Privacy Policy

Mashiyu Foundation
Effective Date: 16th of August, 2025
Last Updated: 16th of August, 2025

 

1. Introduction

The Mashiyu Foundation (“we,” “us,” or “our”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and protect your information when you use our website, services, and blockchain-based gaming identity infrastructure.

We are subject to Swiss Federal Act on Data Protection (nFADP) and, where applicable, the European Union General Data Protection Regulation (GDPR). This policy describes your rights and our obligations regarding your personal data.

 

2. Controller Information

Data Controller:
Mashiyu Foundation
Zug, Switzerland
Email: privacy@mashiyu.com

 

3. Personal Data We Collect

3.1 Information You Provide Directly

  • Account Information: Username, email address, wallet addresses
  • Profile Data: Gaming preferences, avatar information, achievement data
  • Communication Data: Messages, support requests, feedback
  • Identity Verification: KYC/AML documentation when required by law

3.2 Automatically Collected Information

  • Technical Data: IP address, browser type, device information, operating system
  • Usage Data: Pages visited, time spent on site, interaction patterns
  • Gaming Data: Achievement records, gameplay statistics, cross-platform activity
  • Blockchain Data: Transaction hashes, wallet interactions, token holdings

3.3 Third-Party Data

  • Gaming Platforms: Achievement data from connected gaming services
  • Blockchain Networks: Publicly available transaction and smart contract data
  • Analytics Providers: Aggregated usage statistics and performance metrics

4. Legal Basis for Processing

We process your personal data based on:

  • Consent: When you explicitly agree to specific processing activities
  • Contract Performance: To provide services you’ve requested or agreed to
  • Legitimate Interest: For security, fraud prevention, and service improvement
  • Legal Obligation: To comply with applicable laws and regulations
  • Vital Interests: To protect fundamental rights and interests

5. How We Use Your Data

5.1 Service Provision

  • Create and manage your Bushido Passport gaming identity
  • Verify and record gaming achievements through the Katana Protocol
  • Enable cross-platform asset portability and interoperability
  • Process transactions involving MSHU and KAMON tokens

5.2 Communication and Support

  • Respond to inquiries and provide customer support
  • Send important service updates and security notifications
  • Provide educational content about blockchain gaming and Web3 technology

5.3 Security and Compliance

  • Detect and prevent fraud, abuse, and security threats
  • Comply with legal obligations including AML/CTF requirements
  • Maintain system security and service integrity

5.4 Research and Development

  • Improve our services and develop new features
  • Conduct research on decentralized gaming infrastructure
  • Support innovation in blockchain technology and cultural preservation

6. Data Sharing and Disclosure

6.1 We May Share Your Data With:

  • Service Providers: Trusted third parties who assist in service delivery
  • Gaming Partners: Platforms you choose to connect for achievement verification
  • Legal Authorities: When required by law or to protect rights and safety
  • Business Transfers: In case of merger, acquisition, or asset transfer

6.2 We Will Never:

  • Sell your personal data to third parties
  • Share data for marketing purposes without explicit consent
  • Transfer data to countries without adequate protection unless safeguarded

6.3 Blockchain Considerations

Information recorded on blockchain networks becomes publicly accessible and cannot be deleted. This includes:

  • Token transactions and balances
  • Smart contract interactions
  • Cryptographically verified achievements
  • Public wallet addresses you choose to associate with your account

 

7. International Data Transfers

When transferring personal data outside Switzerland or the EU, we ensure adequate protection through:

  • Adequacy Decisions: Transfers to countries with recognized data protection
  • Standard Contractual Clauses: EU-approved contractual safeguards
  • Certification Schemes: Recognized data protection certifications
  • Explicit Consent: Your specific agreement for certain transfers

 

8. Data Retention

We retain personal data only as long as necessary for:

  • Service Provision: While you maintain an active account
  • Legal Compliance: As required by applicable laws (typically 5-10 years for financial records)
  • Legitimate Business Purposes: For security, fraud prevention, and dispute resolution

Blockchain data is permanent and cannot be deleted once recorded on the network.

 

9. Your Rights

Under Swiss and EU data protection law, you have the right to:

9.1 Access Rights

  • Obtain confirmation of data processing
  • Access your personal data and processing information
  • Receive a copy of your data in a structured, machine-readable format

9.2 Correction and Deletion Rights

  • Rectify inaccurate or incomplete data
  • Request erasure of personal data (subject to legal and technical limitations)
  • Object to processing based on legitimate interests

9.3 Control Rights

  • Withdraw consent where processing is based on consent
  • Restrict processing in certain circumstances
  • Port your data to another service provider

9.4 Blockchain Limitations

Due to the immutable nature of blockchain technology, some data cannot be modified or deleted once recorded on the blockchain. We will clearly inform you before recording any data permanently on-chain.

 

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

10.1 Technical Safeguards

  • End-to-end encryption for sensitive communications
  • Secure key management for cryptocurrency operations
  • Multi-factor authentication and access controls
  • Regular security audits and penetration testing

10.2 Organizational Measures

  • Staff training on data protection principles
  • Access controls based on need-to-know principles
  • Incident response procedures for data breaches
  • Regular review and update of security practices

 

11. Cookies and Tracking

11.1 Cookie Usage

We use cookies and similar technologies for:

  • Essential Cookies: Required for basic site functionality
  • Analytics Cookies: To understand site usage and improve services
  • Preference Cookies: To remember your settings and preferences

11.2 Cookie Management

You can manage cookies through your browser settings. However, disabling essential cookies may affect site functionality.

11.3 Third-Party Analytics

We may use third-party analytics services that are GDPR-compliant and configured to respect your privacy preferences.

 

12. Children’s Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

 

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable laws. We will:

  • Notify you of material changes via email or prominent website notice
  • Provide at least 30 days’ notice before changes take effect
  • Maintain previous versions for your reference

 

14. Contact Information

For questions about this Privacy Policy or to exercise your rights, contact us:

Email: privacy@mashiyu.com
Address: Zug, Switzerland
Data Protection Officer: Christopher Fernandes

 

15. Supervisory Authority

If you believe we have not adequately addressed your concerns, you may lodge a complaint with:

Swiss Federal Data Protection and Information Commissioner (FDPIC)
Website: https://www.edoeb.admin.ch
Email: contact@edoeb.admin.ch

For EU residents, you may also contact your local data protection authority.

 

16. Specific Gaming and Blockchain Provisions

16.1 Gaming Achievement Data

  • Achievement data may be permanently recorded on blockchain
  • Cross-platform data sharing requires your explicit consent
  • You may disconnect gaming platforms at any time

16.2 Token and Wallet Integration

  • We do not store private keys or seed phrases
  • Wallet connection is through secure, industry-standard protocols
  • Transaction data becomes part of the public blockchain record

16.3 Cultural and Educational Content

  • We respect cultural sensitivity in all data processing
  • Educational content may be personalized based on your interests
  • Cultural heritage data is treated with special care and respect

 

This Privacy Policy is designed to comply with Swiss Federal Act on Data Protection (nFADP), EU General Data Protection Regulation (GDPR), and blockchain technology best practices. It reflects our commitment to honor, authenticity, and transparency in all our operations.