Legal

Privacy Policy

Last updated: February 01, 2026

February 01, 2026UPGO.IO

UPGO Solutions Co., Ltd. ("UPGO", "Company", "we", "us", "our") is committed to protecting the privacy, security, and confidentiality of your personal data. This Privacy Policy ("Policy") describes in comprehensive detail how we collect, use, process, store, share, and protect information when you access or use the UPGO.IO decentralized bandwidth sharing platform and its associated services.

This Policy applies to all UPGO.IO services, including but not limited to: the UPGO.IO website (upgo.io), UPGO Node desktop applications (Windows, macOS, Linux), UPGO Node mobile applications (Android, iOS), the Relay Leaf SDK and API, smart contracts deployed on the Solana blockchain, customer support channels, and any other services or tools offered by UPGO.IO.

By accessing or using any UPGO.IO service, you acknowledge that you have read, understood, and consent to the collection and processing of your personal data as described in this Policy. If you do not agree with any aspect of this Policy, you must immediately discontinue use of all UPGO.IO services.

UPGO.IO operates as a Decentralized Physical Infrastructure Network (DePIN) built on the Solana blockchain. Due to the decentralized nature of our platform, certain data — particularly $BNC token transactions and wallet addresses — are recorded on the public blockchain and cannot be modified or deleted. We encourage you to carefully consider this before engaging with our platform.

We collect various categories of information to operate, maintain, and improve the UPGO.IO platform. The types and extent of data collected depend on how you interact with our services:

Information you provide directly

Account Registration Data — Email address, username/display name, and password used to create your UPGO.IO account. If social login is used (Google, Apple), we receive your name and email address from the identity provider.

Wallet Information — Your Solana wallet public address used to receive $BNC token rewards, staking deposits, and governance voting. We never collect or store your private keys or seed phrases.

Profile Information — Optional personal details you choose to provide, including display name, avatar/profile picture, preferred language, timezone, and notification preferences.

Support & Communication Data — Information you provide when contacting our support team, including email address, message content, attachments, and any other details submitted through support tickets, live chat, or email correspondence.

KYC/Identity Verification Data — When required by applicable regulations or our compliance policies, we may collect government-issued identification documents, proof of address, selfie photographs, and other verification materials through our trusted third-party KYC provider.

Referral Information — Your unique referral code and the email addresses or wallet addresses of users you refer to the platform (with their consent).

Automatically collected information

Device Information — Device type, operating system (name and version), hardware specifications (CPU, RAM, storage), unique device identifiers, UPGO Node application version, and installation date.

Network & Bandwidth Metrics — Volume of bandwidth shared (upload/download), connection speed measurements, node uptime duration, latency metrics, bandwidth quality scores, and contribution statistics used for reward calculations.

IP Address & Geolocation — Your IP address and approximate geographic location (country, region, city) derived from your IP address. This information is used for network optimization, regional demand matching, regulatory compliance, and fraud prevention.

Blockchain Data — $BNC token transaction history, wallet balances, staking positions, governance voting records, and Data Credit usage. This data is publicly recorded on the Solana blockchain and is inherently transparent and immutable.

Application Logs — Technical logs generated by the UPGO Node application, including error reports, crash logs, performance metrics, feature usage statistics, and diagnostic data used to identify and resolve technical issues.

Website Analytics — Browser type and version, pages visited, time spent on pages, referral source, click patterns, and other standard web analytics data collected through cookies and similar technologies.

UPGO.IO uses cookies and similar tracking technologies to enhance your experience, analyze usage patterns, and improve our services. The following types of technologies are employed:

Essential Cookies — Required for the basic functionality of the UPGO.IO website, including session management, authentication, security, and load balancing. These cookies cannot be disabled without affecting core functionality.

Analytics Cookies — Used to collect anonymized usage statistics about how visitors interact with the UPGO.IO website, including page views, session duration, bounce rate, and navigation paths. We use privacy-focused analytics tools that do not track individual users across websites.

Preference Cookies — Store your preferences such as language selection, theme (dark/light mode), notification settings, and display preferences to provide a personalized experience across sessions.

Performance Cookies — Help us understand how the UPGO Node application performs on different devices and network configurations, enabling us to optimize performance and identify bottlenecks.

You can manage cookie preferences through your browser settings. Please note that disabling essential cookies may impair the functionality of the UPGO.IO website. The UPGO Node desktop and mobile applications do not use browser cookies but may use local storage for similar purposes.

We process your personal data only for specific, legitimate purposes. Each category of data we collect serves one or more of the following purposes:

Platform Operations — Operate, maintain, and administer the UPGO.IO platform, including user account management, bandwidth network coordination, node assignment, and service delivery.

Reward Calculation & Distribution — Accurately calculate bandwidth contribution rewards based on volume, quality, uptime, and geographic demand, and distribute $BNC tokens to your connected Solana wallet.

Network Optimization — Analyze network performance data to optimize bandwidth routing, improve connection quality, reduce latency, and allocate resources efficiently across the global node network.

Fraud Detection & Prevention — Monitor for and prevent fraudulent activities including multi-accounting, bandwidth manipulation, bot usage, fake contributions, and other forms of system abuse that undermine network integrity.

