Privacy Policy

Information We Collect

Account Information

When you create an account, we collect:

Email address (used as username and for account communications)
Username (chosen by you)
Password (encrypted using industry-standard hashing)
Payment information (processed securely through third-party payment processors - we do not store full payment card details)
Account creation date and timestamp

Usage Data

When you use our service, we automatically collect:

IP address (both IPv4 and IPv6 where applicable)
Device information (operating system type and version, browser type, device model)
Bandwidth usage statistics (amount shared, upload/download speeds, connection quality)
Connection logs and timestamps (when you connect/disconnect from the network)
Geographic location (country, region, and city level - derived from IP address)
Network performance metrics (latency, packet loss, throughput)
Session duration and frequency

Technical Data

Node identification information (unique node ID assigned to your device)
Network availability and uptime statistics
Bandwidth capacity and quality metrics
Error logs and diagnostic information (crash reports, error messages)
Software version information

Identity Verification Data (When Required)

If identity verification is required, we may collect through third-party verification services:

Government-issued identification documents (passport, driver's license, national ID)
Proof of address documents
Facial recognition data (selfie for identity matching)
Verification status and results

Important: We do not directly store identity documents. These are processed by our third-party verification providers. We only receive confirmation of verification success or failure and basic verification metadata.

2Legal Basis for Processing (GDPR Compliance)

We process your personal information under the following legal bases as required by GDPR and other applicable data protection laws:

Contractual Necessity

Processing necessary to provide the Service and fulfill our contract with you:

Account creation and management
Bandwidth sharing functionality
Payment processing and earnings calculation
Service delivery and network operation

Legitimate Interests

Processing necessary for our legitimate business interests, balanced against your rights:

Fraud detection and prevention
Security monitoring and threat detection
Network optimization and performance improvement
Analytics and service improvement
Business operations and administration

Legal Obligation

Processing necessary to comply with legal and regulatory requirements:

Tax reporting and financial record keeping
AML/KYC compliance (identity verification)
Law enforcement requests and court orders
Regulatory compliance and audits

Consent

For certain optional processing with your explicit consent:

Marketing communications and newsletters
Optional features and functionality
Cookies and tracking technologies (where required)

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

How We Use Your Information

We use the collected information for the following purposes:

Service Delivery: To provide, maintain, operate, and improve our bandwidth sharing network
Account Management: To manage your account, authenticate users, and maintain account security
Payment Processing: To process payments, calculate earnings, and manage financial transactions
Network Optimization: To optimize routing, improve performance, ensure network quality, and match bandwidth supply with demand
Security: To detect, prevent, and address fraud, abuse, security issues, and technical problems
Communication: To send you service-related notifications, updates, support messages, and responses to your inquiries
Analytics: To understand usage patterns, analyze trends, and improve our service
Legal Compliance: To comply with legal obligations, enforce our terms, protect our rights, and respond to legal requests
Identity Verification: To verify user identity for fraud prevention and regulatory compliance

4Bandwidth Client Data Sharing

IMPORTANT: This section describes how your information is shared with network clients. Please read it carefully.

Core Business Model

The fundamental purpose of Vyx is to share your internet bandwidth with network clients. This is the core service for which you are compensated. This requires sharing certain information about your connection.

Information Shared with Clients

When clients route traffic through your connection, they receive:

IP Address: Your public IP address is visible to clients and websites they access
Geographic Location: City, region, and country-level location information derived from your IP
Network Characteristics: Connection speed, quality metrics, and availability status
Device Type: General device category and operating system (e.g., "Windows Desktop", "Linux Server")

What Clients Do NOT Receive

Your name, email address, or any personally identifiable information
Your specific street address or precise geolocation
Your Vyx account details, username, or earnings information
Your payment information or financial data
Any ability to directly identify you as an individual
Access to your personal data or local network resources

Client Use Cases

Network clients use your shared bandwidth for various legitimate business purposes:

Web scraping and data collection from public websites
Market research and competitive intelligence gathering
Advertisement verification and brand protection
SEO monitoring and search engine result verification
Content delivery and localization testing
Price comparison and product availability checking
Academic research and data science projects

Potential Impact on Your Internet Experience

Because client traffic appears to come from your IP address, you may experience:

CAPTCHA challenges when browsing websites (due to automated traffic detection)
Temporary rate limiting or IP blocks from specific services
Increased data usage counting against ISP data caps or limits
Targeted advertisements based on client browsing activity through your IP
Occasional inability to access streaming services simultaneously with client usage
Slower internet speeds during peak bandwidth sharing periods
Potential ISP notifications if client activity violates ISP terms

5Third-Party Service Providers

We share your information with third-party service providers who perform services on our behalf. All providers are contractually obligated to protect your information and use it only for specified purposes.

