockchain on which all Platform transactions, token operations, and KYC status records are executed and stored permanently.

We encourage you to review the privacy policies of these third-party services. Schema Labs is not responsible for the privacy practices of third-party providers.

11. Children’s Privacy

The Platform is intended for users who are at least 18 years of age. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected personal data from a minor, we will take steps to delete that information promptly. If you believe that a minor has provided us with personal data, please contact us at hello@useclue.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you through the Platform or via email.

Your continued use of the Platform after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

13. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Schema Labs
Email: hello@useclue.com
Website: useclue.com