1. Introduction

This Privacy Policy describes how REIT DAO (a decentralized, non-incorporated governance association) and the technical administrators acting under mandate of REIT DAO (the “Mandate Holder”) collect, use, disclose, and protect personal data in connection with the website located at reitdao.app (the “Site”).

By accessing or using the Site, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

For purposes of data protection and processing related to the operation of the Site, personal data is processed by the Mandate Holder acting under mandate of REIT DAO.

REIT DAO operates as a decentralized governance structure and does not function as a centralized corporate entity.

Requests may be submitted through the contact form available on the Site.

3. Categories of Data We Collect

We may collect the following categories of personal data:

3.1 Information You Provide

  • Name (if provided)
  • Email address
  • Wallet address
  • Account credentials
  • Information submitted during role upgrades
  • Communications with us

3.2 Identity Verification Data (KYC/AML)

If you choose to apply for Verified or Contributor status, identity verification may be required. In such cases, data may include:

  • Government-issued identification documents
  • Facial images or biometric verification data
  • Proof of address
  • Date of birth
  • Nationality
  • Sanctions screening data

Identity verification is conducted through third-party providers. The Site does not store full KYC documentation unless strictly necessary.

3.3 Technical Data

  • IP address
  • Browser type and version
  • Device type
  • Operating system
  • Access timestamps
  • Referring URLs
  • Cookies and usage data

4. Purposes of Processing

We process personal data for the following purposes:

  • To create and manage user accounts
  • To provide role-based access (Subscribe, Verified, Contributor)
  • To conduct identity verification (if applicable)
  • To comply with anti-money laundering obligations where applicable
  • To prevent fraud and misuse
  • To improve the functionality and security of the Site
  • To respond to user inquiries
  • To comply with legal or regulatory requirements

5. Legal Basis for Processing

Personal data is processed based on:

  • Your consent
  • Performance of contractual obligations (account access)
  • Legitimate interests (security, fraud prevention)
  • Compliance with legal obligations, where applicable

6. Identity Verification and Third-Party Providers

Where identity verification is required:

  • Verification is performed by independent third-party KYC/AML providers.
  • Such providers process your data in accordance with their own privacy policies.
  • We may receive confirmation of verification status and risk assessment results.
  • We do not control third-party processing practices.

By proceeding with verification, you consent to the transfer of necessary personal data to such providers.

7. Data Sharing

We may share personal data with:

  • Identity verification providers
  • Hosting and infrastructure providers
  • Security and analytics providers
  • Legal or regulatory authorities where required

We do not sell personal data.

8. Cross-Border Transfers

Due to the decentralized and international nature of REIT DAO and blockchain technologies, personal data may be processed in multiple jurisdictions.

By using the Site, you acknowledge that your data may be transferred across borders.

9. Data Retention

We retain personal data only as long as necessary to:

  • Maintain user accounts
  • Comply with applicable laws
  • Fulfill legitimate business and security purposes

KYC-related data retention may follow the retention policies of the relevant third-party provider.

10. Security Measures

We implement reasonable technical and organizational measures designed to protect personal data, including:

  • Encryption where appropriate
  • Restricted access controls
  • Secure hosting environments

However, no system can guarantee absolute security.

11. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data
  • Request correction
  • Request deletion
  • Restrict processing
  • Object to processing
  • Request data portability

Requests may be submitted through the contact form available on the Site.

12. Cookies and Tracking Technologies

The Site may use cookies and similar technologies to:

  • Enable essential functionality
  • Improve user experience
  • Analyze traffic patterns

You may adjust cookie settings through your browser.

13. Blockchain Transparency

Blockchain transactions are public and immutable.

Wallet addresses and transaction data may be publicly visible on blockchain networks. REIT DAO does not control blockchain data once recorded.

14. Children

The Site is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

The updated version will be posted on the Site with a revised Effective Date.

Continued use of the Site constitutes acceptance of the updated policy.