DeNet Privacy Policy
This Privacy Policy was last updated on July 14, 2026
1. INTRODUCTION AND WHO WE ARE
This Privacy Policy (the “Policy”) explains how personal data is collected, used, disclosed, and protected when you access or use the DeNet Ecosystem and the Services described in Section 2. This Policy replaces and supersedes the DeNet Storage App Privacy Policy dated 5 November 2022.
The DeNet Ecosystem is operated by the following entities (each a “Controller” for the processing activities attributed to it below, and together “DeNet”, “we”, “us”, or “our”):
- DENET PTE. LTD., a private company limited by shares incorporated under the laws of Singapore (UEN: 202529092G), registered at 10 Anson Road, #20-05, International Plaza, Singapore 079903 (“DeNet Pte. Ltd.”) — the data controller for personal data processed in connection with the sale of Node licenses and Storage, the DeNet Distribution Program (including distributor applications, onboarding, commissions and payouts), and the Education Section / DeNet Academy;
- DEFENDER SOFTWARE FZ-LLC, a private company incorporated under the laws of the United Arab Emirates, registered at DMC-BLD05-VD-G00-281, Ground Floor, DMC5, Dubai Media City, Dubai, United Arab Emirates (“Defender Software”) — the developer and technical operator of the Applications and certain technical functionalities of the DeNet Ecosystem, acting as data controller for technical data generated by the operation of the Applications and, where applicable, as a processor acting on behalf of DeNet Pte. Ltd.
Where the two entities jointly determine the purposes and means of a given processing operation, they act as joint controllers and have allocated their respective responsibilities by internal arrangement; the essence of that arrangement is available on request. Irrespective of the internal allocation, you may exercise your rights under this Policy against either entity through the contact details in Section 21.
We prepared this Policy with particular regard to the United Arab Emirates Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the “UAE PDPL”) and the EU General Data Protection Regulation (EU) 2016/679 (the “GDPR”), including the UK GDPR where relevant. Where the law of your jurisdiction grants you broader rights, those rights are not limited by this Policy.
By using the Services, you acknowledge that you have read and understood this Policy. Where processing is based on your consent, you may withdraw it at any time as described below.
2. SCOPE — SERVICES COVERED
Unless we link to a different policy or state otherwise, this Policy applies to (collectively, the “Services”):
- the Applications — the DeNet Storage & Watcher Node mobile and desktop applications available on the App Store (https://apps.apple.com/us/app/denet-storage/id1643491316), Google Play (https://play.google.com/store/apps/details?id=pro.denet.storage) and via Android APK (https://links.denet.app/android/apk/latest);
- the Site at https://denet.pro and the Storage Site at https://mobile.denet.app;
- the Node Sale Site at https://nodesale.denet.app;
- the Distributor Portal at https://distributors.denet.pro, distributor Storefronts hosted at denet.app/d/{slug}, and the related distributor application interfaces;
- the Education Section / DeNet Academy made available within the Applications or via a standalone academy interface, including its courses, tests and examinations; and
- official DeNet support channels and official DeNet community channels (including official Telegram groups and channels), to the extent we process the data you submit through them.
This Policy does not apply to third-party websites, applications, wallets, or services, or to public blockchain networks, which are decentralized infrastructures not operated or controlled by us. This Policy also does not apply to products and services offered by third parties under their own brand on the basis of DeNet technology, as described in Section 9. “Personal data” means any information relating to an identified or identifiable natural person, as defined under the GDPR and the UAE PDPL.
3. WHAT DATA WE COLLECT
We follow the principle of data minimisation and collect only the personal data listed in this Section, and only to the extent necessary for the relevant purpose. Use of the core DeNet Storage service does not require you to disclose your legal name or identity: it is accessed through a blockchain wallet, and your stored content is encrypted under your exclusive control (see Section 3.5). Aggregated and anonymised data that can no longer be related to an identified or identifiable person is not personal data and falls outside this Policy.
3.1. Data you provide to us directly
(a) Wallet address and account identifiers. The blockchain wallet address you connect to the Services and the account identifiers and settings associated with it. A wallet address is a pseudonymous identifier; we treat it as personal data to the extent it can be linked to you.
