User Manual and Data Protection TECHNICAL

Data that is processed and may be disclosed to third parties. Data produced by the user within the app can be used to improve the user experience and suggest similar content. This data is not related to the user's identity.

  • Search history performed in the marketplace

  • Items that the user indicated they like

  • Items on which the user comments

  • Profiles that the user visits

These data will only be used to keep you informed about the latest products, updates on items of interest, and upcoming events. These data are not shared with third parties and are securely stored.

Data generated from interaction with the application Data that the user produces when interacting with the interface and that are used to improve the application. These data answer the following questions:

  • What screen did they stay on before making a purchase?

  • What can we improve on those screens?

  • How much time did they spend on the app?

  • Data on how the app is used and how long it is used for.

These data are only used to facilitate developers in improving the application, are not shared with third parties, and are only for internal use.

Data that do NOT undergo processing and are of a personal nature

In compliance with regulations and laws, we request the following data before carrying out any transaction (purchase/sale) of FNFTs or (purchase/sale) of Token xFRQs (digital asset) or publishing any article on the marketplace or content on the channel. This data is stored in such a way that the relationship with the app users is not transparent.

Photo of how the data table to be used looks like.

https://docs.google.com/spreadsheets/d/1WOtBBvm6yJnDw3S-njBO9doikfrxeintK6sxZxSz7aU/edit#gid=0

These data are not used or processed at any time, they are only stored for the preparation of reports in compliance with the law.

  • Federal Law for the Prevention and Identification of Operations with Illicit Proceeds Resources

  • Federal Law "Anti-Money Laundering Law"

These laws require us to identify and report any user who acquires a digital asset. These data are stored in an encrypted manner and are not shared with third parties at any time.

Data that are processed and are public, traceable, and unchangeable (Blockchain)

On the blockchain, only the following data will be stored: The user's wallet address and its relation to the crypto assets they hold: There will be no data on the blockchain that links the real identity of the person with the ownership of the crypto assets.

BLOCKCHAIN CODE
Usuario: Id: 0xf356003F8D70460859f70e1676Da208d2b997FB1 Tiene Activo: 0xf356003F8D70460859f70e16762208d2be1676D2 creado por Username: DeviGammer
Activo Id: 0xf356003F8D70460859f70e1676Da208D70460859 creado por Username: LuisitoComunica Price: 100 xFRQ

Data Protection and Storage:

The following technical diagram describes the network architecture under which the application data is stored, protected, and processed: Personal data is protected by the following mechanisms:

  • The databases have non-descriptive obfuscated names within the servers that host them (DevOps)

  • Cloud Firewall: To prevent attacks (DevOps)

  • OAuth2: The authentication protocol for each request, ensures that the user is properly identified

  • Middleware: Permissions for each user in the API that will be consumed by the App from different devices.

  • CrossOrigin: We verify in every request that the origin is the mobile app to prevent bot attacks or other non-mobile devices with the app installed and correctly identified users (backend).

  • Encryption of user database: The database is fully encrypted in case of hacking and theft of this data, obtaining unreadable encrypted data (backend and DevOps).

  • Local data stored on the client's phone is also encrypted, making it unreadable in case of decompilation or

  • It is possible to implement two-factor authentication for the user when logging in (entering a code sent by email) (Product Analysis).

  • Sensitive personal data related to the user's identity is stored in a separate entity (HashBytes table), and can only be indexed if the user's hash is calculated (Backend).

  • The databases are stored on a different server than where the data is processed. In case of an attack, two servers would have to be targeted (DevOps).

  • The servers have undergone a hardening process that makes it impossible to execute other programs or third parties that have not been configured at the beginning, in addition to the configuration of ports and permissions of each user on the server (DevOps).

  • The application logic runs in isolated virtual containers.

  • It is suggested to perform penetration testing (Cloud Pentesting) and audits of the cloud and blockchain architecture (Smart contracts Audits) (Product, TechLeads).

Our commitments to users:

  • Up-to-date compliance: We have a compliance team that adheres to the rules and laws governing the countries where we operate.

  • Responsibility: We are responsible for our privacy-related practices. We ensure compliance and appropriate documentation of data protection regulations. We also hold meetings with experts to learn different opinions and ways to protect our users' privacy.

  • Transparency: Our Data Policy will remain the only unified framework that indicates how we use and process personal data.

Artifact Data Management Policy:

  • Data will only be processed in batches, never by individual users.

  • Tables where user activity and information are stored are not linked to a real person's identity.

  • Server administrators are identified and have signed an agreement of confidentiality and responsibility.

  • The physical location where information is stored is handled by a specialized third-party service.

  • All administrator access to servers is recorded and monitored, along with their actions such as viewing, copying, etc.

Last updated

#178:

Change request updated