Nash 1337, Inc.

Effective May 12, 2026

1.Introduction

This Privacy Policy (the “Policy”) describes how Nash 1337, Inc. (“Nash 1337,” “we,” “us,” or “our”) collects, uses, discloses, transfers, retains, secures, and protects information when you access or use our websites (including nash1337.com), applications, application programming interfaces, smart contracts, social-media properties, and any other online or offline products, services, content, features, technologies, or functions offered by Nash 1337 (collectively, the “Services”).

By accessing or using the Services you acknowledge that you have read, understood, and agree to the practices described in this Policy. If you do not agree, you must not access or use the Services. This Policy is incorporated into, and forms part of, our Terms of Service.

This document is intentionally comprehensive. We have endeavored to use plain language where possible and to organize the document so you can quickly find what you need using the table of contents above.

2.Scope

This Policy applies to information we collect from or about you in connection with the Services, whether you provide it to us directly, we collect it automatically, or we receive it from third parties. It applies regardless of whether you are a visitor, a registered user, an inquirer who submits the contact form, a holder of the $NASH community token, a wallet that interacts with our smart contracts, a counterparty, a prospective employee, a vendor, a partner, an investor, or any other individual whose personal information we process.

This Policy does not apply to information processed by third parties whose products or services you may access through links or integrations on the Services. Their data practices are governed by their own privacy policies, which we encourage you to read.

3.Information We Collect

3.1 Information you provide to us. When you communicate with us — including via the inquiry form at nash1337.com/inquires, via email, on social media, in person, or otherwise — we collect the information you choose to provide, which may include your name, email address, organization, role, telephone number, postal address, the contents of your message, any attachments you submit, and any other information you elect to share.

3.2 Information collected automatically. When you access or use the Services, we automatically collect certain information about your device, your browser, your network, and your interactions with the Services, including but not limited to:

Internet Protocol (“IP”) address, Autonomous System Number (“ASN”), hostname (where derivable), inferred Internet Service Provider, inferred country, region, city, latitude/longitude (coarse), and inferred connection type;
Device and browser characteristics, including operating system, OS version, browser vendor, browser version, user-agent string, language preference, time zone, screen resolution, viewport size, color depth, device memory, processor cores, touch support, pointer type, motion preference, color-scheme preference, do-not-track signal, Global Privacy Control (“GPC”) signal, and battery state where exposed;
Network characteristics, including connection downlink, round-trip time, effective connection type, save-data preference, and TLS fingerprint at the edge;
Browser fingerprinting signals where consent has been granted, including canvas fingerprint, WebGL renderer and vendor, audio context fingerprint, enumerated fonts, installed plugins (where exposed), and HTTP/2 frame ordering signature;
Usage data, including the pages, screens, sections, and individual elements you view or interact with; the time, date, and duration of your sessions; the entry page, referring URL or campaign parameters, exit page, and click paths; performance metrics including Core Web Vitals; any errors or crashes you encounter; and the choices you make in the cookie consent management tool;
Wallet and on-chain data when you connect a self-custodial wallet (such as Phantom, Solflare, Backpack, Glow, or another Solana-compatible wallet), including the wallet public key (address), wallet provider name, the type and content of messages you sign for authentication, transactions you initiate through the Services, and publicly observable interactions between your wallet and the $NASH token contract;
Inferences drawn from the foregoing — including but not limited to whether traffic is likely automated (bot, headless browser, scraper, attack tool); whether multiple sessions are likely to originate from the same device; whether multiple wallets are likely to be controlled by the same individual; and the likely intent of a visit.

3.3 Information from third parties. We may receive information about you from third parties, including from our service providers (such as Resend, the email-delivery provider that handles transactional messages from us; Vercel, our hosting and infrastructure provider; Supabase, our database and authentication provider; Cloudflare, our edge security provider where applicable; and Anthropic, the provider of the artificial-intelligence model that classifies your inquiries on our behalf); from public sources including the Solana blockchain, decentralized exchanges, and on-chain analytics providers; from professional and social networks (such as X / Twitter, GitHub, and LinkedIn) where you have made information publicly available; and from our business partners and licensees where they have lawfully shared information with us.

3.4 Sensitive personal information.We do not knowingly collect categories of information that are designated as “sensitive” or “special” under applicable law (such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data for the purpose of uniquely identifying you, health data, data concerning sex life or sexual orientation, precise geolocation, criminal-conviction data, government-issued identifiers, or financial-account credentials) from your use of the website. We will only process such categories of data, if at all, where strictly necessary, on a documented legal basis, and with appropriate safeguards.

