Privacy Policy

The Sovereign Node Manifesto — Data sovereignty for every user. Please read this policy carefully.

Last updated: 2026-03-11

1. Introduction, Privacy Philosophy, and Data Controller

Difuzzion is not a centralized social network; it is a cutting-edge infrastructure designed for multimedia content distribution under a peer-to-peer (P2P) paradigm. In this ecosystem, "privacy by design" is not an aesthetic concession, but the technical foundation that enables the existence of a "Human Infrastructure" where data sovereignty resides exclusively with the nodes (users).

By operating as a decentralized network where no Personally Identifiable Information (PII) is required, Difuzzion strategically positions itself within the "Safe Harbor" regime. This technical architecture ensures that the platform acts solely as a facilitator of connections and a manager of metadata, delegating the possession and control of content to the network itself.

This model of "minimal collection" and absolute decentralization protects the user against the massive security breaches inherent in centralized databases. Since there is no single point of failure or central identity repository, privacy becomes a shield against surveillance and operational risk. To guarantee this autonomy, it is imperative to define what information remains strictly out of the platform's reach.

Data Controller

For the purposes of the General Data Protection Regulation (GDPR) and applicable data protection legislation, the data controller responsible for the processing activities described in this Privacy Policy is Difuzzion, operated from Spain. For any inquiries regarding data protection, you may contact us at: support@difuzzion.com.

Scope and Applicability

This Privacy Policy applies to all users who access or use the Difuzzion platform, regardless of their geographic location. It governs the collection, processing, storage, and deletion of data as described herein. By creating an account or using the platform, the user acknowledges and accepts the data processing practices outlined in this document.

2. The Commitment to Non-Collection: Excluded Data and Custody Exemption

The voluntary waiver of sensitive data collection is not just a statement of principles, but a guarantee of legal security. Difuzzion systematically eliminates any surveillance vector by neither requesting nor storing data that links digital activity to a physical identity.

Difuzzion DOES NOT collect or store:

  • Personal Identifiers: Emails, phone numbers, real names, or official identity documents.
  • Cross-Tracking: Browsing activity outside the Difuzzion domain.
  • Commercial Profiling Data: There is no communication with data brokers or external advertising networks.
  • Plaintext Private Keys: The platform never has access to the unencrypted private key.
  • Payment Card Details: Difuzzion does not store, process, or have access to credit/debit card numbers, CVV codes, or banking credentials. All payment data is handled exclusively by Stripe.

The technical impossibility of accessing the private key in plaintext constitutes the greatest guarantee of user ownership. From a legal perspective, this architecture exempts the platform from any custodial liability. The user is the sole sovereign of their cryptographic identity; without the private key, Difuzzion is unable to intervene, censor, or impersonate the node, consolidating the sovereign nature of the ecosystem.

3. Categorization of Collected Data and Technical Treatment

To ensure the operability of the P2P network and the viability of the incentive system, Difuzzion manages a minimum set of technical metadata. This information is treated under principles of necessity, proportionality, and data minimization in accordance with Article 5(1)(c) of the GDPR.

Category Specific Data Technical and Legal Purpose Retention Period
Authentication and Security Username, bcrypt hash of password, public key, and encrypted private key. Identity verification without knowledge of the actual key (Zero-Knowledge). Duration of the account. Deleted upon account termination.
Ecosystem Activity Content metadata (titles, hashtags), message history, Stars balance (Performance Metrics). Coordination of the global catalog and management of usage licenses. Duration of the account. Message history subject to E2EE and not accessible by the platform.
Technical and Network Data IP (processed in memory), Peer ID, presence of Seeding, and optional profile (avatar/bio). Facilitating WebRTC connectivity, protection against abuse, and P2P coordination. IP: ephemeral (in-memory only, not persisted). Profile: duration of account.
Payment Transaction Data Stripe transaction ID, amount, currency, date/time, payment status, IP at time of purchase, and account identifier. Transaction verification, dispute evidence, regulatory compliance, and fraud prevention. Minimum 5 years or as required by applicable tax and commercial regulations.

There is a critical distinction between metadata (centrally managed for indexing) and actual content. Difuzzion only acts as a search index manager; the multimedia file resides fragmented across users' devices. IP addresses are processed strictly in memory for P2P signaling and are never persistently linked to the user profile, guaranteeing an ephemeral technical trail. However, IP addresses associated with payment transactions may be retained as part of the transaction record for fraud prevention and dispute resolution purposes.

