Privacy Policy

1. Introduction

ZKyNet™ ("ZKyNet", "we", "us", or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including our MVP VPN service and future ZKyNet privacy infrastructure network.

Our privacy practices are designed to comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and reflect our core mission: building privacy infrastructure that protects user anonymity while meeting legal compliance requirements.

Privacy Officer: For all privacy-related inquiries, please contact our Privacy Officer at privacy@zkynet.org.

2. Information We Collect

The information we collect varies depending on which ZKyNet service you use. We follow data minimization principles, collecting only the information necessary to provide our services.

2.1 MVP VPN Service

Account Information:

• Email address (for account creation and support)
• Payment information (processed through third-party payment providers)
• Account preferences and settings
• Support communication history

Temporary Connection Logs (MVP Only):

• Anonymized user identifier (not linked to your identity)
• Connection timestamp (start and end times)
• Data transfer amounts (for bandwidth management)
• Server location connected to
• Retention: Automatically deleted within 15 minutes of disconnection

What We DO NOT Collect (MVP):

• Your real IP address (beyond connection establishment)
• Websites you visit or browsing history
• DNS queries while connected to our service
• Content of your internet traffic
• Files downloaded or uploaded
• Any personally identifiable information in traffic logs

2.2 Future ZKyNet Network

Our future ZKyNet privacy infrastructure implements zero centralized logging:

Account Information Only:

• Email address and account credentials
• Payment and subscription information
• Node operator details (if applicable)
• Service preferences and configurations

Zero Traffic Logging:

• No connection logs - cryptographic proofs handle abuse prevention
• No traffic monitoring - zero-knowledge architecture prevents data collection
• No IP address logging - decentralized nodes cannot track users
• No activity correlation - mathematical privacy guarantees

2.3 Website and Marketing

• Email addresses from newsletter signups
• Contact form submissions
• Node operator interest registrations
• Website analytics (anonymized, privacy-respecting)
• Customer support communications

3. How We Use Your Information

We use your information only for the purposes for which it was collected, in accordance with PIPEDA principles:

3.1 Service Provision

• Account Management: Creating and maintaining your user account
• Payment Processing: Handling subscriptions and billing
• Technical Support: Providing customer assistance and troubleshooting
• Service Improvement: Analyzing aggregated, anonymized data for performance optimization

3.2 Abuse Prevention (MVP Only)

• Network Security: Temporary connection logs help identify network abuse patterns
• Fair Usage: Monitoring bandwidth usage to ensure service quality for all users
• Legal Compliance: Cooperating with legitimate law enforcement requests when legally required

3.3 Communication

• Service Updates: Important notifications about service changes or security updates
• Newsletter: Optional updates about ZKyNet development and privacy news (with explicit consent)
• Support Communication: Responding to your inquiries and support requests

4. Information Sharing and Disclosure

4.1 General Policy

We do not sell, trade, or rent your personal information to third parties. We only share information in the limited circumstances outlined below:

4.2 Service Providers

We may share information with trusted service providers who assist us in operating our services:

• Payment Processors: Secure handling of payment information
• Email Services: Newsletter and transactional email delivery
• Infrastructure Providers: Hosting and server management (within Canada when possible)
• Analytics Services: Privacy-respecting usage analytics

All service providers are contractually bound to protect your information and use it only for the specified purposes.

4.3 Legal Requirements

We may disclose information when required by law:

• Court Orders: Valid subpoenas, warrants, or court orders
• Law Enforcement: Legitimate requests from Canadian law enforcement agencies
• Legal Proceedings: To defend our rights or comply with legal processes
• Emergency Situations: To prevent harm to individuals or property

Important: For our MVP VPN service, we can only provide the minimal temporary connection logs described in Section 2. For our future ZKyNet network, no traffic data exists to be disclosed due to our zero-knowledge architecture.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal information may be transferred. We will provide notice before your information becomes subject to different privacy practices.

