Privacy Policy.

Effective Date: March 17, 2025

Welcome to MedusAuth.xyz (the “Website” or “Service”), owned and operated by Mida Labs s.r.l. (“we,” “us,” “our”). Our registered office is at Via S. Leonardo, 81, 80044 Ottaviano (NA), Italy. Mida Labs s.r.l. acts as the Data Controller (Titolare del Trattamento) for all personal data we process in relation to this Website. We have not appointed a Data Protection Officer (DPO) because we are not legally required to do so at this time, but we remain fully committed to protecting your personal data and respecting your privacy.

This Privacy Policy explains how we collect, use, share, and protect your personal information, as well as your rights regarding that information. If you have any questions, comments, or concerns about this Privacy Policy — including requests to exercise your legal rights — please contact us at:

Mida Labs s.r.l.
Via S. Leonardo, 81, 80044 Ottaviano (NA), Italy
Email: [email protected]

1. Scope and Acceptance

Scope. This Privacy Policy applies to all visitors, users, and others who access the Website worldwide, including users from the European Economic Area (EEA), the UK, Brazil, the United States (including California), and other regions.

Acceptance. By accessing or using our Website, you signify that you have read, understood, and agree to the collection, storage, use, and disclosure of your personal information as described in this Privacy Policy. If you do not agree, please refrain from using the Website.

2. Personal Data We Collect

We may collect personal data (information relating to an identified or identifiable natural person) and non-personal data (information that does not directly identify you). Below is a summary of the types of data we collect and the purposes for which we use them.

• Data Provided by You
  • Discord Login Data: Upon login via Discord, we collect your Discord ID and username. Please note that Discord is an independent data controller for any data it processes; you can find its privacy policy here: https://discord.com/privacy.
  • Subscription and Billing Data: If you purchase a subscription package, we collect:
    • Name and/or Business Name
    • Billing Address
    • Email Address
    • VAT Number (optional)
    These billing details are stored in our database, which resides on our self-managed backend servers. We use this data to fulfill our contractual obligations and comply with legal requirements (e.g., tax regulations).
  • Payment Data: For payments made on the Solana blockchain via our third-party provider, Helio, we store the transaction hash and the wallet address used for payment. Please note that transaction details on the Solana blockchain are immutable and publicly visible, which may limit the extent to which such data can be erased or modified.
• Automatically Collected Data
  • Analytics and Tracking: We use Vercel Analytics to understand how you use our Website (e.g., pages visited, time spent, referring URLs, IP address, device information). This helps us improve our Service.
  • Domain and DNS: Our domain is managed by IONOS, which may collect information relating to DNS queries or domain usage. Their processing of data is governed by their own privacy policies.
  • Log Files: Our hosting provider, Vercel, may automatically record log information (e.g., IP addresses, browser types, referring/exit pages, timestamps) for security and diagnostic purposes.

3. Legal Bases and Lawful Grounds for Processing

Depending on where you reside, our processing of your personal data can rely on different legal frameworks. Here is how we comply under the EU GDPR, UK GDPR, Brazil’s LGPD, and similar laws:

• Performance of a Contract: We process your data to provide our services, authenticate you via Discord, handle subscriptions, and facilitate payments.
• Legitimate Interests: We process data to analyze Website usage, prevent fraud, enhance security, and improve our customer experience. We ensure that these interests do not override your fundamental rights and freedoms.
• Consent: In cases where consent is required (e.g., non-essential cookies, certain marketing communications), we will ask for and rely on your consent. You can withdraw consent at any time.
• Legal Obligations: We may process or retain data to comply with legal requirements, including tax, accounting, and regulatory obligations in various jurisdictions.

4. How We Use Your Data

• Service Provision and Account Management: To authenticate your identity via Discord and manage subscriptions.
• Billing and Payment: To process subscription purchases, generate invoices, and maintain records of blockchain transaction hashes and wallet addresses.
• Analytics and Improvements: To understand how you use our Website, enhance its functionality, and personalize user interactions.
• Communications: To respond to inquiries, send administrative messages, and provide important updates (e.g., changes to this Privacy Policy).
• Legal and Compliance: To detect fraud, enhance security, and comply with applicable legal obligations.

