Privacy Policy
Last updated: Pending legal review before mainnet launch
The RUIT Foundation respects your privacy. We collect only the data we need to operate the USDAO Protocol and to comply with applicable law. We never sell data. We never use data for advertising.
1. Data We Collect
Website visitors: IP address, browser type, page views (Plausible Analytics: no cookies, no cross-site tracking, GDPR-exempt). KYC users: name, government-issued ID, address, proof of accredited investor status. USDAO users: Ethereum wallet address (public on-chain). Transaction history is publicly visible on the Ethereum blockchain.
2. Legal Basis for Processing (GDPR)
Website analytics: legitimate interest in understanding site usage. KYC/AML processing: legal obligation under applicable financial regulations. Redemption processing: performance of contract. Marketing communications: consent (opt-in only, can unsubscribe at any time).
3. Data Sharing
We share KYC data with: our KYC verification service provider, and the custodian bank as required to process redemptions. We do not sell data to any party. We do not share data with advertising networks. We do not use data for any purpose other than operating the USDAO Protocol.
4. Data Retention
KYC data: 5 years from account closure, as required by AML regulations. Website analytics: aggregated only, with no personal data retained. On-chain blockchain data is permanent and beyond our control or ability to delete.
5. Your Rights (GDPR / CCPA)
You have the right to access, correct, restrict processing, and request deletion of your personal data (subject to legal retention requirements). For EU residents: full GDPR rights apply. For California residents: CCPA rights apply. Contact: privacy@usdao.io
6. Cookies
We use zero third-party tracking cookies. We use a single session cookie for wallet connection state only. Our analytics provider (Plausible) is cookieless and GDPR-exempt. We do not use Google Analytics or any advertising cookie.
7. International Data Transfers
Our KYC provider may process data in the United States. For EU users, Standard Contractual Clauses (SCCs) are applied for any cross-border data transfer. All transfers comply with GDPR Chapter V requirements.
8. Children
Our Services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, contact us immediately.
9. Contact
For privacy-related inquiries, data access requests, or to exercise your rights, contact: privacy@usdao.io. We respond to all privacy requests within 30 days.