Legal

Privacy Policy

Last updated: April 28, 2026

Who we are

01.ro is operated by 01NODE Funding SRL, registered in Bucharest, Romania. We operate validator infrastructure for proof-of-stake blockchain networks. This policy describes how we collect, process, and protect personal data when you visit 01.ro, contact us, or stake with our validators.

For questions about this policy or to exercise any of your rights under the GDPR, contact [email protected]. For security disclosures, use [email protected] (PGP available, see /security).

What we don’t collect

Your validator delegation activity is on-chain. When you stake with our validators, the delegation transaction is signed in your wallet and recorded on the public blockchain. We do not capture, request, or store your wallet address, your private keys, or your transaction history. We can see public on-chain data the same way you can, through public block explorers.

We do not run cookies for advertising, behavioural tracking, or third-party data brokers. We do not sell, lease, or share visitor data with marketing providers.

What we do collect

Aggregate site analytics. We use Cloudflare Web Analytics on 01.ro for traffic measurement. Cloudflare Web Analytics is cookieless, does not fingerprint visitors, and does not transmit personal data to third parties. The analytics are aggregate counts of pageviews, top URLs, referrers, country of visit, and device class. No individual visitor profile is built.

Server logs. Our hosting infrastructure produces standard HTTP access logs (IP address, requested URL, user agent, response status, timestamp). These logs are retained for security and operational purposes for up to 90 days, after which they are rotated out. Logs are not used for analytics or marketing.

Email correspondence. When you email us at [email protected], [email protected], or any other 01.ro address, the correspondence is stored in our email infrastructure for the duration of the engagement. We retain enterprise-client correspondence for the duration of the contract plus a legal-defensibility window.

Enterprise client data. If you engage 01node as an enterprise client, our Master Service Agreement (MSA) and Data Processing Agreement (DPA) define what data we process on your behalf and how. The MSA/DPA terms supersede this policy where they conflict.

Lawful basis (GDPR)

We process personal data under the following lawful bases of Article 6 GDPR:

  • Legitimate interest (Art. 6(1)(f)) — for aggregate site analytics, security log retention, and email correspondence with prospects.
  • Contract performance (Art. 6(1)(b)) — for enterprise client data covered by an MSA.
  • Legal obligation (Art. 6(1)(c)) — for tax, accounting, and any compliance filings required by Romanian or EU law (e.g., MiCA records).

Your rights

Under the GDPR, you have the right to:

  • Request access to the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion (“right to be forgotten”) where applicable
  • Restrict or object to processing
  • Receive a copy of your data in a portable format
  • Lodge a complaint with the Romanian Data Protection Authority (ANSPDCP) or the supervisory authority of your residence

To exercise any of these rights, email [email protected]. We respond within 30 days.

Data transfers and storage

Our infrastructure is located in two Tier III TIA-942 datacenters in Bucharest, Romania (EU). Email is processed on Google Workspace; analytics on Cloudflare. Both vendors operate under the EU-U.S. Data Privacy Framework or equivalent transfer mechanisms.

We do not transfer personal data to jurisdictions outside the EU/EEA except through GDPR-compliant transfer mechanisms (Standard Contractual Clauses or adequacy decisions).

Security

Our security architecture is described in detail at /security. Material controls relevant to this policy:

  • ISO 27001 certified Information Security Management System
  • Hardware-backed FIDO2 / WebAuthn authentication for all administrative access
  • Encrypted storage and transit for all personal data
  • Vulnerability disclosure programme: [email protected], PGP key at /pgp/secops.asc
  • Incident response runbook with notification SLA per Article 33 GDPR (72 hours)

Changes to this policy

We update this policy when our practices change or when applicable law requires it. Material changes are signalled by updating the “Last updated” date at the top. Substantive changes (new categories of processing, new vendors, jurisdictional changes) trigger a notice on the homepage for at least 30 days.

Contact

01NODE Funding SRL
Bucharest, Romania
[email protected]
Security: [email protected]

See also: Terms of Service · Security · security.txt