PRIVACY POLICY
Effective Date: October 5, 2025
Introduction
Insight Labs (hereinafter referred to as the “Company,” “Insight Labs,” “we,”
“us,” or “our”), a global entity licensed by the Ras Al Khaimah Digital Assets
Oasis (RAK DAO), is on a mission to create an AI-powered DeFi ecosystem that
enables seamless asset interactions, AI agent development, and trading on
blockchain networks like Solana and Hyperliquid, fostering innovation while
adhering to regulatory requirements.
At Insight Labs, we value the privacy of our users (“you,” or “your”) and are
dedicated to protecting personal data with the utmost care and security. This
Global Privacy Policy (this “Policy”) outlines our practices regarding the
collection, use, and protection of your personal data across our website
(https://naomi.so), web applications, mini-apps, wallet interfaces, AI tools, and/or
services (collectively, “Naomi’s Platform” or simply, the “Platform”), our services,
and interactions with users worldwide. We are committed to ensuring compliance
with the European Union (EU) General Data Protection Regulation (GDPR), the
United Arab Emirates’ (UAE) Federal Decree Law No. 45 of 2021 (applicable to
UAE residents), RAK DAO regulations, and other relevant data protection laws
globally. By using the Platform, you agree to our Terms of Use (https://naomi.so/termsofuse) and this Policy.
Please note that your use of the Platform and/or services is subject to your
acceptance of this Policy. If you do not agree with our practices regarding the
collection, use, and protection of your personal data as detailed in this Policy,
you should not access or use our Platform and/or any of our services. It is
important to review this Policy carefully before deciding to use our Platform and
services. Your continued use of our Platform and services following any changes
to this Policy will be considered as your acceptance of those changes.
This Policy includes the following sections:
1. The Scope and applicability of this Policy
2. Amendments to this Policy
3. Who we are
4. The data we collect about you and how we collect it
5. How and why we share your data
6. How we use/process your data and the legal bases for doing so
7. The controls, choices, and rights that you have
8. Cookies and how we use them, see separate Cookie Policy
9. Marketing and advertising
10.The privacy policies of other websites/applications/platforms
11.Our practices on children’s privacy
12.Our data security and integrity policies and practices
13.Our global data transfer, and storage/retention practices
14.How you can contact us with complaints and questions
15.How to contact the relevant regulatory authorities
16.Privacy Notice for UK and EU residents
17.Privacy Notice for EMEA residents
18.The Definitions of “Terms” used in this Policy
1. The Scope and Applicability of this Policy
This Policy outlines how we handle the information provided or gathered on
our website and applications, including those made available on external sites
or platforms. Our practices adhere to the privacy laws relevant to the regions
where we operate. Occasionally, we might issue specific privacy notices
related to our services, procedures, or regions, which should be considered in
conjunction with this Policy.
To be precise, this Policy extensively details our practices for handling Personal Data across various touchpoints, including but not limited to:
(i) interactions on our website at https://naomi.so
(ii) use of our services,
(iii) use of our web and/or mobile applications,
(iv) engagement in our marketing initiatives,
(v) connecting with us at industry events,
(vi) job applications,
(vii) legal and compliance communications, and
(viii) business-related interactions such as partnerships and other business opportunities.
This includes data from integrations like Hyperliquid trades or Privy wallets,
governed by our Terms of Use (https://naomi.so/termsofuse).
This Policy provides an overview of user rights related to their Personal Data
and furnishes information on how to reach out to us for further clarification on
our privacy practices. Additionally, for residents of the European Economic
Area (EEA) or the United Kingdom (UK), this Policy outlines additional rights
pertaining to Personal Data, with an in-depth elaboration available in our
dedicated Privacy Notice for “UK and EU residents”. Regarding the rights of
residents of countries in the Middle East, Africa, and European countries that
are not part of the EU, please consult our dedicated Privacy Notice for “EMEA
residents”.
It's important to note that information shared with us via third-party sites or
platforms (for instance, through our apps on these sites) may also be
collected by the host site or platform. The data we collect falls under the
purview of this Policy, whereas the data collection by the third-party sites or
platforms follows their own privacy policies. Therefore, the privacy
preferences set on these third-party platforms do not influence how we
handle the information obtained directly through our applications.
