ZIONX PRIVACY POLICY
Effective Date: December 1, 2025
Last Updated: November 30, 2025
1. INTRODUCTION
ZionX (“ZionX,” “we,” “us,” or “our”) is committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our validator infrastructure services, website, and related services (collectively, the “Services”).
By using the Services, you consent to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use the Services.
This Privacy Policy applies to information collected through:
- Our website (https://zionx.com)
- Validator infrastructure and node operations services
- Customer dashboards and reporting tools
- Communications with ZionX staff
- Third-party service providers acting on our behalf
Account Registration Information:
- Name, email address, phone number
- Company name, business registration details (for institutional clients)
- Job title and role
Identity Verification Information (KYC/AML):
- Government-issued identification documents (passport, national ID, driver’s license)
- Proof of address (utility bills, bank statements)
- Beneficial ownership information (for corporate entities)
- Source of funds documentation
Service Setup Information:
- Digital wallet addresses
- Validator keys and configuration parameters
- Blockchain network preferences
- Service tier selections
Financial Information:
- Payment method details (credit card information is processed by third-party payment processors and not stored by ZionX)
- Billing address
- Tax identification numbers (where required)
Communications:
- Support tickets, emails, and chat messages
- Feedback and survey responses
Technical and Usage Data:
- IP address, device type, operating system, browser type
- Access times, pages viewed, referring URLs
- Dashboard interactions and feature usage
- Login history and authentication logs
Validator Performance Data:
- Blockchain transaction hashes and validator addresses
- Staking rewards and performance metrics
- Network activity and uptime statistics
Cookies and Similar Technologies:
- Session cookies for authentication
- Analytics cookies to understand user behavior
- Preference cookies to remember your settings
See Section 8 for detailed cookie information.
Blockchain Networks:
- On-chain transaction data related to your validator activities
- Wallet addresses and token balances (publicly available on blockchains)
- Staking and reward distribution records
Payment Processors:
- Payment confirmation and transaction status
- Fraud detection indicators
Identity Verification Providers:
- Results of identity verification checks
- Risk assessment scores (for KYC/AML compliance)
We use collected information for the following purposes:
3.1 Service Provision
- Operate validator nodes and infrastructure on your behalf
- Process and distribute staking rewards
- Provide customer dashboards and reporting tools
- Deliver technical support and respond to inquiries
3.2 Compliance and Security
- Verify identity and comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations
- Detect and prevent fraud, money laundering, and other illegal activities
- Comply with legal obligations, court orders, and regulatory requirements
- Enforce our Terms of Service and protect our rights and property
3.3 Business Operations
- Process payments and manage billing
- Send service-related notifications (e.g., maintenance alerts, security updates)
- Improve and optimize our Services
- Conduct internal research and development
- Maintain business records and audit trails
3.4 Marketing and Communications (with consent)
- Send newsletters and product updates (you can opt out at any time)
- Inform you about new features, services, or promotions
- Conduct customer satisfaction surveys
Marketing communications are optional. You can withdraw consent at any time through the unsubscribe link in emails or by contacting info@zionx.com.
3.5 Legal Bases for Processing (where applicable)
Under applicable data protection laws (including Taiwan PDPA, Japan APPI, and GDPR principles), we process personal information based on the following legal grounds:
- Contractual necessity: To perform our obligations under the Terms of Service
- Legal obligation: To comply with KYC/AML, tax reporting, and other legal requirements
- Legitimate interests: To improve our Services, prevent fraud, and ensure security (balanced against your privacy rights)
- Consent: For marketing communications and optional data uses (withdrawable at any time)
We do not sell, rent, or trade your personal information to third parties. We may share information in the following circumstances:
4.1 Service Providers
We engage third-party service providers who process information on our behalf, including:
- Cloud infrastructure providers (hosting and data storage)
- Payment processors (billing and transaction processing)
- Identity verification services (KYC/AML compliance)
- Customer support platforms (ticketing and chat systems)
- Analytics providers (website and service usage analysis)
- Email service providers (transactional and marketing emails)
Service providers are contractually obligated to use information only for specified purposes and to implement appropriate security measures.