4. Legal Basis for Data Processing

In accordance with Article 6(1) of the GDPR, Difuzzion processes data under the following legal bases:

  • Performance of Contract (Art. 6(1)(b)): Processing of authentication data, Stars balance, content metadata, and account-related information is necessary for the performance of the contract between Difuzzion and the user (the Terms and Conditions of Service). Without this processing, the platform cannot provide its services.
  • Legitimate Interests (Art. 6(1)(f)): Processing of technical data (IP in memory, Peer ID, network metrics) is carried out based on the legitimate interest of maintaining the security, integrity, and operability of the P2P network. Difuzzion has assessed that this processing is proportionate and does not override the user's fundamental rights, particularly given the ephemeral nature of IP processing and the anonymized treatment of network metrics.
  • Legal Obligation (Art. 6(1)(c)): Retention of payment transaction records (Stripe transaction ID, amounts, dates, IP) is necessary to comply with tax regulations, anti-money laundering (AML) legislation, and commercial record-keeping obligations applicable in Spain and the European Union. Additionally, these records may be retained as evidence for lawful dispute resolution with payment processors.
  • Consent (Art. 6(1)(a)): When Difuzzion introduces optional features that require processing beyond what is strictly necessary for service provision (e.g., optional email for notifications), explicit consent will be obtained from the user prior to processing, with a clear mechanism to withdraw consent at any time.

Difuzzion does not engage in automated decision-making or profiling that produces legal effects or similarly significant effects on users, as defined in Article 22 of the GDPR.

5. Purpose of Processing and Ecosystem Operation

Data processing in Difuzzion responds exclusively to the technical and economic viability of the decentralized network:

  • Sovereign Authentication: Access validation via cryptographic protocols.
  • P2P Coordination: Linking nodes for the efficient distribution of content fragments.
  • Internal Economy (Stars): Management of Stars, legally defined as Digital Usage Licenses and Performance Metrics.
  • Moderation and Security: Response to community reports (CSAM, malware, terrorism) to protect node integrity without mass surveillance.
  • Infrastructure Metrics: Anonymous evaluation of network availability and peer performance.
  • Transaction Verification and Dispute Resolution: Maintaining records of payment transactions, including timestamps, amounts, and delivery confirmations, to verify service delivery and respond to payment disputes or chargebacks initiated through Stripe or card issuers.

By categorizing Stars as usage licenses and performance metrics — and not as financial instruments — Difuzzion ensures a legal firewall against regulations such as MiCA or EMD2/3. Report-based moderation demonstrates that anonymity is compatible with a secure environment, eliminating the need for proactive or invasive monitoring.

6. Cryptographic Security: "Zero-Knowledge" Architecture

In Difuzzion, security is not an added layer but the core of the service contract. We implement highly sophisticated protocols to shield user autonomy:

  • Key Derivation (PBKDF2): Private keys are encrypted locally on the user's device using AES-GCM with a key derived via PBKDF2.
  • Password Protection: Use of bcrypt to ensure credentials remain indecipherable even in the event of unauthorized server access.
  • Messaging Encryption (E2EE): Direct messaging between users is protected by end-to-end encryption, using the participants' public keys.
  • Session Attributes: Session cookies employ Secure, HttpOnly, and SameSite Lax attributes to mitigate interception attacks.
  • Transport Security: All communications between the user's browser and Difuzzion servers are encrypted via TLS (HTTPS), ensuring data integrity and confidentiality in transit.

This Zero-Knowledge architecture implies that the risk of interception by the infrastructure administrator is zero. Digital sovereignty is total: the administrator cannot see your messages or your keys, transferring the responsibility of custody entirely to the user.

7. Local Storage Management: Anti-Surveillance Architecture

Unlike traditional platforms based on "surveillance capitalism," Difuzzion uses technical storage exclusively for network efficiency. No tracking, analytics, or advertising cookies are deployed.

  • Session Cookie (user token): The only functional cookie for maintaining a secure session. This cookie is essential for the operation of the service and does not require separate consent under the ePrivacy Directive, as it is strictly necessary for the service explicitly requested by the user. Attributes: Secure, HttpOnly, SameSite=Lax.
  • IndexedDB / Local Storage: Essential tool where the Service Worker temporarily stores content fragments to allow reproduction and seeding in the P2P network. This storage is local to the user's device and is not transmitted to Difuzzion's servers. It is classified as strictly necessary for the service requested by the user.

