Privacy Policy

District Robotics LLC ("District Robotics," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you interact with our websites (drev.space, districtrobotics.com), platforms, applications, and services.

Please read this policy carefully. By using our services, you acknowledge you have read and understood this policy.

1. Who We Are

District Robotics LLC is a veteran and minority owned technology company headquartered in Washington, DC. We operate across 13 technology verticals including quantum computing, AI/ML, BCI devices, EV infrastructure, blockchain/RWA tokenization, and the DRNNN Web7 Command OS platform.

For privacy inquiries, use the contact details in Section 15.

2. Information We Collect

We collect information in the following categories:

Category	Examples	Source
Identity Data	Name, company name, title	You provide directly via contact forms
Contact Data	Email address, phone number	You provide directly via contact forms
Usage Data	Pages visited, time on site, referrer URL, device type, browser	Automatically via Cloudflare Web Analytics
Technical Data	IP address (anonymized), operating system, viewport	Automatically via our hosting infrastructure
Communication Data	Messages you send via our contact form	You provide directly
Wallet Data	Public blockchain wallet addresses (if you connect to our DeFi tools)	You provide directly via wallet connection

We do not collect Social Security numbers, government IDs, financial account numbers (outside of blockchain wallet addresses), or sensitive personal data as defined under GDPR Article 9 unless you explicitly provide it and consent to its use.

3. How We Use Your Information

We use the information we collect to:

• Respond to inquiries and service requests submitted through our contact form
• Send transactional and operational emails (e.g., confirmation of contact form submission)
• Analyze site usage to improve our platform, content, and services (aggregate/anonymized)
• Monitor uptime, security, and performance of our services
• Comply with legal obligations, prevent fraud, and enforce our Terms of Service
• Display page view counts via our KV-backed analytics (no personally identifiable data stored)

We do not sell your personal information. We do not use your data for automated decision-making or profiling in ways that produce legal or similarly significant effects.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

• Contract performance: Processing necessary to respond to your service inquiry
• Legitimate interests: Improving site security, analyzing usage trends (aggregated), preventing fraud
• Consent: Where you have given us explicit consent (e.g., subscribing to updates)
• Legal obligation: Compliance with applicable laws

5. Information Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share information in the following limited circumstances:

• Service Providers: We use Web3Forms to process contact form submissions and deliver them to our team. Web3Forms processes email data on our behalf under their own privacy policy.
• Infrastructure: Our site is hosted on Cloudflare Pages. Cloudflare may process technical data (such as IP addresses) as part of delivering our site and providing security services.
• Legal Requirements: We may disclose information if required by law, regulation, court order, or governmental authority.
• Business Transfers: In the event of a merger, acquisition, or sale of substantially all assets, your data may be transferred. We will notify you of such changes.

6. Cookies & Tracking Technologies

Our websites use minimal tracking technologies:

• Cloudflare Web Analytics: A privacy-first analytics tool. It does not use cookies and does not track individuals across sites. Data collected is aggregated and not personally identifiable. See Cloudflare's Privacy Policy.
• Session Cookies: If password protection is enabled on any page, a session cookie (dr_auth) is used to maintain your authenticated session. This cookie is session-scoped and expires when you close your browser.
• No advertising or cross-site tracking cookies are used on any District Robotics property.

You can control cookies through your browser settings. Disabling cookies will not affect your ability to view our public content.

7. Blockchain & On-Chain Data

Blockchain networks (including Polygon) are public and decentralized. Any transactions you conduct on-chain — including purchases of DREV tokens, interactions with our smart contracts, or wallet-to-wallet transfers — are permanently recorded on the public ledger and are not private.

District Robotics does not control the blockchain network and cannot modify, delete, or obscure any on-chain data. When you connect a wallet to our platform, your public wallet address may be visible to other users of the platform and to anyone inspecting the public blockchain.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purpose for which it was collected:

• Contact form submissions: Retained in our email system for up to 24 months, then deleted unless an ongoing business relationship exists
• Analytics data: Aggregated usage statistics retained indefinitely; no personal identifiers are stored
• KV pageview counters: Retain aggregate daily and total counters; no PII stored
• Legal compliance records: Retained for as long as required by applicable law

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• TLS/HTTPS encryption for all data in transit (enforced by Cloudflare)
• Cloudflare DDoS protection and WAF on all endpoints
• Security headers (CSP, HSTS, X-Frame-Options, X-Content-Type-Options) applied globally
• Environment variables (including API keys) stored as encrypted secrets in Cloudflare Pages — never committed to source code
• Access tokens scoped to minimum necessary permissions

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Restriction: Request that we restrict processing of your data
• Portability: Receive your data in a structured, commonly used format
• Objection: Object to processing based on our legitimate interests
• Withdraw Consent: Where processing is based on consent, withdraw at any time

To exercise any of these rights, contact us at the details in Section 15. We will respond within 30 days. We may need to verify your identity before fulfilling your request.

11. Children's Privacy

Our general services are not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us immediately and we will promptly delete it.

For STEM Academy educational programs involving minors, separate consent and privacy practices apply, managed through enrolled educational institution agreements.

12. International Users

Our services are operated from the United States. If you access our services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using our services, you consent to this transfer.

For EEA/UK users: We rely on Standard Contractual Clauses and other lawful mechanisms for international transfers where applicable.

13. California Privacy Rights (CCPA/CPRA)

California residents have the following additional rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you
• Right to Delete: Request deletion of personal information we have collected, subject to certain exceptions
• Right to Opt-Out: We do not sell personal information, so no opt-out is required
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
• Right to Correct: Request correction of inaccurate personal information

To submit a California privacy request, contact us using the information in Section 15. We will verify your identity and respond within 45 days.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. For material changes, we will make reasonable efforts to notify affected users. Your continued use of our services after any change constitutes acceptance of the updated policy.

We encourage you to review this policy periodically to stay informed about how we are protecting your information.

15. Contact Us

For privacy inquiries, data rights requests, or questions about this policy:

• Company: District Robotics LLC
• Location: Washington, DC, USA
• Website: districtrobotics.com
• Contact Form: drev.space/contact

Please mark your message "Privacy Request" and include the specific right or inquiry you are submitting. We aim to respond to all legitimate requests within 30 days.