Legal Basis for Processing

For individuals in the European Economic Area (EEA), United Kingdom,or other regions with similar laws, Vixor must have a valid legal basis to process your personal data under the GDPR or equivalent regulations. We primarily rely on the following legal bases:

• Performance of a Contract: When you connect your wallet and use the Vixor platform, you are effectively requesting our service. We process your wallet address and related data as necessary toprovide you with the services you have requested – such as facilitating your market-making transactions and enabling platform features. This is considered “performance of a contract” (even if no formal contract was signed, it covers the service you expect us to deliver).
• Legitimate Interests: We may process certain data as needed for our legitimate business interests, provided those interests are not overridden by your fundamental rights and freedoms. For example, it is in our legitimate interest to ensure the security and integrity of the platform, to prevent fraud or malicious activity, to understand how our platform is used, and to improve and develop our services. When we process data for these purposes, we consider and balance any potential impact on your privacy. For instance, we may log wallet addresses and usage events to detect and block suspicious or illegal activities (such as a wallet associated with known fraud or sanctions), which helps protect both Vixor and the community. We may also analyze aggregated usage trends to improve user experience. Important: We do notuse your data for invasive profiling or marketing without your consent.
• Compliance with Legal Obligations: In certain cases, we may need to process or retain your data to comply with applicable laws or regulations. For example, if we are required by law to retain certain records, respond to a lawful request by government authorities, or comply with a court order, we will do so. Additionally, if future laws require that we screen blockchain addresses against sanction lists or other compliance databases, we may process your wallet address for such checks under a legal obligation basis. (At the time of this Policy, Vixor is not formally under any specific national jurisdiction, but we strive to abide by broadly applicable laws and may voluntarily implement compliance measures as appropriate.)
• Consent: Generally, we do not rely on consent for most of our data processing, given our minimal data collection. However, for certain optional features or situations, we may seek your consent. For example, if in the future we offer an email newsletter or use non-essential cookies/analytics in jurisdictions where consent is required, we will only process the relevant data if you have given consent. You have the right to withdraw any such consent at any time. (Withdrawal of consent will not affect the lawfulness of processing done before you withdrew.)

In summary, we ensure that we have a valid basis under GDPR and similar laws for all personal data we process. If you have any questions about the legal basis for a specific processing activity, you can contact us using the information in the Contact section.

Data Use

We use the information we collect for purposes consistent with and necessary for operating a safe and effective platform. Specifically, Vixor uses your data (primarily your wallet address and technical usage data) for the following purposes:

• Providing and Operating the Service: We use your public wallet address to authenticate you (verify that you are the owner of the wallet by requesting you to sign a message or similar method) and to enable you to interact with the platform’s smart contracts. Your wallet address is used to initiate and facilitate your market-making transactions and other on-chain activities through Vixor. We also use it to display your own transaction information or positions back to you within the platform. Without processing your wallet address, we could not offer the core functionality of our service.
• Personalizing User Experience: We may use data stored in your browser (cookies or local storage tied to your wallet or device) toremember your preferences and settings to enhance your experience across sessions. For example, we might remember which blockchain network you last used, UI preferences (like language or theme), or tokens/markets you interacted with, so that you don’t have to reconfigure them each time. This use of data is aimed at convenience and does not involve collecting new personal details beyond your wallet and device context.
• Analytics and Improvement: We analyze aggregated usage data (e.g., number of users, page interaction metrics, device types, etc.) to understand how our platform is used and to improve it. This helps us identify technical performance issues, optimize user interface flows, and plan new features. For example, knowing that many users access Vixor via a mobile device or a certain browser can guide us to ensure compatibility. These analytics are generally performed on an aggregate or anonymized basis (not linked to your identity) and are done in pursuit of our legitimate interest in enhancing our services.
• Security and Fraud Prevention: We use collected data toprotect the security, integrity, and legality of our platform. This includes using your wallet address and technical data to detect and prevent fraudulent or unauthorized activity. For instance, if a particular wallet address is known for engaging in hacks or is flagged on public sanction/blacklist lists, we may use that information to block or limit that wallet’s interaction with Vixor for the safety of our users and compliance. We also monitor usage patterns (like access logs) to detect DDoS attacks or other malicious behavior. Any such monitoring or screening is done in a proportionate manner, and primarily by automated means (with human review if needed) – we do not profile individual users for marketing, but we do profile addresses for security risks.
• Compliance and Legal Requirements: If necessary, we will use your data to comply with applicable laws, regulations, and legal processes. For example, we may retain certain logs to meet financial regulations or respond to government requests (to the extent those laws apply to our decentralized platform). If we are ever required to notify users of certain events (like a security breach), having a record of wallet addresses or contact info (if you provided any) would be used for that notification. We may also use data to enforce our Terms of Service or other agreements, or to establish, exercise, or defend legal claims.
• Communicating with You: Because we do not collect your email or phone by default, direct communications will be limited. However, if you contact us first (e.g., for support or to exercise your rights), we will use the contact information you provided to respond to your inquiries or requests. We will only use that information for the purpose of communication and resolving your issue. If in the future we implement an optional mailing list or updates service, we will collect and use your contact details for that purpose only with your consent and provide a way to opt out at any time.

