Privacy Policy

Last Updated: 01/05/2025

1. Introduction

1.1 Opuxvault ("we," "us," or "our") operates the Opuxvault NFT marketplace (the "Platform"). This Privacy Policy ("Policy") governs the collection, processing, storage, and disclosure of personal data of users ("you" or "your") in compliance with applicable laws (including GDPR, CCPA, and other global data protection regulations).

1.2 By accessing the Platform, you consent to this Policy. If you disagree, discontinue use immediately.

2. Scope & Definitions

  • 2.1 Personal Data: Any information identifying or relating to an individual (e.g., name, wallet address, transaction history).
  • 2.2 Non-Personal Data: Anonymous, aggregated data (e.g., usage analytics).
  • 2.3 Processing: Any operation performed on Personal Data (e.g., collection, storage, deletion).

3. Data Collection

3.1 Data You Provide

We collect:

  • 3.1.1 Identity Data: Full name, government-issued ID (for KYC/AML compliance if applicable).
  • 3.1.2 Contact Data: Email, phone number, wallet address.
  • 3.1.3 Financial Data: Payment details (processed via secure third-party gateways; we do not store raw payment credentials).
  • 3.1.4 NFT Activity: Transactions, bids, listings, and interactions with other users.

3.2 Automated Collection

  • 3.2.1 Technical Data: IP address, device fingerprints, browser/OS data, cookies (see Section 8).
  • 3.2.2 Usage Data: Browsing behavior, session duration, clickstream analytics.

3.3 Prohibited Content Monitoring

3.3.1 We scan for and remove NFTs violating our Terms (e.g., illegal, fraudulent, or infringing content). This may involve analyzing metadata or hashes, but not private wallet contents.

4. Legal Basis & Purpose of Processing

We process data only where:

  • 4.1 Contractual Necessity: To execute transactions or provide Platform services.
  • 4.2 Legal Obligation: For fraud prevention, tax reporting, or regulatory compliance (e.g., OFAC sanctions screening).
  • 4.3 Consent: For marketing communications (opt-in required; withdraw anytime via Settings or contacting us).
  • 4.4 Legitimate Interests: To enhance security, prevent abuse, and improve user experience.

5. Data Sharing & Disclosures

5.1 Third-Party Processors

5.1.1 We engage vendors (e.g., hosting, payment processors) under strict Data Processing Agreements (DPAs) requiring GDPR-level safeguards.

5.2 Legal & Regulatory Disclosures

We may disclose data to:

  • 5.2.1 Law enforcement if legally compelled (e.g., subpoena, court order).
  • 5.2.2 Regulatory bodies for anti-fraud or AML investigations.

5.3 Business Transfers

5.3.1 In a merger/acquisition, user data may transfer under confidentiality agreements. Affected users will be notified.

5.4 Never Sold

5.4.1 We do not sell Personal Data to third parties for marketing or profiling.

6. International Data Transfers

Data may be transferred globally but only to jurisdictions with:

  • 6.1 Adequacy decisions (e.g., EU-US Data Privacy Framework).
  • 6.2 Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs).

7. Security Measures

  • 7.1 Encryption: AES-256 for data at rest; TLS 1.3+ for data in transit.
  • 7.2 Access Controls: Role-based access; mandatory 2FA for employees.
  • 7.3 Audits: Annual penetration testing + SOC 2 compliance monitoring.

No system is 100% secure. You are responsible for securing your wallet credentials.

8. Cookies & Tracking Technologies

  • 8.1 Essential Cookies: Required for Platform functionality (no opt-out).
  • 8.2 Analytics Cookies: Optional (managed via Cookie Settings).
  • 8.3 No Cross-Site Tracking: We do not use invasive fingerprinting.

9. User Rights

You may request:

  • 9.1 Access/Copy of your Personal Data.
  • 9.2 Rectification of inaccurate data.
  • 9.3 Erasure ("Right to Be Forgotten") where no legal retention applies.
  • 9.4 Restriction of processing during disputes.
  • 9.5 Data Portability for transfer to another provider.
  • 9.6 Withdraw Consent (e.g., unsubscribe from emails).

Submit requests to dpo@opuxvault.com. We respond within 30 days after identity verification.

10. Retention Period

  • 10.1 Active Accounts: Data retained while your account exists.
  • 10.2 Inactive Accounts: Deleted after 24 months of inactivity.
  • 10.3 Legal Holds: Preserved if under investigation or litigation.

11. Children's Privacy

11.1 The Platform is not for users under 18. We delete accounts of minors upon verification.

12. Policy Updates

Material changes will:

  • 12.1 Be notified via email 30 days in advance.
  • 12.2 Require renewed consent if legally mandated.
  • 12.3 Archive prior versions here.

13. Contact & Dispute Resolution

  • 13.1 Data Protection Officer (DPO): dpo@opuxvault.com
  • 13.2 EU Representative: [If applicable, under GDPR Art. 27]
  • 13.3 Complaints: Lodge with your local supervisory authority (e.g., EU DPA, CCPA Opt-Out).

By using Opuxvault, you affirm you have read, understood, and agreed to this Policy.