Payment Processors

Purpose: Process withdrawals and payments to users

Information Shared: Payment method details, email address, transaction amounts, withdrawal requests

Providers: PayPal, cryptocurrency payment processors (e.g., Coinbase Commerce), or other payment services you select

Cloud Infrastructure and Hosting

Purpose: Host our servers, databases, and application infrastructure

Information Shared: All data stored in our systems

Location: May be located in Japan, United States, European Union, or other jurisdictions. Data is encrypted in transit and at rest.

Identity Verification Services

Purpose: Verify user identity for fraud prevention, AML/KYC compliance, and regulatory requirements

Information Shared: Identity documents, biometric data (facial recognition), address verification documents

Providers: Third-party KYC/AML verification services as needed (selected based on jurisdiction and compliance requirements)

Note: We do not store identity documents. They are processed directly by verification providers. We only receive verification status and metadata.

Analytics and Monitoring

Purpose: Monitor application performance, analyze usage patterns, identify errors, and improve service quality

Information Shared: Usage data, device information, anonymized analytics, error reports, performance metrics

Providers: May include analytics platforms, error tracking services, application performance monitoring tools

Communication Services

Purpose: Send transactional emails, notifications, support communications, and service updates

Information Shared: Email address, username, communication content, delivery preferences

Other Disclosures

We may also disclose your information:

Legal Requirements: To comply with applicable laws, regulations, legal processes, or government requests
Enforce Terms: To enforce our Terms of Service, investigate violations, and protect our rights
Safety and Security: To protect the safety, security, and integrity of our Service, users, and the public
Business Transfers: In connection with a merger, acquisition, sale of assets, or bankruptcy (users will be notified of any such change)

Data Security

We implement appropriate technical and organizational security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction:

Encryption: Data in transit is encrypted using TLS/SSL; data at rest is encrypted using industry-standard encryption algorithms
Access Controls: Strict access controls and authentication mechanisms limit access to personal data on a need-to-know basis
Security Audits: Regular security audits and vulnerability assessments identify and address potential security risks
Secure Infrastructure: Secure server infrastructure with firewalls, intrusion detection, and monitoring systems
Password Protection: Passwords are hashed using strong cryptographic algorithms and never stored in plaintext
Regular Backups: Regular backups and disaster recovery procedures ensure data availability and business continuity
Security Training: Security awareness and best practices are maintained for all personnel with data access
Incident Response: Security incident response procedures are in place to handle potential breaches

Important: While we implement strong security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and should notify us immediately of any unauthorized access.

6Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy and comply with legal obligations:

Active Account Data: Retained while your account remains active and you continue using the Service
Financial Records: Retained for at least 7 years after account closure to comply with Japanese tax law, accounting requirements, and financial regulations
Transaction Logs: Bandwidth usage logs, earnings calculations, and transaction records retained for 3 years for dispute resolution, fraud prevention, and audit purposes
Identity Verification Data: Verification results and metadata retained for 5 years for AML/KYC compliance; original documents not stored by us
Security Logs: Access logs, security events, and authentication records retained for 1 year for security monitoring, fraud detection, and incident investigation
Marketing Communications: Retained until you unsubscribe or request deletion
Legal Hold: Data subject to legal hold, litigation, or regulatory investigation retained until the matter is resolved

Upon Account Closure

When you close your account or we terminate your account:

Account access credentials deleted immediately
Personal profile information deleted or anonymized within 30 days
Bandwidth usage data anonymized (IP addresses removed, identifiers scrambled) within 30 days
Financial records retained as required by law (minimum 7 years for tax purposes)
Marketing data deleted immediately upon request
Aggregated, anonymized analytics data may be retained indefinitely for service improvement

After retention periods expire, we will securely delete or anonymize your personal information. Some information may be retained in anonymized or aggregated form (with all personal identifiers removed) for analytics, research, and service improvement purposes.

