This document presents the Privacy Policy where you will find all the information regarding the processing of personal data carried out in regards to Netrunner.
Netrunner is a Solana-focused crypto portfolio management and tax reporting platform, that helps individuals simplify tax reporting, categorize transactions, calculate gains/losses, and generate reports to meet jurisdictional compliance. It can be used as a standalone (web)application or an add-on. The resources of Netrunner are:
(all together “Netrunner”)WHO PROCESSES YOUR PERSONAL DATA?
The processing of personal data is carried out by the data controller, Phase Labs Technologies Limited.Details of the data controller:Phase Labs Technologies Limited,Unit IH-00-01-01-OF-01, Level 1,Innovation Hub, Dubai International Financial Centre,Dubai, United Arab Emirates(“Phase Labs”)You can contact the data controller for questions related to this policy at any time via email: info@netrunner.tax APPLICABLE LAWS
We try our best to comply with all the data regulations around the world. However, since we are incorporated in Dubai International Financial Centre (“DIFC”), we are bound by local laws, namely Data Protection Law DIFC Law No. 5 of 2020 with applicable amendments (“DIFC Law No.5” or “DPL”).
HOW WE COLLECT YOUR DATA?
The data we collect is provided by the users through their interactions with Netrunner and may be collected in the following ways:
1. Direct Collection:
- When you provide information by filling out forms, creating an account, subscribing to our services, making inquiries, or otherwise communicating with us.
- When you engage with our customer support or interact with us via email, phone, or other communication channels.
2. Automated Collection (Cookies & Tracking Technologies):
- We automatically collect certain information about your device, browsing actions, and usage patterns when you visit our website. This includes technical data such as IP address, browser type, and operating system.
- We use cookies and similar tracking technologies to enhance your experience, analyze website performance, and personalize content.
- You can manage your cookie preferences and read more about automated collection of data in our Cookies Settings.
WHAT CATEGORIES OF DATA WE COLLECT?
We collect the following categories of personal data:- name surname / company name,
- type of person / institution,
- address,
- EIN / TIN / VAT number,
- email address,
- country of residence,
- crypto wallet address,
- Discord username,
- user ID (that we appoint to each user upon its creation of an account),
- information about your device, browsing actions, and usage patterns when you visit our website, including technical data such as IP address, browser type, operating system, and other cookie related data.
We do NOT knowingly collect any kinds of sensitive personal data or personal data of kids or underaged individuals.WHY DO WE USE YOUR PERSONAL DATA?
We process all data collected by the controller only when there is an appropriate legal basis and for a specific purpose, as defined below. If we process data for a purpose not specified in this policy, we will notify you in advance.
This Privacy Policy applies to:- Users of Netrunner;
- Visitors of Netrunner’s website and app;
- Individuals who contact us or our partners regarding Netrunner.
| Purpose | Types of Data | Legal Basis | Retention Period |
|---|
| Provision of our services | Discord username, email address, user ID, and crypto wallet address. | Contractual relationship | 5 years from the deletion of the account. |
| Generating invoices | Name surname / company name, type of person / institution, address, EIN / TIN / VAT number, email address, country of residence, crypto wallet address, and user ID. | Contractual relationship | 5 years from the deletion of the account. |
| Email marketing | Email address, user ID, Discord username, country of residence, information about your device, browsing actions, and usage patterns when you visit our website, including technical data such as IP address, browser type, operating system, and other cookie related data. | Consent | Until withdrawal with yearly renewal. |
| Improving our services | Information about your device, browsing actions, and usage patterns when you visit our website, including technical data such as IP address, browser type, operating system, and other cookie related data. | Consent | Until withdrawal with yearly renewal. |
| Resolving complaints | Discord username, user ID, crypto wallet address, name, email, other data necessary for handling the complaint. | Contractual relationship | 5 years from the deletion of the account. |
| Exercising our rights and defending against claims | The data set depends on the individual procedure. | Legal obligation | In accordance with the law. |
HOW WE ANONYMIZE PERSONAL DATA AND HOW DO WE PROCESS IT?
