Article 1. Introduction 

Welcome to the NFT (Non-Fungible Token) services provided by XggNFT (hereinafter referred to as "this Platform"). This Platform highly values ​​user privacy and is committed to providing users with a safe and reliable service experience. This Privacy Policy aims to clarify the rules for this Platform in collecting, using, storing, transmitting, and sharing users' personal information and related data, informing users of their privacy rights and how to exercise them, and ensuring that users fully understand and independently decide how their personal information is processed. Practical measures will be taken to protect users' personal data from unauthorized access, use, or disclosure, ensuring that users' privacy rights are fully protected when participating in NFT collection, trading, and related activities. By using this website's services, you indicate that you have read, understood, and agreed to all the terms of this policy.


Article 2. Concepts and Definitions


- Personal Information: Refers to various information recorded electronically or otherwise that can, alone or in combination with other information, identify a specific natural person or reflect the activities of a specific natural person, including but not limited to name, contact information, and online identity information.


- NFT: Non-fungible token, a unique and indivisible digital asset issued based on blockchain technology, which can correspond to various digital content such as digital artworks, collectibles, and virtual items.


- Blockchain Address: A unique identifier used by a user in the blockchain network to receive, store, and transfer NFTs and cryptocurrencies. It consists of a string of characters and can be linked to the user's transaction behavior.


- Cookie: A small text file stored on a user's terminal device (computer, mobile phone, etc.) by a website server to identify the user and record user preferences.


- Third-Party Service Provider: Refers to external organizations that provide auxiliary services such as technical support, payment settlement, data analysis, and marketing promotion for this platform, such as blockchain node service providers, payment institutions, and cloud storage service providers.


- Data Anonymization: Refers to the process of modifying or deleting personal information to make it impossible to identify a specific natural person.


Article 3. Collected Privacy Information


(I) Information Actively Provided by Users


- Registration and identity verification information: User's registered email address, password, and other identity information.


- Transaction and Asset Information: User's bound blockchain address, NFT holding records, transaction order information (including counterparty, transaction amount, transaction time, and NFT artwork information); bank card number and payment account information provided when using payment services.


- Communication and Feedback Information: Content provided by users when communicating with the platform through email, etc., and related materials uploaded when providing feedback.


- Other actively submitted information: all information uploaded by users, including text, images, or other content.


(II) Automatically Collected Information


- Device and Network Information: The terminal device model, operating system version, browser type, device unique identifier, IP address, network type, network operator, and geographical location information (with user authorization) used by the user when accessing the platform.


- Access and Behavior Information: This includes user access time, page browsing history, click history, search keywords, dwell time, login logs, and logout logs; data related to NFT browsing, collection, and transfer activities.


- Public Blockchain Data: Public transaction records and NFT circulation information corresponding to the blockchain addresses associated with users on this platform (this information is publicly verifiable due to blockchain characteristics; this platform only collects and displays it).


Article 4.Purpose of Information Collection


- Service Provision and Optimization: Ensure user account security and normal use; complete core services such as NFT transactions, transfers, and storage; optimize platform interface, functions, and service processes based on user behavior data to improve user experience.


- Identity Verification and Compliance Requirements: Conduct identity verification to confirm the legality of user identities, prevent illegal and irregular activities such as fraudulent registration, scams, and money laundering, and comply with relevant laws and regulations on anti-money laundering, counter-terrorism financing, and NFT regulation.


- Transaction Security: Verify the identity information of both parties in a transaction, monitor transaction behavior, prevent transaction risks, and ensure the safety of users' NFT assets and funds; provide evidence when handling transaction disputes.


- Communication and Service Support: Respond to user inquiries, complaints, and feedback, and provide targeted service support; send important information such as service notifications, transaction reminders, and account security alerts.


- Marketing and Promotion: With user consent, push content such as new NFT products, platform activities, and promotional information to users; conduct market research to understand user needs and optimize marketing plans.