4.How We Use Your Information

We use the information described above for the following purposes:

To provide, operate, and maintain the Services — including loading pages, serving content, processing inquiries, authenticating you, connecting your wallet, monitoring availability and performance, fixing bugs, and otherwise running the Services reliably;
To protect the Services and our users — including detecting, preventing, investigating, and responding to fraud, abuse, account takeover, scraping, bot activity, denial-of-service attempts, market manipulation, smart-contract exploits, phishing, malicious automation, and other security events; preserving evidence for legal or regulatory proceedings; enforcing our Terms of Service; and cooperating with law enforcement when required;
To classify, prioritize, route, and respond to inquiries — including processing your message through an artificial-intelligence classifier to determine its category, priority, and the appropriate human recipient within Nash 1337;
To analyze, measure, and improve the Services — including aggregate analytics about page popularity, referral sources, geographic distribution of visitors, technology mix, and performance characteristics;
To monitor the $NASH community token — including observing publicly visible on-chain trades, holder distribution, liquidity, transfer patterns, and interactions with our smart contracts in order to identify coordinated trading, wash-trading, sandwich attacks, sybil patterns, scams impersonating Nash 1337, and other activity that may harm the Nash 1337 community;
To communicate with you — including responding to your messages, sending you information you have requested, providing notice of changes to the Services, and (where you have consented) sending you news and marketing communications that we believe may be of interest to you;
To exercise our legal rights and comply with our legal obligations — including compliance with tax, accounting, anti-money-laundering, sanctions, export-control, consumer-protection, intellectual-property, and other applicable laws;
To support corporate transactions — including due diligence in connection with mergers, acquisitions, financings, asset sales, restructurings, bankruptcies, and similar events;
For any other purpose disclosed to you at the time of collection or to which you have otherwise consented.

5.Legal Bases (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under Article 6 of the General Data Protection Regulation (“GDPR”) for processing your personal data:

Performance of a contract (Art. 6(1)(b)) — for processing necessary to provide the Services you have requested;
Legitimate interests (Art. 6(1)(f)) — for ensuring the security and integrity of the Services, preventing fraud and abuse, operating our business, analytics, and similar purposes, where our legitimate interests are not overridden by your rights and freedoms;
Consent (Art. 6(1)(a)) — for non-essential cookies, optional tracking, marketing communications, and other processing where consent is required. You may withdraw your consent at any time by adjusting your preferences in the cookie consent tool or by contacting us at the address in Section 21;
Compliance with a legal obligation (Art. 6(1)(c)) — for tax, accounting, sanctions, anti-money-laundering, and similar legal requirements.

We share personal information with the following categories of recipients:

Service providers and sub-processors acting on our behalf under written contracts — currently including Vercel, Inc. (hosting and infrastructure); Supabase, Inc. (database, authentication, storage); Resend Communications, Inc. (email delivery, via Amazon Web Services SES infrastructure); Anthropic, PBC (inquiry classification via Claude language models); Cloudflare, Inc. (edge security, where applicable); Vercel Analytics (privacy-respecting usage analytics); and certain on-chain data providers used for blockchain analytics;
Professional advisors — including attorneys, accountants, auditors, and consultants, under duties of confidentiality;
Law enforcement, regulators, and other authorities — where required by law, subpoena, court order, or other valid legal process, or where we have a good-faith belief that disclosure is necessary to comply with legal obligations, protect our rights, the rights of others, or the safety, security, or integrity of the Services;
Counterparties to a corporate transaction — including in connection with the negotiation, due diligence, or completion of a merger, acquisition, financing, asset sale, restructuring, bankruptcy, or similar event, subject to customary confidentiality arrangements;
Affiliates — meaning entities that control, are controlled by, or are under common control with Nash 1337, Inc.;
Third-party data partners — see Section 7 below;
With your consent or at your direction — including when you elect to share information publicly via social-media features.

7.Sale or Sharing for Cross-Context Behavioral Advertising

We may “sell” or “share” personal information as those terms are defined under the California Consumer Privacy Act (“CCPA”) and similar laws — that is, we may disclose personal information to third parties in exchange for monetary or other valuable consideration, or for cross-context behavioral advertising. The categories of personal information that may be sold or shared include: online identifiers (IP, device identifiers, cookie identifiers), internet or other network activity (pages visited, content consumed, referrer), geolocation (coarse), inferences, and publicly observable wallet activity in connection with the $NASH token.