We want to emphasize that we do not sell your personal information or use it for third-party advertising purposes. Data we collect is used strictly to operate and improve Vixor and to protect our users and platform. If we ever intend to use your data for a new purpose not described in this Policy, we will update this Policy and, if required, seek your permission.

Data Sharing

• Service Providers (Processors): We may share information with third-party service providers who perform services on our behalf and need access to certain data to carry out their work. Examples include:
  • Cloud Hosting and Storage: We use Amazon Web Services (AWS) cloud infrastructure (specifically data centers in the United Arab Emirates) to host our platform and store data securely. Any personal data (like wallet addresses or logs) stored on AWS is subject to strict contractual confidentiality and security obligations. AWS acts as a data processor, processing data only under our instructions.
  • Analytics Tools: If we use third-party analytics or performance monitoring tools (such as Google Analytics or similar), those providers may process limited data (as described in Cookies and Analytics) to provide us aggregate insights. We configure such tools to avoid collecting unnecessary personal data (for example, anonymizing IP addresses when possible). These providers are only given access to pseudonymous identifiers and usage data needed to perform analytics, and they are prohibited from using it for their own purposes.
  • Other Support Tools: In the event we use any additional tools or vendors for things like customer support, security monitoring (e.g., a service that scans for security threats), or email communication (if you opt into communications), those vendors would also have access only to the data necessary for their function and are bound by privacy and security obligations.
• We contractually require all service providers to protect your data and to use it only for providing services to us, in line with this Policy. They are not allowed to disclose or use your data for any other purpose.
• Affiliates and Personnel: If Vixor in the future has affiliate entities or is operated by a team, your information may be shared within our small team or among affiliated entities, solely for the purposes described in this Policy. All persons with access will be subject to the same obligations of confidentiality and security. (Currently, since Vixor is not a formally incorporated company, “affiliates” is not applicable beyond the core team members operating the platform.)
• Legal Requirements and Protection: We may disclose personal information if we in good faith believe that such action is necessary to: (i) comply with a legal obligation, applicable law or regulation, or respond to a valid legal process (e.g., a subpoena, court order, or government demand); (ii) protect and defend the rights, property, or safety of Vixor, our users, or the public. This could include sharing data with law enforcement or regulators if we are legally compelled to do so, or to report unlawful activity. If we receive a request for information from a government authority, we will carefully review it and only comply if required by law and within the scope of that law.
• Business Transfers: If Vixor’s operations or ownership structure changes in the future (for example, if we establish a formal company, merge with another organization, or if there is a sale or transfer of all or part of our assets), your information may be transferred to the new entity or third party as part of that transaction. We would ensure that any such transfer is subject to your personal data being protected in a manner consistent with this Policy. If a recipient’s plans for the data would differ from this Policy, you would be given notice (and if required by law, an opportunity to consent or opt-out) at that time.
• With Your Consent: In cases where you explicitly consent or request that we share your information with a third party, we will do so. For example, if you were to participate in a co-sponsored promotion or integrate your Vixor usage with another service at your direction, we would share data as needed with your permission. However, by default, there are no such data sharing arrangements without user initiation.