In addition to the collection methods described above, we may also process anonymized data for the purpose of improving our services, enhancing system functionality, and training artificial intelligence (AI) models. This means:- The data used for AI training is fully anonymized and does not contain any personally identifiable information (PII);
- Anonymization ensures that the data cannot be traced back to any individual, in compliance with DPL;
- The AI training process helps improve suggestions, enhance user experience, and optimize our platform’s performance.
Since this data is anonymized, it is no longer considered personal data under applicable data protection laws.
Before conducting any kind of processing for this purpose we follow a strict anonymization process, which includes:- Data Minimization: We remove or modify any personally identifiable information (PII) so that the data cannot be linked to an individual. This includes removing names, email addresses, IP addresses, and other identifying details;
- Aggregation: Where possible, we aggregate data to ensure that individual records cannot be reconstructed or linked to a specific user;
- Masking & Tokenization: Certain data elements may be replaced with pseudonyms or masked to prevent re-identification;
- Irreversible Anonymization: Once anonymized, the data cannot be reversed or re-associated with any identifiable person. This ensures that it no longer qualifies as personal data under GDPR and DPL
- Secure Processing: Anonymized data is processed and stored using strict security controls to prevent unauthorized access or misuse.
As this data is fully anonymized and cannot be traced back to any individual, it falls outside the scope of personal data protection regulations. However, if you have concerns or wish to understand more about our data processing practices, please contact us at: info@netrunner.tax.DO WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES?
We share your personal data with contractual processors, such as our business development partners, licensees, developer contractors, mass email senders, accounting services, legal consultants, payment processor providers, and similar.Personal data is disclosed to third parties only when necessary to fulfill the purpose of personal data processing. Third parties may access and process your personal data only to the extent and in the manner specified in the contract we have concluded with them and in accordance with purposes stated in this privacy policy.We do not sell your data to third parties.Government Data SharingIn some circumstances we are legally obliged to share information with public authorities or law enforcement. For example, we may be required to provide information related to a court order or where we must cooperate with supervisory authorities in handling complaints or investigations. In any scenario, we’ll attempt to satisfy ourselves that we have a lawful basis on which to share the information, document our decision making, and satisfy ourselves we have a legal basis on which to share the information.We may also share information in the event of the non-payment including a monetary penalty or court ordered costs. If the debt remains outstanding after the specified timeframe for payment, no payment plan is in place or an agreed payment plan is not being adhered to, we may initiate formal proceedings to recover the full amount of the unpaid penalty.
As a result, Phase Labs will share Personal Data with the litigation and recovery specialists it instructs in order for them to identify assets and undertake recovery action through the courts.All sharing of Personal Data aligns to the extent possible with Phase Labs’s Government Data Sharing Policy, which is an internal Phase Labs policy that governs fair and lawful sharing of Personal Data requested by government entities within the UAE and elsewhere. DO WE TRANSFER YOUR PERSONAL DATA TO COUNTRIES OUTSIDE OF EU, UK, USA AND UAE?
No, your personal data is not shared or stored outside the EU, UK, USA, or UAE. All user data data is securely stored in the United States (AWS us-east-1 region). We ensure compliance with relevant data protection laws and maintain strict security measures to safeguard your information.
DO WE HONOR THE “DO-NOT-TRACK” FEATURE?
If you decline all optional cookies, we will honor the “Do-Not-Track” request and will not track your behavior on our website. If you accept all optional cookies (especially the analytics/performance cookies), then you consent to our cookies tracking your behavior on our website. If you are interacting with us through our social media accounts, then your behavior patterns are in the hands of the social media provider and we have no control over such data.
HOW DO WE PROTECT YOUR PERSONAL DATA?
Our company ensures the highest level of personal data protection. To achieve this, we have adopted various technical and organizational measures, including:- regularly updating of our hardware and software,
- securing hardware and software with protective software,
- practicing and implementing privacy by design coding and development,
- protecting our business premises,
- restricting unauthorized access to personal data with passwords and clear competence division,
- monitoring employees, and
- having appropriate contractual arrangements in place with all individuals who have access to your personal data.
WHAT RIGHTS DO YOU HAVE?
Regarding the processing of your personal data, you have the following rights:- Right of Access: You have the right to information about whether we process your personal data, what data we process, how we obtained it, the purpose of processing, retention time, whether automated decision-making or profiling is performed, to whom the data is transferred, and whether it is transferred outside the EU/EEA area, as well as what security measures have been implemented.
