Aligned Institute Podcast

Privacy Policy

ASII Privacy Policy v2.1

Privacy Policy

Effective Date: May 2026
Version: 2.1

v2.1 Revision Summary (May 19, 2026): Staged KYC/AML data collection by user type (§2.1). Testnet and mainnet data distinction added (§2.2). Accumulate Network / ADI references removed; Base Protocol only. FATF-aligned compliance posture and sanctions screening disclosed (§4). Institutional funder data-sharing reservation added (§5). Data retention and storage jurisdiction added (§6). Expanded data rights — GDPR, Swiss FADP, CCPA (§8). Researcher and grant data uses disclosed (§3). SAT Phase 1 stablecoin notice added. Cross-reference to Terms of Service v1.2. Pending CLO sign-off before distribution.

Aligned Sovereign Intelligence Institute (“Aligned Institute”, “ALI”, “we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website asiinst.com, use our applications (including the ALI Signals Platform), participate in the ASIP research grant platform, or interact with our blockchain services (including ABC, AIC, and SAT tokens on Base Protocol).

Your use of our Services is also governed by our Terms of Service v1.2, which describes testnet participation limits, Sybil disqualification, compliance obligations, and blockchain risks. In the event of a conflict between this Privacy Policy and the Terms of Service regarding legal obligations or user conduct, the Terms of Service prevail.

1. Global Scope

This policy applies to users globally. By accessing our Services, you acknowledge that your personal information may be processed in jurisdictions with different data protection laws than your home country. We are committed to complying with applicable data protection regulations, including:

  • GDPR — for users in the European Economic Area, where our centralized services process personal data
  • Swiss Federal Act on Data Protection (FADP) — our targeted jurisdiction for Phase 2 domicile (2027–2028)
  • CCPA / CPRA — for California residents
  • Texas privacy and consumer protection laws — during Phase 1 US operations

Data Controller: Aligned Sovereign Intelligence Institute, domiciled in Texas, USA (Phase 1). Contact: [email protected]. A designated data protection contact will be published upon Swiss entity formation.

Children: Our Services are not directed to persons under 18 years of age. We do not knowingly collect personal information from children.

2. Information We Collect

2.1 Personal Information — Collected by Stage

We collect personal information at different stages depending on how you interact with ALI. The table below describes what we collect, when, and why.

Stage Who Data Collected When
Testnet Registration Research grant participants Name, institutional affiliation, email address, wallet address, submission metadata First testnet grant submission or platform registration
Full KYC / AML Grant recipients prior to disbursement Government-issued identification, proof of address, date of birth, nationality, sanctions screening results, wallet ownership attestation Before first grant disbursement exceeding applicable regulatory threshold (currently targeted at CHF 15,000 / USD 1,000 equivalent — subject to counsel confirmation)
Accredited Investor KYC AIC token subscribers (SAFT parties) Full identity verification, accredited investor status confirmation, source of funds declarations, AML screening per Regulation D requirements Prior to SAFT execution and prior to any AIC token delivery
Signals Platform SaaS subscribers and users Account credentials, billing information, usage data, contact details At product registration
General Contact Any user Name, email, message content When you contact support or subscribe to communications

We do not collect more data than is reasonably necessary for the purpose stated. Light identity registration at testnet (name, institution, email) is used for Sybil resistance and researcher credentialing; full KYC is required only when a real-value disbursement or token delivery is contemplated.

2.2 Blockchain and Testnet Data

Important: Public and Immutable Nature of Blockchain Data

Transactions on Base Protocol (Layer 2) — including Base Sepolia testnet — are public and irreversible. When you interact with ASIP smart contracts or tokens (ABC, AIC, SAT):

  • Your wallet address, transaction data, voting records, Authority Score, and token balances are permanently recorded on the public blockchain.
  • This data is accessible to anyone and cannot be modified or deleted by ALI.
  • We do not control the blockchain networks. We cannot hide or obscure your on-chain activity.
Testnet Data — No Monetary Entitlement

Testnet participation generates on-chain and off-chain records — including Authority Score accruals and grant submission metadata — that may be used to inform mainnet grant decisions. However:

  • Testnet records do not create monetary entitlements or legally binding claims against ALI. See Terms of Service v1.2 §3.
  • Any link between testnet contributions and mainnet grant consideration is conditional on successful KYC/AML verification, sanctions screening, applicable legal authorization (including FINMA domicile confirmation), and on-chain verification via the published verifySubmission() protocol.
  • At mainnet launch, ALI may publish a Mainnet Activation Mechanism that cryptographically anchors testnet verification events (e.g., via a Merkle root commitment in the first mainnet transaction). Your wallet address and associated testnet verification records may be included in this anchor. This processing is disclosed here and constitutes a legitimate interest in operating a verifiable grant protocol.
  • Testnet state is not guaranteed permanent. Network resets or chain reorganizations may affect testnet records. ALI is not liable for loss of testnet data.
SAT Treasury — Phase 1 Notice: In Phase 1 (2026), the SAT treasury reserve consists exclusively of USD-pegged stablecoins (USDC / USDT). No commodity basket data, RWA custody records, or commodity price oracle data is generated or processed in Phase 1. Phase 3 commodity treasury operations (2028+) will be covered by an updated Privacy Policy upon activation.

2.3 Automated and Technical Data

We may automatically collect:

  • IP addresses, browser type, and device information (security, fraud detection, analytics)
  • Cookies and session data (platform performance and authentication)
  • Log files and API usage data (service operation and debugging)
  • Chain analytics data from third-party providers (wallet risk scoring, sanctions list matching)

We use cookies and similar technologies on our centralized web applications. You may manage cookie preferences through your browser settings. Essential cookies required for authentication and security cannot be disabled without affecting Service functionality. A separate Cookie Policy may be published for detailed cookie categories and opt-out mechanisms.

3. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain our Services, including the ALI Signals Platform and ASIP grant protocol
  • Execute blockchain transactions you authorize (token transfers, veABC voting, grant submissions)
  • Evaluate grant submissions, calculate Authority Score, and verify milestone completion via verifySubmission() and associated oracles
  • Detect and prevent fraud, Sybil activity, security breaches, and sanctions violations
  • Comply with legal and regulatory obligations, including KYC/AML and sanctions screening
  • Communicate with you regarding your account, grant status, protocol updates, and support requests
  • Improve our applications, researcher experience, and platform performance
  • Generate aggregate, de-identified research curation data for the ASI Signals Platform and data licensing products — without identifying individual researchers in published outputs unless you have consented or the data is already public on-chain

Automated decision-making: Authority Score calculation and grant eligibility screening involve automated processing based on on-chain activity metrics and submission verification. Material adverse decisions (grant denial, Sybil disqualification) are subject to human review upon request. Contact [email protected] to request review of an automated decision affecting you.

4. KYC/AML and Regulatory Compliance

ALI applies identity verification and anti-money laundering screening to protect the integrity of the ASIP research grant ecosystem. Our compliance posture includes:

  • FATF alignment: We voluntarily align our grant disbursement operations with Financial Action Task Force (FATF) Recommendation 15 guidance where applicable. ALI is not a registered Virtual Asset Service Provider (VASP) in Phase 1. This posture is subject to review by outside counsel and may change upon mainnet launch or Swiss domicile confirmation.
  • Sanctions screening: We screen wallet addresses and grant recipients against OFAC, EU, UK, and UN consolidated sanctions lists using third-party screening providers before disbursement and on an ongoing basis where feasible.
  • Travel Rule awareness: For grant disbursements or token transfers at or above USD 1,000 equivalent (or the applicable threshold in your jurisdiction), we may collect and retain originator and beneficiary information as required by applicable Travel Rule obligations.
  • SySIL and fraud detection: We analyze registration patterns, wallet clustering, and submission metadata to identify coordinated Sybil activity. Data used for fraud detection may be retained beyond standard retention periods where an investigation is active.

Refusal to complete required KYC/AML verification will result in inability to receive grant disbursements or token deliveries. This is disclosed at the point of collection.

5. Disclosure of Your Information

We may share your information with:

  • KYC/AML Service Providers: Third-party identity verification and sanctions screening vendors (e.g., chain analytics, document verification platforms) acting as data processors on our behalf under contractual confidentiality obligations
  • Cloud Infrastructure Providers: Hosting and storage providers (including AWS and GCP) operating under data processing agreements
  • Analytics Providers: Platform usage and performance analytics (de-identified where practicable)
  • Institutional Funders and Counterparties: We may share KYC/AML verification status, compliance screening outcomes, and aggregate protocol compliance data with institutional investors, co-investors, banking counterparties, and regulated entities where required for their diligence, onboarding, or compliance obligations. We do not share raw government identification documents with third parties except as required by law or with your explicit consent.
  • Legal Requirements: Courts, regulators, law enforcement, or government authorities where required by applicable law, regulation, subpoena, or court order
  • Business Transfers: In connection with a merger, acquisition, Swiss entity formation, or asset transfer, subject to the acquirer honoring this Privacy Policy or providing equivalent protections

We do not sell your personal data to third parties.

