1. INTRODUCTION
1.1. This Privacy Policy (the “Policy”) explains how DEEP Initiatives Inc. (“Data Controller”, “we”, “our”, or “us”) collects, uses, shares, stores, and protects your personal data when you interact with the Deep Funding website.
1.2. This Policy is issued in accordance with applicable data protection and privacy regulations, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and is designed to promote transparency regarding how your data is handled when engaging with our website and web interfaces.
1.3. By accessing the website, you (“User(s)”) acknowledge that you have read and understood this Privacy Policy and consent to our practices as described herein. This Policy applies to all interactions with the website, including but not limited to web-based services, mobile applications, and associated communication channels.
1.4. The Data Controller processes personal data of User’s solely where necessary for the provision of services, and only with the User’s valid consent, in accordance with applicable data protection laws.
1.5. This Policy applies only to data directly controlled by us and collected through our website, including but not limited to data collected during proposal submissions, profile creation, engagement with community features, and any affiliated subsites or services integrated into the Deep Funding ecosystem. It does not cover third-party websites linked from our site, as they have their own privacy policies.
1.6. This Policy should be read in conjunction with our Terms and Conditions, which further outline the legal framework for your use of the website. If you do not agree to this Policy, please refrain from using the website.
2. DATA CONTROLLER
The acts as the Data Controller under this Policy:
Address: Intershore Chambers, Road Town, Tortola, British Virgin Islands
Data Protection contact: dataprotection@deepfunding.ai
For other information contact: privacy@deepfunding.ai
info@deepfunding.ai(t is recommended to create a specific email exclusively for privacy p.e privacy@deepfunding.ai)
As a Data Controller, we determine the purposes and means of processing personal data in relation to your interaction with the website. If we use third-party data processors to handle data on our behalf, we ensure they are contractually bound to comply with strict data protection obligations.
3. SCOPE OF APPLICATION
This Policy applies to personal data collected via the website through:
3.1. Proposal submissions
3.2. Profile creation
3.3. Engagement
3.4. Public forums, social media pages, or community tools hosted or moderated by the Data Controller;
3.5. Affiliated subsites or services linked to the website and integrated into the Deep Funding ecosystem.
This Policy does not apply to third-party websites, explorers that may be accessible via links on our website. We are not responsible for the privacy practices of those external services.
4. INFORMATION WE COLLECT
4.1. Information You Provide to Us:
4.1.1. We collect the following types of information that you voluntarily provide when you interact with the website:
4.1.1.1 Identification Data: Chosen display name, full name and contact details (e.g., email address, phone number).
4.1.1.2. Contact Data: Email address and communication preferences.
4.1.1.3. Professional Data: Work experience, areas of expertise, or other profile links voluntarily provided.
4.1.1.4. Additional identification or commercial information needed for compliance with anti-money laundering (AML) regulations, including the EU 4th AML Directive and the U.S. Bank Secrecy Act (BSA).
4.2. Information Collected Automatically:
4.2.1. We may collect certain data automatically when you access the website, including:
4.2.1.1. Wallet address and balance
4.2.1.2. Transaction details: related to activities on our website.
4.2.1.3. website Activity: Submitted proposals, ideas, comments, voting history, and status updates.
4.2.1.4. Community Engagement Data: Participation in associated environments such as community.deepfunding.ai, public Mattermost channels, ambassador programs, blogs, hackathons, and other third-party integrations.
4.2.1.5. Technical data (IP address, browser type, operating system, visit time) to improve website security and functionality.
4.2.1.6. Log information (device details, system activity, internal and external pages visited, URLs clicked, timestamps, page response times, errors, and interactions like scrolling or clicks.
4.2.1.7. Cookies and Tracking Data: Usage patterns captured through cookies and analytics services such as Google Analytics and Hotjar.
4.2.1.8. Device Information: Technical details about your device, such as device type, operating system, browser type, IP address, and unique device identifiers.
4.2.1.9. Usage Data: Information related to how you interact with the website, including page visits, features used, referral sources, and navigation paths.