Aside from the scenarios above, we do not disclose your personal data to any third parties. In particular, we do not "sell" your personal information as defined under the CCPA (we do not provide your data to third parties in exchange for money or other valuable consideration), nor do we share it for targeted advertising purposes. If our practices change in the future, we will update this Policy and provide any required notices or choice mechanisms.

Cookies and Analytics

Cookies are small text files stored on your device by websites you visit; similar technologies include local storage, web beacons, and pixels. Vixor uses cookies and similar tracking technologies to ensure our platform functions properly and to enhance your user experience. This section explains how we use these tools:

• Essential Cookies: Some cookies (or local storage data) are necessary for the operation of the Vixor platform. For example, when you connect your wallet, we may use a cookie or local storage entry to remember your session or preferences (such as the fact that you have connected and the network you are using) so that you can navigate the platform seamlessly without needing to re-authenticate on every page. These essential cookies are not used for marketing or to track you across other sites; they are only used to provide core functionality. Because they are necessary for delivering the service you requested, in some jurisdictions they may not require consent.
• Analytics and Performance Cookies: We aim to continually improve Vixor’s features and usability. To that end, we may use analytics cookies or similar technologies to collect information about how users interact with our site. For example, we might use Google Analytics or a similar analytics service to gather anonymous statistics such as which pages are visited, how long users stay, and what actions they take. This information helps us understand usage patterns and identify areas for improvement. These analytics typically collect device and browser information and anonymized IP addresses (to infer region-level location without storing your exact IP) along with a random unique identifier for your session. The data collected through analytics cookies is aggregated and does not directly identify you. We do not allow analytics providers to use or share our users’ data for their own purposes — the data is used strictly to provide insights to us. Where required by law, we will request your consent before setting analytics cookies. You have the choice to accept or reject such cookies via a cookie banner or settings (if provided).
• No Advertising Cookies: Vixor does not use advertising cookies or third-party trackers for targeted advertising. You will not see third-party ads on our platform, and we are not tracking your browsing across other websites.

Your choices regarding cookies:

• Browser Settings: Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies or alert you when a cookie is being placed on your device. Please be aware that if you disable all cookies, some parts of the Vixor platform might not function correctly (for instance, your connection status or preferences might not persist between sessions).
• Analytics Opt-Out: If we use Google Analytics or similar, you can opt out of analytics tracking by using browser opt-out plugins or by adjusting cookie settings on our site (if available). Additionally, some browsers have Do Not Track (DNT) signals; while there is no universal standard for DNT, we will make an effort to honor such signals for analytics cookies where feasible.
• Cookie Banner: If you are in a region where cookie consent is required (such as the EU/EEA), you will be presented with a cookie notice or banner when you first visit our site. This banner will allow you to accept or decline non-essential cookies (like analytics). Your selection will be honored on future visits. You can also change your preference at any time by clearing cookies or using our provided settings.

By using the Vixor platform without disabling cookies, you consent to our use of cookies as described above. For more information about cookies and how to control them, you can visit resources like aboutcookies.org. Keep in mind that any third-party wallet provider or external link you access from Vixor may use their own cookies; those are governed by their respective privacy policies.

International Transfers

Vixor is a global service, and the data we collect from you may betransferred to and stored in a country different from your own. Specifically, as of the date of this Policy, we utilize AWS data centers in the United Arab Emirates (UAE) (sometimes referred to as "EAU") for our data storage and server infrastructure. This means that your personal data (e.g., wallet address logs) will be processed and stored on servers located in the UAE.

Data protection laws vary by country. The UAE may not have data protection laws that are as strict as those in your home jurisdiction (for example, the GDPR in Europe or privacy laws in your own country). When we transfer personal data internationally, we take steps to ensure that appropriate safeguards are in place to protect your information as required by applicable law. These steps include:

• Adequacy and Safeguards: The European Commission has not determined the UAE to have “adequate” data protection laws equivalent to the EEA. Therefore, if GDPR applies to the data transfer, we rely onappropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent contractual commitments to ensure your data receives a level of protection essentially equivalent to that in the EU. In practice, this means our contract with AWS includes standard data protection clauses approved for international transfers, committing the provider to protect EU personal data.
• Contractual and Organizational Measures: We have implemented contractual measures with our service providers (like AWS) to require that your data is protected. AWS and any other processor must follow our instructions for data processing and must implement industry-standard security. Additionally, we limit access to your personal data to authorized personnel who need to access it and who are bound to confidentiality.
• Your Consent: By using Vixor and providing information to us, you acknowledge and consent that your data will be transferred to and processed in the UAE (and potentially accessed by our team from other countries, as we operate globally). We will always handle that data in accordance with this Privacy Policy. If you do not want your data transferred to or processed in other countries, please refrain from using our platform.

