Ducat Protocol Privacy Policy

Last modified: August 01, 2025

This Privacy Policy ("Policy") explains how Ducat Protocol Inc. and its Affiliates ("we," "our," or "us"), collects, uses, and shares Personal Information in connection with our services ("Services") provided through the Ducat Protocol interface ("Interface") that allows users to non-custodially interact with the Ducat Protocol.

This Privacy Policy also outlines your rights and choices regarding such Personal Information. By using our Interface and Services, as described in the Terms of Service ("ToS"), you agree to the collection, use, and sharing of your Personal Information as described in this Policy. If you do not agree with these terms, please do not use our Interface or Services.

If the user engages with the Services under authority from a different party or on another party's behalf, then "user" and "you" (and its variants, including "your," "yours," etc.) as used herein refer to that person on whose behalf the Services are used. If the person engaging with our Services is an individual, acting in their own individual capacity, then "user" and "you" (and its variants) refer to that individual. If you have anyone using the Services on your behalf, you agree that you remain responsible for any acts or omissions of all such persons.

Please note that this Policy may be amended from time to time. It is your responsibility to check this Policy each time you access the Services so that you are aware of such changes, as they are binding on you. Please read this Policy carefully. If you have questions, use the details in the "Contact Us" section of this Policy.

Definitions

For the purposes of this Policy:

"Personal Information" means any information related to an identified or identifiable natural person.
"Affiliates" means any person that, directly or indirectly, controls, is controlled by, or is under common control with Ducat Protocol Inc.
"Service Providers" means any third-party organizations, individuals, or entities that perform functions or provide services on behalf of, or in conjunction with, Ducat Protocol Inc.
"Third-Party Services" means any external services or applications provided by Service Providers.
"Professional Advisors" means any experts who provide specialized advice to Ducat Protocol Inc. These may include, but are not limited to, legal counsel, accountants, auditors, business consultants, and other advisory professionals.

Information We Collect

A. Information You Provide

We may collect the following Personal Information when you use the Services:

User Queries: When you interact with any chatbots or support features, we collect and store the queries you input, including Personal Information that you may voluntarily provide within your queries.
Correspondence and Content: Any messages you send to us (e.g., feedback, support requests) may include Personal Information such as your name, contact information including email and addresses, and any other content you provide voluntarily.

B. Information Collected Automatically

IP Addresses: For security purposes, to ensure the proper functioning of the Interface, and to implement geo-blocking and VPN-detection measures, IP addresses are collected and stored using Third-Party Services and Service Providers. This information may be used to determine your approximate location and detect potential use of VPN services.
Wallet Addresses and Wallet IDs: Managed by Third-Party Services through our Service Providers to help monitor and mitigate fraudulent activities, and to comply with applicable laws.
On-Chain Data: By engaging with our services, you acknowledge that your wallet address and transaction data and history, are permanently recorded and publicly available on the blockchain. This data cannot be altered or erased by any party once it is published. If maintaining complete privacy is a concern, blockchain transactions may not fully protect such rights due to the inherent properties of the technology. You agree to release us from any liability related to the data you release on the blockchain, including that data generated by using our Services.
Social Media Presence: We are active on social media platforms such as X (formerly Twitter), LinkedIn, Facebook, Instagram, YouTube, TikTok, Mirror, Farcaster, Lens, where we collect Personal Information as outlined in this section and below. This data is obtained both directly from your interactions with us (e.g., comments, communications) and from the platforms themselves. These platforms also analyze your engagement with our content and combine this with other data they hold about you, such as your preferences and behavior. They use this data for their own purposes, including targeted marketing and platform optimization, even if you do not have a profile on the platform.
Airdrop Data: We collect and store your wallet address and any post IDs that you submit when participating in promotional campaigns and airdrop rewards. This data is collected either directly through our own systems or via our Service Providers. This data is used for managing airdrops, including verifying eligibility, distributing tokens, and preventing fraud. We do not share this data with third parties except as necessary to facilitate these airdrop-related activities.
Information from Tracking Technologies: Employed through the provision of Third-Party Services, tools such as web beacons, and similar technologies to record your preferences, help analyze user interaction and site traffic.
Usage and Behavioral Details: We monitor how you engage with our Interface and Services, capturing data like your session timings, frequented pages and features, clicked links, entered search terms, and user preferences via Third-Party Services or our own systems.
Device Details and Diagnostics Data: We collect specifics about the device used to access our Interface, including name and device type, operating system, browser specifications and fingerprint, crash logs and screen dimensions, using our own systems or through Third-Party Services and Service Providers.

3. Use of Information

We use the collected information for the following purposes:

Operating and Managing Services: To make the Services available to you and perform services requested by you, including creating and updating user accounts, processing transactions, responding to your queries, providing information support, and sending technical notices, security alerts and updates.
Improving Services: To enhance, customize and improve the Interface and user experience by analyzing usage data and user behavior.
Security and Compliance: To maintain the security and integrity of the Interface, prevent fraud, comply with any applicable laws, and respond to legal requests made by any relevant competent authority.
Business Transactions: In connection with any merger, acquisition, reorganization, or sale of our assets.
Consent: For purposes where we have obtained your consent, as required by applicable laws. We may aggregate or anonymize your Personal Information in a form that does not allow you to be personally identified and use the resulting information for any legitimate purpose.

Where we ask for your consent (e.g., for receiving newsletters and for personalized content or advertising based on your usage behavior or for processing sensitive data), we process your data based on such consent.

Where we did not ask for your consent, we may process your data on other legal grounds in accordance with applicable laws. These may include contractual obligations, legal and regulatory requirements, legitimate interest in complying with applicable laws, marketing campaigns, market analysis, and any other legitimate interest in efficiently managing and developing our company and its operations.