This Anti-Surveillance Architecture completely dispenses with third-party trackers, fingerprinting techniques, and analytical scripts. The use of IndexedDB serves the sovereign purpose of turning the user into an active node of the network, improving their technical experience without sacrificing privacy for commercial interests. Difuzzion does not use any advertising cookies, marketing pixels, or social media tracking integrations.

8. Transfer to Third Parties, Data Sharing, and P2P Reality

Interaction with external entities is limited to what is strictly necessary for regulatory compliance and technical functionality:

  • Stripe Connect (Payment Processor): For the acquisition of Stars or gratuities, financial data is managed exclusively by Stripe, Inc. (USA) and Stripe Payments Europe, Ltd. (Ireland). Difuzzion does not store bank details, delegating KYC/AML obligations and tax reporting (DAC7/1099-K) to the payment processor. Stripe processes payment card data, billing address, and email (when provided for receipt purposes) under its own privacy policy. Difuzzion shares with Stripe only the information necessary to process the transaction: the transaction amount, the user's account identifier, and the IP address at the time of purchase.
  • Stripe — Dispute and Chargeback Evidence: In the event of a payment dispute or chargeback, Difuzzion may share with Stripe the following data to support the legitimacy of the transaction: the transaction record (date, amount, Stars credited), the IP address from which the purchase was initiated, timestamps of service delivery and usage activity, and the user's acceptance of Terms and Conditions at the time of purchase. This data sharing is based on the legal obligation to respond to payment disputes (Art. 6(1)(c) GDPR) and the legitimate interest in protecting the platform against fraudulent chargebacks (Art. 6(1)(f) GDPR).
  • IP Visibility in WebRTC: In a P2P network, the IP may be visible to other peers to establish a connection. This is inherent to the WebRTC technology and occurs at the protocol level between peers, not through Difuzzion's servers.
  • TURN Servers (PRO Users): As an advanced privacy measure, PRO users can opt for TURN relay servers to hide their IP from other peers. When enabled, the TURN server acts as an intermediary, so peer connections are relayed and the user's IP is not exposed to other nodes. This option is disabled by default and requires active configuration by the user.

The use of Stripe Connect allows Difuzzion to "outsource" financial regulatory risk, keeping the core of the platform free of sensitive data and concentrated on decentralized metadata management. Difuzzion does not sell, rent, or share personal data with third parties for marketing or advertising purposes. Data is only shared as described in this section and only to the extent necessary for the stated purposes.

9. International Data Transfers

Difuzzion's servers are hosted within the European Union. However, certain data may be transferred outside the EU/EEA in the following circumstances:

  • Stripe Transfers: Stripe, Inc. is headquartered in the United States. Payment transaction data processed by Stripe may be transferred to the US under the EU-US Data Privacy Framework or, where applicable, Standard Contractual Clauses (SCCs) adopted by the European Commission. Stripe's data protection practices are detailed in their own privacy policy.
  • P2P Network (Inherent): By the nature of the P2P technology, content fragments may be transmitted to and from peers located anywhere in the world. This is an inherent characteristic of decentralized networks and occurs at the protocol level between users. Difuzzion does not control or direct these transfers.

Safeguards

For any transfer of personal data outside the EU/EEA that is within Difuzzion's control, appropriate safeguards are implemented in accordance with Chapter V of the GDPR, including but not limited to: adequacy decisions, Standard Contractual Clauses, and/or binding corporate rules of the receiving party.

10. Data Retention, Deletion, and the "Danger Zone"

Difuzzion retains personal data only for as long as necessary to fulfill the purposes described in this policy, or as required by applicable law. The specific retention periods are:

  • Account Data: Username, cryptographic keys (hashed password, public key, encrypted private key), profile information, Stars balance, and content metadata are retained for the duration of the account. All data is permanently deleted upon account termination.
  • Payment Transaction Records: Transaction records (Stripe ID, amount, date, IP, delivery confirmation) are retained for a minimum of 5 years after the transaction, or longer if required by applicable tax, commercial, or anti-money laundering regulations. This retention is necessary to comply with legal obligations and to maintain evidence for potential payment disputes.
  • Security and Abuse Logs: Anonymized logs related to abuse reports, bans, or security incidents are retained for the time necessary to protect the integrity of the network and comply with legal obligations. These logs do not contain personally identifiable information.

Danger Zone (Account Deletion)

Account deletion through the "Danger Zone" in the control panel permanently and irrevocably erases the profile, metadata, message history, Stars balance, and all associated data from Difuzzion's servers. This action is irreversible and no recovery mechanism exists. Payment transaction records will be retained as required by law even after account deletion, but they are dissociated from the deleted profile.