(b) Distributor application data. If you apply to join the DeNet Distribution Program (including after completing the DeNet Academy distributor course and passing the examination), we collect the information you submit in the application form: your name; your Telegram username; your email address; your preferred method of contact; your motivation statement; and your answers to the practical questions and the questions about yourself contained in the application.
Your email address is a mandatory field and is validated for correct format at submission. The outcome of your application (approval or rejection) will be sent to the email address you provide. You are solely responsible for providing an accurate and operational email address and for keeping it up to date; if the address is incorrect or inaccessible, you may not receive the decision on your application or other important communications, and we shall not be responsible for any resulting non-receipt.
(c) Voluntary profile information. Information about yourself that you choose, at your own discretion, to add in your personal cabinet or profile — see Section 4.
(d) Communications. If you contact support, we process your contact details and the content of your messages in order to respond to you. If you communicate with us through official DeNet community channels (such as official Telegram groups), we process your username and the messages you post there for support and program administration; the platform operator processes your data independently under its own privacy policy. If you take part in a promotion or survey, we process only the data you submit for it (such as an email or wallet address), solely to administer that promotion or survey.
3.2. Data generated when you use the Services
- Education Section records: course progress, examination results, completion status, and certificates issued, associated with your account;
- Acceptance records: when you accept terms electronically (for example, the Distributor Terms in the Distributor Portal), the version of the document accepted, the date and time of acceptance, and the associated account and wallet address, retained as evidence of the conclusion of the agreement;
- Commission and payout records (Distributors and referral participants): sales attributed to your Storefront or referral code, commission accruals, withdrawal requests, and payout wallet addresses;
- Payment confirmations: confirmation that a payment was completed, received from the payment provider, the Apple App Store, or Google Play. We do not receive or store your full payment card details;
- Technical logs: IP address, device and operating system type, application version, and basic records of your use of the Services, to the extent necessary for their operation, security, and improvement. We use such data in aggregated or anonymised form wherever possible. Cookies are described in Section 7;
- Node metrics: where you operate a Datakeeper node or a Watcher Node, technical performance metrics of the node (capacity provided, uptime, verification activity) linked to the associated wallet identifier, used to operate the network and calculate rewards.
3.3. Identity verification (KYC/AML)
Identity verification and anti-money-laundering checks may be required in certain cases, where mandated by applicable law or our compliance policies (for example, for participation in the Distribution Program or the processing of withdrawals). Where such verification is required, it is performed by a specialised third-party verification provider engaged for that purpose. You submit your identity documents and undergo the checks directly through the provider’s interface, and the provider processes that data as a separate operator under its own terms and privacy policy, which are presented to you before verification begins.
We do not ourselves collect or store copies of your identity documents. We receive and store only the outcome of the verification — confirmation of your identity and verification status, and any compliance flags (such as sanctions or wallet-screening matches) — to the extent necessary to comply with applicable anti-money-laundering law and our compliance obligations. Where verification is required, completing it is a condition of access to the relevant functionality: if it is not completed, we will be unable to grant or maintain your access to such functionality (such as Distributor status or withdrawals).
3.4. Blockchain data
When you connect a wallet or transact within the DeNet Ecosystem, certain data — including your wallet address, transaction history, and Node license (NFT) holdings — is recorded on public blockchain networks. Such data is publicly accessible, replicated across the network, and immutable by design; it is not stored on infrastructure controlled by us and cannot be modified or deleted by us. See Section 14 on the resulting limits of certain rights.
3.5. What we do not collect
The DeNet Storage service is non-custodial. Files you store are split into blocks and encrypted on your device using an encryption key generated and held under your exclusive control. We do not collect, store, or have access to your unencrypted files, and we cannot view, access, or decrypt your stored content. Individual Datakeepers hold only encrypted, erasure-coded fragments of data and likewise cannot access or decrypt your content. We never collect and will never ask for your encryption keys, private keys, seed phrases, or wallet passwords. Anyone requesting them is not acting on our behalf.