International Data Transfers

Vyx operates from Japan, but serves users worldwide. Your personal information may be transferred to, stored in, and processed in countries other than your country of residence, including:

Japan (where our primary operations are based)
United States (cloud infrastructure and service providers)
European Union (if using EU-based service providers)
Other countries where our infrastructure, clients, or service providers are located

Data Protection Safeguards

When transferring data internationally, we implement appropriate safeguards to protect your information:

Standard Contractual Clauses (SCCs)

For transfers to countries without adequate data protection laws (as determined by the EU Commission or other regulators), we use EU Standard Contractual Clauses (SCCs) approved by the European Commission and equivalent mechanisms for other jurisdictions.

Adequacy Decisions

We rely on adequacy decisions by regulatory authorities where available. For example, Japan has received GDPR adequacy status, meaning data transfers from the EU to Japan are recognized as providing adequate protection under GDPR.

Contractual Protections

All service providers processing your data are contractually bound to protect your information with security measures equivalent to or exceeding those described in this Privacy Policy, regardless of their location.

Encryption and Security

All international data transfers are encrypted using TLS/SSL during transmission and encrypted at rest using industry-standard algorithms.

Japan-EU Data Flows: Japan has been granted adequacy status under GDPR (effective January 23, 2019), meaning personal data can flow freely from the EU to Japan as it is recognized as providing adequate protection. This applies to transfers between EU users and our Japan-based operations.

7Your Privacy Rights

Depending on your location, you have certain rights regarding your personal information. We respect and honor all applicable data protection rights.

🇯🇵 For Japanese Residents (APPI Compliance)

Under Japan's Act on Protection of Personal Information (個人情報保護法, APPI), you have the following rights:

Right to Disclosure: Request disclosure of what personal information we hold about you and how we use it
Right to Correction: Request correction of inaccurate or incomplete personal information
Right to Suspension of Use: Request suspension of use or deletion of your personal information in certain circumstances
Right to Notification: Be notified of the purpose of use when personal information is collected
Breach Notification: Receive notification if a data breach affects your sensitive information

Response Time: We will respond to your request within 30 days as required by APPI.

Contact: To exercise these rights, email privacy@vyx.network with "APPI Request" in the subject line.

🇪🇺 For European Union Residents (GDPR Compliance)

Under the General Data Protection Regulation (GDPR), EU residents have comprehensive rights:

Right to Access (Art. 15): Obtain confirmation of data processing and access to your personal data, including a copy of your data
Right to Rectification (Art. 16): Correct inaccurate or incomplete personal data
Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten") when legal grounds apply
Right to Restrict Processing (Art. 18): Limit how we process your data in certain circumstances
Right to Data Portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format and transmit it to another controller
Right to Object (Art. 21): Object to processing based on legitimate interests, including profiling and direct marketing
Right to Withdraw Consent (Art. 7): Withdraw consent for consent-based processing at any time
Right Not to Be Subject to Automated Decision-Making (Art. 22): Not be subject to decisions based solely on automated processing with legal or significant effects
Right to Lodge a Complaint (Art. 77): File complaints with your local data protection supervisory authority

Response Time: We will respond to your request within 1 month (extendable to 3 months for complex requests) as required by GDPR.

EU Representative: As we do not currently have an establishment in the EU, we are evaluating the need for an EU representative under GDPR Article 27. For EU-related privacy matters, contact: privacy@vyx.network

Supervisory Authority: You have the right to lodge a complaint with your local data protection authority. A list of EU supervisory authorities is available at edpb.europa.eu

🇺🇸 For California Residents (CCPA/CPRA Compliance)

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the following rights:

Right to Know: Request disclosure of personal information collected, sources, purposes, categories of third parties with whom it's shared, and specific pieces of information collected
Right to Delete: Request deletion of personal information we collected, subject to certain exceptions
Right to Opt-Out of Sale/Sharing: Opt-out of the "sale" or "sharing" of personal information (see below for important details)
Right to Correct: Request correction of inaccurate personal information
Right to Limit Use of Sensitive Personal Information: Limit use and disclosure of sensitive personal information (we do not collect sensitive PI as defined by CPRA)
Right to Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights

"Sale" or "Sharing" Under CCPA/CPRA

CCPA defines "sale" broadly to include sharing personal information for valuable consideration, even if no money is exchanged. CPRA separately defines "sharing" as disclosing personal information for cross-context behavioral advertising.

