Privacy Policy

Last Updated: February 19, 2026

1. Introduction

This Privacy Policy ("Policy") describes how Degenku ("Degenku", "we", "our", or "us") collects, uses, stores, shares, and protects information in connection with the Grand Arena platform (the "Platform"), including the website, mobile application, and all associated services (collectively, the "Services").

By accessing or using the Platform, you ("User", "you", or "your") acknowledge that you have read, understood, and agree to the practices described in this Policy. This Policy should be read in conjunction with our Terms of Service.

If you do not agree to this Policy, you should not access or use the Platform.

2. Information We Collect

2.1 Information You Provide

We may collect the following information that you voluntarily provide:

1. Wallet Information: Your public blockchain wallet address when you connect your wallet to the Platform. Degenku does not collect, store, or have access to your private keys, seed phrases, or wallet credentials.

2. Profile Information: Username, display name, avatar, and any other profile details you choose to provide.

3. Communications: Messages, feedback, support requests, and other communications you send to us through the Platform, email, Telegram, X (formerly Twitter), Discord, or other channels.

4. Contest and Gameplay Data: Your Contest entries, Card selections, Agent configurations, gameplay strategies, and related competitive activity on the Platform.

5. Transaction Data: Records of your purchases, sales, trades, Contest entry fees, Card Pack purchases, in-game item purchases, and other transactions initiated through the Platform.

6. Verification Information: Any information you provide in connection with identity verification, age verification, or jurisdictional compliance, if and when required.

7. Survey and Feedback Data: Responses to surveys, questionnaires, or feedback forms you voluntarily complete.

2.2 Information Collected Automatically

When you access or use the Platform, we may automatically collect:

1. Device Information: Device type, operating system, browser type and version, device identifiers, and screen resolution.

2. Usage Data: Pages and features accessed, time spent on the Platform, click patterns, navigation paths, Contest participation patterns, Marketplace browsing activity, and other interaction data.

3. Log Data: IP address, access times, referring URLs, error logs, and server request data.

4. Cookies and Similar Technologies: We use cookies, local storage, and similar technologies to maintain session state, remember preferences, and analyze Platform usage. See Section 8 for details.

5. Performance and Analytics Data: Platform performance metrics, load times, crash reports, and diagnostic data.

2.3 Information from Third Parties

We may receive information from:

1. Blockchain Networks: Publicly available on-chain data from the Ronin blockchain, including transaction histories, wallet balances, token holdings, and smart contract interactions associated with your wallet address.

2. Wallet Providers: Technical information necessary to facilitate your wallet connection, as provided by third-party wallet services (such as Ronin Wallet).

3. Analytics Providers: Aggregated and anonymized usage data from third-party analytics services.

4. Public Sources: Information that is publicly available, including public blockchain data and publicly posted social media content.

2.4 On-Chain Data

You acknowledge that all blockchain transactions conducted through the Platform are recorded on the Ronin blockchain and are publicly visible, permanent, and immutable. This includes wallet addresses, transaction amounts, Card transfers, Agent transfers, smart contract interactions, and timestamps. Degenku does not control, own, or have the ability to modify or delete on-chain data.

3. How We Use Your Information

3.1 Provision of Services

We use your information to:

1. Facilitate your connection to the Platform via your blockchain wallet.

2. Enable your participation in Contests, including processing Contest entries, determining results, and distributing prizes.

3. Operate the Card Marketplace, including facilitating Card listings, purchases, sales, and trades.

4. Process purchases of Card Packs, consumable in-game items, and other Platform offerings.

5. Manage NFT Agent interactions, configurations, and performance tracking.

6. Provide customer support and respond to your inquiries.

3.2 Platform Improvement and Development

We use your information to:

1. Analyze usage patterns to improve Platform features, user experience, and performance.

2. Develop, test, and refine AI models, reinforcement learning systems, and Contest mechanics.

3. Conduct internal research and analytics to understand user behavior and preferences.

4. Debug technical issues and improve Platform stability and security.

3.3 Safety, Security, and Integrity

We use your information to:

1. Detect, prevent, and investigate fraud, collusion, multi-accounting, and other prohibited activities.

2. Enforce our Terms of Service and Contest integrity rules.

3. Monitor for and respond to security threats, vulnerabilities, and unauthorized access.

4. Verify eligibility, including age and jurisdictional requirements.

5. Comply with applicable laws, regulations, and legal processes.

3.4 Communications

We use your information to:

1. Send you Platform notifications, including Contest updates, transaction confirmations, and system alerts.

2. Communicate service changes, policy updates, and important announcements.

3. Send promotional communications, where you have opted in or where permitted by applicable law. You may opt out of promotional communications at any time.

3.5 Legal and Compliance

We use your information to:

1. Comply with applicable legal obligations, including anti-money laundering (AML) and know-your-customer (KYC) requirements, where applicable.

