Privacy Policy

XGR Network GmbH — Last updated: January 10, 2026

This Privacy Policy explains how XGR Network GmbH (“XGR”, “we”, “us”, “our”) processes personal data when you use our websites and online services on xgr.network and its subdomains, when you contact us, and when you place an OTC order for XGR tokens.

1. Controller

XGR Network GmbH
Dorothenstraße 15, 09212 Limbach-Oberfrohna, Germany
Email: info@xgr.network

2. What we do not do

  • No analytics / no tracking: we do not use analytics or marketing tracking tools.
  • No newsletter: we do not send newsletters.
  • No advertising cookies: we do not use cookies for advertising or analytics purposes.

3. Processing activities

3.1 Website hosting (STRATO) and server log files

Our website and related online services are hosted with STRATO. When you access our website, server log files may be processed (e.g., IP address, date/time, requested URL, referrer URL, user agent, status code) to deliver the website, ensure stability and security, and detect/prevent abuse.

Legal basis: Art. 6(1)(f) GDPR (legitimate interests in operating and securing our website and services).
Retention: log data is stored for a limited period and deleted when no longer required, unless further retention is necessary to investigate security incidents or to comply with legal obligations.

3.2 Contact requests (contact form / email) via Zoho Mail

If you contact us via our contact form or by email, we process the information you provide to handle your request. Our contact form collects the following fields:

  • Topic (selection)
  • Name (required)
  • Email address (required)
  • Organization (optional)
  • Website (optional)
  • Message (required)
  • Consent checkbox (confirmation that you have read this policy)
  • Anti-spam technical fields (e.g., a hidden honeypot field and timestamp)

We use Zoho Mail to handle email traffic and to deliver contact form submissions to our team. Zoho Mail is also used for transactional emails in the OTC ordering process (order confirmations and invoice delivery).

Processor: Zoho Corporation GmbH, II. Hagen 7, 45127 Essen, Germany.
Zoho processes data on our behalf under a data processing agreement (Art. 28 GDPR). Further information: Zoho Privacy Policy.

Legal basis: Art. 6(1)(b) GDPR (responding to inquiries as a pre-contractual measure or in the context of a contract) and/or Art. 6(1)(f) GDPR (legitimate interest in communication and support).
Retention: we retain communications only as long as necessary to process your inquiry and to meet applicable legal retention requirements (e.g., business correspondence where relevant).

3.3 OTC orders (Get XGR) — order processing, confirmations and invoices

If you place an OTC order via get-xgr.html, we process and store personal data to create and process your order, to communicate with you, and to comply with accounting and tax obligations (statutory retention).

Order form fields (OTC):

  • Name (required)
  • Email (required; used for invoice and status updates)
  • Billing address (required): Street & No., ZIP & City, Country
  • Receiving wallet address (EVM) (required)
  • Order amount (XGR) and calculated values (e.g., net amount, VAT, gross)
  • Terms acceptance checkbox (confirmation of OTC terms/privacy)

Retention: we store OTC order and invoice records for 10 years (statutory retention period), unless a longer retention is required by law in specific cases.

Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(c) GDPR (legal obligations, especially commercial and tax law).

3.4 Bank transfers (no payment provider)

We do not use a separate payment provider. If you pay via bank transfer (SEPA), processing occurs within the banking system. Banks typically act as independent controllers for these processing activities.

3.5 External content delivery networks (CDN) for technical libraries

On certain pages (e.g., OTC ordering), we load technical JavaScript libraries from third-party CDNs (currently cdn.jsdelivr.net). When your browser retrieves these resources, the CDN provider may receive technical access data (e.g., IP address, user agent, time of access) in order to deliver the files.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and efficient delivery of our website functionality).
If we later self-host these libraries, this processing will no longer occur.

4. Recipients of personal data

We share personal data only to the extent necessary, in particular with:

  • Hosting provider: STRATO (website hosting and technical operation).
  • Email provider: Zoho Mail EU (communication, contact form delivery, order confirmations, invoice delivery).
  • Banks: for bank transfers (independent controllers).
  • Authorities: where required by law (e.g., tax authorities).

5. International transfers

We aim to process data within the EU/EEA. If, in specific cases, personal data is transferred outside the EU/EEA (e.g., depending on infrastructure used by processors or CDNs), we use appropriate safeguards such as adequacy decisions or Standard Contractual Clauses where required.

6. Your rights

Subject to applicable law, you have the right to:

  • access, rectification, erasure, restriction, portability, and to object (Art. 15–21 GDPR);
  • withdraw consent at any time (where processing is based on consent);
  • lodge a complaint with a supervisory authority.

7. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date indicates the latest revision.

8. Contact

For privacy-related inquiries, please contact: info@xgr.network

↑ Back to top