Important: While we do not "sell" personal information in the traditional sense, under CCPA/CPRA's broad definitions, sharing your IP address and location with bandwidth clients in exchange for payment to you may be considered a "sale" or "sharing."

How to Opt-Out: The only way to opt-out of this "sale/sharing" is to not use the bandwidth sharing feature, which is the core purpose of the Service. If you opt-out, you will not be able to use Vyx or earn income from bandwidth sharing.

Sensitive Personal Information: We do not collect "sensitive personal information" as defined by CPRA (e.g., precise geolocation within 1,850 feet, racial/ethnic origin, religious beliefs, genetic data, health information, sex life/sexual orientation, etc.).

Response Time: We will respond to verifiable requests within 45 days (extendable to 90 days with notice) as required by CCPA/CPRA.

Verification: To protect your privacy, we will verify your identity before fulfilling requests. This may require matching information you provide with information we have on file.

Contact: Email privacy@vyx.network with "CCPA Request" or visit your account settings to exercise these rights.

Exercising Your Rights

To exercise any of your privacy rights:

Email us at privacy@vyx.network with your request
Specify which right you wish to exercise and your jurisdiction
Provide sufficient information for us to verify your identity
Use your account settings for certain rights (data export, account deletion, communication preferences)

We will respond to all valid requests within the timeframes required by applicable law. We may need to verify your identity before processing your request to protect your privacy and security.

8Cookies and Tracking Technologies

We use cookies and similar tracking technologies to maintain sessions, remember preferences, and improve our service:

Types of Cookies We Use

Essential Cookies: Required for authentication, security, and basic service functionality (e.g., keeping you logged in, remembering session state)
Preference Cookies: Remember your settings and preferences (e.g., language, dashboard layout)
Analytics Cookies: Help us understand usage patterns, identify issues, and improve the service (e.g., page views, feature usage, error rates)
Security Cookies: Detect and prevent fraud, abuse, and security threats

Managing Cookies

You can control cookies through your browser settings:

Most browsers allow you to refuse or delete cookies
Browser settings typically accessible via Settings → Privacy → Cookies
Disabling cookies may affect functionality and your ability to use certain features
Essential cookies cannot be disabled as they are necessary for service operation

Note: Disabling cookies may prevent you from accessing certain features of our service or require you to log in more frequently.

9Children's Privacy

Our service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If we become aware that a child under 18 has provided us with personal information, we will take immediate steps to delete such information from our systems. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@vyx.network.

Age Requirement: By using our Service, you represent and warrant that you are at least 18 years old and have the legal capacity to enter into binding agreements. Violation of this requirement will result in immediate account termination.

10Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by:

Posting the new Privacy Policy on this page and updating the "Last Updated" date
Sending notice to the email address associated with your account
Displaying a prominent notice in your account dashboard
For material changes affecting your rights, providing at least 7 days advance notice

What constitutes a "material change" will be determined at our discretion, considering factors such as the impact on your privacy, changes to data use, and new data collection practices.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

11Contact Us

If you have any questions, concerns, requests, or complaints regarding this Privacy Policy or our data practices, please contact us:

Privacy Team: privacy@vyx.network

For privacy rights requests, data protection inquiries, and GDPR/CCPA/APPI matters

General Support: support@vyx.network

For account issues, technical support, and general inquiries

Postal Address:
Francesco Ciccarone
1-1-3, UMEDA, KITA-KU OSAKAEKIMAE NO.3 BLDG. 29F. 1-1-1 OSAKA, 大阪府 530-0001, Japan

GitHub: github.com/Vyx-Network/Vyx-Client

For open-source contributions and transparency reports

Response Times: We aim to respond to all privacy inquiries within 5 business days. For formal data subject rights requests (GDPR, CCPA, APPI), we will respond within the timeframes mandated by applicable law (typically 30-45 days).