Privacy Policy

Version 1.0 · Last updated 8 July 2026

1. Who we are

Elysium ("we", "us", "our") operates the distributed compute network available at elysiumnetwork.io. For the purposes of the EU/UK General Data Protection Regulation (GDPR), Elysium is the controller of personal data collected through this website and our services.

Data protection contact: privacy@elysiumnetwork.io

2. What data we collect

  • Account data — email, hashed password, display name, account role (buyer / provider / admin).
  • Service data — compute jobs you submit, nodes you register, telemetry from nodes you contribute, wallet and payout information, API keys, integrations you configure.
  • Technical data — IP address, user-agent, session identifiers, and security logs necessary to operate the service.
  • Consent records — the cookie/consent choices you make, the policy version at that time, timestamp, and a browser-scoped anonymous identifier.
  • Communications — messages you send us (e.g. support emails).

We do not knowingly collect data from children under 16.

3. Why we use it and the lawful basis (GDPR Art. 6)

  • Provide the service (accounts, jobs, payouts) — performance of a contract (Art. 6(1)(b)).
  • Security, fraud prevention, abuse detection, audit logs — legitimate interests (Art. 6(1)(f)) and legal obligation (Art. 6(1)(c)).
  • Analytics and marketing cookies — your consent (Art. 6(1)(a)); off by default and only loaded after opt-in.
  • Tax, accounting, and legal compliance — legal obligation (Art. 6(1)(c)).

4. Who we share it with

We share personal data only with vetted processors acting on our instructions, or where required by law. Current subprocessors:

  • Supabase — authentication, database, storage (EU region where available).
  • Cloudflare — hosting, edge network, DDoS protection.
  • Email delivery provider — transactional email for verification, password reset, and notifications.

We do not sell personal data. We do not share it with advertising networks. A current list of subprocessors is available on request from privacy@elysiumnetwork.io.

5. International transfers

Where personal data is transferred outside the EEA/UK, we rely on the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, together with additional technical safeguards (encryption in transit and at rest).

6. How long we keep it

  • Account data — for the life of the account, then deleted or anonymized within 90 days of closure.
  • Job and telemetry data — up to 24 months, then aggregated or deleted.
  • Financial records — 7 years, where required by tax law.
  • Security and audit logs — up to 12 months.
  • Consent records — 24 months after the consent is withdrawn or superseded.

7. Your rights under the GDPR

You have the right to:

  • access the personal data we hold about you (Art. 15);
  • rectify inaccurate data (Art. 16);
  • erase your data ("right to be forgotten", Art. 17);
  • restrict or object to processing (Arts. 18 & 21);
  • data portability in a structured, machine-readable format (Art. 20);
  • withdraw consent at any time, without affecting prior processing (Art. 7(3));
  • lodge a complaint with your local supervisory authority (in Ireland, the Data Protection Commission — dataprotection.ie).

To exercise any right, email privacy@elysiumnetwork.io. We respond within 30 days.

8. Regional privacy rights

We apply the protections below to everyone, and we honor the specific rights your local law gives you.

  • EU / EEA (GDPR) — the rights in Section 7 apply. Lead supervisory authority: the Irish Data Protection Commission (dataprotection.ie).
  • United Kingdom (UK GDPR & DPA 2018) — same rights as the EU. Supervisory authority: the ICO (ico.org.uk).
  • California (CCPA / CPRA) — right to know, delete, correct, and limit use of sensitive personal information; right to opt out of "sale" or "sharing" of personal information (we do neither); right to non-discrimination for exercising these rights.
  • Other US states (Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and similar) — access, correction, deletion, portability, and opt-out of targeted advertising and profiling with legal effect.
  • Canada (PIPEDA), Australia (Privacy Act), Brazil (LGPD), Switzerland (nFADP) — access, correction, deletion, and complaint rights to your national regulator.

To exercise any of these rights, or to appoint an authorized agent, email privacy@elysiumnetwork.io. We do not sell your personal information and we do not use it for cross-context behavioral advertising.

9. Security

We use TLS in transit, encryption at rest, role-based access control, row-level security on our database, audit logging, and least-privilege service accounts. No system is perfectly secure; if you believe your account has been compromised, contact security@elysiumnetwork.io immediately.

11. Cookies

We use only essential cookies by default. Analytics and marketing cookies require your explicit consent. See our Cookie Policy for the full list and how to manage your choice.

12. Changes to this policy

We will post material changes here and, where required, notify you by email. The version and last-updated date at the top of this page always reflect the current notice.