- Security and System Maintenance: Monitor the platform system's operational status to prevent security risks such as network attacks, hacker intrusions, and data breaches; troubleshoot system failures to ensure stable platform service operation.


- Other Legitimate Purposes: Other uses permitted by user consent or laws and regulations, such as fulfilling contractual obligations or protecting the legitimate rights and interests of users or third parties.


Article 5.How Information is Used

- For Core Platform Services: Based on user-provided information, services such as account registration, identity verification, NFT transactions, order inquiries, and order management are completed to ensure smooth service operation.


- Data Analysis and Optimization: After anonymizing and desensitizing collected user behavior data, user preferences and usage habits are analyzed to optimize platform function design, content recommendations, and service processes, improving platform operational efficiency.


- Security Management and Risk Control: User device information, IP addresses, login logs, and other data are used to identify abnormal logins and transactions. Measures such as account suspension and transaction freezing are taken to prevent security risks and protect user accounts and assets.


- Communication and Notification: Notifications such as account activation, password reset, transaction reminders, security tips, and service updates are sent via user-provided email addresses; user inquiries and feedback are responded to, and user complaints are handled.


- Marketing and Promotion: With the user's explicit consent, marketing information such as new NFT products, event invitations, and special offers is pushed through platform emails; users can revoke authorization at any time.


- Compliance and Legal Affairs: Provide necessary user information to regulatory authorities and judicial organs in accordance with laws and regulations, and cooperate with investigations and evidence collection; handle legal disputes and arbitration matters related to this platform.


- User information shall not be used beyond the scope stipulated in this policy and the user's consent. If it is to be used for other purposes, the user's explicit consent must be obtained separately.


Article 6.Information Storage Method


- Storage Medium: User information will be stored on the secure servers of this platform and its partner cloud storage service providers. Encryption and access control technologies will be employed to ensure data security and prevent data loss, tampering, or leakage.


- Storage Period: During the user's use of this platform's services, the platform will continuously store user information to ensure normal service operation. After a user cancels their account, the platform will delete or anonymize the user information in accordance with legal requirements and this policy, unless otherwise stipulated by laws and regulations (information that needs to be retained to fulfill compliance obligations will be stored for the specified period).


- Security Measures: Sensitive information will be encrypted using encryption algorithms; a strict access control system will be established, allowing only authorized personnel to access user information; regular security audits and vulnerability detection will be conducted to promptly address security risks; a data backup plan will be developed, and regular data backups will be performed to prevent data loss.


Article 7. Information Transmission Methods


- Transmission Security: User information is transmitted using HTTPS protocol, SSL encryption, and other technologies to ensure the security and integrity of data transmission and prevent unauthorized interception or theft.


- Transmission Scope: User information is only transmitted within this platform and between this platform and its partner third-party service providers. The purpose of transmission is limited to the service scope and compliance requirements stipulated in this policy.


- Cross-border Transmission: If cross-border transmission of user information is necessary, this platform will strictly comply with the requirements of laws and regulations such as the Hong Kong Law. It will ensure the legality and security of cross-border transmission through data export security assessments and by signing security protection agreements with overseas recipients. Users will be informed of the purpose of the cross-border transmission, the recipient, and security measures (unless otherwise stipulated by laws and regulations).


Article 8. Cookie-related Instructions

- Purpose of Cookie Use: This platform primarily uses cookies to identify users, facilitating quick account login without requiring repeated password entry; record user browsing preferences and page settings to provide personalized services; analyze user browsing behavior to optimize platform performance and service experience; and prevent security risks such as fraudulent access and cyberattacks.


- Cookie Management: Users can view, enable, disable, or delete cookies through their browser settings. The operation methods vary slightly between different browsers; users can refer to their browser's help documentation for settings. Please note that disabling cookies may affect the normal use of some functions of this platform, such as the inability to automatically log in or save browsing preferences.


