Go To C3N
Go To CBXR

PRIVACY POLICY

C3NTechnologies,Inc.

EffectiveDate:January3,2026

  1. Introduction

C3N Technologies, Inc. (“we,” “us,” “our,” or the “Company”) is a technology company building secure infrastructure—from operating systems and smart contract enabled blockchains to enterprise applications and managed hosting. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information across our products, services, and deployment options.

Certain Services may be provided by C3N subsidiaries or affiliates, including entities incorporated in Wyoming (“Wyoming Subsidiaries”). When you use Services provided by a Wyoming Subsidiary, references to “C3N,” “we,” “us,” or “our” include the applicable subsidiary. The specific entity providing each Service is identified in the applicable service documentation or user interface.

Choose Your Path: The data we collect depends on which C3N products you use. This Policy is organized by service tier based on regulatory and compliance intensity so you can understand exactly what applies to you.

By using our Services, you acknowledge that you have read and agree to this Privacy Policy and our Terms of Service.

  1. DataController

C3NTechnologies,Inc.

10761EstesRd.,Macon,GA32210 Email: privacy@c3n.com

DataProtectionOfficer:dpo@c3n.com

For Services provided by Wyoming Subsidiaries, the applicable Wyoming Subsidiary acts as the data controller. Contact information for specific subsidiaries is provided in the service documentation.

  1. OurServicesandPrivacyTiers

C3N offers operating systems, blockchain networks, development services, and deployment options—each with different data requirements. Our Services are organized into three tiers based on regulatory and compliance intensity:

Tier

Services

DataCollectionLevel

Tier1

Regulated Financial Services (Stablecoins, Digital Asset Securities)

Full Compliance (KYC/AML required)

Tier2

Privacy-Enhanced Products (OS, Privacy Blockchains)

Minimal (hash and discard)

Tier3

Enterprise Services (Development & Hosting)

Contract-Defined (per MSA/ DPA)

  1. GeneralDataCollection(All Services)

Regardless of which services you use, we collect baseline information to operate our platform:

  • Account credentials and contact information
  • Device and browser information
  • IP address and access logs
  • Communications with C3N support
  1. Tier1:RegulatedFinancialServices

Tier 1 encompasses all C3N Services subject to comprehensive regulatory oversight, including stablecoin infrastructure, digital asset securities, and future regulated financial products. Tier 1 Services may be provided by C3N Technologies, Inc. (Georgia) or Wyoming Subsidiaries, depending on the specific service and regulatory requirements.

  1. 5.1.RegulatoryStatus

C3N’sregulatedfinancialservicesoperateundervariousregulatoryframeworks depending on the specific service:

  • Stablecoin Infrastructure: Permitted payment stablecoin issuer under the GENIUS Act; “financial institution” under the Bank Secrecy Act (BSA); subject to Gramm-Leach-Bliley Act (GLBA) requirements.
  • Digital Asset Securities: Subject to federal securities laws (SEC regulations), Wyoming digital asset laws (W.S. § 34-29-101 et seq.), and applicable state blue sky laws.
  • Future Regulated Services: Additional services (exchange, custody, SPDI banking) will be subject to applicable regulatory frameworks as launched.
  1. 5.2.DataWeCollect
    1. 5.2.1.IdentityInformation
  2. Full legal name, date of birth, nationality

Government-issued ID (passport, driver’s license, national ID) SSN or Tax ID (U.S. persons) Residential address with proof of address Accredited investor status documentation (for certain securities offerings)

  1. 5.2.2.BiometricData
  1. Facial images for identity verification
  2. Facial geometry and biometric templates for liveness detection
  3. Selfie and video for document matching
  4. 5.2.3.FinancialInformation
  1. Source of funds documentation
  2. Bank account details for fiat transactions
  3. Complete transaction history
  4. Wallet addresses linked to your account
  5. Securities holdings and transaction records (for Digital Asset Securities)
  1. 5.3.IdentityVerificationProvider

We use third-party identity verification services for document authentication, biometric verification,andAML/sanctionsscreening.Theseprovidersactasdataprocessorsunder contractual data protection obligations.