5. How We Share Your Data

We will never sell or rent your personal data. However, we may share data in the following scenarios:

• Third-Party Service Providers: We rely on several external providers for specific services. For example:
  • Latitude.sh (bare-metal servers): We host our backend (including billing data storage) on servers in the United States provided by Latitude.sh. We have a Data Processing Agreement (DPA) in place with them.
  • Vercel (hosting and analytics): We use Vercel for front-end hosting and to gather analytics.
  • IONOS (domain and DNS): IONOS manages our domain and DNS configuration.
  • Helio (Solana blockchain payments): We use Helio to process payments on the Solana blockchain. Helio acts as an independent data controller for payment details; please refer to their privacy policy for more information.
  Each provider has contractual or legal obligations to safeguard your information.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred, subject to confidentiality agreements.
• Legal Obligations and Protection of Rights: We may disclose personal data to comply with laws, regulations, legal processes, or governmental requests, or to protect our rights, property, or safety, or that of our users and the public.

6. International Data Transfers

We are based in Italy, but our infrastructure and service providers operate globally. For instance, we use bare-metal servers from Latitude.sh located in the United States to store certain data, including billing information. This means your data may be transferred to, stored, or processed in countries outside your own, which may have different data protection laws. Where required by law, we rely on mechanisms such as Standard Contractual Clauses (SCC) to ensure an adequate level of protection for personal data transferred internationally.

By using our Website, you consent to these international data transfers, subject to any local requirements.

7. Data Retention

We retain personal data only as long as necessary to achieve the purposes for which it was collected, unless a longer retention period is required or permitted by law. For example, tax and accounting laws in certain jurisdictions may require us to retain billing information for up to 10 years.

8. Your Rights and Choices

General Rights. Depending on your jurisdiction, you may have some or all of the following rights: the right to access, rectification, erasure, restriction, data portability, objection, and withdrawal of consent. To exercise these rights, please email us at [email protected] with the subject line “Data Subject Request.” We may require you to provide verification of your identity before complying with your request.

Additional Rights and Disclosures by Region

• European Economic Area (EEA) & UK: You have the right to lodge a complaint with a supervisory authority. In Italy, the competent authority is the Garante per la Protezione dei Dati Personali. In the UK, it is the Information Commissioner’s Office (ICO).
• Brazil (LGPD): Under Brazil’s Lei Geral de Proteção de Dados (LGPD), you have rights similar to those listed above, including the right to confirm processing, anonymize, block or delete unnecessary or excessive data, and obtain information about public or private entities with which we share your data.
• California (CCPA/CPRA): You have the right to know the categories and specific pieces of personal information we have collected, used, or disclosed about you; the right to delete or correct your information; the right to opt out of the sale or sharing of personal information (we do not sell your data); and the right to non-discrimination for exercising these rights.

9. Cookies

We only use essential cookies necessary for authentication and session management (e.g., NextAuth cookies) to ensure the proper functioning and security of our Website. We do not use cookies for advertising or marketing purposes. For more details about how we handle cookies, please see our Cookie Policy, where you will also find information on how to manage or disable these cookies if required by applicable law.

10. Data Security

We adopt appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. However, no method of transmission over the internet or electronic storage is completely secure. If you believe your data has been compromised, please contact us immediately at [email protected].

11. Minors

We do not impose a strict age limit. If you are under the legal age in your jurisdiction or do not have the capacity to hold cryptocurrencies, you must have the permission of your parent or legal guardian to use the Website.

12. Third-Party Links

Our Website may contain links to other websites, plug-ins, or applications that we do not control. Clicking those links may allow third parties to collect or share data about you. We encourage you to read the privacy policies of every site you visit, as we are not responsible for their practices.

13. Updates to This Policy

We may amend or update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, and other factors. When we do, we will revise the “Last Updated” date at the top. We encourage you to review this policy periodically to stay informed about how we protect your information.

14. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at:

Mida Labs s.r.l.
Via S. Leonardo, 81, 80044 Ottaviano (NA), Italy
Email: [email protected]

We will do our best to address your inquiries and concerns in a timely and satisfactory manner.

By using our Website, you acknowledge that you have read, understood, and agreed to this Privacy Policy.