Privacy Policy
Effective from: May 16, 2025
This document presents the Privacy Policy where you will find all the information regarding the processing of personal data carried out in regards to Aero.
Aero is a staking delegation pool that supports decentralization by prioritizing smaller or early-stage Solana validators. It provides validator tools, facilitates hardware sales, and delegates stake to operators aligned with Solana’s ecosystem goals.
The resources of Aero are:
- a landing page website and a web application that can be found on https://www.aeropool.io/, and
- social media sites of Aero, found on Discord, Telegram and X.
(all together “Aero”)
WHO PROCESSES YOUR PERSONAL DATA?
The processing of personal data is carried out by the data controller, Phase Labs Technologies Limited.
Details of the data controller:
Phase Labs Technologies Limited,
Unit IH-00-01-01-OF-01, Level 1,
Innovation Hub, Dubai International Financial Centre,
Dubai, United Arab Emirates
(“Phase Labs”)You can contact the data controller for questions related to this policy at any time via email: info@aeropool.io.
APPLICABLE LAWS
We try our best to comply with all the data regulations around the world. However, since we are incorporated in Dubai International Financial Centre (“DIFC”), we are bound by local laws, namely Data Protection Law DIFC Law No. 5 of 2020 with applicable amendments (“DIFC Law No.5” or “DPL”).
HOW WE COLLECT YOUR DATA?
The data we collect is provided by the users through their interactions with Aero and may be collected in the following ways:
Direct Collection:
- When you provide information by filling out forms, creating an account, subscribing to our services, making inquiries, or otherwise communicating with us.
- When you engage with our customer support or interact with us via email, phone, or other communication channels.
Automated Collection (Cookies & Tracking Technologies):
- We automatically collect certain information about your device, Browse actions, and usage patterns when you visit our website. This includes technical data such as IP address, browser type, and operating system.
- We use cookies and similar tracking technologies to enhance your experience, analyze website performance, and personalize content.
- You can manage your cookie preferences and read more about automated collection of data in our Cookie Policy at https://www.aeropool.io/cookiepolicy.
WHAT CATEGORIES OF DATA WE COLLECT?
We collect the following categories of personal data:
- name surname / company name,
- type of institution / person (legal entity, natural person, etc.),
- address,
- EIN / TIN / VAT number,
- email address,
- country of residence,
- crypto wallet address,
- Discord username,
- Twitter (X) username,
- Telegram username,
- user ID (that we appoint to each user upon its creation of an account),
- Validator Node identity public key and vote account public key,
- data you provide as proof of Validator Node operations,
- information about your device, Browse actions, and usage patterns when you visit our website, including technical data such as IP address, browser type, operating system, and other cookie related data.
We do NOT knowingly collect any kinds of sensitive personal data or personal data of kids or underaged individuals.
WHY DO WE USE YOUR PERSONAL DATA?
We process all data collected by the controller only when there is an appropriate legal basis and for a specific purpose, as defined below. If we process data for a purpose not specified in this policy, we will notify you in advance.
This Privacy Policy applies to:
- Users of Aero;
- Visitors of Aero’s website and app;
- Individuals who contact us or our partners regarding Aero.
Whether you decide to provide your personal data to us is entirely voluntary unless required by law. We note that in cases where you do not provide personal data, we may not be able to provide certain services or the quality of services may be lower due to technical reliance on your data.
Personal data is processed only as long as necessary to fulfill the purpose for which it was collected. After the retention period expires, the data is anonymized so that data reconstruction is no longer possible.
DO WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES?
We share your personal data with contractual processors, such as our business development partners, licensees, developer contractors, mass email senders, accounting services, legal consultants, payment processor providers, and similar.
Personal data is disclosed to third parties only when necessary to fulfill the purpose of personal data processing. Third parties may access and process your personal data only to the extent and in the manner specified in the contract we have concluded with them and in accordance with purposes stated in this privacy policy.
We do not sell your data to third parties.
Government Data Sharing
In some circumstances we are legally obliged to share information with public authorities or law enforcement. For example, we may be required to provide information related to a court order or where we must cooperate with supervisory authorities in handling complaints or investigations. In any scenario, we’ll attempt to satisfy ourselves that we have a lawful basis on which to share the information, document our decision making, and satisfy ourselves we have a legal basis on which to share the information.
We may also share information in the event of the non-payment including a monetary penalty or court ordered costs. If the debt remains outstanding after the specified timeframe for payment, no payment plan is in place or an agreed payment plan is not being adhered to, we may initiate formal proceedings to recover the full amount of the unpaid penalty.
As a result, Phas Labs will share Personal Data with the litigation and recovery specialists it instructs in order for them to identify assets and undertake recovery action through the courts.
All sharing of Personal Data aligns to the extent possible with Phase Labs’s Government Data Sharing Policy, which is an internal Phase Labs policy that governs fair and lawful sharing of Personal Data requested by government entities within the UAE and elsewhere.
DO WE TRANSFER YOUR PERSONAL DATA TO COUNTRIES OUTSIDE OF EU, UK, USA AND UAE?
No, your personal data is not shared or stored outside the EU, UK, USA, or UAE. All public NFT asset data is securely stored in the United States (AWS us-east-1 region), and all user data is stored in New York City (DigitalOcean servers). We ensure compliance with relevant data protection laws and maintain strict security measures to safeguard your information.
DO WE HONOR THE “DO-NOT-TRACK” FEATURE?
