Skip to content
Pontus-X · The decentralized ai and data ecosystem

Privacy Policy

This privacy policy informs you about how deltaDAO AG (in the following deltaDAO, we, us, our) processes your personal data when you visit our Pontus-X Documentation and when you contact us. Moreover, this privacy policy informs you about your rights.

Last updated on October 14, 2024.

1. Contact details of the controller and Data Protection Officer

The controller pursuant to the EU General Data Protection Regulation ("GDPR") for the processing of your personal data is:

deltaDAO AG
Katharinenstraße 30a (Contor)
20457 Hamburg
Germany
E-mail: contact@delta-dao.com

If you have any questions about the protection of your personal data at deltaDAO, please contact our Data Protection Officer:

Data Protection Officer
deltaDAO AG
Katharinenstraße 30a (Contor)
20457 Hamburg
Germany
E-mail: privacy@delta-dao.com

2. What's personal data?

Personal data is any information that can be directly or indirectly associated with you. deltaDAO processes the following personal data.

  • IP address: Your IP address is processed when visiting our Pontus-X Documentation.
  • E-mail: Your e-mail address is processed if you contact us via mail. We will also process additional personal data about you if you provide them in your message (such as your name).

You can find further information about the processing of your personal data in the chapter “Processing operations according to Article 13 GDPR”.

3. Recipients and cross-border data transfer

3.1 Vercel

When visiting our Pontus-X Documentation, your IP address is processed by Vercel Inc. (located at 340 S Lemon Ave #4133, Walnut, CA 91789, USA). Vercel is a service provider that hosts our Pontus-X Documentation. Our Pontus-X Documentation is served by Vercel using a Content Delivery Network, a geographically distributed network, with servers within and outside of the European Economic Area (EEA). This means if you are located within the EEA, your IP address will most likely (but not guaranteed) be processed on a Vercel server within the EEA.

There is no adequacy decision for the USA from the European Commission. Our cooperation with Vercel is based on a Data Processing Agreement (DPA) including Standard Contractual Clauses (SCC). You have the right to receive a copy of these SCC. To exercise your right, please contact us at privacy@delta-dao.com.

3.2 Microsoft

When you contact us via e-mail, our (mail) service provider Microsoft (located at One Microsoft Way Redmond, WA 98052-6399, USA) supports us in processing your personal data so we can communicate with you. There is no adequacy decision for the USA from the European Commission. We have restricted storage on the EEA and signed SCC with our provider. You have the right to receive a copy of these SCC. To exercise your right, please contact us at privacy@delta-dao.com.

4. Processing operations according to Article 13 GDPR

4.1 Providing our Pontus-X Documentation and ensuring its security

Your IP address is collected, used, and stored for providing our Pontus-X Documentation and to maintain its security. Our Pontus-X Documentation is hosted externally by our service provider Vercel (see also chapter 3.1).

Purpose: Collecting and using your IP address is necessary for providing our Pontus-X Documentation because it is a technical requirement for ensuring communication between your device and our Pontus-X Documentation. Your IP address is also processed for security, fraud-prevention, abuse-prevention, and troubleshooting purposes.

Legal basis: The legal basis for this processing is our legitimate interest, pursuant to Art. 6(1)(f) GDPR.

Legitimate interests: Our legitimate interest is to provide our Pontus-X Documentation to you and to enable security, a technically error-free presentation, and the optimization of the Pontus-X Documentation.

Retention period: Vercel retains your personal data for as long as needed to provide their services. Additionally, Vercel does not delete the data when it is needed for the establishment, exercise, or defense of legal claims. In this case, the information is retained as long as needed for exercising respective potential legal claims.

4.2 Contact via e-mail

We collect, use, and store your e-mail address and the personal data that you voluntarily provide in your e-mail (e.g., your name) when you reach out to us via e-mail. Microsoft supports us technically in providing our mail service to you (see also chapter 3.2).

Purpose: Your personal data is collected, used, and stored by us to respond to your inquiries.

Legal basis: The legal basis for this processing is our legitimate interest, according to Art. 6(1)(f) GDPR.

Legitimate interests: Our legitimate interest is to answer your inquiries.

Retention period: We store your personal data as long as we need it to process your inquires. We store your personal data beyond this period if we are obliged to do so due to retention obligations under tax and commercial law or in the event of legal disputes. If the latter is the case, your personal data will be erased after the retention period has expired.