Residual Persistence

Content fragments may persist in the cache of other nodes in the P2P network ephemerally until the network detects their removal from the global catalog. Difuzzion cannot guarantee the deletion of fragments that reside on third-party devices in the decentralized network.

Losing the password or voluntary deletion in the "Danger Zone" constitutes a final and irrecoverable termination. There are no recovery backdoors, reinforcing that the user is the sole custodian of their digital existence.

11. Your Rights under Data Protection Law

Under the General Data Protection Regulation (GDPR) and applicable national legislation, users have the following rights with respect to their personal data:

  • Right of Access (Art. 15 GDPR): You have the right to request confirmation of whether Difuzzion processes your personal data and, if so, to obtain a copy of such data. Due to the anonymized nature of the platform, the data available is limited to what is described in Section 3 of this policy.
  • Right to Rectification (Art. 16 GDPR): You may correct or update your profile data (username, avatar, bio) at any time through the platform's settings.
  • Right to Erasure — "Right to Be Forgotten" (Art. 17 GDPR): You may delete your account and all associated data permanently through the "Danger Zone" in your account settings. Upon deletion, all data described in Section 10 is erased, subject to the legal retention obligations for payment transaction records. Note: due to the P2P nature of the network, content fragments cached on other users' devices are outside Difuzzion's control.
  • Right to Data Portability (Art. 20 GDPR): You have the right to receive your data in a structured, commonly used, and machine-readable format. This can be managed from the control panel where you can export your available account data.
  • Right to Restriction of Processing (Art. 18 GDPR): You may request the restriction of processing of your data in certain circumstances, such as when you contest the accuracy of data or object to processing based on legitimate interests.
  • Right to Object (Art. 21 GDPR): You may object to the processing of your data carried out on the basis of legitimate interests (Art. 6(1)(f)). Difuzzion will cease processing unless compelling legitimate grounds for the processing are demonstrated that override your interests, rights, and freedoms.
  • Right to Lodge a Complaint: If you believe that the processing of your personal data infringes the GDPR or applicable data protection laws, you have the right to lodge a complaint with the competent supervisory authority. In Spain, the supervisory authority is the Agencia Española de Protección de Datos (AEPD), www.aepd.es.

To exercise any of these rights, please contact support@difuzzion.com. Difuzzion will respond to your request within 30 days, as required by the GDPR. In certain cases, Difuzzion may request additional verification to confirm your identity before processing your request, given the anonymous nature of the platform.

12. Data Breach Notification and Children's Privacy

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of users, Difuzzion will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with Article 33 of the GDPR. If the breach is likely to result in a high risk to users' rights and freedoms, affected users will also be notified directly (where possible) or through a prominent notice on the platform, in accordance with Article 34 of the GDPR.

Children's Privacy

Difuzzion is not directed at children under the age of 16 (or the applicable age of digital consent in the user's jurisdiction). The platform does not knowingly collect personal data from minors. Given the anonymized nature of registration (no email, phone, or personal data required), age verification is inherently limited. If Difuzzion becomes aware that data has been inadvertently collected from a minor, the associated account and data will be deleted promptly.

13. Updates, Infrastructure Governance, and Contact

This document constitutes the dynamic governance framework between the network facilitator and its sovereign nodes.

  • Change Procedure: Any significant modification to this Privacy Policy will be notified through the platform with reasonable advance notice. Material changes that affect users' rights will be communicated prominently. The date of the last update is displayed at the top of this document.
  • Data Protection Contact: For any data protection inquiries, rights requests, or complaints, please contact: support@difuzzion.com. Difuzzion will respond within 30 days.
  • Continued Consent: Use of the infrastructure following an update to this Privacy Policy reaffirms the user's acknowledgment and acceptance of the updated practices. If a user does not agree with the updated policy, they may exercise their right to delete their account through the "Danger Zone" as described in Section 10.

Governing Law

This Privacy Policy is governed by the laws of Spain, the General Data Protection Regulation (EU) 2016/679, and any applicable European Union data protection legislation. Any dispute regarding data protection that cannot be resolved through direct communication or by lodging a complaint with the supervisory authority may be submitted to the competent courts of Spain.

Statement of Acceptance: By interacting with the Difuzzion ecosystem, you acknowledge your status as a sovereign node and assume sole responsibility for your cryptographic keys and your activity on the network. This Privacy Policy, together with the Terms and Conditions of Service, forms the complete agreement governing the use of the platform.