This policy covers all personal and business data collected during the OnChainMake validation programme, which includes the industry survey (Phase 0) and the platform account setup and functionality testing period (Phase 0.1). Upon incorporation of OnChainMake Inc. (Delaware C-Corp), all data collected under this policy will transfer to the company and will be governed by Document 2. You will be notified of this transfer by email before it takes place.
Note — Document 2: A separate Platform Privacy & Data Policy (Document 2) covering Phase 0.2 and beyond has been prepared in draft form. It will replace this document upon incorporation and will be published at that time only.
| Data Category | Examples | Purpose |
|---|---|---|
| Contact information | Name, email address, job title | To follow up with relevant respondents and send the results report |
| Company information | Company name, approximate annual revenue, location | To segment responses by company size and geography |
| Business operations data | Payment terms, DSO, dispute frequency, order volumes | To understand the severity of payment pain in the industry |
| Technology data | Systems used (ERP, OMS, CRM) | To assess integration complexity for the platform |
| Opinions and attitudes | Willingness to use escrow, trust requirements | To validate the core product hypothesis |
Important: No real money changes hands during Phase 0.1. The platform processes simulated orders only. Wallet addresses collected during this phase are used solely for testing smart contract connectivity. No funds are deposited into or released from any escrow during Phase 0.1.
| Data Category | Examples | Purpose |
|---|---|---|
| Account information | Name, email address, job title | To create and manage your account |
| Company information | Company name, registered address | To identify your organisation on the platform |
| Wallet address | Ethereum or compatible wallet address | Platform functionality testing only — no financial transactions in Phase 0.1 |
| Production capacity details | Machinery types, available capacity slots, lead times | To test the capacity listing and tokenisation functionality |
| Order information | Simulated order type, value, timeline | To test the escrow and milestone verification workflow with no real funds |
| Uploaded documents | Certifications, compliance documents, quality records | To test the document upload and verification features. Test uploads only — not shared with any third party. |
| Behavioural and usage data | Pages visited, features used, session duration | To identify usability issues and improve the platform |
| Communications | Messages sent between buyer and maker accounts on the platform | To test the communication functionality. Stored securely and not accessed except to resolve technical issues. |
| Processing Activity | Legal Basis |
|---|---|
| Collecting survey responses | Legitimate interest — industry research to validate a product that directly addresses the pain points you have indicated |
| Sending you the results report | Consent — you provided your email address for this purpose |
| Following up with founding member invitation | Legitimate interest — you indicated willingness to learn more |
| Platform account creation and testing | Consent — you explicitly created an account and agreed to participate |
| Behavioural usage data during testing | Legitimate interest — necessary to identify technical issues and improve the product |
| Storing communications during testing | Consent — you used the communication feature knowing it is a test environment |
Your data is accessible to the three OnChainMake co-founders during the validation phase: Lorenzo Benedetti Gassani (US), Nicola Bottai (UK), and Renato Mischi (Italy). Access is limited to what is necessary for the validation programme. No other individuals have access to your data.
| Service | Purpose | Data Stored | Location |
|---|---|---|---|
| Google Forms | Survey collection | Survey responses, contact details | Google servers — US and global |
| Google Sheets | Survey response analysis | Survey responses, contact details | Google servers — US and global |
| Google Drive | Document storage for validation programme materials | Uploaded founder documents and internal analysis files. No user personal data in Drive during Phase 0. | Google servers — US and global |
| HubSpot | CRM — contact management, survey follow-up, founding member pipeline tracking | Names, email addresses, company names, job titles, survey qualification status, communication log | HubSpot servers — US |
| Escrow Wallet Provider | [PLACEHOLDER — to be confirmed] — wallet infrastructure for Phase 0.1 connectivity testing only | Wallet addresses provided by testers for smart contract connectivity testing | To be confirmed |
| Platform hosting | Account and platform data storage | All Phase 0.1 data categories listed above | US-based servers (to be confirmed at launch) |
We do not sell, rent, or trade your data with any third party. We do not use your data for advertising purposes.
| Data Type | Retention Period | Reason |
|---|---|---|
| Survey responses — non-participants | 12 months from survey close, then deleted | Analysis and follow-up window |
| Survey responses — founding members | Transferred to OnChainMake Inc. upon incorporation | Continuity of founding member relationship |
| Platform account data — non-continuing users | 90 days after Phase 0.1 closes, then deleted on request | Reasonable window to request deletion |
| Platform account data — founding members | Transferred to OnChainMake Inc. upon incorporation | Continuity of account and platform history |
| Uploaded documents — test files | Deleted within 30 days of Phase 0.1 close unless earlier deletion requested | Test data has no long-term value |
| Communications — test messages | Deleted within 30 days of Phase 0.1 close | Test data only |
| Behavioural usage data | Anonymised and aggregated after Phase 0.1 close. Individual-level data deleted. | Product improvement — no need for individual attribution after analysis |
When incorporation of OnChainMake Inc. is complete, you will receive an email notification at least 14 days before the data transfer takes place. All data collected under this policy will transfer to OnChainMake Inc. as the new data controller. The Platform Privacy & Data Policy (Document 2) will replace this document from that point forward. If you do not want your data transferred, you have the right to request deletion before the transfer date.
| Right | What It Means | How to Exercise It |
|---|---|---|
| Access | Request a copy of all data we hold about you | Email info@onchainmake.com with subject: Data Access Request |
| Correction | Ask us to correct inaccurate data | Email info@onchainmake.com with subject: Data Correction Request |
| Deletion | Ask us to delete your data entirely | Email info@onchainmake.com with subject: Data Deletion Request |
| Withdrawal of consent | Stop participating and have your data deleted | Email info@onchainmake.com at any time — no explanation required |
| Portability | Receive your data in a machine-readable format | Email info@onchainmake.com with subject: Data Portability Request |
We will respond to all requests within 30 days. There is no charge for exercising any of these rights.
In the event of a data breach that is likely to affect your rights or interests, we will notify you within 72 hours of becoming aware of the breach.
Email: info@onchainmake.com — response within 5 business days.
If you believe your data has been mishandled and you are a US resident, you may file a complaint with the Federal Trade Commission (FTC) at ftc.gov. If you are a California resident, you may also contact the California Privacy Protection Agency at cppa.ca.gov.
If this policy changes materially before company incorporation, we will notify all survey respondents and platform testers by email at least 14 days before the change takes effect. The current version of this policy is always available at onchainmake.com/privacy.