We also note that because Vixor currently lacks a formal company headquarters, cross-border data flows are inherent to our operations (our team and infrastructure may be distributed internationally). Regardless of where processing occurs, your data will be given a high level of protection consistent with global privacy principles. We monitor developments in international data transfer law and will adapt our practices if needed, such as if new transfer frameworks or requirements arise.

If you have questions about our international data practices or need more information about the safeguards we use for overseas transfers, you can contact us (see Contact Information below).

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Because Vixor’s data collection is minimal, our retention practices are straightforward:

• Wallet Addresses and Usage Data: We will keep a record of your public wallet address (and any associated platform usage logs) for as long as you continue to use Vixor and it remains necessary for the provision of our services. If you have not interacted with the platform for an extended period, we may eventually remove or anonymize your wallet address from our active systems during routine data clean-up, but we do not currently set a fixed expiration. In practice, wallet addresses and basic logs may be retained indefinitely in a secure manner, until we no longer have a legitimate need to keep them or you request their deletion (see User Rights below). We periodically review the data we hold and erase or anonymize data that is no longer required.
• Cookies: Cookies and local storage data on your device persist until they expire or are deleted. Session cookies (if used) are deleted when you close your browser. Analytics cookies may persist for a set duration (e.g., Google Analytics cookies often last for 6 or 12 months) unless you clear them. You can always delete cookies manually (see Cookies and Analytics above for your choices).
• Communications: If you contact us and provide personal information (like an email address), we will retain that information for as long as necessary to address your inquiry or fulfill your request. We may keep a record of our communications (including your original request and our response) for a certain period in case of follow-up, to improve our support process, or to establish a record of how we handled the request. Typically, such correspondence would be retained for a period of time consistent with business best practices (for example, 1-2 years, unless a legal necessity requires longer retention).
• Legal and Backup Retention: We may retain certain data for longer periods if necessary to comply with legal obligations or to protect our legal interests. For example, if applicable law requires us to maintain transaction records or logs for a certain time, we will abide by those rules. We also maintain secure backup copies of our data (as is standard with cloud infrastructure) to ensure continuity of service and disaster recovery. These backups are kept for limited durations and are protected. If data is removed from our live systems, it may remain in encrypted backups for a short period until those backups cycle out or are overwritten.

When we no longer have a legitimate purpose to retain your personal data, we will securely delete or anonymize it. "Please note:" Data that has been recorded on the blockchain (such as your transaction history and wallet address as part of blockchain records) cannot be altered or deleted by us – those records are permanent public ledger entries outside of our control. When you request deletion or when we purge data, it applies to data stored on our centralized systems (servers and databases) and not to any decentralized blockchain data.

User Rights

You have rights regarding your personal data that we collect and process. Vixor is committed to honoring those rights, especially for users in jurisdictions with robust privacy laws like the EEA (Europe) and California. This section explains your rights and how you can exercise them:

Rights of Individuals in the EEA (GDPR) and Similar Jurisdictions

If you are located in the European Economic Area (EEA) or a jurisdiction with similar data protection laws (such as the United Kingdom or other countries that have adopted GDPR-like legislation), you have the following rights under the GDPR (subject to certain exceptions and limitations):

