This Privacy Policy describes how Planck Network Ltd., a company incorporated in the British Virgin Islands (BVI company no. 2173759), processes personal data in relation to its Web3 infrastructure, decentralized applications (dApps), token services, and the $PLANCK token.
Planck Network Ltd. (“Planck,” “we,” “our,” or “us”) is committed to protecting your privacy in accordance with high global standards of transparency, data minimization, and security. This policy explains what data we collect, how we use it, and your rights in connection with your interaction with our blockchain-based services.
1. Definitions
For purposes of this Privacy Policy, the following terms have the meanings set out below:
Personal Data: Any information relating to an identified or identifiable natural person. This may include wallet addresses, IP addresses, or metadata that could be linked to an individual under certain circumstances.
Processing: Any operation performed on Personal Data, whether automated or manual—such as collection, recording, storage, retrieval, transmission, or deletion.
Web3 Services: All decentralized infrastructure, smart contracts, staking systems, governance tools, token utilities, and interfaces made available by Planck Network Ltd., including those connected to the $PLANCK token.
Applicable Law: All relevant laws, regulations, and regulatory frameworks governing the collection and use of Personal Data, including but not limited to the General Data Protection Regulation (GDPR), the UAE Federal Decree-Law No. 45 of 2021, and other global data privacy laws.
$PLANCK Token: The native utility token of the Planck ecosystem, used for governance, staking, rewards, fee payments, and other protocol functions.
Wallet: A blockchain-compatible cryptographic address controlled by a private key, used to initiate transactions, sign messages, or hold tokens. Planck does not access or store user wallets or keys.
On-chain Data: Publicly accessible data recorded on blockchain networks—such as token balances, transaction hashes, staking records, and governance votes.
Off-chain Metadata: Information collected or generated outside of blockchain networks, including IP addresses, device information, session timestamps, or email addresses submitted via forms.
Smart Contract: A self-executing piece of code deployed to a blockchain that facilitates decentralized logic, such as staking, voting, or token transfers.
Governance Participation: Activities undertaken by $PLANCK holders to influence protocol-level decisions, typically through voting, proposing upgrades, or contributing to community discussions.
Subprocessor: A third-party service provider that Planck engages to process Personal Data on its behalf under a written agreement imposing confidentiality, data protection, and security obligations.
2. Scope of this Privacy Policy
This Privacy Policy applies to personal data processed by Planck in connection with:
Interactions with Planck’s Web3 interfaces, such as smart contracts, staking portals, governance dashboards, and decentralized applications;
On-chain and off-chain data collected via wallet-based access, including transactional metadata;
The processing of blockchain wallet addresses, governance votes, and staking positions;
Any backend telemetry or off-chain identifiers linked to user behavior (e.g., API keys, IP addresses, or device fingerprints when interacting with a Web3 UI);
Communications with us in relation to Web3 services (support tickets, DAO-related proposals, feedback, or bug disclosures).
Important Note: Planck is not a custodial wallet provider, centralized exchange, or fiat processor. We do not control your private keys and do not directly identify users on-chain unless you voluntarily provide identifying information (e.g., KYC for enterprise governance access, customer support requests, or legal disclosures).
3. Purposes of Data Processing
Planck processes data—on-chain and off-chain—only to the extent necessary to maintain a secure, transparent, and functional decentralized ecosystem. The core purposes include:
3.1 Smart Contract Operation and Token Utility
Enabling token staking, delegation, voting, and governance participation;
Calculating and distributing staking rewards and other entitlements;
Facilitating permissionless interactions via smart contracts (DEX, bridge, DAO tools);
Ensuring contract logic integrity and interoperability across supported chains.
All such activities rely exclusively on on-chain wallet address interactions and transaction metadata.
3.2 Platform Security and Abuse Mitigation
Monitoring unusual or malicious behavior via traffic analysis and wallet heuristics;
Detecting Sybil attacks, contract manipulation attempts, or blacklisted wallet activity;
Preventing automated scraping or API abuse through IP throttling and wallet reputation checks.
We may use off-chain metadata (e.g., IP address, session behavior) to detect fraud, but do not use it to build commercial user profiles.
3.3 Transparency and Community Governance
Publishing proposal histories and vote results in a tamper-resistant, auditable format;
Allowing community members to trace governance activities through token-based identities;
Maintaining DAO voting ledgers or reputation systems tied to wallet-based actions.