If you decline all optional cookies, we will honor the “Do-Not-Track” request and will not track your behaviour on our website. If you accept all optional cookies (especially the analytics/performance cookies), then you consent to our cookies tracking your behavior on our website. If you are interacting with us through our social media accounts, then your behaviour patterns are in the hands of the social media provider and we have no control over such data.
HOW DO WE PROTECT YOUR PERSONAL DATA?
Our company ensures the highest level of personal data protection. To achieve this, we have adopted various technical and organizational measures, including: regularly updating of our hardware and software, securing hardware and software with protective software, practicing and implementing privacy by design coding and development, protecting our business premises, restricting unauthorized access to personal data with passwords and clear competence division, monitoring employees, and having appropriate contractual arrangements in place with all individuals who have access to your personal data.
Despite our security mechanisms, we acknowledge that a security incident may occur. For this purpose, we have developed a specific protocol to address such incidents quickly, effectively, and in compliance with the law.
If a security incident occurs that may threaten the rights and freedoms of individuals, we will immediately notify the competent supervisory authority, but in no case later than 72 hours after becoming aware of the incident. If a major security incident occurs that could negatively impact a customer's personal data and privacy, the affected customer or individual will also be notified.
WHAT RIGHTS DO YOU HAVE?
Regarding the processing of your personal data, you have the following rights:
- Right of Access: You have the right to information about whether we process your personal data, what data we process, how we obtained it, the purpose of processing, retention time, whether automated decision-making or profiling is performed, to whom the data is transferred, and whether it is transferred outside the EU/EEA area, as well as what security measures have been implemented.
- Right to Rectification: You have the right to request the correction or completion of inaccurate, incomplete, or outdated personal data we process about you.
- Right to Portability: You can request that we provide your personal data in a structured and machine-readable format, if technically feasible.
- Right to Erasure: You have the right to request the deletion of your personal data without undue delay, especially if you withdraw your consent. However, there are situations where we cannot comply with your request, for example, if the processing is based on a valid contractual relationship or legal obligations.
- Right to Restrict Processing: You have the right to request a temporary restriction on the processing of your personal data, e.g., for the duration of the correction of personal data we process about you.
- Right to Withdraw Consent: Whenever our processing of your data is based on your consent, you can withdraw such consent without any negative consequences for you. After withdrawing your consent, we will no longer process your personal data for the purpose for which you provided consent.
- Right to Object: You have the right to object to the processing of personal data when it comes to processing for direct marketing purposes, including profiling.
- Right to Data Portability: In technically feasible cases, you can request that your personal data be transferred to another controller.
- Right to not be discriminated against: We cannot deny you services or have different terms of services towards you merely on the grounds that you either denied consent or exercised your rights in accordance with applicable data protection law. However, by not consenting or exercising your rights (such as deletion of your personal data, restriction of processing, etc.), we may not be able to provide you with certain services or the quality of provided services may vary due to technical restrictions brought upon by your choices.
- Right to lodge a Complaint with the Information Commissioner: This right is exercised if you believe there has been a violation of data protection by the controller. You can submit a complaint to the Information Commissioner. Here are the contact information of the DIFC Commissioner of Data Protection’s Office:
Dubai International Financial Centre Authority
Level 14, The Gate Building
Phone: +971 4 362 2222
Mail: commissioner@dp.difc.ae.
You can exercise your rights by writing to us via email at: info@aeropool.io with the subject "data protection" or by sending your request by post to:
Phase Labs Technologies Limited,
Unit IH-00-01-01-OF-01, Level 1,
Innovation Hub, Dubai International Financial Centre,
Dubai, United Arab Emirates
marked "data protection".
We will process your request as soon as possible and no later than 30 days from receipt. If a particular request is so extensive that it requires a longer resolution time, we will inform you in advance and provide you with an estimated response time.
We reserve the right to reliably identify you when submitting a request to exercise any of your rights. If you do not send us personal data with your request that would allow us to reliably identify you, we will ask you for additional personal data. If you do not provide us with additional personal data within the specified period, we will dismiss your request.
If you are not satisfied with our response to your complaint, depending on where you live you may have the right to appeal our decision by contacting us using the contact details set out above, or lodge your complaint with your local data protection authority. For the EEA, you can find a list of the responsible data protection supervisory authorities here.
ONLINE PLUG-INS AND HYPERLINKS:
Our website provides the option to use online plug-ins and hyperlinks. Please note that these plug-ins and the content on the hyperlinks are operated by third parties and Phase Labs has no control over their content, privacy and/or security.
The use of online plug-ins and hyperlinks is at the user's own risk. Each plug-in and/or hyperlink controller operates based on its own privacy rules, which are not associated with the controller's rules.
Responsibility for interacting with the plug-ins and hyperlinks and any consequences arising from such interaction lies solely with the individual.
FURTHER PROCESSING OF PERSONAL DATA IN AUTOMATED FORM:
The controller does not perform automated decision-making in personal data processing.
RE-OBTAINING CONSENT:
In accordance with Article 12 of the DPL, the data controller will re-obtain your consent every twelve (12) months.
CHANGES:
Any changes to our Privacy Policy shall be published on this website.
It is assumed that you agree to the new version of the Policy if you continue to use Aero or other services subject to this Policy after the Policy has been changed.
CONTACT:
You can contact us at any time with additional questions regarding personal data protection by writing to us via an email at info@aeropool.io.
You may also contact the DIFC Commissioner of Data Protection’s Office at:
Dubai International Financial Centre Authority
Level 14, The Gate Building
Phone number: +971 4 362 2222
Email: commissioner@dp.difc.ae.