2. Respond to lawful requests from law enforcement, regulatory authorities, or courts.

3. Establish, exercise, or defend legal claims.

4. Enforce our agreements, including the Terms of Service.

4. Legal Basis for Processing

Where applicable data protection laws require a legal basis for processing personal data (such as under the EU General Data Protection Regulation or similar frameworks), we rely on the following:

1. Performance of a Contract: Processing necessary to provide the Services you have requested and to perform our obligations under the Terms of Service.

2. Legitimate Interests: Processing necessary for our legitimate interests, including Platform security, fraud prevention, service improvement, and analytics, provided these interests are not overridden by your rights and freedoms.

3. Consent: Where you have given explicit consent to specific processing activities, such as receiving promotional communications. You may withdraw consent at any time.

4. Legal Obligation: Processing necessary to comply with applicable laws, regulations, or legal processes.

5. How We Share Your Information

5.1 Service Providers

We may share your information with third-party service providers who perform services on our behalf, including hosting and infrastructure providers, analytics and monitoring services, customer support platforms, security and fraud detection services, and communication services. Service providers are contractually obligated to use your information only as necessary to provide services to us and in accordance with this Policy.

5.2 Blockchain Disclosure

Transactions you initiate through the Platform are recorded on the Ronin blockchain and are publicly accessible. We do not control the dissemination of on-chain data. Any party with access to the Ronin blockchain can view your transaction history associated with your wallet address.

5.3 Legal and Regulatory Disclosure

We may disclose your information where required by applicable law, regulation, legal process, or governmental request, where necessary to enforce our Terms of Service or protect our rights, property, or safety, where necessary to protect the rights, property, or safety of other Users or the public, and in connection with any investigation of fraud, security incidents, or potential violations of law.

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all of our assets, your information may be transferred to the acquiring entity. We will provide notice of any such transfer and any choices you may have regarding your information.

5.5 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you. This includes aggregate Contest statistics, Platform usage trends, and market analytics.

5.6 With Your Consent

We may share your information for purposes not described in this Policy with your explicit consent.

5.7 No Sale of Personal Data

Degenku does not sell your personal information to third parties.

6. Data Retention

6.1 Retention Periods

We retain your information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods vary based on the type of information and the purpose for which it was collected:

1. Account and Profile Data: Retained for the duration of your use of the Platform and for a reasonable period thereafter, unless earlier deletion is requested and legally permissible.

2. Transaction and Contest Data: Retained for a minimum of five (5) years, or longer as required by applicable tax, financial, or regulatory requirements.

3. Communications and Support Data: Retained for a minimum of two (2) years from the date of the communication.

4. Usage and Analytics Data: Retained in identifiable form for up to twenty-four (24) months, after which it is aggregated or anonymized.

5. Security and Fraud Prevention Data: Retained for as long as necessary to investigate and resolve incidents, and for a reasonable period thereafter.

6.2 On-Chain Data

On-chain data recorded on the Ronin blockchain is permanent and cannot be deleted by Degenku or any party. This is an inherent characteristic of blockchain technology.

6.3 Deletion

When personal data is no longer required, we will securely delete or anonymize it in accordance with our data retention procedures. Certain data may be retained in backup systems for a limited period after deletion from active systems.

7. Data Security

7.1 Security Measures

We implement reasonable technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest where appropriate, access controls limiting personnel access to personal data on a need-to-know basis, regular security assessments and vulnerability testing, and monitoring for suspicious activity and unauthorized access attempts.

7.2 Wallet Security

Degenku does not store, access, or have any control over your private keys, seed phrases, or wallet credentials. The security of your wallet is your sole responsibility. We strongly recommend using hardware wallets, enabling all available security features, maintaining secure backups, and never sharing your private keys or seed phrases with anyone.

7.3 Limitations

No method of data transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. You acknowledge that you provide information at your own risk.

7.4 Security Incidents

In the event of a data breach that affects your personal information, we will notify you and any applicable regulatory authorities as required by law. Notification will include the nature of the breach, the data affected, steps we are taking to address the breach, and recommendations for protecting yourself.

8. Cookies and Tracking Technologies

8.1 Types of Cookies

We may use the following types of cookies and similar technologies:

1. Essential Cookies: Required for the Platform to function, including session management, wallet connection state, and security features. These cannot be disabled without impairing Platform functionality.

2. Functional Cookies: Used to remember your preferences, settings, and display options for an improved user experience.

3. Analytics Cookies: Used to collect aggregated, anonymized information about how users interact with the Platform, helping us improve features and performance.

8.2 Managing Cookies

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect Platform functionality. Most browsers allow you to block or delete cookies, set preferences for specific websites, and browse in private or incognito modes that limit cookie storage.

8.3 Do Not Track

The Platform does not currently respond to "Do Not Track" browser signals, as there is no industry-standard interpretation or protocol for such signals.

