Validators DAO

Privacy policy

1. Who we are (data controller)

This website (and related services) is operated by ELSOUL LABO B.V. (Amsterdam, the Netherlands) ("we", "us", "our").
Chamber of Commerce (KvK) number: 80297625
Privacy contact: [email protected]
We do not fall under the categories of organisations for which appointing a Data Protection Officer (DPO) is mandatory under Article 37 of the GDPR.

2. Scope of this policy

This policy applies when you:
  • browse our public websites without logging in, and
  • use member-only features that require authentication (e.g., ERPC dashboards / account features).

3. Data we process

3.1 Public pages (no login)

On public pages, we ourselves do not use analytics tools such as Google Analytics, advertising tags, or cookies for behavioural tracking.
However, to provide the website, infrastructure providers such as hosting/CDN providers may process technical access logs for security and incident response, such as:
  • IP address and user-agent (browser/OS, etc.)
  • timestamp, requested URL, referrer
  • response status and security-related metadata

3.2 Contact

If you contact us by email, we process the information you provide (such as your email address and message) to respond.

3.3 Member accounts / login-required services

If you create an account or sign in (e.g., via Discord), we may process the following to provide the service:
  • account identifiers (e.g., email address, Discord user ID, username)
  • authentication/session information (e.g., tokens, API keys)
  • service configuration and usage necessary to provide the service (e.g., plan, subscription status, allowed IPs, rate-limit and abuse-prevention logs)
  • support history and communications

3.4 Payments (Stripe)

Payments for paid plans are processed by Stripe. We do not store payment card details.
Stripe processes payment-related personal data as an independent data controller. To the extent necessary for billing and contract management, we may receive information from Stripe such as customer IDs, subscription status, invoices/receipts, and payment metadata.
We process personal data only when we have a legal basis under applicable laws (including the GDPR), such as:
  • Contract: providing member services, account management, and support
  • Legitimate interests: operating and maintaining our websites/services, security, fraud/abuse prevention, troubleshooting
  • Legal obligation: accounting and tax compliance, and other legal requirements
  • Consent: optional communications (e.g., marketing), where applicable (you can withdraw consent at any time)

5. Cookies and similar technologies

  • Public pages: we ourselves do not use cookies for analytics/advertising.
  • Member features: we use strictly necessary cookies (e.g., sessions) to keep you signed in. Disabling them may break some functionality.
  • Third-party services: Stripe and Discord may use their own cookies/technologies (outside our control).

6. Sharing and processors

We do not sell personal data.
We may share personal data with service providers (e.g., hosting/infrastructure, email delivery, payments (Stripe), authentication (Discord)) to the extent necessary. We enter into data processing agreements (DPAs) with such providers in accordance with applicable laws.

7. International transfers

We are based in the European Economic Area (EEA), but our service providers (e.g., Stripe, Discord) and infrastructure locations may involve processing outside the EEA (e.g., the United States).
In such cases, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) and minimise the data transferred. We do not use service providers for the purpose of intentionally transferring or storing personal data in jurisdictions considered high risk.

8. Retention

We keep personal data only for as long as necessary for the purposes described above:
  • technical logs: retained for a limited period for security/troubleshooting
  • account data: kept while your account is active; deleted or anonymised where appropriate after closure
  • accounting/billing: retained for the period required by Dutch law (generally 7 years), etc.

9. Your rights

Depending on your location and applicable law (including GDPR), you may have the right to request:
  • access, rectification, erasure
  • restriction of processing, objection
  • data portability
  • withdrawal of consent (where processing is based on consent)
To exercise your rights, contact us at [email protected]. You also have the right to lodge a complaint with the Dutch supervisory authority (Autoriteit Persoonsgegevens) or your local authority.
We do not conduct automated decision-making or profiling that produces legal or similarly significant effects on you.

10. Changes

We may update this policy from time to time by publishing a new version on this page.
Last updated: 2026-02-05