  1. 5.4.WhyWeProcessThisData
  • Comply with BSA, AML, KYC, OFAC, GENIUS Act, and securities law requirements
  • Verify identity before granting access
  • Verify accredited investor status where required
  • Monitor transactions for suspicious activity
  • File regulatory reports (SARs, CTRs, Form 1099s)
  • Support regulatory examinations
  • Prevent fraud
  1. 5.5.DataSharing

Wesharedata withregulatory authoritiesas requiredby law:

  • Comptroller of the Currency, Federal Reserve, FDIC, or State regulators
  • FinCEN (BSA reporting)
  • OFAC (sanctions compliance)
  • SEC, FINRA, and state securities regulators (for Digital Asset Securities)

Wyoming Division of Banking (for Wyoming Subsidiary services) Law enforcement pursuant to valid legal process

  1. 5.6.Retention

We retain Tier 1 records for a minimum of five (5) years after the business relationship ends for BSA/AML compliance, six (6) years for securities-related records as required by SEC regulations, and up to ten (10) years for OFAC sanctions-related records, or longer if required by law.

  1. 5.7.BiometricDataNotice

Illinois (BIPA): We obtain written consent before collecting biometric data. We do not sell biometric data. Retention: 3 years or as required by BSA/AML law.

Texas/Washington: We comply with state biometric laws and destroy data when the purpose is satisfied or within statutory periods.

  1. Tier2:Privacy-EnhancedProducts

Privacy-enhanced with verified onboarding. We verify your identity to keep bad actors out—then discard your documents. You get compliant access without the data exposure.

  1. 6.1.HowVerifiedOnboardingWorks

Our Tier 2 products require identity verification to prevent misuse by criminals and sanctioned individuals. However, unlike traditional KYC processes, we do not retain your personal documents:

  1. Verification: You submit identity documents for verification (ID, selfie)
  2. Screening: Your identity is checked against sanctions lists and PEP databases
  3. Hash: A cryptographic hash is generated as proof of verification
  4. Discard: Original documents, biometrics, and personal details are permanently deleted
  5. Retain: Only the hash is retained—it proves verification occurred but contains no personal data

Result: Bad actors are screened out at onboarding, but there is no database of sensitive documents to breach. Your privacy is protected by design.

  1. 5.2.C3NOperating System

The C3N desktop/laptop operating system is designed for security and privacy. We collect minimal data necessary to provide software updates and optional support services.

Data We Collect (OS): Account information (optional, for update services); device identifiers for license validation (if applicable); crash reports and diagnostics (opt-in only); support communications you initiate.

Data We Do NOT Collect (OS): We do not collect browsing history, file contents, keystrokes, location data, or usage telemetry without explicit opt-in consent.

5.3.Privacy-PreservingBlockchains

Our privacy-preserving blockchain networks use cryptographic techniques (zero-knowledge proofs, ring signatures, or similar) to protect transaction privacy. After verified onboarding, we collect only what’s necessary to operate the network.

  1. 5.4.DataWeCollect(Tier2 Products)
  • Email address (optional, for account recovery)
  • IP address (may be anonymized or not retained)
  • Public keys/wallet addresses you choose to associate
  • Support communications you initiate
  1. 5.5.DataWeDoNOTRetain(Tier2)
  • Government ID or identity documents (hashed and discarded)
  • Biometric data (hashed and discarded)
  • SSN or Tax ID
  • Bank or financial institution details
  • Transaction amounts, recipients, or metadata (cryptographically protected on-chain)
  1. 5.6.On-ChainPrivacy

Transaction details are encrypted or obscured on the ledger. C3N cannot view or decrypt private transaction data. You control your private keys and transaction information.

  1. 5.7.Retention(Tier2)

Verification hash retained as proof of onboarding. Account data retained while active. Upon deletion request, personal data deleted within 30 days. IP/logs auto-purge after 90 days.

Original identity documents and biometrics are never stored.

  1. 5.8.Third-PartyServices

If you use third-party exchanges or fiat on-ramps, those services have their own data practices. C3N is not responsible for data collected by third parties.

