T & C

Last Updated: February 05, 2026

These Terms of Use ("Terms") govern your access to and use of the zERC20 protocol, the application at app.zerc20.io, and related services (collectively, the "Services"). By accessing or using the Services, you agree to be bound by these Terms. If you do not agree, do not use the Services.

  1. Definitions

For clarity, the following terms have the meanings set forth below:

zERC20 Protocol: A privacy-preserving ERC-20 token protocol based on EIP-7503 (zk-Wormhole / Private Proof-of-Burn). It enables private token transfers using standard ERC-20 operations and ordinary Web3 wallets, without requiring dedicated privacy wallets or special deposit functions. The Protocol natively supports cross-chain private transfers across EVM-compatible chains.

zk-Wormhole: The core privacy mechanism of zERC20, derived from EIP-7503. It enables private transfers by generating burn addresses — addresses with no private key owner — to which tokens are sent. Recipients prove knowledge of the secret used to create the burn address via zero-knowledge proofs (ZKPs), allowing them to mint an equivalent amount of zERC20 tokens.

Burn Address: An address computed as trim160(poseidon(recipient, secret)) to which tokens are sent during a private transfer. Because no entity holds the private key to a burn address, the transferred tokens are effectively burned and can only be recovered by the intended recipient through a ZKP withdrawal.

IVC (Incrementally Verifiable Computation): A Nova-based proving system used to sequentially verify off-chain transfer records and build the transfer Merkle tree. IVC enables lightweight ZK proofs and efficient batch withdrawals with low on-chain gas costs.

Crosschain Poseidon Merkle Tree: A tree structure used to efficiently prove transfer history across multiple chains. Verifier contracts on each chain transmit local transfer tree roots to a Hub contract via a cross-chain messaging protocol, which builds a global Merkle tree enabling cross-chain withdrawals.

Verifier Contract: A smart contract deployed on each supported chain that verifies ZK proofs for withdrawals, tracks cumulative withdrawn amounts to prevent double withdrawals, and stores transfer roots.

Operator: The entity responsible for operating, maintaining, and publishing the zERC20 application, website, and documentation. References to "zERC20," "we," or "us" in these Terms refer to the Operator in its capacity as the provider of the application interface, and do not imply custody or control over on-chain Protocol operations.

Restricted Countries: Jurisdictions subject to international sanctions, including but not limited to those listed by OFAC, EU sanctions lists, or UN Security Council resolutions (e.g., North Korea, Iran, Syria).

  1. Scope & Nature of Services

zERC20 is a non-custodial, privacy-preserving ERC-20 token protocol operating across multiple EVM-compatible chains (including but not limited to Ethereum, Arbitrum, Base, and BNB Chain). The Services involve real economic value, including wrapping, private transfers, cross-chain transfers, and withdrawals of ERC-20 tokens. Users interact with the Protocol through the application at app.zerc20.io or directly via standard ERC-20 transfer operations from any compatible wallet.

The Protocol functions as follows:
(a) A recipient generates a burn address by combining their actual address with a secret value.
(b) A sender transfers tokens to the burn address using a standard ERC-20 transfer.
(c) The recipient submits a ZK proof to the Verifier contract, proving knowledge of the secret, and receives (mints) an equivalent amount of zERC20 tokens.

The Protocol is entirely non-custodial. The Operator does not hold, control, escrow, or have access to any user funds, tokens, or digital assets at any time. The Operator has no ability to reverse, cancel, freeze, or modify any on-chain transaction, nor to recover any assets sent through the Protocol, including assets sent to burn addresses.

Participation is voluntary and users are responsible for following recommended privacy practices (e.g., using round transfer amounts, waiting before redeeming, transferring rather than merely wrapping) and for legal compliance.

  1. Eligibility & Compliance

You must be at least the age of majority in your jurisdiction to use the Services.

You warrant that:
(a) You are not a resident or entity of Restricted Countries.
(b) Your use complies with all applicable laws in your jurisdiction, including any applicable anti-money laundering (AML) and counter-terrorism financing (CTF) regulations.
(c) You are not using the Services for money laundering, terrorism financing, sanctions evasion, or any other unlawful purpose.