We do not sell or share the contents of your inquiry-form submissions, the contents of communications with us, or any sensitive personal information.

You have the right to opt out of the sale or sharing of your personal information.To exercise this right, open the cookie consent tool at the bottom of any page and toggle off “Sale or sharing with third parties,” or visit Do Not Sell or Share My Personal Information below. We honor the Global Privacy Control (GPC) signal as a valid opt-out for sites visited from a GPC-enabled browser.

Do Not Sell or Share My Personal Information.California residents may exercise their opt-out right by toggling “Sale or sharing with third parties” off in the cookie consent tool, by setting Global Privacy Control in their browser, or by emailing legal@nash1337.com with the subject line “DO NOT SELL OR SHARE.”

8.Blockchain & Wallet Data

The Solana blockchain is a public, permanent ledger. When you transact in $NASH or any other digital asset on Solana, the transaction (including your wallet address and the amount, time, and counterparties) is recorded immutably on the blockchain and is observable by anyone, including us. We do not control the blockchain and we cannot edit, delete, or modify on-chain records. You should not transact under the assumption that your blockchain activity is private.

When you connect a self-custodial wallet to the Services, we collect your wallet public key (address), the wallet provider, and the messages you sign for authentication purposes. We may associate your wallet address with other information we have about you (such as your IP address, device fingerprint, and any communications) and we may retain this association for the purposes set out in Section 4, including identifying coordinated trading and combating impersonation scams targeting our community.

We never request, collect, or store your private keys, seed phrases, recovery phrases, or wallet passwords. Anyone who asks you for those is attempting to steal your funds. Nash 1337 will never ask you for them — by email, by direct message, in person, or in any other context.

9.Cookies, Pixels & Similar Technologies

We use cookies, local storage, session storage, IndexedDB, web beacons, pixels, software development kits, browser fingerprinting techniques, and similar technologies (collectively, “Cookies”) to operate the Services, remember your preferences (including your cookie preferences), measure usage, and where consented, for analytics and the other purposes described in this Policy.

We organize Cookies into the following categories, which you can manage at any time via the cookie consent tool at the bottom of any page on the Services:

Strictly necessary — required for the Services to function (e.g., recording your consent choices, security and fraud-prevention measures, session persistence). These cannot be disabled because the Services would not function without them;
Analytics & performance — help us understand how visitors use the Services so we can improve them;
Marketing & advertising — used to build profiles of your interests and show you relevant content. Currently inactive but reserved;
Sale or sharing— controls the “sale” or “sharing” described in Section 7. California residents may opt out at any time.

10.Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including any retention required by applicable law (such as for tax, accounting, regulatory, or litigation-hold purposes). After the applicable retention period, personal information is deleted, anonymized, or aggregated such that it can no longer be linked to you.

Our standard retention windows include:

Server access logs (IP, user-agent, path, timestamp, country): 90 days, then deleted, except where a longer retention is required for ongoing security investigations or legal hold;
Consent records: retained for the longer of 7 years or the duration of the underlying processing, as evidence of consent;
Inquiry-form submissions: retained for the duration of the relationship plus 3 years for legal and business-record purposes;
Wallet connection records: retained for as long as necessary to support the relationship and to detect ongoing abuse, typically 2 years from last interaction;
On-chain trade data: data observable from the Solana blockchain is public and permanent; we cannot delete it from the blockchain. We retain our own copies for as long as needed to support the analytical purposes in Section 4.

11.Security

We implement technical, organizational, and administrative measures designed to protect personal information from accidental loss and unauthorized access, use, alteration, or disclosure. These measures include encryption in transit (TLS 1.2+), encryption at rest for sensitive stores, principle-of-least-privilege access controls, multi-factor authentication for administrative access, secure software development practices, third-party penetration testing, and incident-response procedures. No system, however, is completely secure, and we cannot guarantee the security of any information you transmit to us.

