Privacy Policy
Short version: The marketplace itself requires no personal data — you connect a wallet and trade. We only collect an email address if you voluntarily join the waitlist. We do not sell, share, or profit from that data. We use it for one purpose: to notify you when the platform opens.
Contents
- Who We Are
- What Data We Collect and Why
- The Marketplace — No Personal Data Required
- The Waitlist — Email Registration
- Wallet Addresses
- Local Storage and Session Data
- Lawful Basis
- How Long We Keep Your Data
- Who We Share Data With
- Your Rights under UK GDPR
- Cookies
- Children
- Changes to This Policy
- Contact and Complaints
1. Who We Are
This privacy policy applies to worldwide-emporium.net and associated pages, operated as part of the Non Fungible Utilities Network (the "NFU Network" or "we"). The platform is currently operated by an individual in the United Kingdom. A formal legal entity is in the process of being established.
For data protection purposes, the operator is the data controller for waitlist registration data.
Contact: privacy@worldwide-emporium.net
2. What Data We Collect and Why
Waitlist Registration
Email address and optional interest categories, if you choose to join the waitlist. Purpose: to notify you when the platform opens for access.
Marketplace Use
No name, email, address, date of birth, or other personal data is required to use the marketplace. A wallet connection is pseudonymous by design.
Browsing / Analytics
No personal tracking cookies, Google Analytics, or behavioural profiling. Cloudflare may collect aggregate traffic statistics (see Section 9).
User Accounts
There are no user accounts, usernames, or passwords on this platform. No account registration is possible or required.
3. The Marketplace — No Personal Data Required
The NFU Network marketplace is designed to operate without collecting personal information. To buy, sell, browse, or hold NFU positions, you need only an XRPL-compatible wallet (Xaman, Crossmark, or similar). The wallet connection is handled entirely by the wallet application — we receive a wallet address only, which is a pseudonymous public identifier on the XRP Ledger, not a name or contact detail.
Item metadata (photographs, descriptions, condition records) uploaded to IPFS via the platform is stored immutably on the IPFS network. Once pinned, it is publicly accessible by its content hash and cannot be deleted. Do not upload personal information as part of item metadata.
4. The Waitlist — Email Registration
What we collect
If you register on the waitlist, we collect:
- Your email address
- Your self-selected interest categories (Collector, Node Owner, Founder, Developer, etc.) — optional
- The date and time of registration
Why we collect it
Solely to send you a notification when the platform opens for early access. We will not send marketing emails, newsletters, or promotional material without your separate consent.
How to unsubscribe
Every notification email includes an unsubscribe link. You may also request deletion of your waitlist entry at any time by contacting privacy@worldwide-emporium.net.
Where it is stored
Waitlist data is stored in a CSV file on a UK-based shared hosting server (readergroup.co.uk). It is not transferred to third parties, not processed by AI systems, and not used for any purpose other than the launch notification described above.
5. Wallet Addresses
XRPL wallet addresses are public identifiers — they are visible to anyone on the XRP Ledger by design. We display wallet addresses in the context of NFU ownership (e.g. "This NFU is owned by rXXXX…") as a feature of the blockchain's public nature, not as a disclosure of personal data.
Under UK GDPR, a public pseudonymous identifier may or may not constitute personal data depending on the context and whether it can be linked back to an identified individual. We treat wallet addresses with appropriate care and do not attempt to link them to personal identities.
6. Local Storage and Session Data
The platform makes extensive use of your browser's localStorage to cache NFT data, your selected network, and UI preferences. This data:
- Lives entirely in your own browser
- Is never transmitted to our servers
- Can be cleared at any time via your browser settings
- Does not constitute personal data processing on our part
We do not use session cookies for tracking purposes. See Section 11 for the cookies policy.
7. Lawful Basis
Under UK GDPR, we rely on the following lawful bases:
- Consent (Article 6(1)(a)) — for waitlist email registration. You provide your email voluntarily and may withdraw consent at any time without consequence.
- Legitimate interests (Article 6(1)(f)) — for the incidental processing of public wallet addresses in the context of displaying NFU ownership on the blockchain, where this is necessary for the operation of a public provenance system and the interests of the data subject are not overridden.
8. How Long We Keep Your Data
Waitlist registration data is retained until one of the following:
- You unsubscribe or request deletion
- The platform has launched and the waitlist no longer serves its purpose
- 12 months after the date of registration, whichever is sooner
We will not retain waitlist data beyond the period reasonably necessary for its stated purpose.
9. Who We Share Data With
We do not sell, rent, or trade your personal data to any third party.
The following third-party services process data incidentally in the operation of the platform:
- Cloudflare Pages — hosts the public-facing site. Cloudflare may collect aggregate, anonymised traffic data. See Cloudflare's privacy policy at cloudflare.com/privacypolicy.
- Filebase / IPFS — stores item metadata uploaded by users. Once uploaded to IPFS, content is publicly accessible by its content hash.
- Shared hosting provider (readergroup.co.uk) — hosts the waitlist endpoint and admin backend. Data is stored in the UK.
- Google Fonts — the platform loads fonts from Google Fonts. Google may log the request IP. To avoid this, fonts can be self-hosted.
No personal data is transferred to the United States or outside the UK/EEA beyond what is described above.
10. Your Rights under UK GDPR
As a UK data subject you have the following rights in relation to personal data we hold about you:
| Right | What It Means |
|---|---|
| Access | Request a copy of the personal data we hold about you. |
| Rectification | Ask us to correct inaccurate data. |
| Erasure | Ask us to delete your personal data ("right to be forgotten"). |
| Restriction | Ask us to pause processing of your data in certain circumstances. |
| Portability | Receive your data in a structured, machine-readable format. |
| Withdraw Consent | Remove consent at any time without affecting any prior processing. |
| Object | Object to processing based on legitimate interests. |
To exercise any of these rights, contact privacy@worldwide-emporium.net. We will respond within one calendar month. There is no charge for reasonable requests.
If you are unhappy with how we handle your request, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.
11. Cookies
The platform does not use tracking cookies, advertising cookies, or analytics cookies.
The platform uses browser localStorage (not cookies) to store cached data and preferences client-side. This is not subject to the same consent requirements as cookies under PECR in the same way, as it does not transmit data back to a server.
Third-party services (Cloudflare, Google Fonts) may set their own cookies as described in their respective privacy policies. We do not control those cookies.
12. Children
The platform is not directed at children under 13, and we do not knowingly collect personal data from children. If you believe a child has submitted data via the waitlist, please contact us for immediate deletion.
13. Changes to This Policy
We may update this privacy policy from time to time. The date of last update appears at the top of this page. Material changes will be communicated via a notice on the site. Continued use of the platform after an update constitutes acceptance of the revised policy.
14. Contact and Complaints
Data protection enquiries: privacy@worldwide-emporium.net
To complain to the UK regulator: Information Commissioner's Office, ico.org.uk, 0303 123 1113.
DRAFT NOTICE: This privacy policy has been prepared in good faith but has not yet been reviewed by a qualified solicitor. It should not be relied upon as legal advice. A formal legal review — including review of the PECR position on localStorage, the adequacy of the legitimate interests assessment for wallet addresses, and the accuracy of third-party processor descriptions — is planned prior to full public launch.