4.2 Legal Requirements and Protection
We may disclose information when required or permitted by law:
- To comply with legal process (subpoenas, court orders, regulatory requests)
- To enforce our Terms of Service and other agreements
- To detect, prevent, or investigate fraud, security breaches, or illegal activities
- To protect the rights, property, or safety of ZionX, our users, or the public
- In connection with regulatory examinations or audits
4.3 Business Transfers
If ZionX undergoes a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the successor entity. We will notify you via email and/or prominent notice on our website before your information becomes subject to a different privacy policy.
4.4 With Your Consent
We may share information for purposes not described in this Privacy Policy with your explicit consent.
We may share aggregate, anonymized, or de-identified information that cannot reasonably be used to identify you for research, analytics, or marketing purposes without restriction.
5. INTERNATIONAL DATA TRANSFERS
ZionX operates validator infrastructure across multiple jurisdictions, including Taiwan, Japan, and Thailand. Your information may be transferred to, stored in, and processed in countries other than your country of residence.
5.1 Taiwan Personal Data Protection Act (PDPA) Compliance
For Taiwan users, we comply with PDPA requirements for international data transfers:
- We transfer personal data only to jurisdictions with adequate data protection regulations or under contractual safeguards
- We implement technical and organizational measures to protect transferred data
- We notify data subjects of the countries to which data may be transferred
For Japan users, we comply with APPI requirements for cross-border data transfers:
- We obtain consent for transfers to foreign countries or establish equivalent data protection systems
- We inform data subjects about privacy regulations in destination countries
- We execute contracts with foreign recipients ensuring APPI-compliant data protection measures
5.3 Data Transfer Safeguards
When transferring personal information internationally, we use appropriate safeguards:
- Standard contractual clauses approved by relevant data protection authorities
- Adequacy determinations recognizing equivalent data protection levels
- Organizational security measures including encryption, access controls, and audit logs
- Binding corporate rules for intra-company transfers (where applicable)
6. DATA RETENTION
We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law.
6.1 Retention Periods
- Account information: Retained while your account is active, plus 7 years after account closure (for regulatory compliance and dispute resolution)
- Transaction records: 7 years (to comply with financial record-keeping requirements)
- KYC/AML documentation: 7 years after last transaction (as required by anti-money laundering regulations)
- Marketing communications: Until you unsubscribe or request deletion
- Technical logs: 12 months (for security monitoring and troubleshooting)
- Support communications: 3 years after resolution (for quality assurance and audit purposes)
6.2 Deletion Requests
You may request deletion of your personal information by contacting info@zionx.com. We will delete your information within 30 days unless retention is required by:
- Legal obligations (e.g., tax laws, financial regulations)
- Pending legal claims or regulatory investigations
- Legitimate business needs (e.g., fraud prevention, dispute resolution)
If deletion is not possible due to legal requirements, we will restrict processing to the minimum necessary for compliance purposes.
7. YOUR PRIVACY RIGHTS
Depending on your location, you may have the following rights regarding your personal information:
7.1 Access and Correction
- Right to access: Request a copy of personal information we hold about you
- Right to rectification: Correct inaccurate or incomplete information
7.2 Deletion and Restriction
- Right to deletion (“right to be forgotten”): Request deletion of your personal information (subject to legal exceptions)
- Right to restriction: Request temporary suspension of processing in certain circumstances
7.3 Objection and Portability
- Right to object: Object to processing based on legitimate interests or for direct marketing purposes
- Right to data portability: Receive your information in a structured, commonly used format (where technically feasible)
7.4 Consent Withdrawal
- Right to withdraw consent: Withdraw consent for marketing communications or optional data uses at any time (does not affect prior lawful processing)
7.5 Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects or similarly significant impacts on individuals.
