HEXENS
PRIVACY POLICY
Last updated: 16 June 2026
This Privacy Policy explains how Hexens Cyber Security Ltd., a company incorporated in the British Virgin Islands (company no. 2106778) (“Hexens”, “we”, “us”), collects and uses personal data in connection with hexens.io and the Glider products and services (the “Service”).
We act as a controller of personal data for the activities described in this Policy — for example, account administration, billing, security, and our own analytics. Where we process personal data on the documented instructions of a business customer (for example, the contact details of the customer’s personnel used to deliver alerts), we act as a processor on that customer’s behalf, and our Data Processing Addendum (not this Policy) governs that processing.
1. Personal Data We Collect
We collect the following categories of personal data, from you, from the business customer that enrolls you, from your use of the Service, and from public and third-party sources:
- Identity and account data — name, business email, company, job title, and account identifiers.
- Authentication data — credentials and, where issued, API keys.
- Notification-destination data — Telegram usernames and channel identifiers, Slack usernames and workspace identifiers, and other destination details submitted to receive alerts.
- Customer personnel data — contact and role information about a business customer’s employees or team members, submitted by that customer (processed as a processor under the DPA).
- Billing data — billing contact, transaction records, and tax information (payment-card data is handled by our payment processor).
- Usage and technical data — IP address, device and browser data, log data, and analytics.
- Communications — support requests and correspondence.
- On-chain and derived data — wallet and contract addresses and related analysis, which in some cases may relate to an identifiable person.
2. How and Why We Use Personal Data
We process personal data for the purposes below. Where the EU or UK General Data Protection Regulation applies, the legal basis is shown in brackets.
- To provide, operate, and administer the Service, including delivering alerts to designated destinations [performance of a contract].
- To authenticate users and to secure, monitor, and prevent abuse of the Service [legitimate interests; legal obligation].
- To bill and collect fees and keep financial records [contract; legal obligation].
- To provide support and communicate with you [contract; legitimate interests].
- To analyze, maintain, and improve the Service and our detection capabilities, including using aggregated or de-identified data [legitimate interests].
- To comply with law, including sanctions and anti-money-laundering screening, and to establish, exercise, or defend legal claims [legal obligation; legitimate interests].
- To send marketing about our products, where permitted, which you can opt out of at any time [consent; legitimate interests].
3. Cookies and Tracking
We use cookies and similar technologies for authentication, security, preferences, and analytics. You can control non-essential cookies through our cookie banner or your browser settings. Details are set out in our Cookies Policy.
4. How We Share Personal Data
We share personal data with: service providers and sub-processors who host, support, and operate the Service on our behalf (for example, cloud hosting, communications, analytics, and payment providers); the business customer that enrolled you, and the notification destinations you designate; authorities and advisors where required by law or to protect our rights; and an acquirer in connection with a merger, financing, or sale of assets. We do not sell your personal data, and we do not disclose it for others’ independent marketing.
5. International Transfers
We are based in the British Virgin Islands, and our service providers operate in the United States and other countries. Personal data may therefore be transferred outside the EEA and the UK to countries that may not provide an equivalent level of protection. Where we transfer personal data from the EEA or the UK, we rely on appropriate safeguards, including the European Commission’s Standard Contractual Clauses and the UK International Data Transfer Addendum, copies of which are available on request. Transfers of customer-instructed data are governed by our DPA.
6. Retention
We retain personal data for as long as needed for the purposes described, then delete or de-identify it. In general: account data is kept for the duration of the relationship and a reasonable period afterwards; billing and tax records are kept for the period required by law; security and log data is kept for a limited period; and notification-destination data is kept while configured and for a short period afterwards. Aggregated and de-identified data may be retained indefinitely.
7. Security
We maintain technical and organizational measures designed to protect personal data, including access controls, encryption in transit, logging, and least-privilege practices. No system is perfectly secure, and we cannot guarantee absolute security.
8. Your Rights
8.1 EEA and UK residents
If the EU or UK GDPR applies to you, you have the right to access, rectify, erase, restrict, or port your personal data, to object to processing based on legitimate interests or to direct marketing, and to withdraw consent. You may also lodge a complaint with a supervisory authority in the UK, the Information Commissioner's Office, and in the EEA, your local authority.
8.2 United States residents
Depending on your state of residence (including California, Colorado, Virginia, Connecticut, Utah, and other states with comprehensive privacy laws), you may have the right to know and access the personal information we collect, to delete it, to correct it, to opt out of targeted advertising, to limit the use of sensitive personal information, to appeal a denied request, and not to be discriminated against for exercising these rights. We do not sell or share personal information as those terms are defined under U.S. state privacy laws.
Categories of personal information we collect, and whether we “sell” or “share” them under U.S. state laws:
Category (e.g., CCPA) | Collected | Sold / Shared |
|---|---|---|
Identifiers (name, email, account, IP) | Yes | No |
Customer records (billing, contact) | Yes | No |
Internet/network activity (usage, logs) | Yes | No |
Inferences and derived data | Yes | No |
Sensitive personal information | Not intentionally | No |
To exercise these rights, submit a request by email to info@hexens.io. We will verify your identity before responding and will respond within the period required by law (generally 45 days). An authorized agent may submit a request with proof of authorization. If we deny a request, you may appeal by replying to our response; if you remain dissatisfied, you may contact your state attorney general.
9. Children
The Service is intended for businesses and is not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.
10. Changes to This Policy
We may update this Policy from time to time. We will post the updated Policy with a new date and, where required, provide additional notice.
11. Contact Us
For privacy questions or to exercise your rights, contact us at info@hexens.io, or by post at Trinity Chambers, Ora et Labora Building, Wickhams Cay II, Road Town, Tortola, VG1110, British Virgin Islands.