Data Protection

Oct, 10 2025

Scope and Applicability

This Data Protection Notice describes how Open Streets LNC, the Ledger Network Commons for cryptocurrency knowledge, processes personal data in accordance with the General Data Protection Regulation (GDPR) and applicable privacy laws in the United States of America, including state privacy statutes. It applies to visitors, newsletter subscribers, contributors, and business contacts who interact with our website and services.

This notice covers online interactions on our website, communications sent to us, and limited optional submissions related to community activities (for example, submitting wallet addresses for airdrop tracking or newsletters). It applies whether you access our services from the EU/EEA, the United Kingdom, or the United States.

Identity of the Data Controller

The data controller is Open Streets LNC, owned by Nadia Faeti, 450 10th St, San Francisco, CA 94103, United States of America. For any privacy inquiries, please contact: [email protected].

Definitions

“Personal data” means any information that relates to an identified or identifiable individual. “Processing” means any operation performed on personal data, such as collection, storage, use, disclosure, or deletion. Terms are interpreted consistent with GDPR and applicable U.S. privacy laws.

Categories of Personal Data We Process

  • Identification and contact data: name, email address, country/region, organization or role (if provided).
  • Account and preference data: credentials (stored as hashed values), newsletter preferences, content settings.
  • Communications and content: inquiries, feedback, survey responses, comments you choose to post publicly.
  • Usage and device data: IP address, browser type, operating system, device identifiers, pages viewed, referring URLs, timestamps, and general geolocation derived from IP.
  • Cookies and similar technologies: identifiers, analytics data, advertising signals, and attribution data.
  • Blockchain identifiers (if you choose to provide them): public wallet addresses and related metadata you submit for community features; we do not request private keys or seed phrases.
  • Inferences: limited inferences drawn from your interactions to personalize content or measure engagement.

Sources of Personal Data

  • Directly from you: when you subscribe, contact us, submit forms, or post comments.
  • Automatically from your device: via cookies, pixels, and similar technologies when you use our site.
  • From service providers and partners: analytics, email delivery, anti-spam, and security vendors.
  • Publicly available sources: public blockchain records and forums, only if you choose to link or submit them to us.

Purposes of Processing

  • Provide and operate our website, content, and community features.
  • Communicate with you, including responding to inquiries and sending newsletters you request.
  • Personalize content, measure performance, and improve our services.
  • Maintain security, prevent fraud and abuse, and protect our legal rights.
  • Comply with legal obligations and enforce terms.
  • Conduct marketing and audience measurement with your consent or as permitted by law.

Legal Bases for Processing (EU/EEA and UK)

  • Consent: for newsletters, non-essential cookies, marketing, and when you submit optional data (for example, wallet addresses for participation features).
  • Contract: to provide requested services, such as account management or delivering requested content.
  • Legitimate interests: to secure our services, understand usage, prevent fraud, and improve user experience, provided these interests are not overridden by your rights.
  • Legal obligation: to comply with laws, lawful requests, and recordkeeping duties.

Advertising, Cookies, and Tracking Technologies

We use cookies and similar technologies to operate the site, remember preferences, perform analytics, and, where applicable, deliver or measure advertising. Non-essential cookies are used with consent where required. You can manage cookies through your browser settings and any on-site controls that may be provided. We endeavor to honor applicable browser-based opt-out signals, such as Global Privacy Control, where legally required.

Categories include: strictly necessary (operation and security), functional (preferences), analytics (traffic and performance), and advertising (audience measurement, cross-context engagement). Cookie lifetimes vary; analytics and advertising cookies typically persist from session to up to 24 months unless you delete them sooner.

Data Sharing and Recipients

We share personal data only as needed and with appropriate safeguards:

  • Service providers (processors): hosting, content delivery networks, analytics, email and newsletter services, security/anti-spam, customer support tools.
  • Public disclosures: content you choose to post publicly (for example, comments) may be visible to others.
  • Legal and compliance: authorities, regulators, or parties to legal proceedings when required by law or to protect rights, safety, and security.
  • Corporate transactions: in connection with a merger, acquisition, reorganization, or asset transfer, subject to continuity of protections.

International Transfers

We are based in the United States of America. When transferring personal data from the EU/EEA or UK to the U.S. or other third countries, we rely on appropriate safeguards such as Standard Contractual Clauses and implement supplementary measures where necessary to protect your data.

Data Retention

We retain personal data only for as long as necessary for the purposes described above, or as required by law. Typical retention periods are:

  • Account and subscription data: for the life of the account or subscription and up to 24 months after inactivity.
  • Communications: 24 months after resolution, unless a longer period is required for legal obligations.
  • Analytics data: up to 26 months in identifiable form, after which it may be aggregated or anonymized.
  • Server logs and security records: 12–24 months, depending on security needs.
  • Public content (for example, comments): retained until you remove it or we remove it according to our rules.

Security Measures

We implement appropriate technical and organizational measures designed to protect personal data, including encryption in transit, access controls, least-privilege principles, multi-factor authentication for administrative access, logging and monitoring, vulnerability management, and staff training. No method of transmission or storage is completely secure; we continuously assess and improve our safeguards.

Children’s Data

Our services are not directed to children under 13 (or under 16 in the EU/EEA/UK). We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact [email protected] so we can take appropriate action.

Rights of Individuals in the EU/EEA and UK

Subject to legal limitations, you have the right to request access to your personal data, rectification, erasure, restriction of processing, data portability, and to object to processing based on legitimate interests. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal. You also have the right to lodge a complaint with a supervisory authority.

United States Privacy Rights

California Notice at Collection

We collect the following categories of personal information for the purposes described above: identifiers (such as name, email, IP address, online identifiers), internet or network activity (usage data, device information), geolocation (coarse, from IP), inferences (limited personalization), and, if you provide them, blockchain identifiers (public wallet addresses). We do not collect payment card numbers. We retain these categories as described in the Data Retention section.

We do not sell personal information for monetary compensation. We may “share” personal information for cross-context behavioral advertising through analytics or advertising cookies as defined under California law, unless you opt out. We do not use or disclose sensitive personal information for purposes other than those permitted by law.

Right to Know, Delete, Correct, and Opt-Out

  • Right to Know/Access: request the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: request deletion of personal information, subject to legal exceptions.
  • Right to Correct: request correction of inaccurate personal information.
  • Right to Opt-Out: opt out of sale or sharing of personal information and of targeted advertising.
  • Non-Discrimination: you will not be treated differently for exercising your rights.

To exercise these rights or to submit opt-out requests, contact us at [email protected]. We will verify your request by reasonably necessary means, which may include validating control of your email address or other information you provide. You may designate an authorized agent to act on your behalf, subject to verification of the agent’s authority and your identity. Where applicable, we will honor browser-based signals such as Global Privacy Control for opt-out requests.

Automated Decision-Making and Profiling

We do not engage in automated decision-making that produces legal or similarly significant effects. We may conduct limited profiling to personalize content or measure engagement; you can object to such profiling where applicable by contacting us.

Data Protection by Design and Default

We apply data minimization, purpose limitation, and access controls, and we evaluate privacy impacts for higher-risk processing. We limit collection to what is necessary, implement default settings that are privacy-protective where feasible, and periodically review vendors and safeguards.

Data Breach Notification

In the event of a data breach affecting personal data, we will notify affected individuals and relevant authorities as required by GDPR and applicable U.S. laws, taking into account the nature of the breach, the data involved, and potential risks.

How to Exercise Your Rights or Contact Us

To exercise your rights or raise privacy concerns, contact the data controller:

Open Streets LNC (Owner: Nadia Faeti)
450 10th St, San Francisco, CA 94103, United States of America
Email: [email protected]

We aim to respond within one month for GDPR requests and within 45 days for U.S. requests, subject to permissible extensions. If you are in the EU/EEA or UK, you may also contact your supervisory authority to lodge a complaint.

Do Not Sell or Share My Personal Information

We do not sell personal information for money. Where our use of analytics or advertising cookies constitutes “sharing” under U.S. state laws, you may opt out by adjusting your browser settings to block third-party cookies, enabling applicable browser-based signals such as Global Privacy Control, and/or contacting us at [email protected].

Changes to This Notice

We may update this notice from time to time to reflect changes in our practices or legal requirements. Material changes will be indicated by updating the effective date, and we may provide additional notice where appropriate.

Effective date: October 10, 2025