7.6 How to Exercise Your Rights
To exercise any of these rights, contact us at:
Email: info@zionx.com
Subject Line: “Privacy Rights Request”
Include: Your full name, email address, and description of your request
We will respond within 30 days (Taiwan PDPA/Japan APPI) or as required by applicable law. We may request additional information to verify your identity before processing requests.
7.7 Complaint to Supervisory Authority
If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with the relevant data protection authority:
8. COOKIES AND TRACKING TECHNOLOGIES
8.1 What Are Cookies?
Cookies are small text files stored on your device when you visit websites. We use cookies and similar technologies (web beacons, pixels, local storage) to enhance your experience and understand how you use our Services.
8.2 Types of Cookies We Use
Essential Cookies (required for service operation):
- Authentication cookies to keep you logged in
- Security cookies to detect fraud and abuse
- Load balancing cookies to distribute traffic
Analytics Cookies (with consent where required):
- Google Analytics to understand website traffic and usage patterns
- Custom analytics to track dashboard feature usage
- Performance monitoring to identify technical issues
Preference Cookies (with consent where required):
- Language and localization preferences
- Display settings and dashboard configurations
Marketing Cookies (with consent):
- Third-party advertising cookies (only if you consent)
- Conversion tracking for marketing campaigns
8.3 Your Cookie Choices
You can control cookies through:
- Browser settings: Most browsers allow you to refuse cookies or delete existing cookies. However, disabling essential cookies may affect service functionality.
- Cookie consent tool: Manage your cookie preferences through our cookie banner (appears on first visit).
- Opt-out links:
8.4 Do Not Track Signals
Some browsers transmit “Do Not Track” signals. Because there is no industry standard for how to respond to such signals, we do not currently respond to Do Not Track browser signals.
9. DATA SECURITY
We implement industry-standard technical and organizational measures to protect personal information against unauthorized access, loss, alteration, or disclosure.
9.1 Technical Security Measures
- Encryption: Data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
- Access controls: Role-based access with least-privilege principles
- Multi-factor authentication (MFA): Required for employee and administrative access
- Network security: Firewalls, intrusion detection systems, and DDoS protection
- Secure development: Regular security testing, code reviews, and vulnerability scanning
9.2 Organizational Security Measures
- Employee training: Regular security awareness and privacy training for all staff
- Background checks: Security screening for employees with data access
- Incident response plan: Documented procedures for detecting and responding to security incidents
- Vendor management: Security assessments of third-party service providers
- Compliance audits: Regular internal and external security audits
9.3 Data Breach Notification
In the event of a data breach that may result in high risk to your rights and freedoms, we will:
- Notify affected individuals without undue delay (within 72 hours where required by law)
- Notify relevant supervisory authorities as required by applicable law
- Provide information about the nature of the breach, potential consequences, and mitigation measures
- Implement remediation to prevent future incidents
To report a suspected security issue, contact: info@zionx.com
10. CHILDREN’S PRIVACY
The Services are not intended for children under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children.
If we become aware that we have collected information from a child without parental consent, we will take steps to delete that information promptly. If you believe a child has provided information to us, please contact info@zionx.com.
11. THIRD-PARTY LINKS AND SERVICES
Our website and Services may contain links to third-party websites, applications, or services not operated by ZionX. We are not responsible for the privacy practices of third parties.
We encourage you to review the privacy policies of any third-party services before providing personal information.
12. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings.
12.1 Notification of Changes
We will notify you of material changes by:
- Posting the updated Privacy Policy on our website with a revised “Last Updated” date
- Sending email notification to your registered email address
- Displaying a prominent notice on our customer dashboard
12.2 Effective Date of Changes
Changes become effective 30 days after notification (or as required by law). Your continued use of the Services after the effective date constitutes acceptance of the updated Privacy Policy.
If you do not agree to the changes, you must discontinue use of the Services and may request deletion of your account and personal information.
