Privacy Policy

1.Overview & who we are

NUREV, Inc. ("NUREV," "we," "us," or "our") provides a white-label rewards platform that enables businesses ("Partners") to deploy a branded Rewards Wallet App through which their users ("End Users") can earn rewards points by allowing their devices to contribute unused computing resources to monetization networks.

This Privacy Policy explains what personal information we collect, how we use it, with whom we share it, and the rights and choices available to you. We are committed to handling personal information transparently and minimally - we do not sell personal information, and our software is designed to operate without harvesting user data beyond what is technically necessary to provide the service.

Quick summary: We collect only what's necessary to operate the service and pay you. We don't sell personal information. We don't show ads. We don't run trackers we haven't disclosed. End users control their own participation and can stop contributing or uninstall at any time.

2.Who this policy covers

This policy applies to three groups:

Visitors - anyone who browses nurev.io, signs up for our waitlist, or contacts us.
Partners - businesses (publishers, app operators, creator communities, content networks, etc.) that register accounts on our dashboard at app.nurev.io to deploy a branded Rewards Wallet App for their audience.
End Users - consumers who download a Partner's branded Rewards Wallet App and choose to earn rewards points by contributing unused device resources.

Where a Partner's End Users interact with the Rewards Wallet App, the Partner is the "controller" of basic identity information (the access code, user ID, email if collected by them) and NUREV is a "processor" of that data on the Partner's behalf. NUREV is the "controller" of contribution metrics and payout data the End User generates while running the Rewards Wallet App.

3.Information we collect

3.1 From Visitors and waitlist signups

Name and email address (when you submit our waitlist form)
Optional website or platform URL
IP address, user agent, device type, and approximate region (logged automatically by our servers and bot-protection provider for security and abuse prevention)
Communications you send us (e.g. emails to contact@nurev.io or replies to our newsletters)

3.2 From Partners

Account registration details: name, business email, business name, role/title, country
Authentication data: hashed password, JWT session tokens
Branding assets you upload (logo, color palette, currency name, app artwork)
Configuration settings: revenue-share percentages, app preferences, API keys
Payout details: cryptocurrency wallet addresses, optional fiat-payout banking information, the cryptocurrency or stablecoin you elect to receive in
Tax-related information when required (e.g. W-9 / W-8BEN equivalents) for partners crossing IRS reporting thresholds
Communications and support history
Usage data: dashboard activity, API call logs, feature use

3.3 From End Users (running the Rewards Wallet App)

End Users register through their Partner's onboarding flow. NUREV receives, processes, or stores:

The Partner-issued access code, user identifier (typically email or username from the Partner's own system), and a numeric PIN you choose (stored hashed)
Device identifiers and basic hardware fingerprint: operating system, CPU model, GPU model (if any), available RAM, available disk space - used to allocate appropriate workloads and calculate fair earnings
IP address - used for routing contribution traffic, abuse detection, and to determine the user's general region for tax/regulatory purposes
Contribution metrics: session duration, accepted vs rejected work shares, bandwidth volume, storage chunks served, audit-pass rates, and equivalent measurements for each contribution type
Earnings ledger: rewards points balance, redemptions inside the Partner's ecosystem, conversions to crypto payouts
Payout details if the End User elects to withdraw earnings to their own crypto wallet (wallet address, payout currency, transaction history)
Crash reports and diagnostic events (Sentry)

What we do not collect from End Users: we do not access browsing history, files on the device, contacts, microphone or camera, photos, location beyond IP-derived region, or any data outside the Rewards Wallet App's own sandbox. The contribution workloads run in our sandbox; they do not have access to the rest of the device.

