Privacy Policy

Effective Date: September 26, 2025
The XOOX Foundation, a non-profit organization incorporated under the laws of the Republic of Korea (hereinafter referred to as “we,” “us,” or “our”), is dedicated to safeguarding the privacy and confidentiality of personal information entrusted to us by users of our website located at www.xooxfoundation.org, the XOOX W mobile application, and all associated services, including but not limited to our Social-to-Earn platform, NFT marketplace, blockchain-integrated features, and pet welfare programs (collectively, the “Services”). This Privacy Policy (the “Policy”) delineates our practices concerning the collection, utilization, disclosure, storage, and protection of personal data in accordance with applicable data protection laws, including but not limited to the Personal Information Protection Act (PIPA) of US, the General Data Protection Regulation (GDPR) of the European Union, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other analogous international regulations. By accessing or using our Services, you consent to the practices described herein. If you do not agree with this Policy, please refrain from using our Services.
1. Scope and Applicability
This Policy applies to all personal information collected through our Services, whether provided voluntarily by you or automatically gathered during your interactions. Personal information refers to any data that identifies, relates to, describes, or is capable of being associated with an individual, including but not limited to identifiers such as names, contact details, and location data. This Policy does not extend to anonymized or aggregated data that cannot be reasonably linked to an identifiable individual. We reserve the right to amend this Policy at any time, with material changes notified via prominent posting on our website or direct communication to affected users, and continued use of the Services thereafter constitutes acceptance of such amendments.
2. Information We Collect
We collect various categories of information to facilitate our mission of promoting empathy, trust, and welfare for companion animals:
* Identifying Information: This includes your full name, email address, telephone number, postal address, date of birth, and demographic details provided during account registration, participation in campaigns (e.g., the Carbon Footprint Reduction XOOX Challenge), donations, or marketplace transactions.
* Pet and Companion Animal Data: Details about your pets, such as species, breed, age, health records, photographs, videos, behavioral patterns, walk tracking logs, and geolocation data (collected only with explicit consent) to enable reward-based features, community matchmaking, and personalized pet care recommendations.
* Financial and Transactional Data: Payment information, including credit card details, bank account numbers, or cryptocurrency wallet addresses, processed securely through third-party gateways for donations, purchases of pet supplies, or token redemptions in the XOOX Marketplace.
* Technical and Usage Data: Automatically collected data such as IP addresses, device identifiers (e.g., UDID, IMEI), browser type and version, operating system, referral sources, pages viewed, time spent on pages, clickstream data, and interaction metrics, gathered via cookies, pixel tags, web beacons, and server logs.
* Blockchain and Digital Asset Data: Wallet addresses, transaction histories, smart contract interactions, NFT metadata, and token balances associated with XOOX Tokens (ERC-20 on the Polygon blockchain), used for decentralized rewards and data ownership features.
* Inferred and Derived Data: Insights generated from your interactions, such as preferences inferred from app usage or pet behavior analytics, to enhance service personalization.
* Special Categories of Data: We generally do not collect sensitive data (e.g., racial or ethnic origin, political opinions, religious beliefs, or genetic data) unless voluntarily submitted for specific welfare programs, in which case we obtain explicit consent and apply heightened protections.
We minimize data collection to what is necessary and do not collect information from children under the age of 13 (or 16 in jurisdictions requiring higher thresholds) without verifiable parental consent, in compliance with the Children’s Online Privacy Protection Act (COPPA) and equivalent laws.
3. Sources of Information
Information is obtained from:
* Direct submissions by you (e.g., forms, uploads).
* Automated technologies during Service use.
* Third-party integrations (e.g., social media logins, blockchain networks).
* Public sources or partners aligned with our pet welfare objectives.
4. Purposes of Data Processing
We process your information for legitimate purposes, including:
* Service Provision and Enhancement: To operate the XOOX W app, process rewards from walk tracking, facilitate marketplace sales, enable metaverse interactions, and deliver educational content on pet abandonment prevention.
* Communication and Marketing: To send newsletters, event invitations, personalized recommendations, and updates on pet welfare initiatives, with options to opt out at any time.
* Analytics and Research: To analyze usage patterns, improve algorithms for pet behavior analysis, and conduct non-profit research on human-animal bonds, using de-identified data where possible.
* Compliance and Security: To detect and prevent fraud, unauthorized access, or violations of our Terms; to comply with legal obligations, such as tax reporting for donations; and to respond to lawful requests from authorities.
* Value Redistribution: To administer XOOX Tokens and NFTs, ensuring users retain ownership of pet data while supporting ecosystem sustainability.
* Other Lawful Bases: Processing may be based on consent, contractual necessity, legitimate interests (e.g., service improvement), or legal requirements.
5. Data Sharing and Disclosure
We disclose information judiciously:
* To Service Providers: With vendors, contractors, or agents (e.g., cloud hosting providers like AWS, payment processors like Stripe, or blockchain nodes) bound by data processing agreements ensuring confidentiality and security.
* For Business Transfers: In the context of mergers, acquisitions, or asset sales, with notice and consent where required.
* Legal and Regulatory Compliance: To government entities, law enforcement, or courts in response to subpoenas, warrants, or other legal processes; or to protect our rights, property, or safety.
* With Consent: For any other purpose with your explicit approval. We do not sell, rent, or trade personal information for monetary consideration. However, blockchain data (e.g., transaction records) is inherently public and immutable, though pseudonymized to minimize identifiability.
6. Data Security Measures
We employ industry-standard safeguards, including:
* Encryption (e.g., TLS/SSL for transmissions, AES-256 for stored data).
* Access controls, firewalls, and intrusion detection systems.
* Regular security audits, vulnerability assessments, and employee training.
* Blockchain-specific protocols for tamper-proof data integrity. Despite these measures, no system is infallible; we cannot guarantee absolute security and disclaim liability for unauthorized access beyond our reasonable control.
7. Data Retention and Deletion
Data is retained for the duration necessary to fulfill the purposes outlined, or as mandated by law (e.g., 7 years for financial records under tax laws). Upon expiration, data is securely deleted or anonymized. You may request deletion at any time, subject to legal retention obligations.
8. Your Rights and Choices
Under applicable laws, you may:
* Access, rectify, or erase your data.
* Restrict or object to processing.
* Withdraw consent (without affecting prior lawful processing).
* Request data portability.
* Opt out of automated decision-making or profiling.
* For CCPA/CPRA residents: Opt out of “sales” or sharing for targeted advertising (though we do not engage in such). Exercise rights by contacting privacy@xooxfoundation.org. We respond within statutory timelines (e.g., 30 days under GDPR, 45 days under CCPA) without discrimination.
9. International Data Transfers
As a global organization, data may be transferred to countries with varying privacy protections. We implement safeguards such as EU Standard Contractual Clauses, Binding Corporate Rules, or adequacy decisions to ensure equivalent protection.
10. Cookies, Tracking Technologies, and Do Not Track
We use cookies for essential functions, analytics (e.g., Google Analytics), and personalization. You can manage preferences via our cookie consent banner or browser settings. We honor Do Not Track (DNT) signals where feasible.
11. Children’s Privacy Protections
Our Services are not directed at minors. If we discover unauthorized collection from children, we delete such data promptly.
12. Third-Party Links and Services
Our Services may link to external sites; we are not responsible for their privacy practices.
13. Contact Information and Complaints
For inquiries or complaints, contact: info@xooxfoundation.org or XOOX Foundation, [
3600 Wilshire Blvd., Suite 726 Los Angeles, CA 90010]. EU users may lodge complaints with supervisory authorities.
This Policy was drafted with legal counsel to ensure compliance and transparency.