You acknowledge and agree that you are solely and entirely responsible for:
(a) Determining whether your use of the Services complies with AML, CTF, KYC, sanctions, and any other applicable laws and regulations in your jurisdiction.
(b) Conducting your own due diligence on any counterparties, addresses, or tokens you interact with through the Protocol.
(c) Obtaining any licenses, approvals, or registrations required by applicable law before using the Services.

The Operator does not act as a financial institution, money services business, virtual asset service provider, or intermediary of any kind. The Operator does not perform AML/KYC screening, does not monitor transactions, does not verify the identity of users, and does not make compliance determinations on behalf of any user.

Certain smart contracts within the Protocol may incorporate autonomous, protocol-level parameters (e.g., on-chain address screening lists) that restrict interactions involving specific addresses. These parameters are embedded in the Protocol's open-source code and operate deterministically without human intervention or discretion by the Operator.

  1. Authorized Usage

The Services are for lawful purposes only. Prohibited activities include:
(a) Money laundering, terrorism financing, or any illicit behavior.
(b) Attempting to exploit or circumvent the Protocol's privacy or security mechanisms.
(c) Interfering with the Protocol's operation, such as submitting invalid proofs, exploiting smart contract vulnerabilities, or attempting double withdrawals.
(d) Using the Services to obscure the origins of proceeds from criminal activity.

  1. Decentralization, Autonomy & Custody Disclaimer

The zERC20 Protocol consists of open-source smart contracts deployed on public blockchain networks. The Operator provides the application interface at app.zerc20.io, but does not control, operate, or have the ability to alter on-chain Protocol operations, user transactions, balances, or private transfer activities.

No Custody. The Operator does not at any time take custody, possession, or control of your digital assets. All tokens deposited into, transferred through, or withdrawn from the Protocol remain entirely under the control of the applicable smart contracts and the users who hold the relevant private keys and secrets. The Operator cannot access, move, freeze, recover, or return any assets on your behalf.

Irreversibility of Transactions. Due to the nature of blockchain technology and the zk-Wormhole mechanism, all transactions executed through the Protocol — including transfers to burn addresses — are final and irreversible. Once tokens are sent to a burn address, they can only be recovered by the party who possesses the corresponding secret and can generate a valid ZK proof. If a secret is lost, if tokens are sent to an incorrect burn address, or if a ZK proof cannot be generated for any reason, the associated assets are permanently and irrecoverably lost. The Operator has no technical ability to reverse, recover, or reimburse any such loss.

You are solely responsible for:
(a) Securing your hardware, software, wallets, and private keys.
(b) Safeguarding the secrets used to generate burn addresses. Loss of a secret results in permanent, irrecoverable loss of the associated assets.
(c) Verifying the correctness of burn addresses and transfer parameters before executing any transaction.
(d) Generating and submitting valid ZK proofs for withdrawals.
(e) Following recommended privacy practices to maintain anonymity.
(f) Interacting with third-party services (e.g., underlying blockchains, wallets, cross-chain messaging protocols) at your own risk.

The Protocol relies on underlying blockchain networks (e.g., Ethereum, Arbitrum, Base) for settlement and security. Any issues with these networks (e.g., forks, congestion, outages) may affect the Services.

  1. Data, Privacy & User Responsibilities

We collect minimal data as per our Privacy Policy (accessible at https://zerc20.io/privacy-policy) and applicable laws (e.g., GDPR, CCPA). The Privacy Policy is incorporated herein; in case of conflict, these Terms prevail.

The Protocol is designed to preserve transaction privacy. However, the degree of privacy achieved depends on user behavior. Users should follow the recommended privacy practices published in the zERC20 documentation, including but not limited to:
(a) Transferring zERC20 tokens to another wallet rather than merely wrapping and unwrapping.
(b) Using round transfer amounts to reduce traceability.
(c) Waiting a reasonable period between wrapping and redeeming to break time-correlation.

  1. Risks Disclosure

Using the Services involves significant risks, including but not limited to:

Technical Risks: Smart contract vulnerabilities in Verifier contracts or the Hub contract; ZKP generation failures; IVC computation errors; bugs in the Nova/cycleFold proving system; dependencies on underlying blockchain networks (e.g., gas fees, network forks, chain reorganizations); cross-chain messaging failures.

