Definitions

• Personal Data: Any information relating to an identified or identifiable natural person. This may include wallet addresses, IP addresses, or metadata that could be linked to an individual under certain circumstances.
• Processing: Any operation performed on Personal Data, whether automated or manual—such as collection, recording, storage, retrieval, transmission, or deletion.
• Web3 Services: All decentralized infrastructure, smart contracts, staking systems, governance tools, token utilities, and interfaces made available by Planck Network Ltd., including those connected to the $PLANCK token.
• Applicable Law: All relevant laws, regulations, and regulatory frameworks governing the collection and use of Personal Data, including but not limited to the General Data Protection Regulation (GDPR), the UAE Federal Decree-Law No. 45 of 2021, and other global data privacy laws.
• $PLANCK Token: The native utility token of the Planck ecosystem, used for governance, staking, rewards, fee payments, and other protocol functions.
• Wallet: A blockchain-compatible cryptographic address controlled by a private key, used to initiate transactions, sign messages, or hold tokens. Planck does not access or store user wallets or keys.
• On-chain Data: Publicly accessible data recorded on blockchain networks—such as token balances, transaction hashes, staking records, and governance votes.
• Off-chain Metadata: Information collected or generated outside of blockchain networks, including IP addresses, device information, session timestamps, or email addresses submitted via forms.
• Smart Contract: A self-executing piece of code deployed to a blockchain that facilitates decentralized logic, such as staking, voting, or token transfers.
• Governance Participation: Activities undertaken by $PLANCK holders to influence protocol-level decisions, typically through voting, proposing upgrades, or contributing to community discussions.
• Subprocessor: A third-party service provider that Planck engages to process Personal Data on its behalf under a written agreement imposing confidentiality, data protection, and security obligations.

Scope of this Privacy Policy

This Privacy Policy applies to personal data processed by Planck in connection with:

• Interactions with Planck's Web3 interfaces, such as smart contracts, staking portals, governance dashboards, and decentralized applications.
• On-chain and off-chain data collected via wallet-based access, including transactional metadata.
• The processing of blockchain wallet addresses, governance votes, and staking positions.
• Any backend telemetry or off-chain identifiers linked to user behavior (e.g., API keys, IP addresses, or device fingerprints when interacting with a Web3 UI).
• Communications with us in relation to Web3 services (support tickets, DAO-related proposals, feedback, or bug disclosures).
• Important Note: Planck is not a custodial wallet provider, centralized exchange, or fiat processor. We do not control your private keys and do not directly identify users on-chain unless you voluntarily provide identifying information.

Purposes of Data Processing

• Smart Contract Operation and Token Utility: Enabling token staking, delegation, voting, and governance participation. Calculating and distributing staking rewards. Facilitating permissionless smart contract interactions. Ensuring contract logic integrity and interoperability. These activities rely solely on on-chain wallet interactions and metadata.
• Platform Security and Abuse Mitigation: Monitoring unusual or malicious behavior. Detecting Sybil attacks and manipulation attempts. Preventing scraping and abuse with IP/wallet reputation checks. We use off-chain metadata strictly for security—not commercial profiling.
• Transparency and Community Governance: Publishing proposal and vote histories. Maintaining DAO ledgers and identity reputations.
• User Support and Voluntary Communications: Responding to wallet-linked inquiries via email, forms, or Discord. Verifying signatures and roles. Sending governance or protocol-related alerts (opt-in only).
• Compliance with Legal Obligations: Handling data for regulatory reporting (AML, KYC, subpoenas). Storing records for flagged wallet activity, when required by law.

Legal Bases for Processing

• Contractual Necessity: Processing data to fulfill your use of our Web3 Services.
• Legitimate Interests: We process data to: Maintain protocol functionality. Detect abuse or illicit behavior. Improve protocol design via aggregated analysis.
• Consent: Used when you: Provide contact info. Opt into communications or cookie settings. Accept frontend tracking. You may withdraw consent at any time by contacting us.
• Legal Obligations: When required by law, including AML/KYC, tax reporting, or compliance measures.

Data Storage and Retention

• On-Chain Data: Immutable and public; cannot be deleted or modified by Planck. Exercise discretion when linking identity to on-chain activity.
• 
  Off-Chain Metadata:
  • IP/session data: Up to 12 months (for abuse/threat monitoring).
  • Support messages: Up to 2 years.
  • Consent logs: Retained while active.
  • KYC data: 5–7 years (if voluntarily submitted or required).
• User Deletion Requests: For off-chain data only. Email: founders@plancknetwork.com
  Planck will delete or anonymize eligible data and notify subprocessors accordingly.

International Data Transfers

• Decentralized Global Infrastructure: Planck operates globally, and off-chain data may transit through various jurisdictions.
• Safeguards for Transfers: We implement: Standard Contractual Clauses (SCCs) Data Processing Agreements (DPAs) Encryption and access controls
• Blockchain-Specific Transfers: Blockchain interactions are globally broadcast by design. Use of Web3 Services implies acknowledgment of this global, immutable data model.

Your Data Protection Rights

Depending on your jurisdiction, you may have rights including:

• Right of Access
• Right to Rectification
• Right to Erasure
• Right to Restrict Processing
• Right to Object
• Right to Data Portability
• Right to Withdraw Consent
• Right to Lodge a Complaint
• For any request, contact founders@plancknetwork.com and include your wallet address and a description of your request.

How to Exercise Your Rights

Send a request to: Email: founders@plancknetwork.com

• Include: Wallet address and reason for the request.
• We may verify your identity before proceeding.

Cookies and Frontend Tracking Technologies

• 
  Types of Tracking Used:
  • Essential Cookies: Session management, wallet connection, CSRF protection.
  • Functional Cookies: UI preferences (e.g., dark mode, filters).
  • Analytics: UI behavior, loading speeds (privacy-friendly only).
  • Security Monitoring: Detect anomalies or repeated failed login attempts.
• We do not use advertising cookies.
• Consent Management: Users in applicable jurisdictions will see a cookie banner to accept, reject, or customize cookie settings.

Smart Contract Interfaces and UX Analytics

10.1 Frontend Behavior Tracking:

• 
  Anonymized frontend metadata may include:
  • Session duration.
  • Feature usage patterns.
  • UI error logs.
• This helps improve UI/UX, not access your on-chain data or wallet.

Third-Party Tools and Dependencies

Third-party tools have their own privacy policies. We encourage you to review them separately. Planck uses integrations with:

• Wallet Connectors: MetaMask, WalletConnect, Ledger Live.
• Analytics & Monitoring: Plausible, Cloudflare, Sentry.
• Governance Platforms: Snapshot, Tally, Aragon.
• Indexing APIs: The Graph, Dune Analytics.

Policy Updates and Change Management

Material changes will be announced via:

• Governance or support portals;
• On-site banners;
• Direct communication (if opted in).
• Changes take effect no earlier than 7 days after notification.

Contact and Enforcement

We will respond to valid privacy inquiries in accordance with applicable law.

• Planck Network Ltd. Craigmuir Chambers, Road Town Tortola, VG 1110 British Virgin Islands
• Email: legal@plancknetwork.com