3.4 User Support and Voluntary Communications
Responding to requests submitted via email, forms, or Discord (if linked to wallet address);
Authenticating wallet signatures to verify DAO or validator status;
Issuing governance-related alerts or token-specific operational notices.
All communications are strictly opt-in, and we do not engage in mass marketing by default.
3.5 Compliance with Legal Obligations
Where legally required (e.g., by tax authorities, AML regulators, or enforcement bodies), we may process:
Transaction logs tied to wallet addresses flagged for sanctions or illicit activity;
KYC data (where voluntarily submitted for governance roles or validator onboarding);
Responses to court orders, subpoenas, or binding legal instruments under BVI or applicable international law.
4. Legal Bases for Processing
While blockchain technologies often function outside of traditional data control paradigms, Planck commits to aligning with recognized privacy frameworks such as the GDPR, where applicable. Our legal bases include:
4.1 Contractual Necessity
We process wallet-linked data and on-chain interactions to fulfill the terms of use you agree to by interacting with the Web3 Services (e.g., staking tokens, claiming rewards, submitting votes).
4.2 Legitimate Interests
We rely on our legitimate interest to:
Maintain a secure and functional protocol;
Detect and prevent abuse or illegal conduct;
Improve protocol design through aggregated metadata.
We always balance these interests with your privacy rights and apply data minimization where feasible.
4.3 Consent
We rely on your explicit consent when:
You provide an email address or identifying details;
You opt into any communications (e.g., DAO governance alerts);
You accept cookies or tracking mechanisms on our frontend sites.
You may withdraw consent at any time by contacting us at founders@plancknetwork.com.
4.4 Compliance with Legal Obligations
We may be required to process certain personal data:
For anti-money laundering (AML) and know-your-customer (KYC) verification (if relevant);
To comply with export control, tax, and regulatory reporting duties;
To cooperate with law enforcement or financial regulators.
5. Data Storage and Retention
5.1 On-Chain Data
All interactions recorded on public blockchain networks—such as wallet addresses, token transfers, staking actions, and governance votes—are permanently and immutably stored. Planck does not have the ability to modify, delete, or anonymize such on-chain records, as this would conflict with the fundamental design of distributed ledger systems.
You should exercise discretion when submitting information on-chain that could be directly or indirectly linked to your personal identity.
5.2 Off-Chain Metadata
Planck may collect certain metadata during your interactions with our Web3 interfaces, APIs, or communications channels. This metadata is retained only as long as necessary for the specific purpose for which it was collected, and is subject to ongoing internal review.
IP addresses and session metadata may be retained for up to twelve (12) months, for purposes such as abuse detection, rate-limiting, and protecting the integrity of our infrastructure.
Support communications, such as messages submitted through web forms or via email, may be retained for up to two (2) years to support effective customer service and dispute resolution.
Wallet-linked consent records (e.g., opt-ins to governance notifications or communications) are retained for as long as your consent remains active. If consent is withdrawn, associated records will be deleted in accordance with applicable law.
KYC/AML documentation, where voluntarily submitted or legally required for specific roles (such as validator registration or DAO treasury oversight), may be retained for five (5) to seven (7) years to ensure compliance with applicable financial regulations and reporting requirements.
Planck periodically reviews all retention practices to ensure that data is held no longer than necessary and that deletion or minimization procedures are appropriately enforced.
5.3 User Deletion Requests
Given the immutability of blockchain data, Planck cannot delete on-chain records. However, for off-chain personal data processed by Planck (e.g., emails, IP metadata, or KYC records), you may submit a verified deletion request to: founders@plancknetwork.com
Where legally permissible, we will:
Delete the off-chain data from active systems;
Instruct any third-party processors to do the same;
Retain minimal logs where required for legal or audit purposes.
6. International Data Transfers
6.1 Decentralized Global Infrastructure
Planck’s Web3 Services are served through decentralized networks and globally distributed nodes. As a result, your off-chain data may transit or be stored in jurisdictions that do not offer the same level of legal data protection as your country of residence.
6.2 Safeguards for Transfers
Where we transfer off-chain personal data (such as emails or support communications) to third-party service providers located outside the European Economic Area (EEA), we implement the following safeguards:
Standard Contractual Clauses (SCCs) under the GDPR;
Data Processing Agreements (DPAs) with sub-processors;
Encryption and pseudonymization of stored data;
Access controls and audit trails to limit unauthorized access.
