1. Introduction

WeNode (“WeNode,” “we,” “our,” or “us”) respects your privacy.
This Privacy Policy explains how we collect, use, disclose and safeguard Personal Data when you visit https://wenode.io or interact with any related products, dashboards, APIs, smart-contracts, Discord/TG bots and mobile experiences (collectively, the “Services”).

2. Scope

This Policy applies to anyone who:

browses the website;
creates a WeNode account or wallet connection;
delegates computing power, purchases nodes or invests in infrastructure;
communicates with us on social or support channels;
participates in events, campaigns, Zealy / Galxe quests or airdrops.

3. Definitions

Personal Data – any information that identifies or can reasonably be linked to an individual.

Processing – any operation performed on Personal Data (collection, storage, use, disclosure, deletion, etc.).

Controller – WeNode (legal entity: [WeNode Labs Ltd., registration Nº …]).

Processor – a third party that processes data on WeNode’s behalf (e.g. AWS, Supabase, Cloudflare).

4. Data We Collect

Category	Examples	Legal basis*
Account & Contact	e-mail, Discord/Twitter handle, wallet address, social-login metadata	Contractual necessity
Technical	IP, device/OS, browser, time-zone, language, referral URL	Legitimate interest
Usage / Telemetry	Node uptime, delegated hash-rate, click paths, feature engagement	Legitimate interest
Blockchain Data	Public wallet address, on-chain tx hashes, staking amounts	Contract / Legitimate interest
Marketing	Newsletter opens, campaign UTM tags, Zealy scores	Consent

* For EU/UK users we rely on GDPR legal bases.

5. How We Use Data

Operate the network – node registration, reward calculations, airdrop eligibility.
Improve the product – performance analytics, bug diagnostics, UX research.
Security & abuse prevention – DDoS mitigation, anti-sybil checks, KYC/AML (where required).
Marketing & community – campaign updates, event invitations, role/level assignments.
Regulatory compliance – tax, accounting and anti-money-laundering obligations.

6. Cookies & Similar Tech

We use first-party cookies for session management and third-party cookies (e.g. Plausible / Google Analytics) for aggregated analytics. You can manage preferences via the cookie banner or browser settings.

7. Sharing & Disclosure

We never sell Personal Data. We share it only with:

Cloud & infra providers — AWS, GCP or [provider list];
Analytics / marketing tools — Plausible, PostHog, MailerLite, Zealy, Galxe;
Payment / KYC vendors — Stripe, SumSub (if node sales require fiat/fiat-on-ramp);
Legal or regulatory bodies when lawfully compelled;
Successors in the event of merger, acquisition or asset sale.

8. International Transfers

Data may be stored or processed outside your jurisdiction (e.g. EU-US). When we transfer EU/UK data internationally we rely on Standard Contractual Clauses or an adequacy decision.

9. Security

We apply industry-standard safeguards: TLS 1.3, encryption at rest, least-privilege IAM, periodic penetration testing, multi-sig on treasury wallets. No system is 100% secure; you use the Services at your own risk.

10. Data Retention

Personal Data is kept [X years/months] or until the purpose is fulfilled, whichever is longer, unless a longer retention is required by law (e.g. tax records 7 years).

11. Your Rights

Access, correct, delete or port your data;
Object to or restrict processing;
Withdraw consent (marketing opt-out);
Lodge a complaint with your local data-protection authority.

Requests: privacy@wenode.io (we respond within 30 days).

12. Children

WeNode does not knowingly collect data from children under 13 (US) / 16 (EU). If you believe we hold such data, contact us for deletion.

13. Changes to This Policy

We may update this Policy periodically. We will notify you via banner, e-mail, or dashboard notice and update the “Effective Date” above.

14. Contact

Controller: WeNode Labs Ltd., [registered address, jurisdiction]
E-mail: privacy@wenode.io
Data-Protection Officer: [Name or “N/A if not required”]

Information We’ll Need from the CTO / Engineering & Ops Leads

Area	Why we need it	Questions for CTO / Ops
Hosting & infra map	Identify processors / data-transfer regions	Which cloud regions are in use? Any on-prem or third-party nodes storing logs?
Data inventory	Build Article 30 GDPR record; list what exactly is logged	What user-level logs are stored (IP, CPU stats, wallet)? Retention periods per table/bucket?
Security controls	Draft Security & Breach section accurately	Encryption standards at rest/in transit? Incident-response workflow & SLA?
Sub-processors list	Legally required to disclose	Full vendor list (analytics, email, CDN, KYC) Links to their DPAs?
Cookies / SDKs	Must list in cookie banner	Exact cookies / local-storage keys set by frontend SDKs loaded (GA4, Plausible, Sentry)?
Reward logic & on-chain data	Explain “why we process wallet addresses”	Where is reward calc performed (off-chain DB vs smart-contract)?
KYC / AML flow (if any)	Needed for legal basis & retention	Which provider? What documents stored & for how long?
Backup & retention policy	Define retention + deletion rights	Snapshot frequency? Data-deletion automation?
Cross-border transfers	SCC or other mechanism?	Any US-hosted analytics for EU users?
Support / ticketing logs	Additional data category	Tool used (Zendesk, Intercom)? Storage duration?
Contact points	Must list accurate addresses	Registered legal entity name & address? Dedicated privacy mailbox?

Once the CTO supplies these details, we can plug the specifics into the template → final compliant Privacy Policy (and generate the formal Word/PDF if needed).