- Right to Rectification: You have the right to request the correction or completion of inaccurate, incomplete, or outdated personal data we process about you.
- Right to Portability: You can request that we provide your personal data in a structured and machine-readable format, if technically feasible.
- Right to Erasure: You have the right to request the deletion of your personal data without undue delay, especially if you withdraw your consent. However, there are situations where we cannot comply with your request, for example, if the processing is based on a valid contractual relationship or legal obligations.
- Right to Restrict Processing: You have the right to request a temporary restriction on the processing of your personal data, e.g., for the duration of the correction of personal data we process about you.
- Right to Withdraw Consent: Whenever our processing of your data is based on your consent, you can withdraw such consent without any negative consequences for you. After withdrawing your consent, we will no longer process your personal data for the purpose for which you provided consent.
- Right to Object: You have the right to object to the processing of personal data when it comes to processing for direct marketing purposes, including profiling.
- Right to Data Portability: In technically feasible cases, you can request that your personal data be transferred to another controller.
- Right to not be discriminated against: We cannot deny you services or have different terms of services towards you merely on the grounds that you either denied consent or exercised your rights in accordance with applicable data protection law. However, by not consenting or exercising your rights (such as deletion of your personal data, restriction of processing, etc.), we may not be able to provide you with certain services or the quality of provided services may vary due to technical restrictions brought upon by your choices.
- Right to lodge a Complaint with the Information Commissioner: This right is exercised if you believe there has been a violation of data protection by the controller. You can submit a complaint to the Information Commissioner. Here are the contact information of the DIFC Commissioner of Data Protection’s Office:
Dubai International Financial Centre AuthorityLevel 14, The Gate BuildingPhone: +971 4 362 2222Mail: commissioner@dp.difc.ae. You can exercise your rights by writing to us via email at: info@netrunner.tax with the subject "data protection" or by sending your request by post to: Phase Labs Technologies Limited,Unit IH-00-01-01-OF-01, Level 1,Innovation Hub, Dubai International Financial Centre,Dubai, United Arab Emirates marked "data protection".We will process your request as soon as possible and no later than 30 days from receipt. If a particular request is so extensive that it requires a longer resolution time, we will inform you in advance and provide you with an estimated response time. We reserve the right to reliably identify you when submitting a request to exercise any of your rights. If you do not send us personal data with your request that would allow us to reliably identify you, we will ask you for additional personal data. If you do not provide us with additional personal data within the specified period, we will dismiss your request. If you are not satisfied with our response to your complaint, depending on where you live you may have the right to appeal our decision by contacting us using the contact details set out above, or lodge your complaint with your local data protection authority. For the EEA, you can find a list of the responsible data protection supervisory authorities here. ONLINE PLUG-INS AND HYPERLINKS:
Our website provides the option to use online plug-ins and hyperlinks. Please note that these plug-ins and the content on the hyperlinks are operated by third parties and Phase Labs has no control over their content, privacy and/or security.The use of online plug-ins and hyperlinks is at the user's own risk. Each plug-in and/or hyperlink controller operates based on its own privacy rules, which are not associated with the controller's rules.Responsibility for interacting with the plug-ins and hyperlinks and any consequences arising from such interaction lies solely with the individual.
FURTHER PROCESSING OF PERSONAL DATA IN AUTOMATED FORM:
The controller does not perform automated decision-making in personal data processing.
RE-OBTAINING CONSENT:
In accordance with Article 12 of the DPL, the data controller will re-obtain your consent every twelve (12) months.
CHANGES:
Any changes to our Privacy Policy shall be published on this website.It is assumed that you agree to the new version of the Policy if you continue to use Netrunner or other services subject to this Policy after the Policy has been changed.
CONTACT:
You can contact us at any time with additional questions regarding personal data protection by writing to us via an email at info@netrunner.tax.You may also contact the DIFC Commissioner of Data Protection’s Office at:Dubai International Financial Centre AuthorityLevel 14, The Gate BuildingPhone: +971 4 362 2222Mail: commissioner@dp.difc.ae.