5. Data Retention and Deletion

5.1 Retention Principles

We retain personal information only as long as necessary for the purposes outlined in this policy or as required by law:

5.2 Specific Retention Periods

5.3 User-Initiated Deletion

You can request immediate deletion of your personal information by:

• Canceling your account through our support system
• Contacting our Privacy Officer at privacy@zkynet.org
• Using our automated deletion request form (when available)

6. Your Privacy Rights Under PIPEDA

Under Canada's PIPEDA, you have the following rights regarding your personal information:

6.1 Right of Access

• Request access to your personal information we hold
• Receive information about how your data is used and shared
• Understand the source of your personal information
• Learn about the purposes for which information is collected

6.2 Right to Correction

• Challenge the accuracy or completeness of your personal information
• Request corrections or updates to inaccurate information
• Have disputed information annotated if accuracy cannot be resolved

6.3 Consent Management

• Withdraw consent for specific uses of your personal information
• Opt out of marketing communications at any time
• Control the sharing of your information with service providers
• Request deletion of information collected with your consent

6.4 How to Exercise Your Rights

To exercise any of these rights, contact our Privacy Officer:

7. Security Safeguards

We implement comprehensive security measures to protect your personal information against unauthorized access, disclosure, copying, use, or modification:

7.1 Technical Safeguards

• Encryption: All data encrypted in transit and at rest using industry-standard protocols
• Access Controls: Multi-factor authentication and role-based access restrictions
• Network Security: Firewalls, intrusion detection, and secure server configurations
• Zero-Knowledge Architecture: Future ZKyNet services mathematically prevent data exposure

7.2 Administrative Safeguards

• Staff Training: Regular privacy and security awareness training
• Background Checks: Screening for personnel with access to personal information
• Incident Response: Procedures for responding to privacy breaches
• Regular Audits: Periodic security assessments and compliance reviews

7.3 Physical Safeguards

• Secure Facilities: Controlled access to data centers and offices
• Equipment Security: Secure disposal of hardware containing personal information
• Environmental Controls: Protection against physical threats and disasters

7.4 Breach Notification

In the unlikely event of a privacy breach that poses a real risk of significant harm, we will:

• Notify the Privacy Commissioner of Canada as soon as feasible
• Notify affected users without unreasonable delay
• Provide clear information about what happened and what we're doing about it
• Take steps to reduce the risk of harm and prevent future breaches

8. International Data Transfers

8.1 Data Location

We strive to keep Canadian users' data within Canada whenever possible:

• Primary Storage: Canadian data centers and cloud providers preferred
• Service Providers: Canadian vendors prioritized for data processing
• Backup Systems: Redundant storage within Canadian borders when feasible

8.2 International Transfers

When international transfers are necessary for technical or business reasons:

• We ensure adequate protection through contractual safeguards
• We inform users about the destination countries and protection measures
• We limit transfers to trusted jurisdictions with strong privacy laws
• We provide users with options to limit international processing where possible

8.3 Future ZKyNet Network

The decentralized nature of the future ZKyNet network means:

• Traffic may route through nodes in various countries
• Zero-knowledge architecture prevents nodes from accessing your data
• Cryptographic privacy guarantees protect data regardless of node location
• Users can configure routing preferences to avoid specific jurisdictions

9. Children's Privacy

ZKyNet services are not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

Parents or guardians who believe we may have collected information from a child under 18 should contact our Privacy Officer immediately at privacy@zkynet.org.

10. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or privacy practices. When we make material changes:

• We will notify users by email at least 30 days before changes take effect
• We will post the updated policy on our website with the revision date
• We will highlight significant changes in the notification
• We will obtain new consent where required by law

Continued use of our services after the effective date constitutes acceptance of the updated Privacy Policy.

11. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your personal information:

Office of the Privacy Commissioner of Canada

If you are not satisfied with our response to your privacy concern, you may file a complaint with: