Privacy Policy

R3SEC Inc. ("R3SEC," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our platform, or utilize our services, including our smart contract audit services, security monitoring, code reviews, and bug bounty programs (collectively, the "Services").

Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

We may change this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

We collect several types of information from and about users of our Services, including:

2.1 Personal Information

Personal information is data that can be used to identify you individually. Depending on your use of our Services, we may collect:

• Contact information (such as name, email address, phone number, and business address)
• Account credentials (such as username and password)
• Professional information (such as job title, company name, and professional experience)
• Payment information (such as billing address and payment method details; however, we do not store complete credit card information)
• Communication data (information contained in communications you send to us)

2.2 Technical and Usage Information

As you interact with our Services, we may automatically collect certain technical information about your equipment, browsing actions, and patterns, including:

• Device information (such as your IP address, operating system, browser type, and device type)
• Usage data (such as pages visited, time spent on pages, navigation paths, and other usage patterns)
• Cookies and similar technologies (as described in our Cookie Policy)
• Log data (such as access times, hardware and software information, and referring website addresses)

2.3 Code and Project Information

When you submit code for audit or review, we collect:

• Source code and related documentation
• Project specifications and requirements
• Deployment information for monitored contracts
• Transaction data for security monitoring purposes

2.4 Information From Third Parties

We may receive information about you from third parties, including:

• Business partners (such as payment processors and authentication services)
• Public databases or blockchain analytics platforms
• Social media platforms (if you choose to connect your account to our Services)

We use the information we collect about you for various purposes, including:

3.1 Providing and Improving Our Services

• To provide, operate, and maintain our Services
• To process and complete transactions, and send related information including confirmations and invoices
• To perform security audits, code reviews, and monitoring services
• To improve, personalize, and expand our Services
• To understand how users use our Services, and to analyze trends and gather demographic information
• To develop new products, services, features, and functionality
• To generate aggregate, non-identifying analytics and benchmarks

3.2 Communications

• To communicate with you about our Services, including sending service announcements, updates, security alerts, and support and administrative messages
• To respond to your comments, questions, and requests
• To provide customer service and technical support
• To send you marketing communications, if you have opted in to receive them

3.3 Security and Legal Compliance

• To protect the security and integrity of our Services
• To detect, prevent, and address technical issues, security breaches, and fraudulent activities
• To comply with legal obligations and enforce our terms of service
• To protect our rights, property, or safety, and that of our users or others

3.4 With Your Consent

We may use your information for any other purpose with your consent.

We may share your information in the following situations:

4.1 With Service Providers

We may share your information with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work. These third parties are contractually obligated to use your personal information only for the purposes for which we disclose it to them and to provide adequate protection for your data. Examples include:

• Cloud service providers for data storage and processing
• Payment processors for handling transactions
• Analytics providers to help us understand service usage
• Email and communication platforms for user communications

4.2 With Auditors and Security Experts

If you use our audit marketplace, we may share your code and project information with selected security auditors who will perform the requested security assessment. These auditors are bound by confidentiality obligations and are prohibited from using your information for any purpose other than providing the requested services.

4.3 For Business Transfers

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. We will notify you of such a change in ownership or transfer of assets by posting a notice on our website.

4.4 For Legal Compliance

We may disclose your information where required to do so by law or subpoena or if we believe that such action is necessary to:

• Comply with a legal obligation
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing in connection with the Services
• Protect the personal safety of users of the Services or the public
• Protect against legal liability

4.5 With Your Consent

We may share your information with third parties when we have your consent to do so.

4.6 Aggregated or Anonymized Data

We may share aggregated or anonymized information that cannot reasonably be used to identify you with third parties for industry analysis, research, and similar purposes.

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. These measures include:

5.1 Technical Safeguards

• Encryption of personal information in transit and at rest
• Secure access controls and authentication systems
• Firewalls and network security measures
• Regular security assessments and penetration testing
• Continuous monitoring for unauthorized access or data breaches

5.2 Organizational Safeguards

• Employee training on privacy and security practices
• Access restrictions based on job responsibilities
• Confidentiality agreements with employees and contractors
• Vendor security assessment and management processes
• Incident response and breach notification procedures

5.3 Limitations

However, please understand that no security system is impenetrable, and we cannot guarantee the absolute security of our databases, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored personal information to you via email or conspicuous posting on our website in the most expedient time possible and without unreasonable delay, consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.

6.1 Retention Period

We will retain your personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. In general:

• Account information is retained for the duration of your account with us, plus a reasonable period thereafter
• Service data, including audit reports and security findings, are retained for the period specified in your service agreement, typically between 1-3 years
• Usage data and analytics may be retained for up to 2 years
• Communication records are typically retained for 3 years after your last interaction with us

6.2 Retention Criteria

To determine the appropriate retention period for personal information, we consider:

• The amount, nature, and sensitivity of the personal information
• The potential risk of harm from unauthorized use or disclosure
• The purposes for which we process the personal information
• Whether we can achieve those purposes through other means
• Applicable legal, regulatory, tax, accounting, or other requirements

6.3 Data Deletion

Upon account closure or upon your request, we will delete or anonymize your personal information unless:

• We are required to retain it to comply with applicable laws
• We are required to retain it for our legitimate business purposes, such as fraud prevention or to maintain financial records
• There are outstanding issues, claims, or disputes requiring us to retain the data

To request deletion of your personal information, please contact us at support@r3sec.xyz.

Depending on your location, you may have certain rights regarding your personal information. These may include:

7.1 Access and Data Portability

You may request access to the personal information we hold about you. Upon request, we will provide you with a copy of your personal information in a structured, commonly used, and machine-readable format.

7.2 Correction

You have the right to have inaccurate personal information about you corrected and incomplete information completed. You can update much of your personal information directly through your account settings. For information that cannot be changed through your account, please contact us.

7.3 Deletion

You have the right to request the deletion of your personal information in certain circumstances, such as when the information is no longer necessary for the purposes for which it was collected.

7.4 Restriction of Processing

You have the right to request that we restrict the processing of your personal information in certain circumstances, such as when you contest the accuracy of your personal information.

7.5 Objection to Processing

You have the right to object to the processing of your personal information in certain circumstances, such as when the processing is based on our legitimate interests.

7.6 Withdrawal of Consent

Where we process your personal information based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on your consent before its withdrawal.

7.7 Marketing Communications

You can opt out of receiving marketing communications from us by clicking the "unsubscribe" link in any marketing email we send, or by contacting us directly. Please note that you may continue to receive service-related communications even if you opt out of marketing communications.

7.8 Cookies and Tracking Technologies

Most web browsers are set to accept cookies by default. You can usually choose to set your browser to remove or reject cookies. Please note that such actions could affect the availability and functionality of our Services.

7.9 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@r3sec.xyz. We may need to verify your identity before responding to your request.

8.1 Global Operations

R3SEC is headquartered in the United States and has operations and service providers in various countries. Your personal information may be transferred to, stored, and processed in countries outside of your country of residence, including the United States and other countries that may have different data protection laws than those in your country.

8.2 Transfer Safeguards

When we transfer personal information from the European Economic Area (EEA), the United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of protection, we use one or more of the following safeguards:

• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules for transfers to group companies
• Derogations for specific situations, such as when the transfer is necessary for the performance of a contract

8.3 EU-U.S. Data Privacy Framework and Swiss-U.S. Privacy Framework

R3SEC participates in and complies with the EU-U.S. Data Privacy Framework and the Swiss-U.S. Privacy Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States, respectively.

8.4 Your Consent

By using our Services, you consent to the transfer of your personal information to countries outside of your country of residence, including the United States. If you are located in the EEA, the United Kingdom, or Switzerland, you have the right to withdraw your consent at any time by contacting us, but please note that this will not affect the lawfulness of any processing carried out before you withdraw your consent.

Our Services are not intended for use by children under the age of 16, and we do not knowingly collect personal information from children under 16. If you are a parent or guardian and you believe that your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from children without verification of parental consent, we will take steps to remove that information from our servers.

10.1 Links to Third-Party Websites

Our Services may contain links to third-party websites and services that are not owned or controlled by R3SEC. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit.

10.2 Third-Party Services

We may use third-party services, such as analytics providers, payment processors, and customer support tools, to help us operate our Services. These third-party services may collect information about you when you use our Services. The information collected by these third parties is subject to their own privacy policies.

10.3 Social Media Features

Our Services may include social media features, such as the Facebook "Like" button or Twitter "Share" button. These features may collect your IP address, which page you are visiting on our Services, and may set a cookie to enable the feature to function properly. Social media features are either hosted by a third party or hosted directly on our Services. Your interactions with these features are governed by the privacy policy of the company providing the feature.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top of this Privacy Policy.

We will let you know via email and/or a prominent notice on our Services, prior to the change becoming effective and update the "Last Updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact our DPO using the details set out below.

Data Protection Officer
R3SEC Inc.
Email: dpo@r3sec.xyz
Phone: +1 (555) 123-4567
Address: 123 Blockchain Way, Suite 500, New York, NY 10001, United States

13.1 European Privacy Rights (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR). These rights are summarized in Section 7, but specifically include:

• The right to access, update or delete the information we have on you
• The right of rectification - to have your information rectified if it is inaccurate or incomplete
• The right to object to our processing of your personal data
• The right of restriction - to request that we restrict the processing of your personal information
• The right to data portability - to receive your personal information in a structured, commonly used, and machine-readable format
• The right to withdraw consent at any time where we relied on your consent to process your personal information

You have the right to complain to a Data Protection Authority about our collection and use of your personal information. For more information, please contact your local data protection authority in the EEA.

13.2 California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with specific rights regarding your personal information. These include:

• The right to know what personal information we collect about you and how we use and disclose it
• The right to access your personal information
• The right to request deletion of your personal information
• The right to correct inaccurate personal information
• The right to opt-out of the sale or sharing of your personal information
• The right to limit the use and disclosure of sensitive personal information
• The right to non-discrimination for exercising your CCPA rights

To exercise your rights under the CCPA/CPRA, please contact us as described in Section 14 below. We will verify your request using the information associated with your account, including email address. Government identification may be required.

13.3 Other State Privacy Laws

Residents of Virginia, Colorado, Connecticut, and Utah may also have similar privacy rights under their state laws. To exercise these rights, please contact us as described in Section 14 below.

If you have any questions about this Privacy Policy, please contact us at:

R3SEC Inc.
Email: privacy@r3sec.xyz
Address: 123 Blockchain Way, Suite 500
New York, NY 10001
United States
Phone: +1 (555) 123-4567

Last Updated: May 1, 2025