- Third-Party Cookies: This platform may allow cooperating third-party service providers (such as data analysis agencies and advertising service providers) to use third-party cookies for collecting user behavior data and conducting targeted marketing. The use of third-party cookies follows their own privacy policies, and this platform does not assume any related responsibility. Users can manage third-party cookies through the third-party platform or browser settings.


Article 9. User Rights

- Right to Know: Users have the right to know the scope, method, and purpose of this platform's collection, use, storage, transmission, and sharing of their personal information. This right can be exercised by reviewing this Privacy Policy or contacting customer service.


- Right to Access: Users have the right to access their personal information within their accounts, including registration information, transaction records, NFT asset information, etc., which can be viewed through the platform's user center.


- Right to Correction: If users find errors or incompleteness in their personal information, they have the right to request the platform to correct or supplement it. This can be done through the user center or by contacting customer service for assistance.


- Right to Deletion: Under circumstances that comply with laws and regulations and this policy, users have the right to request the platform to delete their personal information, such as canceling their account or deleting redundant information. The platform will process this promptly after verification.


- Right to Withdraw Consent: Users have the right to withdraw their consent to the platform's collection, use, and sharing of their personal information (unless otherwise stipulated by laws and regulations), such as canceling marketing information pushes or disabling geolocation authorization. Withdrawing consent does not affect the legality of previous information processing actions based on consent.


- Account Cancellation Right: Users have the right to apply to cancel their accounts on this platform. Before cancellation, all transaction funds must be settled and NFT assets transferred. After verifying the user's identity and account status, the platform will process the cancellation according to the prescribed procedures and delete or anonymize the account information.


- Complaint and Reporting Right: Users have the right to complain and report any behavior on this platform that violates this privacy policy or infringes upon their privacy rights. The platform will verify and provide feedback on the processing results within the prescribed time.


Article 10. Rules for Sharing Information with Third Parties

(I) Scope and Targets of Sharing


This platform will only share user information with third parties when permitted by laws and regulations, with the user's explicit consent, or when necessary to fulfill service obligations. The scope and targets of sharing are as follows:


- Blockchain Service Providers: To enable the issuance, trading, and storage of NFTs, this platform will share necessary data such as user blockchain addresses and transaction information with blockchain node service providers and wallet service providers to complete asset ownership confirmation and transfer on the blockchain.


- Payment and Financial Institutions: To complete transaction settlement, this platform will share necessary payment information such as user names, bank card numbers, and transaction amounts with payment institutions and banks to facilitate fund transfers.


- Technology and Service Support Providers: This platform will share anonymized and desensitized user information with cloud storage service providers, data analysis agencies, and network security service providers for auxiliary services such as platform system maintenance, data analysis, and security protection.


- Regulatory and Judicial Authorities: In accordance with legal requirements, judicial rulings, or administrative orders, this platform will share user information with regulatory authorities and judicial authorities to cooperate with investigations and evidence collection and fulfill compliance obligations.


- Other Third Parties: With the user's explicit consent, user information will be shared with cooperating marketing agencies, event organizers, etc., for use in pushing marketing content, conducting activities, etc.


(II) Purpose of Sharing


- Ensure Core Service Implementation: Ensure the smooth operation of NFT transactions, payment settlement, asset storage, and other services, providing users with a complete service experience.


- Improve Service Quality and Efficiency: Utilize third-party technology and resources to optimize platform system performance, data analysis capabilities, and security protection levels, thereby improving service quality.


- Fulfill Compliance Obligations: Comply with relevant laws and regulations regarding anti-money laundering, counter-terrorism financing, and NFT regulation, and cooperate with investigations by regulatory and judicial authorities.


- Conduct Collaborative Activities: With the user's consent, collaborate with third parties to conduct marketing activities, etc., to provide users with more benefits and services.


- Protect Legitimate Rights and Interests: In cases where users infringe upon the legitimate rights and interests of this platform or third parties, or in the event of transaction disputes, necessary information will be shared with relevant parties to protect rights or resolve disputes.