4.3. Information from Third-Party Sources:
4.3.1. We may obtain information about you from third parties (Third-Party-Sub-Processor) including:
4.3.1.1. Analytics Providers: Aggregated data insights regarding website usage trends and performance.
4.3.1.2. Marketing Partners: Information provided through promotional campaigns or referral programs.
4.3.1.3. Your interactions with our services (e.g., account registration, webinar sign-ups, event subscriptions, or customer support communications).
We do not actively seek to collect sensitive personal data (e.g., racial or ethnic origin, political opinions, biometric data), and any such information is submitted at your sole discretion. You are encouraged not to include sensitive information in your public contributions.
5. LEGAL BASIS FOR PROCESSING
We rely on the following legal grounds under data protection law to process your data:
5.1. Consent: For optional services such as email updates, newsletters, or the placement of analytics cookies. You may withdraw your consent at any time through available interfaces or by contacting us directly.
5.2. Performance of a Contract: Data processing necessary to facilitate your use of the website and interact with its functionalities. We process personal data to deliver services and manage user accounts. This may include:
- Identity verification for compliance
- KYC and AML screening
5.3. Legitimate Interests: Including fraud prevention, website maintenance, and ensuring an optimal user experience. We may process personal data when necessary for our legitimate business interests, such as:
- Managing business operations and improving services.
- Initiating or defending legal claims.
- Investigating disputes or inquiries.
- Ensuring security and risk management.
5.4. Compliance with Legal Obligations: We may be legally required to collect, retain, or share certain data to fulfill legal and regulatory requirements, including:
- Financial, tax, and corporate laws.
- Anti-money laundering (AML) regulations.
- Supervisory and reporting requirements.
- Processing payments, verifying transactions, and risk management checks.
5.5. Compliance with Legal Orders: We may process and disclose user data when required to:
- Comply with court orders, subpoenas, or regulatory requests.
- Meet obligations under applicable laws.
6. HOW WE USE YOUR INFORMATION
6.1. We process collected information for the following purposes:
6.1.1. To provide and maintain the website: Ensure seamless operation, access to services, and personalised functionality, including the monitoring of system performance, detecting technical issues, and improving operational efficiency:
6.1.1.1. Service delivery; to provide you with access to our website and funding programs.
6.1.1.2. User engagement; to enable interactions and engagement within the website and its integrated environments;
6.1.1.3. To facilitate the submission, browsing, and review of proposals;
6.1.1.4. To enable interactions and engagement within the website and its integrated environments;
6.1.1.5. To personalize your experience and display your profile information to other Users;
6.1.1.6. To enforce website Terms and Conditions and safeguard the community
6.1.2. User Surveys: We may send user surveys to gather feedback and improve services. Participation in surveys is voluntary, and:
- Feedback surveys are based on our legitimate interests.
- Other surveys require user consent.
- Survey responses are anonymized before sharing or publication.
6.1.3. Marketing and Communication: To respond to support inquiries or complaints submitted via contact forms or email, sending promotional materials, service updates, surveys, and notifications related to website features, improvements, and relevant offerings.
6.1.4. Analytics and Performance Monitoring: Collecting data to understand usage trends, user engagement, and functionality preferences to enhance website services and ensure scalability. We may use personal data to send marketing communications (e.g., emails, social media updates) about our latest products and services.
- Marketing communications are based on user consent and preferences.
- Users can opt out of marketing messages at any time.
6.1.5. User Support: Responding to inquiries, resolving technical issues, and improving customer experience by providing accurate and efficient assistance.
6.1.6. Customisation: Tailoring user experiences based on preferences and behavioural data to offer a personalised interface and suggested content.
6.1.7. Security and Fraud Prevention: Implementing risk monitoring to prevent unauthorised access, fraudulent activities, and potential cybersecurity threats. This includes monitoring for unusual activity.
