1.1 This Privacy Policy (“Policy”) describes how Zero ToQuantum Corp. (“Zero ToQuantum,” “Nebula3 GameFi,” “we,” “our,” or “us”) collects, uses, stores, and protects information when you access or use any of our websites, games, decentralized applications, or related services (collectively, the “Services”).

1.2 This Policy applies globally, except where local laws provide additional rights or obligations. By using the Services, you acknowledge that you have read, understood, and agreed to this Policy.

Personal Data – Information relating to an identified or identifiable natural person.

Non-Personal Data – Information that cannot reasonably identify an individual, including aggregated or anonymized statistics.

Processing – Any operation performed on data, such as collection, storage, use, disclosure, or erasure.

Controller – Zero ToQuantum Corp., which determines the purposes and means of Processing.

User – Any natural person accessing or using the Services.

3.1 We collect only Non-Personal Usage Data, including:

(a) public wallet addresses used to interact with the Services;

(b) device, browser, and operating-system information;

(c) log data such as access times, approximate region, and session duration;

(d) aggregated analytics on gameplay and performance.

3.2 We do not collect government IDs, credit-card details, names, addresses, phone numbers, biometric identifiers, or any sensitive categories of data.

3.3 If you contact us (for example, by email to support@ztqgames.com), we temporarily collect your email address and message content solely to respond to your inquiry.

We process data to:

(a) operate, maintain, and secure the Services;

(b) analyze usage and improve performance;

(c) prevent fraud, abuse, and unauthorized access;

(d) comply with legal obligations and enforce our Terms of Service;

(e) communicate with Users who initiate contact.

Processing occurs on the following lawful bases under the BVI Data Protection Act (2021) and the EU GDPR:

(a) contractual necessity – to deliver requested Services;

(b) legitimate interests – for security, analytics, and service optimization;

(c) legal obligation – to satisfy statutory or regulatory duties;

(d) consent – when Users voluntarily provide information or accept cookies.

6.1 Usage data is retained for no longer than twenty-four (24) months.

6.2 Support communications are retained for the duration of the inquiry plus up to ninety (90) days.

6.3 After retention expires, data is securely deleted or irreversibly anonymized.

7.1 We do not sell, rent, or trade any data.

7.2 Limited information may be shared with:

(a) Service providers (AWS, Cloudflare, Google Analytics) under data-processing contracts;

(b) Professional advisors and auditors bound by confidentiality;

(c) Authorities where required by law or court order.

7.3 All vendors are managed through a Vendor Risk Management Program that includes pre-onboarding risk assessment, annual certification review, and immediate suspension for non-compliance.

8.1 The Services use cookies and similar technologies for authentication, functionality, and aggregated analytics.

8.2 You may disable cookies in your browser; some features may then be limited.

8.3 We do not use cookies for behavioral advertising or cross-site profiling.

9.1 Users may request access, rectification, erasure, restriction, portability, or objection to Processing by emailing support@ztqgames.com.

9.2 Requests will be answered within thirty (30) days when feasible.

9.3 To protect your data, we verify identity via cryptographic wallet signature or other secure proof before processing a rights request.

9.4 We do not use automated decision-making or profiling producing legal or significant effects.

10.1 Zero ToQuantum applies encryption in transit and at rest, multi-factor authentication, network firewalls, and continuous intrusion monitoring.

10.2 Access to data is restricted to trained employees and contractors under written confidentiality agreements.

10.3 Security logs are maintained and reviewed through an internal audit register.

10.4 In the event of a data breach likely to result in risk to individuals, we will notify affected Users and regulators within legally mandated timeframes.

11.1 Data may be processed in or transferred to countries where our service providers operate, including the United States, Singapore, and the European Union.

11.2 All transfers rely on Standard Contractual Clauses (SCCs) or other lawful safeguards to ensure equivalent protection.

12.1 The Services are not directed to children under eighteen (18) years except where permitted by local law.

12.2 We do not knowingly collect data from minors.

12.3 If a parent or guardian becomes aware that a child has submitted data, they may contact support@ztqgames.com. Upon verification, we will delete the data and block any related account.

Because blockchain transactions are immutable and publicly visible, such on-chain data cannot be deleted. These records are pseudonymous and fall outside our technical control. All off-chain logs or metadata can be erased or anonymized upon verified request.

Zero ToQuantum maintains a Privacy Management Program overseen by a Data Protection Officer (DPO).
We conduct quarterly privacy audits, annual policy reviews, and mandatory staff training on data protection and information security.
Internal Records of Processing Activities (RoPA) are maintained per GDPR Art. 30 and BVI DPA § 9.

Our security program aligns with ISO/IEC 27001 and NIST SP 800-53 controls.
Measures include: encryption at rest/in transit, penetration testing, change-management protocols, incident-response procedures, and secure key management.

Vendors and sub-processors are evaluated before onboarding, sign Data Processing Agreements, and undergo annual security review.
Zero ToQuantum reserves audit rights and may terminate relationships for non-compliance.

When third-party game developers integrate with Nebula3 GameFi, we act as joint controller only for limited analytics and security data. Each developer remains independently responsible for personal data generated within their own game environments.

Enterprise partners and developers may execute a Data Processing Addendum specifying cross-border safeguards, confidentiality, and technical measures.

Zero ToQuantum cooperates fully with competent authorities, auditors, and certification bodies.
An internal Incident Register and comprehensive Audit Log record access, modification, and security events for review and certification purposes.

No AI-driven profiling or behavioral prediction is used as of this Policy’s effective date.
Before introducing any AI or machine-learning features, we will conduct Data Protection Impact Assessments (DPIAs) and Algorithmic Impact Assessments to ensure fairness, transparency, and minimal data use.

EU and EEA data subjects may lodge complaints with their national supervisory authority or with the Office of the Information Commissioner of the British Virgin Islands.
We will cooperate with investigations and respond within reasonable timeframes.

We may update this Policy periodically.
Material changes will appear at https://nebul3gamefi.com/privacy seven (7) days before they take effect.
Continued use after that date constitutes acceptance.

Zero ToQuantum Corp.

Registered in the British Virgin Islands

Email: support@ztqgames.com

                                                                

ANNEX A – Third-Party Analytics and Hosting Providers

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

ANNEX A – Third-Party Analytics and Hosting Providers

Provider	Purpose	Data Types	Region	Privacy Link
Google Analytics 4	Usage analytics	anonymized device ID, session metrics, region	US / EU	Google Privacy Policy
Amazon Web Services (AWS)	Hosting & storage	encrypted logs, server data	US / Singapore / EU	AWS Privacy Notice
Cloudflare	Network security & DDoS protection	IP region, HTTP headers	Global Edge Network	Cloudflare Privacy