• Right of Access: You have the right to request access to the personal data we hold about you and to obtain information about how we process it. This means you can ask us to confirm whether we’re processing your personal data and request a copy of that data. We will provide you with the information required by law, which typically includes the categories of data, purposes of processing, categories of recipients (if any), and the data’s source.
• Right to Rectification: You have the right to request correction of any inaccurate personal data we have about you, and to have incomplete data completed. Given that we primarily only have your wallet address (which is a fixed identifier) and possibly some technical logs, there might not be much to rectify. However, if you believe any information we hold is inaccurate, you may contact us and we will correct it if possible. (For example, if you provided an email in correspondence and it was misspelled in our records, we would correct it.)
• Right to Erasure (Right to be Forgotten): You have the right to request deletion of your personal data, under certain conditions. You can ask us to erase the personal data we hold about you if it is no longer necessary for the purposes for which it was collected, or if you withdraw consent (where consent was the basis), or if you object to processing and we have no overriding legitimate grounds, or if the data was processed unlawfully, etc. We will honor valid deletion requests by erasing the data we hold about you on our systems, except to the extent we are permitted or required to retain it (for example, to comply with legal obligations or to establish or defend legal claims). Important: As noted above, we cannot delete data that is stored on a public blockchain, since we do not control those records. For instance, we cannot erase your historical transaction records on Ethereum or any other blockchain. We can only delete information on our own servers (such as your wallet address in our logs).
• Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain circumstances (for example, while a complaint about data accuracy or objection to processing is being resolved). If you exercise this right, and the request is valid, we will mark the data as restricted and only process it for specific reasons (like with your consent or for legal claims) until the issue is resolved.
• Right to Object: You have the right to object to our processing of your personal data when that processing is based on legitimate interests (or performed for a task in the public interest/exercise of official authority). You also have the right to object at any time to any processing for direct marketing (though Vixor does not perform direct marketing). If you raise an objection to processing based on our legitimate interests, we will review whether our interests in the processing outweigh your privacy rights and whether we have compelling grounds to continue. If not, we will cease the processing in question.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have that data transmitted to another controller where technically feasible. This right applies to personal data that you have provided to us and that we process by automated means based on your consent or a contract. In Vixor’s case, the personal data you provided is basically your wallet address. You already have control of that (it’s your own address), but if needed, we can send you any data we have associated with it in a machine-readable form (for example, a JSON or CSV file containing your wallet address and any associated usage data that qualifies).
• Right to Withdraw Consent: If we rely on your consent to process any personal data (we generally do so only in limited cases like optional cookies or communications), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we did based on consent before your withdrawal. If you withdraw consent for something like analytics cookies, we will cease the data processing concerned going forward.
• Right to Lodge a Complaint: If you believe that we have infringed your data protection rights or processed your data unlawfully, you have the right to file a complaint with a Data Protection Supervisory Authority in your country. We would appreciate the chance to address your concerns first, so we encourage you to contact us with any complaint, but you are free to contact the authority directly. For example, if you are in the EU, you can reach out to the supervisory authority in your member state of residence or the lead authority in the country you believe an infringement took place. In the UK, this would be the Information Commissioner’s Office (ICO).

Rights of California Residents (CCPA/CPRA)

If you are a resident of California, you are protected by privacy rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). Although Vixor’s data collection is minimal, we aim to comply with these laws. California residents have the following rights with respect to their “personal information” (as defined under California law):

• Right to Know (Access): You have the right to request that we disclose the specific pieces of personal information we have collected about you, as well as additional details like the categories of personal information collected, the sources of that information, the business or commercial purpose for collecting it, and thecategories of third parties with whom we share it. Essentially, you can ask for a report of the personal information we have about you and how we have handled it in the 12 months preceding your request. Given our service, the specific pieces of information would likely just be your wallet address and any associated usage logs. We will provide the required information in a format that is reasonably usable.
• Right to Deletion: You have the right to request that wedelete any personal information we have collected from you and retained, subject to certain exceptions. Once we receive and confirm a verifiable deletion request, we will delete (and direct any service providers to delete) your personal information from our records, unless an exception applies. CCPA exceptions to deletion may include, for example, if the information is necessary to complete a transaction or provide a service you requested, to detect security incidents, to comply with legal obligations, or other reasons allowed by law. We will inform you if any such exception applies to your request. As with GDPR, please note we cannot delete data stored on the blockchain; we can only delete data on our own systems.
• Right to Opt-Out of Sale/Sharing: California law gives you the right to opt-out of the “sale” of your personal information or the sharing of your personal information for cross-context behavioral advertising. However, Vixor does not sell personal information to third parties, and we also do not share personal information for targeted advertising purposes. Therefore, there is no need for you to submit a request to opt-out of sale – by design, we have no such activity. If our practices ever change, we will implement a formal “Do Not Sell or Share My Info” mechanism as required by law. In the meantime, we treat all user data as if an opt-out request is in place (i.e., no selling or inappropriate sharing).
• Right to Correct: Under CPRA, California residents also have the right to request correction of inaccurate personal information that we hold about them. If you believe any personal information we maintain is incorrect (for example, if we somehow had a typo in your wallet address on record), you may request that we correct it. Given the very limited data we keep, this scenario is unlikely, but we will honor such requests if they arise.
• Right of No Retaliation/Non-Discrimination: You have the right not to be discriminated against or retaliated against for exercising any of your California privacy rights. This means we will not deny you our services, charge you a different price, or provide a lesser quality of service just because you exercised your rights under CCPA/CPRA. Vixor provides the same level of access and service to all users regardless of any privacy requests.
• Shine the Light (Direct Marketing Disclosure): Separately, California’s "Shine the Light" law (Civil Code §1798.83) allows customers to request certain information about any personal information shared with third parties for their own direct marketing purposes. Vixor does not share personal information with third parties for direct marketing, so this law is largely not applicable. If you have questions about any potential such sharing, you can contact us, but as stated, we do not disclose data for third-party direct marketing.

