Data Protection Impact Assessment (DPIA)
 Effective Date: April 1, 2025
 Prepared by: Siriux Foundation – Data Privacy Office



1. Introduction

This Data Protection Impact Assessment ("DPIA") outlines how Siriux Foundation (“Siriux”, “we”, “our”) identifies, assesses, and mitigates data protection risks associated with its decentralized protocol infrastructure, limited web-facing components, and privacy practices. This DPIA is conducted in accordance with the EU General Data Protection Regulation (GDPR), specifically Articles 35–36, and with guidance from the Swiss Federal Act on Data Protection (FADP).



2. Nature and Scope of Processing

Siriux is a decentralized, non-custodial Layer 1 blockchain protocol. It does not collect or store user personal data through its core protocol operations. However, limited data processing may occur through:

  • Website visits to www.siriux.ai and associated pages;

  • Use of analytics tools for performance and security monitoring;

  • Email-based communications initiated by users (e.g., contact, support);

  • Partner and enterprise onboarding workflows.



3. Types of Personal Data Involved

Depending on the interaction context, the following data may be processed:

  • IP address and browser metadata (via website);

  • Blockchain wallet address (public identifier);

  • Email address (if voluntarily submitted);

  • Company registration and KYC information (for enterprise partners);

  • Device and usage statistics (via analytics);

  • Location inference data (non-precise geolocation).

Note: Siriux does not request, store, or process sensitive categories of data under Article 9 of the GDPR (e.g., biometric, racial, health data).



4. Legal Basis for Processing

Siriux processes data based on the following legal grounds:

  • Consent (Art. 6(1)(a)) – for cookies and optional contact forms;

  • Legitimate Interests (Art. 6(1)(f)) – for site security, anti-fraud, and performance optimization;

  • Contractual Necessity (Art. 6(1)(b)) – for enterprise/partner onboarding and KYC;

  • Legal Obligation (Art. 6(1)(c)) – where mandated under applicable law (e.g., sanctions screening).



5. Data Recipients and Transfers

Siriux may share personal data with:

  • Cloud infrastructure providers (e.g., AWS – hosted in EU region);

  • Analytics services (e.g., pseudonymized Google Analytics);

  • Legal or regulatory authorities, if lawfully required;

  • Professional advisors (e.g., auditors, legal counsel).

All third-party providers are contractually bound via data processing agreements (DPAs) and must comply with applicable data protection regulations.

Cross-border transfers (outside the EEA/Switzerland) only occur:

  • With appropriate safeguards (e.g., SCCs, adequacy decisions);

  • When essential to provide support, infrastructure, or compliance functions.



6. Data Retention & Minimization

  • Website logs: unlimited (for performance & security);

  • Contact form submissions: retained as needed for response & follow-up;

  • Partner KYC files: retained for up to 5 years (unless local law requires longer);

  • Blockchain data: public, immutable, and not subject to deletion.

Siriux practices data minimization by only collecting what is necessary for its stated purposes.



7. Data Subject Rights

Users in the EU/EEA/Switzerland have rights under GDPR and FADP, including:

  • Right to access and obtain a copy of personal data;

  • Right to rectification or deletion (where applicable);

  • Right to object to or restrict processing;

  • Right to data portability;

  • Right to lodge a complaint with a supervisory authority.

To exercise these rights, contact us at: 📧 privacy@siriux.ai








8. Risk Assessment and Mitigation

Risk

Likelihood

Impact

Mitigation

Unauthorized access to web analytics or logs

Low

Medium

Secure storage, role-based access controls

Misuse of contact form data

Low

Low

CAPTCHA, access logging, regular purging

Wallet address deanonymization via third-party tools

Medium

Medium

User education, frontend privacy disclaimers

Over-collection by third-party plugins

Medium

Medium

Plugin review and strict configuration settings




9. Review and Updates

This DPIA is reviewed annually or in the event of:

  • Changes to processing operations;

  • Introduction of new data collection tools;

  • Regulatory guidance updates.



10. Contact
 For questions or concerns regarding this DPIA or data privacy matters, please contact:
 📧 privacy@siriux.ai




Legal & Policies

Terms & ConditionsPrivacy PolicyAML Policy(KYC) & Identity Verification
PolicyToken Legal Classification
MemorandumDPO Policy (Siriux Dpia)Risk Response PlanLegal Disclaimer (Jurisdictional Notice)Cookie PolicySoftware License Notice

Technology & Protocol

Governance & Protocol Upgrade
FrameworkRoadmapDocumentation

Get in Touch

Contact us at hello@siriux.ai
How To Join SiriuX Ecosystem

Community & Support

Community GuidelinesBug Bounty Program

Social Media

Twitter

Youtube

Instagram

Facebook

Linkedin

Medium

Telegram

Corporate Information

About UsCareersLegal Notice

Learning Center

FAQDeveloper DocsAPI ReferenceSDK Downloads (TBD)
logo
© 2025 Siriux Foundation. All rights reserved.