3.4 From third-party sources

We may receive information about you from:

Service providers (e.g. cryptocurrency exchanges that process payouts may share confirmation data; email service providers may share bounce and engagement metrics)
Resource buyers (e.g. bandwidth-network operators, AI inference customers) may report aggregated usage that lets us calculate earnings
Identity verification providers (if and where required by law for high-value payouts)
Analytics providers (aggregated, non-identifying)

4.How we use information

We use information to:

Provide the service - authenticate users, route contribution work to End User devices, calculate and pay earnings, generate dashboard analytics, deliver branded experiences to Partners' End Users
Communicate with you - send transactional emails (waitlist confirmations, payout receipts, security alerts), respond to inquiries, send service updates
Process payouts - exchange cryptocurrencies, transmit funds to wallets, comply with tax reporting
Protect the service - detect and prevent fraud, abuse, money laundering, and security incidents; enforce our Terms of Service
Improve the service - measure feature use, debug crashes, model network capacity, refine earnings algorithms
Comply with legal obligations - tax law, anti-money-laundering rules, lawful requests from regulators or law enforcement

We do not use personal information to serve advertising. We do not sell personal information. We do not allow third parties to scrape device usage data for marketing purposes.

5.Legal basis for processing (EU/UK)

If you are in the European Economic Area, United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR / UK GDPR:

Performance of a contract - to deliver the service to Partners and End Users who have entered our Terms of Service
Consent - for waitlist signups, optional marketing communications, and any optional analytics cookies (where applicable)
Legitimate interests - to secure the service against abuse, debug software, prevent fraud, and develop new features (provided your interests do not override ours)
Legal obligation - to meet tax, financial, anti-money-laundering, and regulatory requirements

6.How we share information

We do not sell personal information. We share information only as described below.

6.1 Service providers (data processors)

We use third parties to operate critical parts of our infrastructure under contracts that bind them to confidentiality and to processing data only on our instructions:

Category	Provider(s)	Purpose
Cloud infrastructure	DigitalOcean, MongoDB Atlas	Hosting, databases, container registry, object storage
Transactional email	Brevo	Service emails to Partners and Visitors
Transactional SMS	Twilio	Admin alerts, optional 2FA
Error monitoring	Sentry	Crash and error reports for service reliability
Bot protection	Cloudflare Turnstile	Spam prevention on public forms
Cryptocurrency exchange routing	ChangeNOW, Exolix, StealthEX	Payouts in the user's elected currency
Product analytics	PostHog (or equivalent)	Aggregate funnel and feature-use metrics
Uptime monitoring	Better Stack (or equivalent)	Public endpoint reliability
AI / LLM providers	Anthropic, OpenRouter, Together AI	Background AI tasks for our internal pipelines; data is not used to train third-party models

6.2 Resource buyers

When an End User chooses to contribute device resources, the workload is dispatched to one or more resource buyers. NUREV transmits only what is necessary to perform the work:

Bandwidth networks (Mysterium, IPRoyal, Sentinel and similar) receive routed traffic associated with a session identifier and the End User's IP address. They do not receive the End User's name, email, or Partner identity.
Distributed storage networks receive encrypted fragments of customer data; they cannot read the contents.
Compute and AI inference customers receive deterministic computational tasks; they do not receive End User identity.

6.3 Partners (when you are an End User)

If you are an End User running a Partner's Rewards Wallet App, NUREV shares with that Partner: your Partner-issued access code, your Partner-issued user identifier, your earnings ledger, and your redemption history. The Partner is independently responsible for how they use this information under their own privacy policy.

6.4 Legal compliance and safety

We may disclose information when we believe in good faith that disclosure is required by law, court order, or other legal process, or is necessary to protect the rights, property, or safety of NUREV, our users, or the public.

6.5 Business transfers

If NUREV is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction, subject to standard confidentiality protections and the continued application of this policy or a successor policy that is at least as protective.

7.Cookies, analytics & tracking

We use a small set of cookies and equivalent technologies:

Strictly necessary - session and authentication cookies on the dashboard; CSRF tokens; bot-protection challenge state
Analytics - aggregate funnel metrics on nurev.io and the dashboard, with no cross-site tracking. Where required by law, we ask for consent before activating analytics cookies.
No advertising or marketing trackers. We do not embed Facebook Pixel, Google Ads remarketing tags, third-party retargeting cookies, or similar.

You can disable cookies in your browser, though some parts of the service (e.g. logging in) require strictly necessary cookies to function.