Security & Compliance — Protect the platform against unauthorized access, cyber threats, and security vulnerabilities. Comply with applicable laws, regulations, and legal obligations including AML (Anti-Money Laundering) and KYC requirements.

Communications — Send essential notifications about your account status, security alerts, reward distributions, platform updates, maintenance schedules, and changes to our Terms of Service or Privacy Policy.

Product Development — Analyze usage patterns and feature engagement to guide product development decisions, prioritize improvements, and develop new features that better serve our user community.

Legal & Regulatory — Respond to legal requests, enforce our Terms of Service, protect our rights and property, and comply with applicable laws, court orders, and regulatory requirements across jurisdictions.

UPGO.IO does not sell, rent, or trade your personal data to any third party for marketing or advertising purposes. We share information only in the following limited and specific circumstances:

Infrastructure Service Providers

Trusted third-party service providers who assist us in operating the platform, including cloud hosting providers (encrypted data centers), content delivery networks (CDN), analytics services, email delivery services, and customer support tools. All service providers are contractually required to protect your data and process it only as instructed by UPGO.IO.

KYC/Identity Verification Partners

When identity verification is required, we share necessary personal data with our trusted third-party KYC provider, who processes the data under strict contractual data protection obligations and applicable privacy regulations.

Law Enforcement & Legal Authorities

When required by law, regulation, legal process (subpoena, court order), or governmental request from an authorized authority. We will notify you of such requests when legally permitted to do so.

Solana Blockchain (Public Data)

Your wallet public address, $BNC token transactions, staking positions, and governance votes are recorded on the Solana blockchain, which is a public, transparent, and immutable ledger. This data is accessible to anyone and cannot be deleted or modified.

DePIN Network Partners

Anonymized, aggregated statistics about network performance, geographic distribution, and bandwidth availability shared with enterprise clients and DePIN ecosystem partners. This data does not contain personally identifiable information.

Corporate Transactions

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you before your personal data is transferred and becomes subject to a different privacy policy.

UPGO.IO implements comprehensive, multi-layered security measures to protect your personal data against unauthorized access, disclosure, alteration, destruction, and loss. Our security program includes:

Encryption in Transit — All data transmitted between your device and UPGO.IO servers is encrypted using TLS 1.3 (Transport Layer Security) with perfect forward secrecy, ensuring that intercepted communications cannot be decrypted.

Encryption at Rest — Personal data stored in our databases is encrypted using AES-256-GCM (Advanced Encryption Standard), the same encryption standard used by governments and financial institutions worldwide.

Access Controls — Strict role-based access control (RBAC) policies ensure that only authorized personnel with a legitimate business need can access personal data. All access is logged, monitored, and regularly audited.

Security Audits — Regular penetration testing and comprehensive security audits conducted by independent third-party cybersecurity firms. Our smart contracts undergo formal verification and security audits before deployment.

Two-Factor Authentication (2FA) — Available and strongly recommended for all user accounts, providing an additional layer of security beyond passwords. We support authenticator apps (TOTP) and hardware security keys (WebAuthn/FIDO2).

Intrusion Detection & Monitoring — 24/7 real-time monitoring through intrusion detection systems (IDS), security information and event management (SIEM), and automated threat detection and response capabilities.

Employee Security — All UPGO.IO employees and contractors undergo background checks and are required to sign confidentiality agreements. Regular security awareness training ensures that all personnel understand their data protection responsibilities.

Bug Bounty Program — We maintain an active bug bounty program with rewards exceeding $100,000, incentivizing security researchers to responsibly disclose vulnerabilities before they can be exploited.

UPGO.IO operates globally and may transfer, store, and process your personal data in countries other than your country of residence. These countries may have data protection laws that differ from the laws of your jurisdiction.

When transferring personal data across borders, we implement appropriate safeguards to ensure that your data receives an adequate level of protection, including: Standard Contractual Clauses (SCCs) approved by relevant data protection authorities, data processing agreements with all service providers, and technical measures such as encryption and pseudonymization.

By using the UPGO.IO platform, you consent to the transfer of your personal data to countries outside your jurisdiction as described in this Policy. If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data transfer restrictions, the transfers described in this section are made in compliance with applicable regulations.

Depending on your jurisdiction, you may have the following rights regarding your personal data. UPGO.IO is committed to honoring these rights to the fullest extent required by applicable law:

Right of Access

Request a complete copy of all personal data we store about you, including the purposes of processing, categories of data, recipients of data, and retention periods. We will provide this information in a structured, commonly used format within 30 days.

Right to Rectification

Request correction or updating of any inaccurate, incomplete, or outdated personal information we hold about you. You can update most account information directly through the UPGO Node application settings.

Right to Erasure

Request the deletion of your personal data from our systems. Please note that data recorded on the Solana blockchain (wallet addresses, token transactions, governance votes) is immutable and cannot be deleted. We will delete all off-chain personal data within 30 days of your request.

Right to Restrict Processing

Request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to our processing while we verify the legal basis for processing.

