XGR.Network GmbH — Privacy Notice

IMPORTANT: This Privacy Notice is legally binding as part of your use of the Services. It does not constitute legal advice to you. You should have counsel review this document for your specific circumstances.

1. Purpose of this Privacy Notice

This Privacy Notice explains how XGR.Network GmbH (“XGR”, “we”, “us”, “our”) processes Personal Data in connection with our websites, applications, APIs, and services that reference this notice, including:

  • https://xgr.network and related subdomains (the “Website”);
  • XGRChain Explorer (the “Explorer”);
  • XGR Builder (including XRC‑137 and XRC‑729 tooling) (the “Builder”);
  • developer tooling and integrations we provide or operate (e.g., Hardhat-related tooling, where applicable) (the “Dev Tools”);
  • the xDala Engine and related execution/automation interfaces (the “xDala Engine”);
  • XGRChain RPC endpoints and related API gateways (the “RPC”);
  • OTC trading/subscription/order and settlement interfaces we operate (the “OTC Services”);

together, the “Services”.

Please read this notice together with any other privacy notices we provide for specific features, events, or offerings.

2. Who we are and how to contact us

(a) Controller

XGR.Network GmbH is the controller responsible for processing your Personal Data in the context of the Website and Services.

Business address: Dorothenstraße 15, 09212 Limbach‑Oberfrohna, Germany

General contact: contact@xgr.network

(b) Data protection contact

For privacy-related inquiries you may contact: privacy@xgr.network (or contact@xgr.network if not available)

3. Categories of Personal Data we process

Depending on how you use the Services, we may process:

  • Contact and account data (e.g., name, email, company, role; if you create accounts where available);
  • Technical and usage data (e.g., IP address, device identifiers, browser/OS, timestamps, logs, performance metrics);
  • RPC/API request data (e.g., request metadata, endpoints called, rate-limit identifiers; content may include blockchain addresses or transaction identifiers);
  • Blockchain-related data (e.g., public wallet addresses, transaction hashes, smart contract interactions). Note: public blockchain data is generally immutable and cannot be deleted by us once recorded on-chain;
  • Support/communications data (e.g., messages you send to us, tickets, call notes);
  • OTC/Offering data (where applicable) (e.g., subscription/order details; bank transfer references and payment metadata; receiving wallet address you provide; any confirmations/receipts we issue);
  • Compliance attestation and eligibility data (where applicable) (e.g., checkbox/self-declarations about sanctions/jurisdiction/eligibility; timestamps; session identifiers/IP; fraud-prevention signals);
  • Fraud, abuse, and security data (e.g., indicators used to detect spam, DDoS, credential stuffing, abusive API use, or other security incidents).

4. Sources of Personal Data

We collect Personal Data:

  • directly from you (e.g., forms, emails, support requests, OTC/Offering submissions);
  • automatically from your device/browser when you use the Website/Services;
  • from payment/banking rails used for OTC/Offering payments (e.g., SEPA reference information present in a bank transfer);
  • from third parties you connect with (e.g., identity/compliance providers, hosting/security providers), where applicable.

5. Purposes and legal bases

We process Personal Data for the following purposes and legal bases (GDPR):

  • Providing and operating the Services; maintaining security and performance (Art. 6(1)(b) and/or Art. 6(1)(f));
  • Preventing abuse, fraud, and security incidents; enforcing Terms (Art. 6(1)(f));
  • Responding to inquiries and support requests (Art. 6(1)(b) or Art. 6(1)(f));
  • Conducting OTC/Offering operations (order handling, settlement, refunds, communications) (Art. 6(1)(b));
  • Meeting legal and regulatory obligations (e.g., AML/CFT, accounting, tax, sanctions compliance) (Art. 6(1)(c));
  • With your consent where required (e.g., optional marketing communications, certain cookies) (Art. 6(1)(a)).

6. Automated decision-making

We may use automated signals and rules to detect and prevent abuse, fraud, and security incidents (e.g., rate limiting, temporary blocks, or quarantining of suspicious activity). These measures are generally intended to protect the Services and do not typically produce legal effects. You may contact us if you believe an automated measure affected you incorrectly.

7. Sharing of Personal Data

We may share Personal Data with:

  • Service providers (processors) that host, secure, monitor, or help us operate the Services (e.g., infrastructure hosting, security monitoring, analytics, customer support tooling);
  • Professional advisers (e.g., lawyers, auditors, accountants) as needed;
  • Banks and payment partners for OTC/Offering settlement and refunds, where applicable;
  • Authorities and regulators where required by law;
  • Other parties with your direction/consent.

Where processors are used, we implement appropriate data processing agreements.

8. International transfers

If Personal Data is transferred outside the EEA, we use appropriate safeguards (e.g., adequacy decisions, Standard Contractual Clauses, and supplementary measures, as appropriate).

9. Retention

We retain Personal Data only as long as necessary for the purposes described above, unless a longer period is required or permitted by law. Where applicable, records relating to OTC/Offering transactions and related compliance obligations are retained for the statutory retention periods under applicable law (e.g., commercial and tax law retention requirements).

10. Your rights

Subject to applicable law, you have the right to:

  • access, rectification, erasure, restriction, portability, and to object (Art. 15–21 GDPR);
  • withdraw consent at any time (where processing is based on consent);
  • lodge a complaint with a supervisory authority (in particular in the EU/EEA, with your local supervisory authority or the authority where we are established in Germany).

11. Security

We implement appropriate technical and organizational measures to protect Personal Data. No security measures are perfect; you use the Services at your own risk.

12. Cookies and similar technologies

We may use cookies and similar technologies. Where required, we will obtain consent and provide cookie controls.

13. Changes to this notice

We may update this Privacy Notice from time to time. The “Last updated” date indicates the latest revision.

14. Contact

For privacy-related inquiries, contact: privacy@xgr.network (or contact@xgr.network)

↑ Back to top