8.Data retention

We retain personal information for as long as needed to operate the service, comply with legal obligations, resolve disputes, and enforce our agreements:

Waitlist signups - until you unsubscribe or request deletion, plus a brief audit window
Active Partner accounts - while the account is active, plus 7 years for tax/financial records as required by US federal law
Active End User accounts - while the account is active and has a positive balance or recent activity
Closed accounts - core identity information is removed within 90 days of closure; ledger and payout records are retained for 7 years for tax/financial compliance
Crash and diagnostic logs - 30 days
Anti-fraud and security logs - up to 1 year

9.Security

We use industry-standard technical and organizational measures to protect personal information, including:

Encryption in transit (TLS 1.2+) for all client-server traffic
Encryption at rest for our managed database and object storage
Hashed passwords (bcrypt with per-user salt) and JWT-based session tokens
Code-signed installers with antivirus-vendor approval (verified across the top 15 AV vendors)
Sandboxed contribution workloads that cannot access files or data outside their own working directory
Adaptive throttling on End User devices to prevent battery, thermal, or performance impact
Access controls, least-privilege admin access, and audit logging on internal systems
Regular dependency, image, and infrastructure scans

No system is perfectly secure. If we ever discover a security incident affecting your information, we will notify affected users and applicable regulators in line with applicable law.

10.Your rights & choices

Depending on where you live, you may have the right to:

Access - request a copy of personal information we hold about you
Correct - request that we correct inaccurate information
Delete - request that we delete personal information, subject to legal retention requirements
Port - receive a machine-readable copy of information you provided
Object or restrict - object to certain processing or ask us to restrict it
Withdraw consent - where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
Lodge a complaint - with a supervisory authority where applicable

To exercise any of these rights, email contact@nurev.io. We will respond within the timeframe required by applicable law (typically 30-45 days). We may need to verify your identity before responding.

11.California privacy notice (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act and the California Privacy Rights Act provide additional rights:

The right to know what personal information we collect, use, and share - which is described in Section 3 and Section 6 above.
The right to delete personal information, subject to exceptions (see Section 8).
The right to correct inaccurate personal information.
The right to opt out of the "sale" or "sharing" of personal information. We do not sell or share personal information for cross-context behavioral advertising, so there is no sale or sharing to opt out of.
The right to limit use of "sensitive personal information." We do not use sensitive personal information beyond what is strictly necessary to deliver the service you requested.
The right to non-discrimination for exercising any of these rights.

To exercise these rights, contact contact@nurev.io. You may also designate an authorized agent.

12.Europe / UK notice (GDPR)

If you are in the EEA, UK, or Switzerland, the rights described in Section 10 are guaranteed under the GDPR / UK GDPR / Swiss FADP. Our legal bases are described in Section 5.

You have the right to lodge a complaint with your local supervisory authority. We do not currently appoint an EU representative under GDPR Art. 27; this will be reviewed once we onboard EU-based Partners.

13.Children

NUREV is not directed to children under 13 (or under 16 in the EEA/UK), and we do not knowingly collect personal information from them. If you believe a child has signed up, contact us at contact@nurev.io and we will delete the account and associated data.

Partners are independently responsible for ensuring that their End User audience meets the applicable minimum age in their jurisdiction.

14.International data transfers

NUREV is based in the United States. By using the service, you understand that your information may be processed in the United States and other countries where our service providers operate. Where required, we rely on Standard Contractual Clauses (SCCs), the EU-US Data Privacy Framework where applicable, or equivalent transfer mechanisms.

15.Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. The "Last updated" date at the top of this policy reflects the most recent revision. Material changes will be communicated by email (to Partners) or by a prominent notice on nurev.io at least 14 days before they take effect, unless a shorter period is required by law.

16.Contact us

If you have questions, concerns, or requests about this Privacy Policy or your personal information, contact us:

Email: contact@nurev.io
Phone: (605) 800-6466
Mail: NUREV, Inc., 4809 W 41st St, Ste 202, Sioux Falls, South Dakota 57106