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
Data Protection Officer
Email: info@zionx.com
Subject Line: “Privacy Inquiry”
Mailing Address:
[To be provided upon entity establishment]
Taiwan (Republic of China)
Customer Support:
Email: info@zionx.com
Website: https://zionx.com
We will respond to privacy inquiries within 30 days (or as required by applicable law).
14. JURISDICTION-SPECIFIC PROVISIONS
14.1 For Taiwan Users
Under the Taiwan Personal Data Protection Act (PDPA):
- Notice of collection: We notify you of the purpose, category, period, and recipients of personal data at or before collection
- Consent requirements: We obtain consent before collecting, processing, or using personal data beyond the original purpose
- Security measures: We implement appropriate technical and organizational measures as required by the Ministry of Digital Affairs regulations
- Data subject rights: You have rights to access, correct, delete, and restrict processing of your personal data
- Supervisory authority: Personal Data Protection Commission (PDPC) – https://www.pdc.gov.tw
14.2 For Japan Users
Under the Japan Act on Protection of Personal Information (APPI):
- Purpose specification: We specify the purpose of use before or at the time of obtaining personal information
- Cross-border transfers: We obtain consent or establish equivalent data protection measures for transfers outside Japan
- Sensitive information: We obtain explicit consent before collecting “special care-required information” (medical records, criminal history)
- Breach notification: We report data breaches to the Personal Information Protection Commission (PPC) without undue delay
- Data subject rights: You have rights to disclose, correct, suspend use, and delete retained personal data
- Supervisory authority: Personal Information Protection Commission (PPC) – https://www.ppc.go.jp
14.3 For EU/EEA Users (GDPR Principles)
Although ZionX is not established in the EU, we apply GDPR principles where applicable:
- Legal basis: We process personal data based on consent, contractual necessity, legal obligation, or legitimate interests
- Data protection officer: Contact info@zionx.com for data protection inquiries
- Data protection impact assessment: Conducted for high-risk processing activities
- Privacy by design: We incorporate privacy considerations into service design and development
- Supervisory authority: Relevant EU Data Protection Authority in your country
15. LANGUAGE
This Privacy Policy is drafted in English. Any translation is provided for convenience only. In the event of conflict between the English version and a translation, the English version shall prevail to the extent permitted by law.
Last Updated: November 30, 2025
Effective Date: December 1, 2025
Version: 1.0
APPENDIX: DATA PROCESSING DETAILS
Categories of Personal Data Processed
| Category | Data Types | Purpose | Legal Basis | Retention Period |
|---|
| Identity Information | Name, email, phone, ID documents | Account creation, KYC/AML | Contractual necessity, Legal obligation | 7 years after account closure |
| Financial Information | Payment methods, billing address, transaction history | Payment processing, billing | Contractual necessity | 7 years after last transaction |
| Validator Configuration | Wallet addresses, validator keys, blockchain preferences | Service provision | Contractual necessity | Duration of service + 2 years |
| Usage Data | Login history, dashboard interactions, IP addresses | Service improvement, security | Legitimate interests | 12 months |
| Communications | Support tickets, emails, chat logs | Customer support, quality assurance | Contractual necessity, Legitimate interests | 3 years after resolution |
Third-Party Service Providers
| Provider | Service | Data Shared | Location | Safeguards |
|---|
| AWS / Google Cloud | Infrastructure hosting | All operational data | Multiple regions | Standard contractual clauses, encryption |
| Stripe | Payment processing | Payment information | USA | PCI DSS certified, standard contractual clauses |
| [KYC Provider] | Identity verification | ID documents, proof of address | [Location] | GDPR compliant, data processing agreement |
| Google Analytics | Website analytics | Usage data, IP addresses (anonymized) | USA | IP anonymization, data retention limits |
| Zendesk / Intercom | Customer support | Support communications | USA | Data processing agreement, encryption |
Note: This appendix is for informational purposes and will be updated as we onboard service providers.
END OF PRIVACY POLICY