5. Cookies and Analytics

5.1 Cookies

A cookie is a small file that stores information in your browser. Your web browser downloads it on the first visit to a website. The next time you open this website with the same device, the cookie and the information stored in it are either sent back to the website that created it (first-party cookie) or sent to another website it belongs to (third-party cookie). This enables the website to detect that you have opened it previously with this browser and, in some cases, to vary the displayed content. Some cookies are necessary for making websites work, and others are used for enhancing your experience on the visited website. Cookies can also be used for marketing and analytics purposes. Web storage (local storage and session storage) has similar functionality to cookies.

Our Pontus-X Documentation uses web storage to provide website functions (necessary cookies). You can delete web storage from your computer's hard disk at any time in your browser settings.

5.2 Analytics

deltaDAO uses Plausible Analytics, a privacy-friendly web analytics tool for tracking overall trends in our website traffic. We create aggregated statistics based on our legitimate interest to gain insights to improve existing and future features and services, and to evaluate user engagement. Plausible Analytics does not use cookies or similar technologies that require information to be stored on your device. Instead, the tool focuses on analyzing aggregated data without the need to access your end device or store information there.

Plausible Analytics does not track individual visitors and does not create persistent identifiers. It does not use cross-platform or cross-device tracking and does not pass on data to third parties. Plausible Analytics primarily uses data that is recorded by default in server logs, such as requested URLs, access times, HTTP status codes and transferred data volumes. This information is used to analyze website traffic. Data processing at Plausible Analytics takes place in two steps:

  • Pseudonymization:

  • When the data is received, it is pseudonymized using a hash function and a regularly changing key (“salt”). This process aims to change personal data in such a way that data subjects are no longer directly identifiable, but a distinction between sessions is made possible.

  • hash(daily_salt + website_domain + ip_address + user_agent)

  • Plausible Analytics never stores the raw data IP address and User-Agent in logs, databases or anywhere on disk at all.

  • Anonymization after 24 hours: Within 24 hours of pseudonymization, the data is completely anonymized by removing the “salt” so that it can no longer be traced back to the original user data. The remaining data does not allow any direct or indirect identification of data subjects.

Plausible Analytics only uses EU-based service providers for hosting and additional services such as CDN and DDoS protection. The servers are located in Germany (operated by Hetzner) and additional services are provided by Bunny (based in Slovenia).  

deltaDAO signed a DPA with Plausible Analytics.

6. Automated decision making including profiling according to Article 13(2)(f) GDPR

Automated decision making including profiling does not take place.

7. External links

Our Pontus-X Documentation contains links to websites owned by third parties. These websites are beyond our control and responsibility.

8. Your rights

Pursuant to the GDPR, you have the following rights. If you wish to exercise your rights or have any questions, do not hesitate to contact us.

8.1 Right of access (Art. 15 GDPR)

You have the right to obtain confirmation about whether deltaDAO processes personal data about you. If we do so, you have the right to access these personal data along with the information defined in Art. 15 GDPR.

8.2 Right to rectification (Art. 16 GDPR)

You have the right to obtain from us the rectification of inaccurate personal data about you without undue delay. Also, you have the right to obtain from us the completion of incomplete personal data about you.

8.3 Right to erasure (Art. 17 GDPR)

You have the right to obtain the erasure of your personal data without undue delay, where the legal grounds defined in Art. 17 GDPR apply.

8.4 Right to restriction of processing (Art. 18 GDPR)

You have the right to obtain the restriction of processing personal data about you where the legal grounds defined in Art. 18 GDPR apply.

8.5 Right to data portability (Art. 20 GDPR)

You have the right to receive from us your personal data in a structured, commonly used, and machine-readable format and the right to transmit the received data to another controller without hindrance from us, where the legal grounds defined in Art. 20 GDPR apply.

8.6 Right to object (Art. 21 GDPR)

You have the right to object to the processing of your personal data, where we base the processing on legitimate interests (Art. 6(1)(f) GDPR). We will no longer process your personal data except we can demonstrate compelling legitimate grounds, which override your freedoms, rights, and interests, or if we have to establish, exercise, or defend legal claims.

8.7 Right to lodge a complaint (Art. 77 GDPR)

You have the right to lodge a complaint with a supervisory authority, especially in the Member State of your habitual residence, your place of work, or the place of the alleged infringement if you think that deltaDAO processes your personal data in a way that infringes the GDPR.

9. Questions

If you have any questions about our privacy policy, please send us an e-mail at privacy@delta-dao.com.

10. Changes to the Privacy Policy

This privacy policy will be amended from time to time. You can see the date of the last alteration at the top of the privacy policy.