Financial Risks: Volatility of deposited or wrapped assets; permanent and irrecoverable loss of funds due to incorrect proof generation, lost secrets, erroneous burn address computation, or smart contract exploits; gas costs for on-chain transactions. The Operator does not insure, guarantee, or underwrite any user assets.

Privacy Risks: Potential de-anonymization if recommended privacy practices are not followed; distinguishability of ERC-20 transfers to burn addresses from ordinary transfers (this gap is expected to narrow with account abstraction adoption); metadata analysis by sophisticated adversaries; correlation attacks based on transfer amounts or timing.

Regulatory Risks: Changes in laws or regulations affecting privacy protocols, ZK proof systems, or token transfers; potential classification of zERC20 activities under money transmission or other regulatory frameworks; enforcement actions against privacy-preserving protocols. Users are solely responsible for assessing and managing their own regulatory risk.

Cross-Chain Risks: Failures in the cross-chain messaging protocol (e.g., LayerZero); delays or errors in global Merkle tree construction at the Hub contract; inconsistencies between chain-specific transfer roots.

Third-Party Risks: Reliance on wallets, blockchain networks, cross-chain bridges, or other infrastructure; no liability for their failures or security breaches.

Users bear all risks; conduct due diligence.

  1. No Warranty

The Services are provided "as-is" without warranties, express or implied, including fitness for a particular purpose, non-infringement, or any guarantee of privacy, security, availability, or recoverability of assets.

  1. Limitation of Liability & Indemnity

To the fullest extent permitted by law, the Operator and its affiliates shall not be liable for any indirect, incidental, consequential, or punitive damages arising from the Services, even if advised of such possibility. This includes but is not limited to losses arising from de-anonymization, smart contract exploits, cross-chain transfer failures, ZKP generation errors, loss of secrets used to generate burn addresses, erroneous transfers, or permanent loss of assets.

The Operator shall have no liability whatsoever for the loss, theft, or inaccessibility of any digital assets deposited into, transferred through, or associated with the Protocol. This disclaimer applies regardless of the cause of loss, including but not limited to user error, smart contract failure, third-party exploits, or regulatory action.

Liability is limited to the amount of fees paid by you in the past 12 months, except for gross negligence or willful misconduct.

You indemnify the Operator and its affiliates against claims arising from your misuse, regulatory violations, or participation in the Services, including any claims by third parties or regulatory authorities relating to AML, CTF, sanctions, or other compliance matters attributable to your use.

  1. Intellectual Property

The zERC20 name, branding, documentation, and application interface are the property of the Operator. Smart contracts and related protocol code are open-source under applicable licenses. The zk-Wormhole mechanism is based on EIP-7503 and related research.

  1. Termination & Suspension

The Operator may suspend or terminate your access to centralized components (e.g., the app.zerc20.io website, APIs) for Terms violations, suspected illegality, or security reasons. You may appeal via support@zerc20.io.

Access to the decentralized Protocol (i.e., on-chain smart contracts) cannot be terminated by the Operator, as these operate autonomously on their respective blockchain networks.

  1. Force Majeure

The Operator is not liable for failures due to events beyond its control, including network outages, blockchain disruptions, cross-chain messaging failures, regulatory changes, or natural disasters.

  1. Third-Party Services

The Services may integrate with or depend on third parties (e.g., Ethereum, Arbitrum, Base, BNB Chain, LayerZero, Web3 wallets). The Operator disclaims liability for their performance, availability, security, or risks.

  1. Changes to Terms

We may update these Terms at any time. Continued use of the Services after changes constitutes acceptance. Material changes will be notified via the website or other reasonable means.

  1. Governing Law & Dispute Resolution

These Terms are governed by Swiss law. Disputes shall be resolved through binding arbitration under the Swiss Rules of International Arbitration by the Swiss Arbitration Centre, seated in Zurich, with one arbitrator, in English. Exceptions for injunctive relief (e.g., IP violations) may be sought in Swiss courts. Arbitration is final; no class actions.