Submitting Requests (EEA or California or otherwise): To exercise any of your rights described above, please contact us using the information in the Contact Information section below. In your request, clearly describe which right you wish to exercise and provide any information that will help us verify your identity (see below about verification). For example, to fulfill an access or deletion request, at a minimum we will need the public wallet address that you used on Vixor, since that is how we identify your data. If you have interacted with us via email (for support), contacting us from that same email address will also help us verify your request.

Verification of Identity: For us to process certain requests (access, deletion, etc.), especially under CCPA, we need to verify that you are the person (or an authorized agent of the person) whose data is the subject of the request. Given that we generally do not have your name or other contact info, verification will typically involve confirming your control of the wallet address that you used on Vixor:

• We may ask you to sign a message with your blockchain wallet (a simple, non-transactional action) to prove that you are in control of that wallet address. This cryptographic proof helps us ensure that someone else isn’t trying to impersonate you to get your data.
• Alternatively, if you provide us an email that we have on file from previous correspondence, we may verify by sending a confirmation to that email.
• We will also likely ask you to provide your wallet address in the request and state some context of your interaction with Vixor (e.g., approximate dates you used the service) to cross-check with our records.
• If you designate an authorized agent (for California residents) to make a request on your behalf, we will require proof of the agent’s authority (e.g., a signed permission from you) and still take steps to verify your identity directly as well.

Please understand that if we cannot adequately verify your identity or authority to make the request, we will not be able to fulfill it. This is to protect your privacy and prevent unauthorized access to your data. We will inform you if we need more information to verify a request.

Response Timing: We will respond to legitimate requests as promptly as possible. Under GDPR, we typically have one month to respond (with a possible extension in complex cases). Under CCPA, we aim to respond within 45 days for access or deletion requests (with an additional 45-day extension if necessary, which we would communicate to you). Our response will include the information requested or the action taken, or an explanation if we cannot comply with a part of your request due to a legal exception.

Limitations: Please note that these rights are not absolute. There are circumstances where we may legally refuse a request, such as when fulfilling it would infringe on the rights of another person or if you have repeatedly made excessive requests. We will always explain the reason if we decline to fulfill a request. Also, as mentioned, certain data (like blockchain records) cannot be altered or erased by us.

We will not charge you a fee for exercising your rights unless a request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request (as allowed by law). We hope that never becomes an issue.

In summary, we respect your control over your personal data. If you have any questions or concerns about your rights or how to exercise them, please reach out to us.

Data Security

We take the security of your personal data very seriously. Vixor implements a variety of technical and organizational security measures to protect your information from unauthorized access, alteration, disclosure, or destruction. These measures include:

• Secure Hosting: Our platform is hosted on AWS (Amazon Web Services) data centers in the UAE, which employ industry-leading physical and digital security measures. AWS maintains high standards of security certifications (such as ISO 27001, SOC 2, etc.), and we leverage their secure infrastructure (firewalls, access controls, encryption at rest for stored data, etc.) for our systems.
• Encryption: Wherever possible, we use encryption to protect data. Data transferred between your web browser and our servers is protected using HTTPS/TLS encryption, preventing eavesdropping or tampering during transit. Sensitive information and keys on our servers are encrypted at rest. Although we store minimal personal data, any sensitive configurations or backups we maintain are also encrypted.
• Access Control: Access to personal data (like our database containing wallet addresses or logs) is restricted to authorized personnel who have a legitimate need to access it for operational reasons (for example, to investigate a support issue or to maintain the system). Our team members or any contractors are bound by confidentiality obligations. Administrative access to servers and databases is protected via strong authentication (e.g., SSH keys, multi-factor authentication) and is logged. We also ensure that our service providers (like AWS or analytics tools) have strong security measures and access controls in place.
• Monitoring and Testing: We monitor our systems for potential vulnerabilities and attacks. We employ security tools and practices to detect unusual activities (such as intrusion detection systems or log monitoring). We also keep our software and dependencies up-to-date with security patches. From time to time, we may conduct security audits or penetration testing (internally or via third-party experts) to find and fix vulnerabilities. Any security incidents are treated with top priority.
• Organizational Policies: The Vixor team follows clear security procedures. We minimize the personal data we store in the first place (as described in this Policy) to reduce risk. We educate any team members about data protection best practices. We have procedures for handling potential data breaches, including assessment and notification steps.

While we strive to protect your data, it’s important to note that no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of information. However, we continuously work to update and improve our security measures to match evolving threats.

If we ever experience a data breach that involves your personal data, we will follow applicable laws in notifying affected users and authorities. For instance, under GDPR we would notify the relevant supervisory authority (and in certain cases the affected individuals) within the required timeframe if a significant breach occurs. Similarly, many jurisdictions (including many U.S. states) have breach notification laws which we will adhere to if applicable.

Your responsibilities: You also play a role in protecting your information. Remember that your blockchain wallet’s security is crucial — keep your wallet credentials (private key, seed phrase) safe and do not share them. Unauthorized access to your wallet could compromise your on-chain assets and data. Also, be aware of phishing attempts; Vixor will never ask you for your private key or login codes. If you suspect any unauthorized activity or security issue related to Vixor, please contact us immediately so we can investigate.

In summary, we employ strong safeguards to protect the limited personal data we hold, and we remain vigilant against threats. We appreciate your trust and work hard to maintain it through our security practices.

Changes to the Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will update the "Last updated" date at the top of this Policy. For significant or material changes, we will provide a more prominent notice, such as a notification on our website or a prompt within the platform.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. If you continue to use Vixor after any changes to this Policy become effective, it will constitute your acceptance of the changes, to the extent permitted by law. If you do not agree with any updated Policy, you should discontinue use of the platform.

In the event that we intend to process your personal data for a purpose other than those stated in this Policy at the time of collection, we will, if required by law, provide you with notice and, where necessary, seek your consent before doing so.

For historical reference or transparency, we may keep prior versions of this Privacy Policy and make them available upon request so you can see how our practices have evolved.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us. Since Vixor is not yet a formally incorporated entity with a physical address, the primary way to reach us is via email:

Email: privacy@vixor.io (Preferred contact method)

You may also reach out to us through any official communication channels listed on our website (for example, a contact form or support portal, if available). Please include in your message the details of your inquiry or request, along with any relevant information that will help us assist you (for example, your wallet address, if your question is about data associated with it).

We are committed to resolving any issues or questions you may have about your privacy quickly and effectively. If you are contacting us to exercise a privacy right (such as those described in User Rights), please clearly state the nature of your request and provide any information needed to verify your identity (as discussed in the User Rights section). We will respond within the timeframe applicable to your jurisdiction (for instance, within 30 days for GDPR inquiries, or within 45 days for CCPA requests, unless extended under those laws).

Because we operate globally without a set jurisdiction, we do not have a local representative in every region. However, our team will address your inquiry in accordance with the relevant laws that apply to you. If you feel we have not adequately addressed your concerns, you may seek further guidance from your local data protection authority or privacy regulator, as mentioned above.

Thank you for trusting Vixor. We value your privacy and are always looking for ways to improve our practices. This Privacy Policy is meant to be transparent and comprehensive. If anything is unclear, please do not hesitate to ask. Your use of our platform is possible only because of your trust, and we will continue to work hard to deserve that trust by safeguarding your personal information.