4. VOLUNTARY INFORMATION IN YOUR PERSONAL CABINET
Your personal cabinet may allow you to add, at your option, additional information about yourself (for example, a display name, biography, contact details, social media links, or a profile image) (“Voluntary Information”).
- Providing Voluntary Information is entirely optional and is not required to use the Services. We process Voluntary Information on the basis of your consent, which you give by entering and saving such information at your own initiative, and which you may withdraw at any time by deleting the relevant information from your cabinet or contacting us (withdrawal does not affect the lawfulness of processing carried out before withdrawal).
- Please do not include sensitive (special-category) personal data — such as data revealing health status, religious or political views, ethnic origin, biometric or genetic data, or criminal records — in free-text fields or your profile. We do not request such data and have no purpose for processing it; any such data appearing in Voluntary Information is provided exclusively at your own initiative.
- You are solely responsible for the accuracy, relevance, and lawfulness of the Voluntary Information you provide, including for ensuring that it does not infringe the rights of any third party.
- Where the Services allow certain profile fields to be displayed publicly (for example, on a distributor Storefront page), you control whether to complete such fields. You acknowledge that information you choose to make publicly visible may be viewed, collected, or reused by third parties outside our control.
To the maximum extent permitted by applicable law, you acknowledge and accept the risks inherent in your own voluntary disclosure of information beyond what we request, and we shall not be liable for consequences of such disclosure made at your initiative. This paragraph does not limit any statutory rights you have as a data subject and does not relieve us of our security and confidentiality obligations under applicable data protection law with respect to data we hold.
5. PURPOSES AND LEGAL BASES OF PROCESSING
We process personal data only where a lawful basis exists under the GDPR (Article 6) and the UAE PDPL (Articles 4–6). The table below sets out our purposes, the main data categories involved, and the applicable legal bases.
| Purpose | Main data categories | Legal basis (GDPR / UAE PDPL) |
|---|---|---|
| Providing, operating and administering the Services; account and wallet connection; delivery of purchased Storage and Node licenses; recording acceptance of terms | Account and wallet data; blockchain data; acceptance records; system data | Performance of a contract (Art. 6(1)(b) GDPR); processing necessary for a contract to which the data subject is party (PDPL) |
| Receiving, reviewing and deciding on distributor applications; verifying Academy course and examination completion; notifying you of the outcome at the email address you provide | Distributor application data; Education Section data; email address | Steps at your request prior to entering into a contract and performance of a contract (Art. 6(1)(b) GDPR); contractual necessity and consent (PDPL) |
| Operating the Education Section: course delivery, testing, examinations, issuing certificates | Education Section data; account data | Performance of a contract (Art. 6(1)(b) GDPR); contractual necessity (PDPL) |
| Compliance: receiving and storing the results of identity verification performed by the third-party verification provider; sanctions and wallet screening; fraud prevention | Verification outcome and status; compliance flags; wallet data | Legal obligation (Art. 6(1)(c) GDPR); legitimate interests (Art. 6(1)(f) GDPR); compliance with applicable legislation and protection of legal rights (PDPL) |
| Calculating and paying commissions, processing withdrawal requests, reconciliation and clawback | Commission and payout data; wallet data | Performance of a contract (Art. 6(1)(b) GDPR); legal obligation (accounting/tax); contractual necessity (PDPL) |
| Operating and monitoring node participation in the network (Datakeeper and Watcher Nodes), calculating node rewards | Node operation data; wallet data | Performance of a contract (Art. 6(1)(b) GDPR); contractual necessity (PDPL) |
| Customer support, community management and handling complaints | Communications data; account data | Performance of a contract; legitimate interests (GDPR); contractual necessity (PDPL) |
| Service (transactional) communications: administrative messages, changes to terms, security notices | Contact details; account data | Performance of a contract; legal obligation (GDPR); contractual necessity (PDPL) |
| Marketing communications: newsletters, new features, rewards programs, promotions | Contact details; usage data | Consent (Art. 6(1)(a) GDPR), with opt-out at any time; consent (PDPL) subject to UAE rules on unsolicited electronic communications |
| Administering promotions, contests and surveys | Promotion data | Consent and/or performance of a contract (GDPR); consent (PDPL) |
| Analytics, improving and developing the Services | Usage data; system data (aggregated or pseudonymised where possible) | Legitimate interests (Art. 6(1)(f) GDPR); consent for non-essential cookies; consent / legitimate purposes (PDPL) |
| Security, fraud and abuse prevention, enforcement of our terms | System data; usage data; account data | Legitimate interests (Art. 6(1)(f) GDPR); protection of rights and compliance (PDPL) |
| Compliance with law, responding to lawful requests, establishing or defending legal claims | Any relevant categories | Legal obligation (Art. 6(1)(c) GDPR); legitimate interests; processing necessary for legal claims and judicial procedures (PDPL) |
| Processing Voluntary Information in your personal cabinet | Voluntary Information | Consent (Art. 6(1)(a) GDPR; PDPL), withdrawable at any time |
Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms and concluded that they are not overridden; you may object as described in Section 13. Where we rely on consent, refusal or withdrawal of consent does not affect your access to features that do not depend on the relevant processing.