Additionally, be aware that our website and applications might include links to
external sites not under our control. We do not oversee the privacy practices of such external sites, and we recommend that you read their privacy policies
if you provide personal information to them.
This includes key integrations like
Hyperliquid:(https://app.hyperliquid.xyz/privacypolicy),
Privy: (https://www.privy.io/privacy-policy), and
TradingView: (https://www.tradingview.com/privacy-policy).
2. Amendments To This Policy
This Policy shall be maintained in its most current version at all times. We
reserve the unilateral right to amend or revise this Policy, including making
changes to ensure compliance with the latest legal and jurisprudential
developments. Any such amendments shall become effective immediately
upon their publication on our website unless an alternative effective date is
expressly stated within the text of the amendment itself.
While we shall endeavour to implement supplementary notification methods
to inform users of any updates to this Policy (e.g., via email or in-app notices),
it is incumbent upon users to periodically review our Website to acquaint
themselves with the most recent version of our Privacy Policy.
3. Who We Are
Insight Labs is a company duly registered in, and operating under the laws of
the Emirate of Ras Al Khaimah, and the applicable laws of the UAE, and is the
processor and controller of your personal information. As the Data Controller,
Insight Labs is responsible for securely handling your data, ensuring its
confidentiality, and using it solely for the purposes outlined in this Policy.
Insight Labs
License number: 07010534
Registered Address: Office A, RAK DAO Business Centre,
RAK BANK ROC Office,
Ground Floor, Al Rifaa, Sheikh Mohammed Bin Zayed Road,
Ras Al Khaimah, United Arab Emirates (UAE)
Support: support@insightlabs.me
Insight Labs stands at the forefront of AI-driven digital financial innovation,
offering a non-custodial SaaS platform for AI agent development, DeFi
trading, and asset interactions on Hyperliquid and other blockchains. With a keen
eye on universally accessible, decentralized solutions, Naomi is set to
redefine the AI-DeFi landscape, ensuring that secure, simple, and accessible
financial and AI experiences are a reality for everyone, across the globe.
Through this Policy, we aim to safeguard the information you share with us,
ensuring a secure and transparent experience.
4. The Data We Collect About You and How We Collect It
We collect minimal Personal Data necessary for the purposes described in this
Policy. Data collection occurs directly from you, automatically via the Platform,
from affiliates/third parties, or public sources like blockchains (noting our non-
custodial nature—we do not custody assets or private keys).
4a. Information You Provide to Us
To create an account, access AI tools, or use services, you may provide:
Category of Personal Data | Types of Personal Data |
|---|---|
Contact Information | Email address, country, region, phone number. |
Personal Identification Data | Full name, gender, home address, date of birth, nationality, signature, photographs, video/voice recordings (e.g., for KYC). |
Employment Information | Job title, company (if applicable for business users). |
Transaction Information | Details of blockchain interactions (e.g., recipient names, emails for support). |
Government Identifiers | Passport, national ID number, driver's license (for compliance). |
Sensitive and BiometricPersonal Data | Biometric info (e.g., facial scans for identity verification), collected with consent or as permitted by law. |
Business Information | Proof of legal registration, UBO details, board/senior manager data (for entity users). |
Financial Information | Bank details, payment card info, transaction data, tax ID, source of funds/wealth. |
Communications | Survey/feedback responses, call recordings with support. |
Blockchain Data | Public wallet addresses, transaction IDs, timestamps, amounts (analysed collectively; we do not access private keys). |
Noncompliance may prevent service access.
4b. Information We Collect from Affiliates and Third Parties
• Affiliates: Personal Identification, Transactional, Business, Usage data for
service provision.
• Third Parties: E.g., from Solana / Hyperliquid integrations, business
clients (name, contact, transaction details for VA transfers).
• Public Blockchain Data: Publicly accessible info (wallet addresses,
transactions) for analytics/product improvement (non-individual targeting).
4c. Information We Collect Automatically
When using the Platform:
Category of Personal Data | Types of Personal Data |
|---|---|
Browsing Information | IP address, device ID, browser/OS details, connectivity data, login credentials, time zone, location (approximate), language, app version. |
Usage Data | Authentication data, click-stream, social posts (if shared), errors, performance diagnostics. |
Integration-Driven Data | When using embedded features, such as charts via TradingView or wallet setup via Privy, we automatically collect interaction data (e.g., chart views, login events) through their SDKs/widgets, as described in their policies. |
Marketing and Research Information | Name/address/email for marketing, IP/online identifiers, demographics (gender, age, interests), browser history, device IDs (IDFA/AAID with consent). |
We use cookies/technologies (see Cookie Policy). IDFA/AAID collected only with
explicit consent via app notification.