(III) Sharing Principles and Measures


- Minimal Necessity Principle: Only user information necessary to achieve the service objectives will be shared with third parties; irrelevant information will not be shared. - Written Agreement Binding: Data sharing and security protection agreements will be signed with third parties, clearly defining their information processing permissions, obligations, and security responsibilities. Third parties will be required to strictly process user information in accordance with the agreements and the platform's requirements, and will not arbitrarily expand the scope of use.


- Security Assessment and Monitoring: The information security capabilities and compliance of third parties will be assessed, and their information processing will be regularly checked to ensure user information security.


- User Consent: Except as required by laws and regulations or to fulfill necessary service obligations, prior explicit consent from users must be obtained when sharing user information with third parties, informing users of the purpose, recipients, and scope of the sharing.


Article 11. Privacy Data Handling During Acquisitions and Transfers

In the event of a merger, division, acquisition, asset transfer, or bankruptcy liquidation of this platform, user information, as part of the platform's assets, will be transferred to the corresponding successor. This platform will notify users via platform email or other means before such events occur, explaining the name, contact information, and information processing rules of the successor.


The successor will continue to fulfill the platform's privacy protection obligations and strictly process user information in accordance with this privacy policy and relevant laws and regulations. Any changes to the information processing method will be subject to the user's explicit consent. If no suitable successor is found, this platform will delete or anonymize user information to ensure that users' privacy rights are not infringed.


Article 12. Prohibited Privacy Infringements

Users must not engage in the following acts that infringe upon the privacy of others when using the platform's services. Otherwise, this platform has the right to take measures such as account suspension and prohibition of transactions, and will pursue legal action for serious offenses:


- Illegally collecting, stealing, storing, transmitting, selling, or disclosing other users' personal information, including names, contact information, blockchain addresses, and transaction records.


- Unauthorized access to or intrusion into other users' accounts and blockchain wallets to obtain their NFT assets and privacy information.


- Forgery or alteration of others' identity information and NFT asset information, infringing upon their privacy and property rights.


- Obtaining others' privacy information through methods such as secretly filming, eavesdropping, or stalking, and then disseminating or using it on this platform.


- Publishing or disseminating other users' privacy information on this platform to engage in harassment, defamation, extortion, or other similar activities.


- Using this platform's services to commit other illegal or irregular acts that infringe upon others' privacy rights.



Article 13. Privacy Protection for Minors

This platform does not provide NFT trading services to minors (under 18 years of age). If a minor mistakenly registers an account, their guardian can contact the platform's customer service, provide proof of guardianship and the minor's identity information, and apply to cancel the account and delete the relevant information.


In special circumstances, if a minor uses the platform's services with the guardian's consent, the platform will strictly comply with legal requirements, collecting only the information necessary to provide the service, and processing it under the guardian's supervision. The platform will take additional security measures to protect the privacy of minors and prohibits the pushing of marketing information or inappropriate content to minors.


Guardians have the right to view, correct, and delete minors' personal information on this platform. If they find that a minor's privacy rights have been violated, they can contact the platform immediately for handling.



Article 14. Policy Updates and Changes

1. This website has the right to update or change this policy according to revisions to laws and regulations, changes in regulatory requirements, or business development needs.


2. Updated versions of this policy will be announced via email on the website homepage. The updated policy will take effect from the date of announcement.


3. If a user disagrees with the updated policy, they should immediately cease using the services of this website; continued use of the service constitutes acceptance of all terms of the updated policy.



Article 15. Contact Information

If users have any questions about this Privacy Policy, need to exercise their privacy rights, or wish to report privacy violations, they can contact us through the contact information on the platform's homepage:


After receiving user feedback, this platform will verify and provide feedback on the processing results within 15 business days. For complex issues, the processing time may be appropriately extended, but users will be informed of the progress in a timely manner.


The final interpretation of this Privacy Policy belongs to XggNFT.