In addition, we may use Personal Information to detect and prevent abusive, fraudulent, or illegal activity; to protect the rights, safety, or property of Ducat Protocol Inc., our users, or others; to enforce our Terms of Service; and for any other purpose described to you at the time the information was collected or with your consent.

4. Sharing and Disclosure of Information

We may share or disclose information as follows:

Affiliates: With our affiliates and related entities for their own internal purposes.
Professional Advisors: With our advisors, including but not limited to audits and compliance.
Service Providers: With third-party providers for fraud detection, security, data analytics, IT services, and blockchain transaction monitoring. These providers are restricted to using the information only on our behalf and in accordance with our instructions.
Non-Identifiable Information: Aggregated, de-identified information may be shared for any purpose except as prohibited by applicable law.
During a Change to Our Business: If we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of our assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities, some or all of your personal information may be shared or transferred.
Third-Party Offerings: Our Interface may feature offerings from third parties. Clicking on these may result in the transfer of necessary data (e.g., referral details from our site or any provided information) to the third party. We do not control, review, or assume responsibility for third-party content or websites. Our Privacy Policy does not cover these external sites or their content. We recommend reviewing the privacy policies of any website you visit. Links to third-party sites are provided for convenience and do not imply our endorsement to them or their products, content or services.
Legal Disclosures: We may disclose your data to legal authorities, such as courts, law enforcement, regulators, or government officials, if required or permitted by applicable laws, or to protect our interests. This might include, for example, sharing data in criminal investigations, legal proceedings, alternative dispute resolution, and efforts to prevent money laundering and terrorist financing, as well as fulfilling other reporting obligations.

5. Third-Party Services and Service Providers

The Interface may integrate with technologies operated by third parties, such as links to websites, mobile applications or any other online assets that are not owned or controlled by us. These third parties may independently collect information about you. We encourage you to review their privacy policies and terms of use. We have no control over and assume no responsibility for the content, privacy policies or practices of any Third-Party Services and websites.

6. Cookies Notice and Local Storage

Browser local storage and similar technologies are utilized to store certain data on your device to provide and improve our Services and to enable certain features of the Interface. This includes storing your Bitcoin wallet address and session information. While we do not collect cookies, the use of browser local storage to store data on your device is required for the optimal functioning of the Interface. Please note that data stored in local storage may not be secure, and may be accessible to any browser extensions or scripts running in your browser. By using the Interface, you acknowledge and accept the risks associated with the storage of data in your browser's local storage.

We may use cookies from service providers like Google Analytics to collect and analyse data. These third parties may process data per their privacy policies.

Managing Cookies: You can manage cookies through your browser settings. Note that disabling cookies may limit certain features of the Site.

7. Analytics and Performance Monitoring

We use Third-Party Services, including analytics platforms, to track user interactions and preferences. This helps us understand how users engage with the Interface, identify areas for improvement, and measure the effectiveness of our features. Data collected may include page views, time spent on pages, click paths, and device information. We ensure that analytics data is used in compliance with applicable laws and is often anonymized to protect your privacy.

8. Data Retention

We retain information as long as necessary to fulfill the purposes outlined in this Policy and to comply with applicable laws. If you request deletion, we may retain information as required by law or for legitimate business purposes. For example, on-chain data cannot be deleted due to blockchain immutability, and we may retain logs for security audits for up to 7 years. When data is no longer needed, we securely delete or anonymize it.

9. International Data Transfer

Information collected may be transferred to and processed in jurisdictions other than your own. Data privacy laws in the jurisdictions to which your Personal Information is transferred may not be equivalent to, or as protective as, the laws in your home country. By using the Services, you consent to such transfers. We implement appropriate safeguards, such as standard contractual clauses or adequacy decisions, to protect your data in accordance with applicable laws like GDPR.

10. Eligibility: Age Requirement

To use the Services, you must legally be able to enter into the Agreement according to applicable laws. The Services are intended for general audiences and not directed at children under 18. If we learn that we have collected Personal Information from a child under 18, we will delete it promptly.

11. Additional Disclosures for EEA and UK Residents

Under the General Data Protection Regulation ("GDPR" - Regulation EU 2016/679) and the Data Protection Act 2018 ("DPA" - 2018 c.12), you have rights to access, rectify, delete, and restrict the processing of your personal data, as outlined herein below:

Right to Access: You may request all Personal Information via email.
Right to Rectification: Certain Personal Information, such as name and email address, may be rectified by sending a request via e-mail. However, rectification of certain data, such as wallet addresses and on-chain data, is not possible.
Right to Erasure (Right to be Forgotten): You may request the deletion of all Personal Information via email.
Consent Withdrawal Right: You shall be entitled to withdraw consent to the processing of the Personal Information to which you provided your consent.
Complaint: You shall have the right to lodge a complaint with a competent data protection supervisory authority.
Right to Restrict Processing: You can request us to limit processing under certain conditions, such as verifying the accuracy of data.
Right to Object: You can object to processing based on legitimate interests or direct marketing.
Right to Data Portability: You can request your data in a structured, machine-readable format to transfer it elsewhere.

Please contact us to exercise such rights, should you be a resident of the EEA and/or the UK. Please note that the exercise of some of those rights may not be possible in relation to the Interface and Services taking account of the Services' nature, manner, form and other applicable circumstances. Please note that blockchain transactions cannot be edited or deleted.

12. Changes to this Privacy Policy

We may revise this Policy at any time. If we make any changes to this Policy, we will change the Last Updated date above. Changes will be effective immediately upon posting. Your continued use of the Services constitutes consent to the revised policy. We may provide notice of significant changes via email or in-app notifications.

13. Contact Us

If you have questions or comments about this Policy, please contact us at privacy@ducatprotocol.com.