Right to Data Portability

Receive your personal data in a structured, machine-readable format (JSON or CSV) and transmit that data to another service provider. This includes your contribution history, reward records, and account settings.

Right to Object

Object to the processing of your personal data for certain purposes, including direct marketing, profiling, and processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds.

Right to Withdraw Consent

Withdraw your consent to data processing at any time where processing is based on consent. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to Lodge a Complaint

Lodge a complaint with your local data protection authority if you believe our processing of your personal data violates applicable data protection laws.

To exercise any of these rights, please send a detailed request to privacy@upgo.io. We will verify your identity before processing any request and respond within 30 calendar days. In exceptional circumstances, we may extend this period by an additional 60 days with prior notification.

UPGO.IO services are not directed to and are not intended for use by individuals under the age of 18 (or the minimum legal age in your jurisdiction). We do not knowingly collect, solicit, or process personal data from children.

If we become aware that we have collected personal data from a child without verified parental consent, we will take immediate steps to delete that information from our servers. If you are a parent or guardian and believe that your child has provided personal data to UPGO.IO, please contact us at privacy@upgo.io so that we can take appropriate action.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations. The following retention periods apply:

Account Registration Data

Retained for the duration of your active account and for 90 days after account closure to facilitate reactivation requests and resolve any pending disputes.

Blockchain Data

Permanently stored on the Solana blockchain. Wallet addresses, $BNC token transactions, staking records, and governance votes are immutable and cannot be deleted by UPGO.IO or any third party.

Bandwidth Contribution Statistics

Retained for 3 years from the date of contribution for reward verification, dispute resolution, and network analytics purposes.

Technical & Application Logs

Automatically deleted after 90 days. Critical security logs may be retained for up to 1 year for forensic analysis and regulatory compliance.

Support Tickets & Communication

Retained for 2 years from the date the support request is resolved, to provide context for future inquiries and improve our support quality.

KYC/Identity Verification Data

Retained for the duration of your account and for 5 years after account closure, as required by Anti-Money Laundering (AML) regulations.

Analytics & Cookie Data

Website analytics data is retained for 26 months. Cookie data expires according to the retention periods specified in the Cookies & Tracking Technologies section.

UPGO.IO uses automated systems and algorithms to make certain decisions that may affect your experience on the platform. These automated processes include:

Reward Calculation — Automated algorithms calculate your bandwidth sharing rewards based on contribution volume, quality, uptime, geographic demand, and other objective network metrics. These calculations are transparent and can be independently verified through on-chain data.

Fraud Detection — Machine learning models analyze usage patterns to detect and flag suspicious activities such as multi-accounting, bandwidth manipulation, and bot usage. Flagged accounts are reviewed by human operators before any enforcement action is taken.

Node Quality Scoring — Automated systems assign performance scores to nodes based on bandwidth quality, connection stability, latency, and uptime. These scores influence reward multipliers and network routing priority.

You have the right to request human review of any automated decision that significantly affects you. To request a review, please contact support@upgo.io with details of the specific decision you wish to challenge.

The UPGO.IO website and applications may contain links to third-party websites, services, or applications that are not owned or controlled by UPGO.IO, including cryptocurrency exchanges, DeFi protocols, wallet providers, and blockchain explorers.

This Privacy Policy does not apply to any third-party services. We are not responsible for the privacy practices, content, or security of any third-party services. We strongly recommend that you review the privacy policies of any third-party services before providing your personal data or engaging with those services.

In the unlikely event of a personal data breach that is likely to result in a risk to your rights and freedoms, UPGO.IO will notify affected users without undue delay and no later than 72 hours after becoming aware of the breach, through the following channels: email notification to the address associated with your account, in-app notification in the UPGO Node application, and a prominent notice on the UPGO.IO website.

The notification will include: a description of the nature of the breach, the categories and approximate number of data records affected, the likely consequences of the breach, the measures taken or proposed to address the breach and mitigate potential adverse effects, and contact information for our data protection team.

We will also notify relevant data protection authorities as required by applicable laws and regulations in all affected jurisdictions where our users are located.

UPGO.IO reserves the right to update, modify, or replace this Privacy Policy at any time. When we make material changes, we will notify you through one or more of the following methods: posting a prominent notice on the UPGO.IO website, sending an email notification to the address associated with your account, displaying an in-app notification, or publishing an announcement on our official social media channels.

For material changes that affect how we collect, use, or share your personal data, we will provide at least 14 calendar days advance notice before the changes take effect. The date of the most recent revision is always indicated at the top of this page.

Your continued use of UPGO.IO services after the effective date of any policy modification constitutes your acceptance of the updated Privacy Policy. If you do not agree with any changes, your sole remedy is to discontinue use of our services and request deletion of your personal data.

If you have any questions, concerns, or requests regarding this Privacy Policy, your personal data, or UPGO.IO's data protection practices, please contact us through the following channels:

Privacy inquiries: privacy@upgo.io

Legal inquiries: legal@upgo.io

Security issues: security@upgo.io

Data Protection Officer: dpo@upgo.io

Company: UPGO Solutions Co., Ltd.

We aim to respond to all privacy-related inquiries within 30 calendar days of receipt.

February 01, 2026