  1. Tier3:EnterpriseServices

Smart contract development, enterprise applications, and managed hosting—from concept to production.

  1. 7.1.SmartContract&EnterpriseApp Development

For development services, data processing is defined by your project agreement. We typically collect business contact information, project specifications, and code/documentation you provide. Specific terms are set forth in your Master Service Agreement (MSA).

7.2.DeploymentOptions

Self-Hosted: You deploy on your infrastructure. C3N provides code and support but does not access or process end-user data.

Distributed Hosting: You select providers. C3N assists with architecture but data processing depends on your chosen hosts.

C3N Cloud: Managed hosting in our secure data centers. Data processing governed by your MSA and Data Processing Agreement (DPA).

  1. 7.3.C3NCloudDataPractices

For C3N Cloud clients, we may process data on your behalf as a data processor. We implement enterprise-grade security, maintain audit logs, and comply with your DPA terms. We do not access client data except as necessary to provide the service or as directed by you.

  1. DataRetention Summary
TierDataTypeRetention Period
Tier1KYC/AML records5-10 years after relationship ends
Tier1Securities records6 years minimum (SEC requirement)
Tier2Verification hashDuration of account
Tier2IP/access logs90 days auto-purge
Tier3Client dataPer MSA/DPA terms
  1. LegalBasisforProcessing (GDPR)
    1. 9.1.Tier1(RegulatedFinancialServices)

Legal Obligation: BSA, AML, KYC, GENIUS Act, securities law compliance Consent: Biometric data (explicit consent)

Legitimate Interests: Fraud prevention, security

  1. 9.2.Tier2(Privacy-EnhancedProducts)

Contractual Necessity: Providing requested services Legitimate Interests: Network security, abuse prevention

9.3.Tier3(Enterprise Services)

Contractual Necessity: Performing MSA obligations Legitimate Interests: Service delivery, infrastructure security

  1. Security
  • Encryption in transit (TLS 1.3 with hybrid X25519ML-KEM-768) and at rest (AES-256)
  • SOC 2 Type II and ISO 27001 certified data centers
  • Role-based access and multi-factor authentication
  • Regular penetration testing and security assessments
  • Incident response and breach notification protocols
  1. YourRights
    1. 11.1.GDPRRights(EEA,UK, Switzerland)

Access: Request a copy of your data. Rectification: Correct inaccurate data. Erasure: Request deletion (limited for Tier 1). Restriction: Limit processing. Portability: Receive data in structured format. Object: Object to legitimate interest processing. Withdraw Consent: Withdraw at any time. Complain: Lodge complaint with supervisory authority.

Tier 1 Limitation: Due to BSA/GENIUS Act/securities law requirements, erasure rights are limited. We must retain certain records for 5-10 years.

  1. 11.2.CCPA/CPRARights(California)

Know: What personal information we collect. Delete: Request deletion (subject to exceptions). Correct: Fix inaccurate information. Opt-Out: We do not sell personal information. Non-Discrimination: Equal service regardless of rights exercised.

  1. InternationalTransfers

Data may be transferred outside your country. We use Standard Contractual Clauses and other appropriate safeguards for international transfers.

  1. Children’sPrivacy

Our Services are not for individuals under 18. We do not knowingly collect data from children.

  1. ChangestoThisPolicy

We may update this Policy. Material changes will be posted on our website with at least thirty

(30) days’ notice. Tier 1 users receive direct notification by email.

Contact

General:privacy@c3n.com DPO: dpo@c3n.com

Compliance: compliance@c3n.com

Address:10761Estes Rd.,Macon,GA32210

For Wyoming Subsidiary services, contact information is provided in the applicable service documentation.

  1. Consent

By using C3N Services, you acknowledge this Privacy Policy. Consent requirements vary by tier:

Tier 1: Explicit consent required for biometric collection and identity verification. Tier 2: Use constitutes acceptance. No identity retention after verification.

Tier 3: Governed by your MSA and DPA.

LastUpdated:December29,2025

Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Scroll to Top