12.International Data Transfers

Nash 1337, Inc. is based in the United States. Our service providers may process your personal information in the United States or in other countries that may not provide a level of data protection equivalent to that of your country of residence. Where we transfer personal information from the European Economic Area, the United Kingdom, or Switzerland to a country that has not been deemed to provide an adequate level of protection, we rely on appropriate safeguards including the European Commission’s Standard Contractual Clauses, the UK Addendum to the Standard Contractual Clauses, and the Swiss Federal Data Protection and Information Commissioner’s guidance, as applicable.

13.Your Rights & Choices

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

Access — the right to confirm whether we process personal information about you and to obtain a copy of that information;
Rectification — the right to correct inaccurate or incomplete personal information;
Deletion — the right to request deletion of your personal information, subject to certain legal exceptions;
Restriction — the right to restrict our processing of your personal information in certain circumstances;
Portability — the right to receive your personal information in a structured, commonly used, machine-readable format and to transmit it to another controller;
Objection — the right to object to our processing of your personal information on the basis of legitimate interests, or for direct marketing;
Withdrawal of consent — the right to withdraw consent at any time where we rely on consent as the legal basis for processing;
Opt-out of sale or sharing — see Section 7;
Non-discrimination — the right not to be discriminated against for exercising your rights.

To exercise any of these rights, please contact us at legal@nash1337.com. We will respond within the time period required by applicable law. We may need to verify your identity before fulfilling your request. You also have the right to lodge a complaint with a data-protection supervisory authority.

14.Additional Disclosures for California Residents

This section supplements the information above and provides additional disclosures required by the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”).

Categories of personal information collected, business purposes, and disclosures in the past 12 months are described in Sections 3, 4, and 6. We have not knowingly collected sensitive personal information for the purposes of inferring characteristics about you. We have “sold” or “shared” the categories of personal information described in Section 7.

California residents have the rights to know, delete, correct, opt out of sale or sharing, and limit the use of sensitive personal information, and the right to non-discrimination for exercising any of these rights. To exercise these rights, contact us at the address in Section 21. You may also designate an authorized agent to make a request on your behalf; we may require proof of authorization and verification of your identity.

Shine the Light. California residents may also request information about disclosures of personal information to third parties for direct-marketing purposes; we have not made such disclosures.

For purposes of the GDPR, the UK GDPR, and the Swiss Federal Act on Data Protection, Nash 1337, Inc. is the “controller” of your personal information processed in connection with the Services. Our contact information is provided in Section 21. We have not appointed a representative in the European Union, the United Kingdom, or Switzerland under Art. 27 GDPR; please contact us directly at legal@nash1337.com.

Where we rely on legitimate interests as a legal basis for processing, you may request a summary of our legitimate-interests balancing assessment. You have the right to lodge a complaint with a data-protection supervisory authority — for example, the data-protection authority in your country of residence, place of work, or the place of an alleged infringement.

16.Children's Privacy

The Services are not directed to, and we do not knowingly collect personal information from, individuals under the age of eighteen (18). If you believe a child has provided personal information to us, please contact us so we can delete it.

17.Third-Party Services

The Services contain links to and integrations with third-party websites, applications, and services, including but not limited to DexScreener (chart and market data), Pump.fun and PumpSwap (decentralized exchange interfaces), the Solana blockchain and its ecosystem (including third-party wallets such as Phantom, Solflare, Backpack, and Glow), Jupiter (DEX aggregation and swap interface), X / Twitter, GitHub, and others. These third parties are not controlled by us; their use of your information is governed by their own privacy policies, which we encourage you to review.

18.Do Not Track

Some browsers transmit a “Do Not Track” (“DNT”) signal. There is currently no industry standard for how websites should respond to DNT signals, and we do not currently respond to DNT signals. However, we honor the Global Privacy Control (“GPC”) signal as a valid opt-out of sale or sharing for California residents.

19.Automated Decision-Making

We use an artificial-intelligence classifier (Claude, by Anthropic, PBC) to triage inbound inquiries — that is, to determine the category, priority, and the appropriate human recipient within Nash 1337. This classification influences how quickly and by whom your inquiry is handled but does not produce legal effects concerning you or similarly significantly affect you within the meaning of Art. 22 GDPR. You may at any time request human review of any classification by replying to our response.

20.Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify you by posting the updated Policy on the Services with a new effective date and, where required by law, by other means (such as by email or by prompting you to re-acknowledge the updated Policy). Your continued use of the Services after the effective date of the updated Policy constitutes your acceptance of the changes.

21.Contact Us

For any questions about this Policy or our privacy practices — including to exercise your rights — please contact us at: