PACT ProtocolPACT Protocol
Data Protection & Privacy

Privacy Policy

Enterprise-grade data protection practices, government privacy compliance, and transparency in how we handle your information.

Last Updated: January 19, 2025

Our Privacy Commitment

PACT Protocol is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our enterprise blockchain infrastructure services.

As a provider of enterprise and government-grade blockchain solutions, we implement the highest standards of data protection, including compliance with GDPR, CCPA, FISMA, and other applicable privacy regulations.

Information We Collect

Account Information

  • Name, email address, and contact information
  • Company or organization details
  • Job title and professional information
  • Billing and payment information

Usage Data

  • Service usage patterns and feature utilization
  • API calls and transaction data
  • Performance metrics and error logs
  • Access logs and security monitoring data

Technical Information

  • IP addresses and device identifiers
  • Browser type and operating system
  • Network configuration and security settings
  • Blockchain addresses and transaction hashes

Customer Content

Data you upload, store, or process through our services, including smart contracts, QR codes, audit reports, and compliance documentation. You retain full ownership and control of your content.

How We Use Your Information

Service Provision

  • Deliver and maintain our blockchain infrastructure services
  • Process transactions and manage smart contracts
  • Provide customer support and technical assistance
  • Monitor service performance and security

Security & Compliance

  • Detect and prevent security threats and fraud
  • Conduct security audits and compliance monitoring
  • Maintain access controls and user authentication
  • Generate compliance reports for regulatory requirements

Business Operations

  • Process billing and manage subscriptions
  • Communicate service updates and important notices
  • Improve our services based on usage analytics
  • Comply with legal obligations and government requests
Data Sharing & Disclosure

We Do Not Sell Personal Data

PACT Protocol does not sell, rent, or trade your personal information to third parties for marketing purposes.

Limited Sharing

We may share information in these specific circumstances:

  • Service Providers: Trusted partners who assist in service delivery (cloud infrastructure, payment processing)
  • Legal Requirements: When required by law, court order, or government regulation
  • Security Purposes: To investigate fraud, security incidents, or legal violations
  • Business Transfers: In connection with mergers, acquisitions, or asset sales

Government Customers

For government customers, data sharing is strictly controlled according to your specific compliance requirements and security clearance levels.

Data Security Measures

Encryption

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • End-to-end encryption for sensitive communications
  • Hardware security modules (HSMs) for key management

Access Controls

  • Multi-factor authentication (MFA) requirements
  • Role-based access controls (RBAC)
  • Principle of least privilege enforcement
  • Regular access reviews and deprovisioning

Infrastructure Security

  • SOC 2 Type II certified data centers
  • 24/7 security monitoring and incident response
  • Regular penetration testing and vulnerability assessments
  • Air-gapped networks for government customers
Data Retention & Deletion

Retention Periods

  • Account Data: Retained while your account is active plus 7 years for compliance
  • Usage Logs: Retained for 24 months for security and performance analysis
  • Billing Records: Retained for 7 years as required by law
  • Customer Content: Retained according to your service agreement

Data Deletion

Upon account termination or your request, we will delete your personal data within 30 days, except where retention is required by law or legitimate business purposes.

Blockchain Considerations

Data recorded on blockchain networks may be immutable and cannot be deleted. We minimize personal data stored on-chain and use privacy-preserving techniques like zero-knowledge proofs.

Your Privacy Rights

GDPR Rights (EU Residents)

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interests

CCPA Rights (California Residents)

  • Know what personal information is collected and how it's used
  • Delete personal information held by us
  • Opt-out of the sale of personal information (we do not sell data)
  • Non-discrimination for exercising privacy rights

How to Exercise Your Rights

Contact our Privacy Officer at privacy@pactprotocol.io to exercise your privacy rights. We will respond within 30 days.

International Data Transfers

Cross-Border Transfers

PACT Protocol operates globally and may transfer your data to countries outside your jurisdiction. We ensure adequate protection through:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (BCRs)
  • Government-approved frameworks for official transfers

Government Data Localization

Government customers can specify data residency requirements. We offer in-country hosting and air-gapped deployments to meet sovereignty requirements.

Cookies & Tracking Technologies

Essential Cookies

We use essential cookies for authentication, security, and basic functionality. These cannot be disabled while using our services.

Analytics Cookies

We use analytics cookies to understand how our services are used and to improve performance. You can opt-out of these through your browser settings or our cookie preferences.

Third-Party Tracking

We do not use third-party tracking for advertising purposes. Any third-party services are strictly limited to essential business functions.

For detailed information about our cookie practices, please see our Cookie Policy.

Children's Privacy

PACT Protocol services are designed for enterprise and government use and are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors.

We will notify you of material changes through email, service notifications, or by posting a prominent notice on our website. Your continued use of our services after such notification constitutes acceptance of the updated policy.

Enterprise and government customers will receive direct notification of any privacy policy changes that may affect their compliance requirements.

Privacy Contact Information

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Privacy Officer

Email: privacy@pactprotocol.io

Phone: +1 (555) 123-4567

EU Representative

Email: eu-privacy@pactprotocol.io

Address: Available upon request

Government Inquiries

Government customers should contact: gov-privacy@pactprotocol.io