Privacy Policy

Last updated: January 2026

1. Data Controller

This website is operated by:

Allooloo Technologies Corp.
260-4611 Viking Way
Richmond, BC
V6V 2K9
Canada

📧 Email: privacy@allooloo.ai
📞 Telephone: +1 604 753 8273

For the purposes of Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR), Allooloo Technologies Corp. acts as the data controller for this website.

2. Purpose of DPUPassport.org

DPUPassport.org operates as a public discovery and verification interface for Digital Proof Units (DPUs) and Digital Product Passports (DPPs).

This website exists to:

  • resolve verification records
  • provide batch-level compliance evidence
  • enable regulator, auditor, retailer, and customs verification

It is not a consumer platform and not a marketing website.

3. Scope of This Privacy Policy

This Privacy Policy applies solely to data processed through:

https://www.dpupassport.org/

It does not apply to:

  • manufacturer internal systems
  • OEM production systems
  • retailer ERP platforms
  • third-party sites linked from this website

4. Personal Data We Process

a) Technical Access Data

When accessing this website, the following data may be processed automatically:

  • IP address (short-term, security purposes only)
  • browser type and version
  • operating system
  • date and time of access
  • referring URL (if applicable)

This data is processed solely for security, integrity, and availability of the service.

No profiling or behavioral analysis is performed.

b) Verification Requests

When resolving or viewing a Digital Proof Unit (DPU):

  • no personal data is embedded in the DPU
  • verification records contain only:
    • cryptographic hashes
    • batch identifiers
    • material, environmental, and compliance metadata

DPUs are non-personal, non-consumer records.

c) Contact Communications (if initiated)

If you contact us via email or form submission, we may process:

  • name
  • email address
  • telephone number
  • message content

This data is used only to respond to your inquiry.

5. What We Explicitly Do NOT Do

DPUPassport.org does not:

  • use advertising cookies
  • track user behavior
  • create user profiles
  • sell or monetize personal data
  • embed third-party marketing pixels
  • perform cross-site tracking

This site exists for compliance verification, not engagement analytics.

6. Legal Basis for Processing (GDPR Article 6)

Personal data is processed under the following legal bases:

  • Article 6(1)(f) – legitimate interest
    (secure operation of compliance infrastructure)
  • Article 6(1)(b) – pre-contractual measures
    (responding to direct compliance or technical inquiries)

No processing relies on consent unless explicitly stated.

7. Blockchain, Ledger & Hash-Only Architecture

DPUPassport.org operates on a hash-only verification model:

  • No personal or proprietary data is written to any public ledger
  • Only cryptographic fingerprints of verified records are anchored
  • Full datasets remain off-ledger and private

This architecture is intentionally designed to:

  • minimize data exposure
  • preserve commercial confidentiality
  • remain GDPR-aligned by design

8. Data Storage & Processing Locations

Data may be processed in the following jurisdictions:

  • European Union (Germany – eu-central-1)
  • Canada

All environments operate under enterprise-grade security, access controls, and audit logging.

9. Data Retention

  • Technical access data is retained only as required for security and integrity
  • Contact communications are retained only as long as necessary to respond
  • Verification records do not contain personal data and are retained per regulatory requirements

10. Data Sharing

Personal data is not shared with third parties except where strictly required for:

  • secure hosting
  • infrastructure operation
  • legal or regulatory compliance

No data is shared for advertising or commercial profiling.

11. Your Rights Under GDPR

If you are located in the European Union, you have the right to:

  • access personal data (Art. 15)
  • rectify inaccurate data (Art. 16)
  • request erasure where applicable (Art. 17)
  • restrict processing (Art. 18)
  • object to processing (Art. 21)
  • lodge a complaint with a supervisory authority

Requests may be submitted to: 📧 privacy@allooloo.ai

12. Changes to This Policy

This Privacy Policy may be updated to reflect legal, technical, or regulatory changes.
The latest version is always available on this website.

13. Contact

For privacy, data protection, or compliance inquiries:

📧 privacy@allooloo.ai
📞 +1 604 753 8273

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.