Privacy Policy

This Privacy Policy explains how MugenLink Network(“we”, “us”) handles personal data when you use our website, dashboard, and APIs (collectively, the “Service”). It covers what we collect, why we collect it, how long we retain it, and the rights available to you under GDPR, UK GDPR, and CCPA.

1. Data we collect

1.1 Account data

When you create an account we store your email address, hashed password, display name, organization (if provided), and your selected plan tier. OAuth sign-in providers (Google, GitHub) return a verified email and provider user ID; we do not receive passwords from these providers.

1.2 Usage data

We log API requests, dashboard pageviews, and feature usage (timestamp, endpoint, status code, response time, anonymized IP, user agent). These logs power rate limiting, abuse prevention, and product analytics.

1.3 Blockchain data

Wallet addresses, transaction hashes, and on-chain identifiers you submit are queried against public blockchain data. We do not link these queries to your real-world identity unless you explicitly save them to your account (e.g., a watchlist).

1.4 Cookies and similar technologies

See the Cookie Policy for the full list, categories, and how to manage preferences.

2. How we use your data

• Provide, secure, and improve the Service.
• Authenticate your sessions and enforce plan limits.
• Send transactional emails (password resets, security alerts, billing receipts).
• Send product updates only with your explicit opt-in.
• Detect abuse, fraud, and policy violations.
• Comply with legal obligations.

3. Legal bases (GDPR / UK GDPR)

• Contract — to deliver the Service you signed up for.
• Legitimate interests — security, abuse prevention, and basic product analytics.
• Consent — marketing email and non-essential cookies.
• Legal obligation — tax records, lawful disclosure requests.

4. Data retention

• Account data: kept while your account is active, deleted within 30 days of account closure.
• Request logs: 90 days, then aggregated and anonymized.
• Billing records: 7 years (legal requirement).
• Backups: rolling 30-day window, then overwritten.

5. Third-party processors

We use the following sub-processors under data processing agreements:

• Supabase (auth, primary database) — US/EU regions.
• Snowflake (analytics warehouse) — AWS us-west-2.
• Cloudflare (DNS, WAF, DDoS protection) — global.
• Doppler (secrets management) — US.
• Stripe (billing, when applicable) — US/EU.

We do not sell, rent, or trade your personal data. We do not share data with advertisers.

6. International transfers

When data crosses borders (e.g., EU user, US processor) we rely on Standard Contractual Clauses (SCCs) and equivalent safeguards.

7. Your rights

Subject to your jurisdiction, you may:

• Access the personal data we hold about you.
• Request correction or deletion.
• Request a portable export.
• Object to or restrict certain processing.
• Withdraw consent at any time (does not affect prior lawful processing).
• CCPA: opt out of any “sale” or “share” of personal data — we do not engage in either, but the opt-out path is preserved.
• Lodge a complaint with your supervisory authority.

To exercise any right, email contact@mugenlink.network. We respond within 30 days.

8. Security

Data is encrypted in transit (TLS 1.2+) and at rest. Passwords are hashed with bcrypt. Access to production systems is restricted, MFA-enforced, and audit-logged.

9. Children

The Service is not directed at children under 16. We do not knowingly collect data from minors.

10. Changes to this policy

Material changes will be announced via email or in-product banner at least 30 days before they take effect.

11. Contact

MugenLink Network — Privacy Office.
Email: contact@mugenlink.network