6.1.8. Compliance with Legal Obligations: Meeting regulatory and legal requirements in accordance with applicable laws.
6.2. We may also use non-identifiable data for research and analysis.
6.3. Users can manage their communication preferences and opt out of certain communications by adjusting their settings within the website.
We will not use your personal data to create user profiles, conduct predictive behavior analysis, or engage in automated decision-making that has legal effects.
7. SHARING OF INFORMATION
We do not sell or rent your personal data. However, we may share your information in the following cases:
7.1. Publicly displayed data: Most user-generated content (excluding your email address) is visible to all website visitors, including community reviewers and voters.
7.2. Internal communications: Your email address may be used internally or exported to external tools (e.g., email marketing systems) solely for Deep Funding communication purposes.
7.3. Affiliates and subsidiaries: Other entities within Deep Funding.
7.4. With Service Providers:
7.4.1. We may share personal information with trusted third-party service providers that assist us in operating, maintaining, and improving the website. This may include hosting services, analytics tools, cloud computing providers, and email service websites. These providers are required to process data in accordance with applicable data protection standards, including:
| Third-Party Sub-Processor | Description of the Process | Location of Services |
|---|---|---|
| Cloud Hosting Provider: Kinsta (Google Cloud-backed) |
Hosts the website, manages server resources, database, files, and processes user interactions on the site. | EU-based data centers (e.g., Belgium, Germany, Netherlands) |
| Analytics Platform: Google Analytics, Hotjar (optional) |
Tracks user interactions, page visits, session duration, click behavior for performance improvement. | Multi-region (primarily EU & US) |
| WordPress (Core + Plugins) | Content management system used to manage proposals, profiles, and site operations. | EU-based mail server or third-party SMTP |
| Email Delivery (SMTP or plugin) | Sends notifications such as proposal confirmations and updates. | Third-party SMTP |
| Backup System (Kinsta automatic) | Monitors for intrusion, blocks malicious IPs, and logs behavior for security. | EU or provider-specific region |
| Google Analytics | Tracks non-personal usage metrics (e.g., bounce rate, visit time). | EU/EEA/UK/Switzerland |
7.4.2. Professional Advisors: Legal, tax, or cybersecurity consultants may be given access to data in the course of performing their services.
7.4.3. These service providers are contractually obligated to use the information solely for the purpose of providing services to us in accordance with the purposes for which it was collected, and must implement security measures to protect the data.
7.5. Legal and Regulatory Disclosures:
7.5.1. We may disclose your information if required by applicable laws, regulations, legal processes, or government requests. Such disclosures may occur in cases involving:
7.5.1.1. 7.5.1.1.Compliance with court orders or subpoenas;
7.5.1.2. Enforcement of our legal rights
7.5.1.3. Prevention of fraud or illegal activity
7.5.1.4. Protection of the safety of users and the website
7.6. Aggregated or Anonymized Data:
7.6.1. We may share aggregated or anonymised data that cannot reasonably identify you with third parties for purposes such as research, analytics, and business development.
8. DATA SECURITY
8.1. Security Measures:
8.1.1. We take appropriate technical and organisational measures to safeguard your personal information from unauthorised access, disclosure, alteration, and destruction. These measures include:
8.1.1.1. Encryption: Encrypting sensitive information during transmission and storage.
8.1.1.2. Access Controls: Restricting access to personal data to authorised personnel only.
8.1.1.3. Regular Security Audits: Conducting periodic assessments of our security infrastructure.
8.1.1.4. Incident Response Plans: Implementing strategies to respond promptly to potential data breaches.
8.2. User Responsibilities:
8.2.1. While we take reasonable measures to protect your data, Users are responsible for maintaining the security of their accounts by:
8.2.1.1. Using strong and unique passwords;
8.2.1.2. Enabling multi-factor authentication (if available);
8.2.1.3. Avoiding sharing sensitive login credentials with others;
8.2.1.4. Regularly reviewing account activity.
8.3. Security Breaches:
8.3.1. In the event of a personal data breach, the Data Controller will take all appropriate technical and organizational measures to mitigate its impact and protect affected Users. In compliance with the General Data Protection Regulation (GDPR), the Data Controller shall notify the relevant National Competent Authority (NCA) without undue delay and, where feasible, no later than 72 hours after becoming aware of the breach, unless a reasoned justification exists for a delay (ongoing investigations, efforts to neutralize the breach or need to verify the impact).