5. How and Why We Share Your Data
We share Personal Data only as necessary, in alignment with contracts or law.
Affiliates abide by this Policy or equivalent protections.
1. Disclosure to Legal and Regulatory Bodies: To comply with laws (e.g.,
KYC/AML, RAK DAO reporting), support claims, respond to
subpoenas/warrants/MLATs, observe "travel rules," protect rights/safety,
investigate breaches/fraud.
2. Business/Corporate Transactions: In mergers/acquisitions/divestitures.
3. With Affiliated Entities: For services, fraud prevention, compliance,
transactions.
4. Service Providers: For hosting, analytics, payments, IT, verification
(limited access; contractual obligations). Data portability to other
controllers where applicable. Third-party integrations (e.g., Solana) receive
shared info per their policies.
5. With Your Approval: For specified purposes (e.g., marketing opt-in).
6. Third-Party Integrations for Core Features: To enable trading, wallet
management, and charting, we share limited Personal Data (e.g., wallet
addresses and transaction details for trades; device/IP data and login info
for wallets; interaction events for charts) with integrated providers:
Hyperliquid (for order execution and on-chain processing), Privy (for non-
custodial wallet setup and authentication), and TradingView (for embedded
visualizations). This sharing is necessary for contract performance and
legitimate interests (e.g., seamless UX). These providers act as
independent controllers or processors under their own policies and do not
receive data beyond what's required for the integration.
Review their privacy practices at:
https://app.hyperliquid.xyz/privacypolicy, privy.io/privacy-policy, and
tradingview.com/privacy-policy.
We do not sell Personal Data. Aggregated/anonymized data may be shared for
research.
6. How We Use/Process Your Data and the Legal Bases for Doing So
How We Process Your Data | Legal Bases for Processing | Categories Processed |
|---|---|---|
Provide Services: Deliver AI agents, transactions, account management (non-custodial). | Performance of contract. Legitimate interests (transaction documentation). | Personal Identifiers, Business, Transaction, Communications, Financial, Browsing, Usage. |
Enhance Integrity/Safety/Security: Comply with security laws, monitor access, prevent fraud/malware, resolve errors. Automated decisions (e.g., fraud scoring) with human intervention rights. | Performance of contract. Legitimate interests (fraud prevention). Legal obligations. | Personal ID, Business, Transaction, Contact, Financial, Browsing, Usage. |
Communicate re: Services/Transactions: Account updates, security alerts (non-opt-out). | Performance of contract. | Contact, Communications. |
Manage Relationship: Process payments/orders, maintain accounts. | Performance of contract. | Personal ID, Business, Contact, Financial. |
Improve Services: Analyse trends, personalize UX. | Legitimate interests (service quality). | Personal ID, Business, Transaction, Browsing, Usage. |
Uphold Legal/Regulatory Compliance: KYC/AML, biometric processing for ID verification. | Legal obligations (AML laws). Substantial public interest (EU AML directives). | Personal ID, Business, Sensitive/Biometric, Government ID, Contact, Financial. |
Adhere to Other Obligations: Respond to legal requests. | Legal obligations. | All categories. |
Research/Innovation: Surveys, R&D for AI/DeFi features. | Legitimate interests (service enhancement). | Communications, Usage. |
Records/Internal Purposes: Maintain compliance records. | Legitimate interests (contractual/legal obligations). | Personal ID, Financial, Transaction, Browsing. |
Marketing Communications: Tailored emails/notifications (with opt-out). | Consent (revocable). | Personal ID, Business, Transaction, Browsing, Usage, Marketing Info, Communications. |
Promotions: Offers, surveys, rewards. | Consent (for users). Legitimate interests (non-users, loyalty). | Online ID, Personal ID, Business, Transaction, Browsing, Usage. |
Personalization/Recommendations: Tailor AI insights, features. | Legitimate interests (personalized service). Performance of contract. | Usage, Browsing. |
Customer Service: Handle inquiries/complaints. | Performance of contract. Legitimate interests (user satisfaction). | All categories except Sensitive. |