Privacy Policy

Effective Date: July 1, 2025

1. Introduction

This Privacy Policy (the "Policy") explains how Netts.io ("Netts", "we", "us", "our") collects, uses, stores, and protects personal data when you access our website, APIs, Telegram bot, and other related services (collectively, the "Services").

Our data practices are designed to comply with the EU General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA), and with other applicable data protection laws for users in other regions.

By using our Services, you confirm that you have read this Policy and agree to its terms.

Information about the legal entity operating Netts.io (company name, registration number, address) will be added to this Policy once the company is incorporated.

We do not target or offer our Services to residents or persons located in the United States of America. If you are a U.S. person or use the Services from the U.S., you must not use our Services.

2. Definitions

Personal Data – any information relating to an identified or identifiable natural person, as defined in GDPR and other applicable data protection laws.

Cookies – small text files stored in your browser that allow the website to remember your actions and preferences over time.

Cookies are described further in Section 9 of this Policy.

3. What Personal Data We Collect

We may collect the following categories of data:

3.1. Identification and Account Data

When you log in via Telegram:

  • Telegram user ID;
  • display name and/or username;
  • profile photo (avatar), if provided.

When you log in via Google:

  • Google account ID;
  • name;
  • email address;
  • profile picture, if provided.

3.2. Deposit and Transaction Data

Netts.io uses blockchain-based deposit addresses solely to receive funds that are then credited to your internal balance and used to pay for our Services.

We may process:

  • deposit addresses generated or associated with your account for receiving funds;
  • incoming transaction information (transaction hashes, amounts, date and time);
  • internal balance information in our system;
  • information about your orders, energy rentals and payments.

Funds received to deposit addresses may be moved to one or more operational ("hot") wallets that we control. The on-chain balances of individual deposit or operational addresses do not directly represent your personal balance. Your user balance is recorded and managed in our internal accounting systems (off-chain) and is separate from the on-chain balances of our wallets.

Underlying blockchain transactions are public and permanently recorded on the relevant blockchain networks. Wallet addresses may in some cases be considered personal data if they can be linked to you.

3.3. Technical Data

  • IP address;
  • browser type and version;
  • device type and operating system;
  • time zone and language;
  • pages visited, actions on the site, referrer URL;
  • HTTP/API request logs.

This data is primarily used to ensure security, stability, and proper functioning of the Services.

3.4. Communication Data

  • Requests and messages sent to us via email, Telegram, or other communication channels;
  • metadata and content of your inquiries (e.g., support requests, feedback).

We do not request or store private keys, seed phrases, or other sensitive data used to access your cryptocurrency wallets.

4. How We Collect Data

We collect personal data:

Directly from you, when you:

  • log in via Telegram or Google;
  • contact us via email or other channels;
  • interact with our Telegram bot or web interface.

Automatically, when you:

  • visit our website (via cookies and similar technologies);
  • interact with our API or bot (technical logs and metadata).

From third parties, when you:

  • authenticate via Telegram or Google (we receive the minimum information necessary to create or maintain your account, in accordance with their own privacy policies).

5. Purposes of Processing and Legal Bases

We process your personal data for the following purposes and on the following legal bases:

Provision of the Services

  • creating and managing your account;
  • providing access to deposit addresses and internal balances;
  • executing and recording energy rental and related transactions;
  • providing support and answering your requests.

Legal basis: performance of a contract (Art. 6(1)(b) GDPR) and/or steps taken at your request before entering into a contract.

Security and abuse prevention

  • ensuring the security, integrity and availability of the Services;
  • detecting and preventing fraud, abuse, and technical issues.

Legal basis: legitimate interests (Art. 6(1)(f) GDPR).

Analytics and service improvement

  • understanding how users interact with the Services;
  • improving performance, usability and features.

Legal basis: legitimate interests and, where required, consent.

Legal compliance

  • complying with applicable laws and regulations;
  • responding to lawful requests from authorities, where applicable.

Legal basis: compliance with a legal obligation (Art. 6(1)(c) GDPR), where applicable.

You may withdraw your consent at any time where processing is based on consent. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

6. Disclosure of Data to Third Parties

We treat your personal data confidentially. We may share your data only with:

  • Service providers and technical contractors (e.g., hosting, infrastructure, analytics, email providers) who process data on our behalf and under our instructions, subject to appropriate confidentiality and security obligations;
  • Authentication providers, such as Telegram and Google, which process your information under their own terms and privacy policies when you authenticate through them;
  • Professional advisors, such as lawyers or auditors, where reasonably necessary for legitimate business purposes;
  • Public authorities or law enforcement, where we are legally required to do so, or where such disclosure is necessary to protect our rights, your rights, or the rights of others.

We do not sell your personal data.

7. International Data Transfers

Your data may be processed in countries other than your country of residence. If data is transferred outside the EEA, we take appropriate measures required by law to ensure an adequate level of protection (for example, by relying on contractual safeguards where applicable).

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, including:

  • for the duration of your use of the Services and your active account;
  • for a reasonable period afterward to comply with legal obligations, resolve disputes, and enforce agreements.

Blockchain transaction data recorded on public networks cannot be altered or deleted by us. However, we can delete or anonymize off-chain data that we control and stop associating certain on-chain addresses with your user account in our systems where appropriate.

9. Cookies

Our website may use cookies and similar technologies to:

  • ensure the technical operation of the site and keep your session active;
  • remember your language and interface preferences;
  • perform basic, aggregated analytics.

You can control cookies via your browser settings (e.g. block, delete, or limit them). Please note that disabling strictly necessary cookies may affect the functioning of the site.

If required by applicable law, we will display a cookie banner where you can manage your cookie preferences.

10. Your Rights

Depending on your location and applicable law (including GDPR for EEA users), you may have the following rights:

  • Right of access – to know whether we process your personal data and to obtain a copy;
  • Right to rectification – to correct inaccurate or incomplete data;
  • Right to erasure – to request deletion of your personal data in certain cases;
  • Right to restriction of processing – to request a temporary or partial restriction of processing in certain cases;
  • Right to data portability – to receive your data in a structured, commonly used, machine-readable format and transmit it to another controller where technically feasible;
  • Right to object – to object to processing based on our legitimate interests, and we will stop processing unless we have compelling legitimate grounds or processing is necessary for legal claims;
  • Right to withdraw consent – where processing is based on consent;
  • Right to lodge a complaint – with a competent data protection authority if you believe your rights have been violated.

To exercise these rights, please contact us using the details in Section 13.

We do not knowingly target or intentionally process personal data of U.S. residents. If you are a resident of the U.S., you must not use our Services. If you believe we have collected data about you as a U.S. resident, please contact us and we will review and, where appropriate, delete such data.

11. Security

We implement technical and organizational measures to protect personal data, including:

  • encryption in transit (e.g. HTTPS);
  • access control and authentication;
  • logging and monitoring;
  • regular security updates.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for taking reasonable steps to protect your own accounts, devices and wallets.

12. Policy Updates

We may amend this Policy to reflect changes in our practices, technologies, or legal requirements. The updated version will be published on our website with a new effective date.

Your continued use of the Services after the updated Policy becomes effective constitutes your acceptance of the changes. If you do not agree with the updated Policy, you should stop using the Services.

13. Contact Information

If you have any requests, questions, or complaints regarding this Policy or our data practices, you can contact us at:

Email: [email protected]

Website: https://netts.io