6. AUTOMATED PROCESSING AND DECISION-MAKING
Technical validation of the email address format in the distributor application form is an automated data-quality check and does not constitute a decision producing legal effects. Decisions on distributor applications are reviewed and taken with human involvement; you may request further information about, and express your point of view on, any decision concerning your application. We do not carry out solely automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you, within the meaning of Article 22 GDPR. Automated fraud, sanctions, and wallet screening results are subject to human review before any adverse decision is taken.
7. COOKIES AND SIMILAR TECHNOLOGIES
We use cookies, local storage, SDKs, and similar technologies (“Data Collection Tools”) in the following categories:
- Strictly necessary: required for the Services to function (access, session integrity, security). Disabling them may make parts of the Services unavailable;
- Functional: remembering your preferences and settings (such as language and interface options);
- Analytics: understanding how the Services are used in order to improve them.
Where required by applicable law (including in the EU/EEA and the UK), non-essential Data Collection Tools are deployed only with your consent, which you may give, refuse, or withdraw through the cookie banner or settings made available in the relevant Service, and you can also manage cookies through your browser or device settings. Apple iOS, Android OS, and Microsoft Windows each provide their own instructions on how to control in-app tailored advertising.
8. WHO WE SHARE YOUR DATA WITH
We do not sell your personal data. We share personal data only as follows:
- Service providers and processors: hosting and cloud infrastructure providers, blockchain analytics and wallet screening providers, analytics providers, email and communication delivery services, customer support tools, and fraud prevention services. These providers act on our documented instructions, are bound by data processing agreements, and may use the data solely to provide the contracted service;
- Verification provider: where verification is required (Section 3.3), we share with the engaged verification provider the minimum data needed to initiate your check (such as an applicant identifier or email address). Your identity documents are collected by the provider directly from you and are processed by the provider under its own terms and privacy policy; the provider returns to us only the verification outcome;
- Within the DeNet group: between DeNet Pte. Ltd. and Defender Software FZ-LLC, to the extent necessary to operate the Services in accordance with the roles described in Section 1;
- Payment and blockchain infrastructure: where you make or receive payments, the relevant payment service providers and blockchain networks process transaction data under their own terms; on-chain data is public by design;
- Professional advisers and auditors: lawyers, auditors, and accountants, under confidentiality obligations, to the extent needed to assess our obligations and rights;
- Authorities and legal compliance: where we have a good-faith belief that disclosure is required or permitted by law, is requested as part of a judicial, governmental, or regulatory inquiry, is reasonably necessary under a valid subpoena, warrant, or other legally valid request, or is necessary to enforce our terms, detect or prevent fraud or security issues, or protect against imminent harm to the rights, property, or safety of DeNet, our users, or the public;
- Corporate transactions: in connection with a merger, acquisition, corporate reorganisation, or sale of all or part of our assets, in which case your data may be transferred to the successor organisation subject to this Policy or to safeguards no less protective;
- Aggregated or de-identified data: we may use and disclose data that can no longer identify you for any lawful purpose;
- With your consent: in other cases, with your prior consent.