6. Data Retention and Storage

We retain personal information only as long as necessary for the purposes described in this Policy, unless a longer retention period is required by law:

  • KYC/AML records: Retained for a minimum of five (5) years following the end of the business relationship or last transaction, or longer where required by applicable AML regulations (typically up to seven years under FATF-aligned standards)
  • Grant and researcher records: Retained for the duration of the grant relationship plus five (5) years for audit and dispute resolution purposes
  • Testnet registration data: Retained until mainnet activation processing is complete, plus two (2) years, unless a Sybil or fraud investigation extends retention
  • Signals Platform account data: Retained for the duration of the subscription plus two (2) years
  • Technical logs and analytics: Typically retained for twelve (12) to twenty-four (24) months
  • On-chain data: Permanent and immutable on the public blockchain — not subject to deletion requests (see §8)

Storage location: During Phase 1, personal data is stored on servers located in the United States. Upon Swiss entity formation and FINMA authorization (targeted 2027–2028), ALI will publish an updated Privacy Policy describing any migration of data processing to Switzerland and applicable cross-border transfer mechanisms (including Standard Contractual Clauses where required for EU/EEA data subjects).

7. Security of Your Information

We implement administrative, technical, and physical security measures to protect personal data held in our centralized systems, including encryption in transit and at rest, access controls, and employee confidentiality obligations. However:

  • We cannot guarantee the security of public blockchains (Base Protocol) or your non-custodial wallet. You are solely responsible for securing your private keys and seed phrases.
  • No method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of data transmitted to or from our Services.

In the event of a data breach affecting personal information in our centralized systems, we will notify affected users and relevant supervisory authorities as required by applicable law.

8. Your Data Rights

Depending on your jurisdiction, you may have the following rights regarding personal data we hold in our centralized systems:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data, subject to legal retention obligations and blockchain immutability limitations
  • Objection / Restriction: Object to or request restriction of certain processing activities
  • Portability: Request transfer of your data in a structured, machine-readable format (where technically feasible)
  • Withdraw Consent: Where processing is based on consent, withdraw consent at any time (without affecting prior lawful processing)
  • Lodge a Complaint: File a complaint with your local data protection supervisory authority (e.g., ICO (UK), CNIL (France), FDPIC (Switzerland), Texas Attorney General (Texas residents))
Limitation — On-Chain Data

We cannot correct, delete, or modify data written to the public blockchain (Base Protocol) as it is technically immutable. Deletion requests apply only to personal data held in ALI’s centralized systems. Your wallet address and on-chain activity will remain publicly visible regardless of any deletion request.

CCPA (California residents): You have the right to know what personal information we collect, the right to deletion (subject to exceptions), and the right to opt out of the sale of personal information. We do not sell personal information. To exercise CCPA rights, contact [email protected].

Legal basis for processing (GDPR / FADP): We process personal data on the following bases: (a) performance of a contract (grant agreements, SAFT, Signals subscriptions); (b) compliance with legal obligations (KYC/AML, sanctions); (c) legitimate interests (fraud prevention, Sybil detection, protocol integrity, aggregate research data); and (d) consent where explicitly obtained (marketing communications).

To exercise any of these rights, contact: [email protected]. We will respond within the timeframe required by applicable law (typically 30 days under GDPR).

9. International Data Transfers

As a globally accessible protocol, your personal data may be transferred to and processed in the United States and other jurisdictions where our service providers operate. Where required by applicable law (including GDPR), we implement appropriate safeguards for cross-border transfers, including Standard Contractual Clauses approved by the European Commission. Upon Swiss domicile confirmation, we will assess whether data localization or additional transfer mechanisms are required under Swiss FADP.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated Effective Date and, where practicable, communicated by email to registered users. Your continued use of our Services after revisions become effective constitutes acceptance of the updated policy, except where applicable law requires affirmative consent.

Swiss Domicile Update: Upon ALI’s establishment of a Swiss legal entity and FINMA authorization (targeted Phase 2, 2027–2028), this Privacy Policy will be updated to reflect Swiss data controller identity, FADP-specific rights, and any data localization changes. Users will receive no less than 30 days’ notice of material changes prior to Swiss domicile migration.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:
[email protected]

Document: ASII Privacy Policy v2.1  |  Status: Draft — Pending CLO Review  |  Supersedes: Privacy-v2 (February 2026)  |  Companion document: TCs-v1-2 (Terms of Service)  |  Next review: Upon Swiss domicile confirmation