9. Your Rights and Choices

9.1 General Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

1. Access: The right to request a copy of the personal data we hold about you.

2. Correction: The right to request correction of inaccurate or incomplete personal data.

3. Deletion: The right to request deletion of your personal data, subject to legal retention requirements and the limitations of blockchain technology.

4. Restriction: The right to request restriction of processing of your personal data in certain circumstances.

5. Portability: The right to receive your personal data in a structured, commonly used, and machine-readable format.

6. Objection: The right to object to processing of your personal data based on legitimate interests.

7. Withdrawal of Consent: Where processing is based on consent, the right to withdraw consent at any time without affecting the lawfulness of prior processing.

9.2 Exercising Your Rights

To exercise any of the rights described above, please contact us using the details in Section 14. We will respond to your request within the timeframe required by applicable law (typically within thirty (30) days). We may request verification of your identity before processing your request.

9.3 Limitations

Certain rights may be limited where we have a legal obligation to retain data, where deletion is technically impossible (such as on-chain data), or where we have compelling legitimate grounds for continued processing.

9.4 Communication Preferences

You may opt out of promotional communications at any time by following the unsubscribe instructions in the communication or by contacting us directly. Opting out of promotional communications does not affect our ability to send you service-related notifications, including transaction confirmations, security alerts, and policy updates.

10. International Data Transfers

10.1 Transfer Mechanisms

Degenku is based in Costa Rica. If you access the Platform from outside Costa Rica, your information may be transferred to, stored in, and processed in Costa Rica or other jurisdictions where our service providers operate.

10.2 Safeguards

Where personal data is transferred across borders, we implement appropriate safeguards to ensure the protection of your data, including standard contractual clauses or other approved transfer mechanisms where required by applicable law, contractual obligations on service providers to maintain equivalent data protection standards, and data processing agreements with third-party processors.

10.3 EEA, UK, and Swiss Users

If you are located in the European Economic Area, United Kingdom, or Switzerland, we will ensure that any transfer of personal data outside these regions is conducted in compliance with applicable data protection laws, including through the use of European Commission-approved standard contractual clauses or other legally recognized transfer mechanisms.

11. Children's Privacy

11.1 Age Requirement

The Platform is not intended for individuals under the age of 18 (or the age of legal majority in their jurisdiction, whichever is greater). We do not knowingly collect personal information from minors.

11.2 Parental Notice

If we become aware that we have collected personal information from a minor, we will take steps to delete such information promptly. If you believe we have inadvertently collected information from a minor, please contact us immediately using the details in Section 14.

12. Third-Party Services

12.1 Third-Party Links and Services

The Platform may contain links to or integrations with third-party websites, services, or applications, including but not limited to wallet providers, blockchain explorers, social media platforms, and analytics services. This Policy does not apply to third-party services, and we are not responsible for their privacy practices.

12.2 Wallet Providers

Your use of a third-party wallet provider (such as Ronin Wallet) is governed by that provider's own terms and privacy policy. We encourage you to review the privacy practices of any wallet provider you use.

12.3 Blockchain Infrastructure

The Ronin blockchain and associated infrastructure are operated by third parties. We do not control the privacy practices of blockchain networks, node operators, or validators.

13. Changes to This Policy

13.1 Updates

We may update this Policy from time to time to reflect changes in our practices, the Platform, or applicable laws. The "Last Updated" date at the top of this Policy will be revised accordingly.

13.2 Notification

For material changes, we will make reasonable efforts to notify you through the Platform, email, or other available communication channels prior to the changes taking effect.

13.3 Continued Use

Your continued use of the Platform after any changes to this Policy constitutes your acceptance of the updated Policy. If you do not agree with the changes, you should discontinue use of the Platform.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, you may contact us at:

Support: discord.gg/moku → Submit a Ticket

Email: support@moku.gg

For data protection inquiries specifically related to your rights under applicable data protection laws, please include "Privacy Request" in the subject line of your communication.

15. Jurisdiction-Specific Provisions

15.1 European Economic Area, United Kingdom, and Switzerland

If you are located in the EEA, UK, or Switzerland, the following provisions apply in addition to the rest of this Policy:

1. The data controller for your personal data is Degenku, contactable at support@moku.gg

2. You have the right to lodge a complaint with your local supervisory authority if you believe our processing of your personal data infringes applicable data protection laws.

3. We will not make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you, unless we have your explicit consent, the processing is necessary for a contract, or it is authorized by applicable law.

15.2 United States — California Residents

If you are a California resident, the following provisions apply under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

1. You have the right to know what personal information we collect, use, disclose, and sell or share.

2. You have the right to request deletion of your personal information, subject to certain exceptions.

3. You have the right to opt out of the sale or sharing of your personal information. Degenku does not sell personal information.

4. You have the right to non-discrimination for exercising your privacy rights.

5. To exercise these rights, please contact us using the details in Section 14.

15.3 Brazil

If you are located in Brazil, you may exercise your rights under the Lei Geral de Proteção de Dados (LGPD) by contacting us using the details in Section 14.