Distributors as independent controllers. Distributors participating in the DeNet Distribution Program are independent contractors. Where a Distributor collects or processes personal data of customers or prospects through their own channels or marketing activities, the Distributor acts as an independent data controller and is solely responsible for complying with applicable data protection laws. This Policy does not apply to such processing, and we are not responsible for it.
9. WHITE-LABEL AND PARTNER SOLUTIONS
DeNet may make components of the DeNet Ecosystem and its underlying technology available to third-party legal entities for offering products or services under such entities’ own brands (“White-Label Solutions”).
Where you use a product or service provided by a third party on the basis of a White-Label Solution, that third party — and not DeNet — determines the purposes and means of processing your personal data and acts as the data controller (or equivalent role under applicable law) with respect to such processing. Your relationship with that third party, including the collection, use, and protection of your personal data, is governed exclusively by that third party’s own terms, privacy policy, and other applicable documents, and by the separate agreement(s) governing the relevant White-Label Solution. This Policy does not apply to such processing.
To the maximum extent permitted by applicable law, DeNet assumes no responsibility or liability for the processing of personal data by White-Label partners or for their compliance with applicable data protection laws. Where DeNet provides technical infrastructure to a White-Label partner and processes personal data strictly on that partner’s behalf and documented instructions, DeNet acts solely as a data processor under the agreement concluded with that partner, and requests concerning such data should be addressed to the relevant partner as controller. Further details regarding any specific White-Label Solution are set out in the separate documents applicable to it.
10. INTERNATIONAL TRANSFERS AND DATA LOCALIZATION
We store and process personal data on servers located in different regions, applying the following localization approach:
- Users in the EU/EEA: personal data of users residing in the European Union / European Economic Area is stored and processed on servers located within the EU/EEA. Any transfer of such data outside the EU/EEA takes place only where an adequate level of protection is ensured — on the basis of a European Commission adequacy decision or appropriate safeguards under Article 46 GDPR, in particular the Standard Contractual Clauses (SCCs), supplemented where necessary by additional technical and organisational measures. For UK users, transfers are made under the UK International Data Transfer Agreement or the UK Addendum to the SCCs;
- Users in jurisdictions with data localization requirements: where the law of a user’s jurisdiction requires that certain personal data be initially recorded, stored, or processed on servers located within that jurisdiction, we store and process such data on servers located in the relevant jurisdiction to the extent so required;
- Other users: personal data of other users is stored and processed on secure servers located in the United Arab Emirates and/or the EU/EEA.
Transfers of personal data outside the United Arab Emirates are carried out in accordance with Articles 22 and 23 of the UAE PDPL: to jurisdictions that ensure an adequate level of protection, or, in the absence of adequacy, on the basis of appropriate contractual safeguards, your express consent, or another ground permitted by the UAE PDPL. You may request further information about the safeguards applied to a specific transfer via the contact details in Section 21. Please note that data recorded on public blockchains is, by the nature of the technology, replicated globally and is not subject to territorial storage restrictions; likewise, encrypted data fragments distributed across Datakeeper nodes do not constitute personal data accessible to any individual node, as no node can identify or decrypt them.
11. DATA RETENTION
We retain personal data only for as long as necessary for the purposes for which it was collected, and thereafter for the period required or permitted by law. In determining retention periods, we consider the nature and sensitivity of the data, the purposes of processing, statutory retention obligations (including accounting, tax, and AML legislation), and applicable limitation periods for legal claims. Indicatively:
- account and contractual data (including acceptance records) — for the duration of your use of the Services and thereafter for the applicable limitation period for legal claims;
- distributor application data — for the period necessary to review the application and communicate the decision; where the application is not approved and no other basis applies, the data is deleted or anonymised within a reasonable period after the decision, unless retention is required to comply with law or to establish, exercise, or defend legal claims;
- verification outcomes, compliance flags, and transaction records — for the period required by applicable anti-money-laundering legislation (generally at least five (5) years after the end of the relationship or the transaction); copies of identity documents are retained by the verification provider under its own policy;
- support communications — for as long as needed to resolve the matter and for a reasonable period thereafter;
- aggregated or de-identified data that cannot identify you — for as long as commercially necessary.