8.3.2. Furthermore, where the breach is likely to result in a high risk to the rights and freedoms of affected data subjects, the Data Controller will also notify those individuals without undue delay, in accordance with applicable legal obligations and exemptions.
8.4. No Absolute Security Guarantee:
8.4.1. Despite our efforts to protect your data, no system can guarantee absolute security. Users acknowledge the inherent risks of online interactions.
9. COOKIES AND TRACKING TECHNOLOGIES
9.1. Cookies are small text files that are stored on your device when you visit a website. They help websites function properly, remember your preferences, and provide information for analytics and advertising.
9.2. Why we use Cookies:
9.2.1. Enable secure user login and account functionality;
9.2.2. Improve performance and user experience.
9.2.3. Provide analytics on site traffic and user interactions.
9.2.4. Enable social media sharing; and
9.2.5. 9.2.5.Embed content (e.g., YouTube)
9.3. Types of cookies:
9.3.1. Essential Cookies: Enable core site functionality and authentication mechanisms;/p>
9.3.2. Performance Cookies: Collect aggregated statistics about user behavior and site performance;
9.3.3. Functional Cookies: Remember user preferences and settings for a personalized experience;
9.4. Analytics Tools: Such as Google Analytics or open-source equivalents to track session behavior and optimize site functionality.
| Service Provider | Key Cookies | Purpose |
|---|---|---|
| Google, Inc. | _ga, _gid, OTZ, _ga_SV0SXVFVDM | Track traffic, session duration, user interactions |
| Google, Inc. | _Host-1PLSID, _Host-GAPS, _Secure-1PSID, SID | Secure login state for Google-based features |
| Google, Inc. | NID, AEC | Store preferences and ad personalization |
| DeepFunding | ACCOUNT_CHOOSER | Manage Google account login preferences |
| DeepFunding | XSRF-TOKEN, ssid | Protect against CSRF, maintain session security |
| Lang, bcookie, bscookie, Lidc, BizoID | Enable social sharing and track LinkedIn analytics | |
| Twitter (if enabled) | guest_id, personalization_id, _twitter_sess | Support Twitter login and sharing |
| CookieYes / Cookiebot | cookie_consent, euconsent-v2 | Store cookie preferences and consent choices |
9.5. You can configure your browser to block or delete cookies. Please note that disabling cookies may affect your ability to access certain website features.
10. DATA RETENTION
10.1. Retention Period:
10.1.1. We retain your personal data for as long as necessary to fulfill the purposes outlined in this Policy, comply with legal and regulatory obligations, resolve disputes, and enforce our agreements.
10.1.2. For Users interacting with the website, currently, there is no automatic data expiration or deletion policy in place. Users are encouraged to review and update their data regularly.
10.1.3. Users who do not agree to data storage will not be eligible to interact with the app features.
10.1.4. The retention period may vary depending on the type of data and the purposes for which it is processed. The criteria used to determine the retention period include:
10.1.4.1. Regulatory and Legal Requirements: Compliance with applicable laws and industry regulations that require certain records to be maintained for a specific duration
10.1.4.2. Business Needs: Fulfilling operational, contractual, and performance obligations.
10.1.4.3. Security Considerations: Preventing fraud, ensuring data integrity, and addressing security vulnerabilities.
10.1.5. Account deletion is not currently supported due to website dependencies but may be implemented in future versions. For Users without open proposals, manual deletion can be considered upon request.
10.2. Data Minimisation and Anonymisation:
10.2.1. We take measures to ensure that personal data is only retained as long as necessary. Where possible, data is anonymised or pseudonymised to minimise exposure. Anonymised data, which no longer identifies a user, may be retained indefinitely for analytical and statistical purposes.