We work only with service providers who meet high security standards, including but not limited to Cloudflare (network security), email providers (support messaging), and data hosting services (governance portals, alerting systems).
6.3 Blockchain-Specific Transfers
Blockchain networks inherently involve international broadcasting of transaction data. When you submit a transaction or interact with a smart contract, it may be validated and propagated by nodes across multiple jurisdictions, including those with limited privacy laws.
By using Web3 Services, you acknowledge that blockchain-based data is not subject to conventional jurisdictional restrictions and may be globally visible and accessible indefinitely.
7. Your Data Protection Rights
Depending on your jurisdiction—including the European Union (GDPR), United Kingdom (UK GDPR), United Arab Emirates (PDPL), or California (CCPA)—you may have the following rights regarding your off-chain personal data:
7.1 Right of Access
You may request confirmation of whether we process your personal data, and if so, obtain a copy of the data we hold about you.
7.2 Right to Rectification
If any personal data we hold is inaccurate or incomplete (e.g., your contact information), you may request its correction.
Please note: Planck has no ability to alter data recorded immutably on a public blockchain.
7.3 Right to Erasure (“Right to Be Forgotten”)
You may request deletion of your off-chain personal data under certain circumstances, such as when:
You have withdrawn consent (where consent was the lawful basis);
The data is no longer necessary for the purposes collected;
You believe your data is being unlawfully processed.
Planck will honor such requests for all off-chain data, subject to retention requirements under applicable law.
7.4 Right to Restrict Processing
You may request that we limit our processing of your personal data:
While verifying accuracy;
If processing is unlawful and you oppose erasure;
If we no longer need the data but you require it for legal claims.
During restriction, we will not use your data except for storage or legal compliance purposes.
7.5 Right to Object
You may object to the processing of your personal data where:
It is based on our legitimate interests;
It is being used for direct marketing.
We will cease processing unless we demonstrate compelling legitimate grounds or legal necessity.
7.6 Right to Data Portability
Where technically feasible, and when processing is based on your consent or a contract, you may request your personal data in a structured, commonly used, and machine-readable format.
7.7 Right to Withdraw Consent
If we rely on your consent to process any personal data (e.g., communications, governance alerts), you may withdraw it at any time without affecting the lawfulness of prior processing.
7.8 Right to Lodge a Complaint
You may file a complaint with your local data protection authority, such as:
The DIFC Commissioner of Data Protection (UAE);
A relevant EU supervisory authority;
The UK Information Commissioner’s Office (ICO);
The California Privacy Protection Agency (for CCPA-related matters).
We encourage you to contact us first to resolve any issue amicably.
8. How to Exercise Your Rights
To exercise any of the above rights regarding your off-chain personal data, please contact:
Email: founders@plancknetwork.com
Include: Your wallet address, and a clear description of the right you are exercising. We may request additional information to verify your identity.
We are unable to modify, delete, or control data recorded on public blockchains, including staking positions, governance votes, or token transfers.
9. Cookies and Frontend Tracking Technologies
While Planck’s core Web3 Services operate on decentralized infrastructure, we may use browser-based technologies when you interact with Web3 frontends, including our governance portal, staking dashboard, or analytics console.
9.1 Types of Tracking Tools Used
Although Planck’s core Web3 infrastructure is decentralized and non-custodial, our frontend interfaces—such as the staking dashboard, governance portals, and rewards platforms—may utilize browser-based tracking technologies to support core functionality, enhance user experience, and ensure platform security.
We may deploy essential cookies to enable wallet authentication, protect against cross-site request forgery (CSRF), and maintain session persistence. Without these cookies, fundamental features such as wallet connection and token gating may not operate as intended.
In addition, functional cookies may be used to remember user interface preferences—for example, storing a selected display mode (e.g., dark/light theme), preferred gas unit settings, or staking filters. These cookies enhance usability and ensure a personalized experience across sessions.
Where permitted by law, we may also implement performance analytics tools to better understand how users navigate and interact with the frontend. This includes data on page load times, UI responsiveness, and interaction paths. We rely on privacy-focused analytics providers and avoid intrusive user profiling.
To safeguard platform integrity, security monitoring scripts may be employed to detect anomalies, such as repeated failed wallet signature attempts, automated scraping behavior, or unusual browsing patterns suggestive of misuse or attack vectors.