When personal data is no longer needed, we securely delete, destroy, or anonymise it. Data recorded on public blockchains cannot be deleted (see Section 14).
12. SECURITY
We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful access, alteration, disclosure, loss, or destruction, taking into account the nature and sensitivity of the data. Measures include encryption in transit, access controls and the need-to-know principle, logging, segregation of environments, and contractual security obligations imposed on processors. Content stored via DeNet Storage is additionally protected by client-side encryption under your exclusive control.
No system can be guaranteed to be 100% secure. You play an important role in security: protect your credentials, wallet, private keys, and encryption keys, and contact us immediately if you suspect unauthorised access to your account. In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority and, where required, affected users, in accordance with Articles 33–34 GDPR and Article 9 of the UAE PDPL.
13. YOUR RIGHTS
Subject to the conditions and exemptions of applicable law, you have the following rights in relation to your personal data under the GDPR and the UAE PDPL:
- Right to be informed and right of access — to obtain confirmation of whether we process your personal data, information about the processing (categories, purposes, recipients, sources), and a copy of your data;
- Right to rectification — to have inaccurate or incomplete data corrected;
- Right to erasure (“right to be forgotten”) — to have your data erased where there is no longer a lawful ground for processing, subject to the blockchain limitations in Section 14;
- Right to restriction of processing — to have processing restricted in the circumstances provided by law;
- Right to data portability — to receive the data you provided to us in a structured, commonly used, machine-readable format and to have it transmitted to another controller where technically feasible;
- Right to object — to object to processing based on legitimate interests on grounds relating to your particular situation, and to object at any time to processing for direct marketing purposes, in which case we will stop such processing;
- Rights related to automated decision-making — not to be subject to solely automated decisions producing legal or similarly significant effects, and to object to processing carried out through automated systems, as provided by Article 22 GDPR and the UAE PDPL;
- Right to withdraw consent — at any time, without affecting the lawfulness of processing before withdrawal;
- Right to lodge a complaint — with a competent supervisory authority (see below).
How to exercise your rights. Send your request to support@denet.app. We may need to verify your identity (and, where relevant, control of the associated wallet address) before acting on a request, and we may ask for further details to locate your data. We respond within one (1) month under the GDPR (extendable by two further months for complex or numerous requests, with notice) and within the periods prescribed by the UAE PDPL and its executive regulations. Exercising your rights is free of charge, except that we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive.
Complaints. If you consider that our processing violates applicable law, you have the right to lodge a complaint: in the EU/EEA — with your national supervisory authority (the list of authorities is available on the European Data Protection Board website at https://www.edpb.europa.eu/about-edpb/about-edpb/members_en); in the United Kingdom — with the Information Commissioner’s Office (https://ico.org.uk); in the United Arab Emirates — with the UAE Data Office, the national data protection authority established under Federal Decree-Law No. 44 of 2021 (see https://u.ae/en/about-the-uae/digital-uae/data/data-protection-laws); in Singapore — with the Personal Data Protection Commission (https://www.pdpc.gov.sg). We would, however, appreciate the opportunity to address your concerns first.
14. BLOCKCHAIN DATA: LIMITS OF CERTAIN RIGHTS
Public blockchain networks are decentralized and append-only: data validly recorded on-chain (such as wallet addresses and transactions) cannot be altered or deleted by us or by anyone else. Accordingly, the rights to rectification and erasure can be exercised in full only with respect to data held in our off-chain systems. Where you exercise such rights, we will delete or correct the data under our control and sever, where feasible, the link between your identity and the relevant on-chain identifiers held in our systems. Please take the public and permanent nature of blockchain records into account before connecting a wallet or transacting.
15. CHILDREN
The Services are intended for persons who are at least 18 years old (or the age of majority in their jurisdiction, if higher) and are not directed at children. We do not knowingly collect personal data from persons under 18. If you believe that a person under 18 has provided personal data to us, please contact us at support@denet.app and we will take reasonable steps to delete such data.