11. DATA SECURITY
11.1. We take your privacy seriously and implement the following protective measures:
11.1.1. Secure HTTPS communication
11.1.2. Cryptographic protections
11.1.3. Firewalls, DDoS mitigation, and multi-region redundancy for our infrastructure
11.1.4. Access controls based on roles and business necessity
11.1.5. Ongoing monitoring and threat detection systems
12. USER RIGHTS AND CHOICES
The Data Controller will take all appropriate steps to facilitate the exercise of the Data Subject rights. In general, the website processes user data in anonymised or pseudonymised form, meaning it cannot directly identify an individual. Nonetheless, in specific cases where the website collects or processes identifiable personal data (such as IP Addresses, or any other identifiable information), Users retain the right to exercise the following rights, in accordance with applicable data protection laws:
12.1. 12.1.Access and Correction:
12.1.1. Users have the right to request access to their personal data and verify its accuracy. You may request corrections to any inaccurate or incomplete personal information that we hold about you.
12.2. Right of rectification:
12.2.1. To correct or update inaccurate or incomplete data.
12.3. Right to Erasure:
12.3.1. Subject to applicable laws, Users have the right to request the deletion of their personal data under the following circumstances:
12.3.1.1. When the data is no longer necessary for the purposes for which it was collected;
12.3.1.2. When consent is withdrawn (if processing was based on consent);
12.3.1.3. When the data was processed unlawfully.
12.3.2. We will comply with such requests unless retention is necessary to comply with legal obligations.
12.4. Data Portability:
12.4.1. Users have the right to receive their personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another data controller where technically feasible.
12.5. Right to Object:
12.5.1. Users may object to the processing of their data in cases where processing is based on legitimate interests or direct marketing purposes. Upon receiving an objection, we will assess whether compelling legitimate grounds override the User’s interests and act accordingly.
12.6. Right to restrict processing
12.6.1. Users have the right to request restrictions on the processing of their personal data if they contest the accuracy of the data, object to its processing, or require data for legal claims while the request is being reviewed.
12.7. Withdrawal of Consent:
12.7.1. Where processing is based on user consent, Users have the right to withdraw their consent at any time. Withdrawal of consent does not affect the lawfulness of processing conducted prior to such withdrawal.
12.8. Lodging a Complaint:
12.8.1. If Users believe their rights under applicable data protection laws have been violated, they have the right to lodge a complaint with the appropriate data protection authority (link to the National Competent Authority (NCA) in your jurisdiction EDÖB
The website will respond to such requests within one month, unless doing so would infringe upon the rights or freedoms of others (e.g., intellectual property rights or confidentiality obligations). In such cases, the website will provide a justified explanation for any limitations on the request.
13. INTERNATIONAL DATA TRANSFERS
13.1. Cross-Border Transfers:
13.1.1. We may transfer personal data to jurisdictions outside of the User’s country of residence where data protection laws may differ. When such transfers occur, we implement safeguards to ensure adequate protection, including:
13.1.1.1. Standard Contractual Clauses approved by regulatory authorities;
13.1.1.2. Privacy Shield frameworks (where applicable).
13.1.1.3. Binding corporate rules adopted by affiliated entities.
13.1.1.4. Technical safeguards such as encryption.
13.1.1.5. Verification of third-party compliance with recognized data protection frameworks.
By using the website, you agree to the transfer of your data across borders as necessary for the services.
13.2. Security Measures for International Transfers:
13.2.1. We ensure encryption, secure transmission, and access restrictions during any cross-border processing.
14. CHANGES TO THIS PRIVACY POLICY
14.1. We reserve the right to modify this Policy at any time to reflect changes in legal requirements, operational needs, or technological advancements. In the event of significant changes, we will notify Users through:
14.1.1. Posting updates on the website
14.1.2. Sending notifications via email (if applicable)
14.1.3. Providing a summary of key changes.
14.2. Continued use of the website after any updates to this Policy signifies acceptance of the changes.
Contact: privacy@deepfunding.ai