In jurisdictions that require consent for non-essential cookies (such as the EU/EEA), users will be presented with a consent management banner when first visiting our interface. You may choose to accept all cookies, reject non-essential ones, or customize your settings. You may also adjust your preferences at any time using your browser settings or via the frontend’s cookie settings panel.
Importantly, Planck does not deploy advertising cookies or behavioral tracking technologies for marketing purposes on its Web3 interfaces.
9.2 Consent Management
Where required by law (e.g., in the EU/EEA), you will be presented with a cookie consent banner before non-essential cookies are set. You may:
Accept all,
Reject all, or
Customize your preferences.
You can also control cookies via your browser settings or opt out of analytics via a dedicated link on our Web3 frontend.
10. Smart Contract Interfaces and UX Analytics
Planck provides multiple frontend interfaces to help users interact with our smart contracts. These interfaces are non-custodial and may include:
Token staking dashboards
DAO voting portals
Validator registration tools
Rewards claim mechanisms
Liquidity and bridge interfaces
10.1 Frontend Behavior Tracking
We may log anonymized interaction metadata to improve UX and platform reliability. For example:
How long users remain connected to a wallet;
Which contract features are accessed most;
Where users encounter technical errors.
This data is used to:
Optimize gas efficiency and transaction flows;
Identify broken links or failed UI behaviors;
Prioritize user-requested features.
No private key, wallet seed, or on-chain action can ever be performed or intercepted by Planck’s frontends. We only observe interface usage patterns—not transaction content.
11. Third-Party Tools and Dependencies
To enable a seamless decentralized experience, Planck integrates with carefully selected third-party tools that support wallet connectivity, on-chain governance, analytics, and protocol indexing.
These integrations may include popular wallet connectors such as MetaMask, WalletConnect, or Ledger Live, which allow users to securely sign transactions and interact with smart contracts from their own devices. These tools operate independently of Planck, and your interactions with them are subject to their own privacy terms and infrastructure security.
We may also utilize monitoring and analytics services—for example, Plausible Analytics, Cloudflare, or Sentry—to understand frontend reliability, detect bugs, and monitor traffic flow. These services help us ensure platform availability and performance, while minimizing personally identifiable information collection.
Where decentralized governance is facilitated through platforms such as Snapshot, Tally, or Aragon, your wallet-based interactions (e.g., submitting votes or creating proposals) may be publicly recorded and processed by those governance platforms. These systems are integrated but not operated by Planck, and any data you submit to them falls outside the scope of this Privacy Policy.
Finally, we may rely on indexing and infrastructure APIs provided by services like The Graph or Dune Analytics to enhance feature delivery and improve user interfaces with on-chain data visualizations. These tools aggregate blockchain data but may process IP addresses and device metadata when you interact with embedded elements or dashboards.
While Planck endeavors to work only with providers who uphold strong privacy standards, we do not control their data processing practices. We strongly encourage users to review the respective privacy policies of these third-party services before engaging with them.
12. Policy Updates and Change Management
Planck may revise this Privacy Policy from time to time to reflect changes in legal requirements, technical infrastructure, community governance standards, or service offerings. Updates may also occur in response to feedback from data protection authorities, user communities, or internal compliance reviews.
When we make material changes to this Policy—such as introducing new categories of data processing or engaging new subprocessors—we will provide reasonable advance notice via:
An announcement on our governance or support portal;
A banner or notice on relevant frontend interfaces;
Direct communication to users who have opted into email notifications.
Unless otherwise required by law, updated terms will take effect no earlier than seven (7) days after notification. Your continued use of the Web3 Services after the effective date of any revised Privacy Policy constitutes your acknowledgment and acceptance of the changes.
We encourage you to review this Policy periodically to stay informed of our data handling practices.
13. Contact and Enforcement
Planck is committed to upholding user privacy and ensuring compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), UAE Federal Data Protection Law (PDPL), and any other regulatory frameworks that may apply to decentralized infrastructure.
If you:
Have questions about how your data is processed;
Wish to exercise your rights under applicable privacy laws;
Believe your personal data has been mishandled;
Require clarification regarding this Privacy Policy—
Please contact us at:
Planck Network Ltd.
Craigmuir Chambers, Road Town, Tortola, VG 1110
British Virgin Islands
Email: founders@plancknetwork.com
We will acknowledge all legitimate data protection inquiries within the timeframes required by law, and we will engage in good faith to resolve concerns informally wherever possible.
