Privacy Policy

Last Updated: January 16, 2026

1. INFORMATION WE COLLECT

We collect several categories of information depending on your interaction with our services:

• Personal Identifiers: Name, email address, phone number, and physical mailing address.
• Identity Verification Data (KYC): To comply with RIPE NCC and ARIN policies, we collect government-issued identification (e.g., passport, driver's license), real-time biometric facial scans (for liveness checks), and corporate registration documents through our partner, Persona.
• Technical Data: IP addresses, browser type, device information, cookies, and usage logs.
• Resource Registration Data: Details regarding the internet resources requested, including administrative and technical contact information.
• Communications: Records of your correspondence with us via email, Telegram, or other channels.

2. LEGAL BASIS FOR PROCESSING (GDPR)

If you are located in the European Economic Area (EEA), we process your data under the following legal bases:

• Performance of a Contract: To provide and manage the internet resources you have requested.
• Legal Obligation: To comply with anti-money laundering (AML) regulations and Regional Internet Registry (RIR) compliance mandates.
• Legitimate Interests: To maintain the security, integrity, and public accountability of the global internet routing system.
• Consent: For non-essential cookies or marketing communications (where applicable).

3. DUE DILIGENCE & KYC PROCESS

To ensure the legitimate distribution of internet resources and prevent network abuse, we perform a mandatory due diligence process:

Third-Party Processor

We utilize Persona (withpersona.com) to conduct identity verification. When you undergo KYC, you provide your data directly to Persona's secure environment.

Data Security

Persona is SOC 2 Type II compliant and utilizes high-level encryption (AES-256) to protect your sensitive documents and biometric data during transmission and storage.

Retention

Original identity document images are retained only as long as necessary to complete the verification and are thereafter deleted or de-identified in accordance with our data retention schedule, unless otherwise required by law or RIR policy.

4. DATA SHARING AND DISCLOSURE

We do not sell your personal information. However, we share data in the following necessary circumstances:

Regional Internet Registries (RIPE NCC / ARIN)

• Per RIR policies, your name and contact details must be registered in the public WHOIS database to ensure resource transparency and accountability.
• During compliance audits by RIPE NCC or ARIN, we may be required to disclose due diligence documentation to verify the authenticity of our members/users.

Service Providers

Trusted third parties who assist us in operating our website and conducting our business (e.g., Persona for KYC, payment processors, hosting providers, email service providers).

Legal Requirements

To respond to lawful subpoenas, court orders, government audits, or to protect our legal rights and the safety of our users.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

5. INTERNATIONAL DATA TRANSFERS

As we operate in the United States and interact with RIPE NCC (based in Europe), your data may be transferred across borders. We utilize Standard Contractual Clauses (SCCs) and other legal safeguards approved by the European Commission to ensure your data receives a level of protection equivalent to that in your home jurisdiction.

6. DATA RETENTION

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law:

• Active Resources: Contact and registration data is retained for the duration of your resource assignment.
• KYC Documents: Identity verification records are retained for a minimum period as required by RIR policies and applicable AML regulations (typically 5-7 years after the end of the business relationship).
• Technical Logs: Server logs and usage data are typically retained for 12-24 months for security and operational purposes.
• Marketing Data: If you opt-in to marketing communications, we retain your data until you unsubscribe or request deletion.

7. YOUR RIGHTS (US & GDPR)

Depending on your location, you may have the following rights:

• Access & Correction: The right to request a copy of your data and correct inaccuracies.
• The Right to Deletion ("Right to be Forgotten"): The right to request the deletion of your data, subject to RIR resource retention mandates and legal obligations.
• Data Portability: The right to receive your data in a structured, commonly used format.
• Opt-out/Objection: The right to object to processing based on legitimate interests or for direct marketing.
• Restriction of Processing: The right to request that we limit how we use your data in certain circumstances.
• Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at [email protected] or via Telegram: @gugumnt.

8. SECURITY MEASURES

We implement industry-standard administrative, technical, and physical security measures to protect your personal information:

• Encryption: All data transmitted to and from our services is encrypted using TLS 1.3 or higher.
• Access Controls: Strict role-based access controls limit who can view or process your data.
• Regular Audits: We conduct regular security assessments and vulnerability scans.
• Secure Infrastructure: Our systems are hosted in SOC 2 compliant data centers with 24/7 monitoring.
• Employee Training: All staff members undergo privacy and security training.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

9. CHILDREN'S PRIVACY (COPPA)

Our services are directed to adults and business entities. We do not knowingly collect information from children under the age of 13 (or 16 in the EEA). If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information promptly.

10. COOKIES AND TRACKING

We use cookies and similar tracking technologies to enhance your browsing experience:

• Essential Cookies: Required for the website to function properly (e.g., session management, security).
• Preference Cookies: Remember your settings such as language and theme preferences.
• Analytics Cookies: Help us understand how visitors interact with our website (we use privacy-focused analytics).

You can control cookie preferences through your browser settings. Note that disabling certain cookies may affect website functionality.

11. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. For significant changes, we may also notify you via email or a prominent notice on our website. We encourage you to review this Privacy Policy periodically.

12. CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For GDPR-related inquiries, you also have the right to lodge a complaint with your local data protection authority.