16. MARKETING COMMUNICATIONS
We send marketing communications (newsletters, information about rewards programs, new services, features, and promotions) only where permitted by applicable law, and in the EU/EEA, the UK, and the UAE on the basis of your consent. You can opt out at any time using the unsubscribe mechanism in each communication or by changing your preferences in your account. Regardless of your marketing preferences, we will continue to send transactional and relationship messages regarding the Services, such as administrative confirmations, important updates, security notices, and notices about changes to our policies.
17. THIRD-PARTY SERVICES AND LINKS
The Services may contain links to, or integrations with, third-party websites, applications, wallets, social media features, and services. Your interactions with such third parties are governed by their own privacy policies, which we encourage you to review. We are not responsible for the privacy practices of third parties.
18. ADDITIONAL INFORMATION FOR SPECIFIC REGIONS
18.1. United Arab Emirates
For users in the UAE, processing is carried out in accordance with the UAE PDPL and, once issued and in force, its Executive Regulations. Consent, where relied upon, is specific, informed, unambiguous, and given in a manner we can demonstrate, and may be withdrawn at any time. Cross-border transfers follow Articles 22–23 of the UAE PDPL as described in Section 10. Nothing in this Policy limits any rights you have under the data protection frameworks of the UAE financial free zones (DIFC, ADGM) where they apply to a specific relationship.
18.2. EU/EEA and United Kingdom
For users in the EU/EEA and the UK, DeNet Pte. Ltd. and Defender Software FZ-LLC act in the controller roles described in Section 1 with respect to the offering of the Services to such users. Data is stored and processed in the EU/EEA as described in Section 10, and the rights in Section 13 apply in full, including the right to lodge a complaint with your local supervisory authority.
18.3. Singapore
DeNet Pte. Ltd. is incorporated in Singapore, and processing attributable to it is also carried out in accordance with the Singapore Personal Data Protection Act 2012 (PDPA), including its consent, purpose limitation, protection, and data breach notification obligations. Singapore users may direct requests and complaints to the contact details in Section 21 and have the right to complain to the Personal Data Protection Commission of Singapore.
18.4. California (United States)
If you are a California resident, you have rights under the California Consumer Privacy Act as amended by the CPRA, including the right to know, the right to access, the right to correct, the right to delete, the right to opt out of the “sale” or “sharing” of personal information, and the right to non-discrimination for exercising your rights. We do not sell personal information in the traditional sense; where cookies make non-personally-identifiable information available to third parties, you can manage them as described in Section 7. To exercise your rights, contact support@denet.app; you may designate an authorised agent, in which case we may verify your and your agent’s identity.
19. CHANGES TO THIS POLICY
We may update this Policy from time to time. The updated version will be published within the Applications and/or on the relevant Service website with a revised “Last updated” date. Where changes are material, we will provide additional notice where required by applicable law (for example, in-product notice or email) and, where the change concerns processing based on consent, we will seek fresh consent to the extent required. We encourage you to review this Policy regularly. If you do not agree with the updated Policy, you should discontinue use of the Services and may exercise your rights under Section 13.
20. RELATIONSHIP WITH OTHER DOCUMENTS
This Policy is incorporated by reference into, and should be read together with, the DeNet Nodes Sale Terms, the DeNet Storage Purchase Terms, the DeNet Distributor Terms, and the Terms of Use — Education Section, each of which governs the corresponding Service. In the event of a conflict between this Policy and any of those documents on a matter of personal data processing, this Policy prevails. Documents governing White-Label Solutions (Section 9) apply to the relevant partner relationship and are not affected by this Policy.
21. CONTACT US
If you have any questions about this Policy, wish to exercise your rights, or want further information about our processing (including joint-controller arrangements or transfer safeguards), please contact us:
- Email: support@denet.app
- DENET PTE. LTD.: 10 Anson Road, #20-05, International Plaza, Singapore 079903
- Defender Software FZ-LLC: DMC-BLD05-VD-G00-281, Ground Floor, DMC5, Dubai Media City, Dubai, United Arab Emirates