Privacy Policy

Company Introduction

Distributive Corp. ("Distributive," "We," "Us," "Our") is a Canadian company operating the Distributive Compute Platform ("DCP") and its associated services. Our registered office is: 403-303 Bagot Street, Kingston, Ontario, Canada, K7K 5W7.

For any questions about this Policy, please contact us at privacy@distributive.network.

Definitions

DCP-Related Terms

“DCP” means the Distributive Compute Platform, Distributive’s distributed computing orchestration and monetization software platform that allows Users to buy, sell, or trade computing power on public or private networks.

“DCP Job” means the computer code describing a data-parallel or embarrassingly parallel workload to be distributed on DCP and the data associated with that workload. A DCP Job is sliced into individual computations for distributed execution.

“DCP Job Slice” means an element of a DCP Job that gets distributed to a DCP Worker for execution.

“dcp-client” means the software library distributed with DCP applications and containing utility functions for authentication, encoding DCP messages, dispatching DCP Jobs, executing work, querying various services, etc.

“DCP Compute Credits” denoted by ⊇ or DCC, means the unit of account used to meter computing resource consumption within DCP computing networks (similar to how kilowatt-hours (kWh) meter energy consumption within electrical grids).

“DCP Compute Group” is an abstract concept which associates a collection of DCP Jobs with a collection of DCP Workers, mediated by a variety of AAA (Access, Authentication, Authorization) and accounting means.

“DCP Portal” means the web site to view and manage DCP Bank balances, DCP Jobs, and DCP Compute Groups. The DCP Portal facilitates the purchase and sale of DCP Compute Credits.

“DCP Scheduler and DCP Bank” means Distributive’s proprietary workload orchestrator and DCP Compute Credit ledger, hosted in a secure colocation facility in Toronto, Ontario, Canada, and managed by Distributive.

“DCP Worker” means a software application installed on Client's digital infrastructure and responsible for retrieving and processing slices of DCP Jobs.

Privacy & Data Terms

“Anonymization” is the deletion or changing of personal data in such a way that it can no longer be assigned to a certain or ascertainable individual or only with a disproportionately high effort in terms of time, cost, and work.

“Cookies” are small files stored on your device (computer or mobile device used to access the Service) that help the Service’s website keep track of visits and activity for the benefit of the User.

“Consent” is any freely given, specific and transparently, well-informed indication of the will of the individual, whereby the individual agrees that his or her Personal Data may be processed.

“Data Controller” means the natural or legal person who determines the purposes for which and the manner in which any Worker Metrics, Job Metrics, Usage Data, and Personal Data are, or are to be, processed.

“Data Processors” (or Service Providers) means any natural or legal person who processes the data on behalf of the Data Controller. Every Data Processor at Distributive will be strictly expected to adhere to this policy. In addition, we may use the services of various Service Providers in strict accordance with this Policy in order to process your data more effectively.

“Data Subject” (or User) is any living individual who is using DCP and is the subject of Personal Data.

“Job Metrics” (or Slice Characteristics) means the execution performance of workloads dispatched by a User onto DCP. Job Metrics are required by the DCP Scheduler for workload scheduling and routing.

“Personal Data” means data about a natural person or living individual who can be identified from that data or from that and other information either in our possession or likely to come into our possession.

“Pseudonymization” is the replacement of an individual’s name and other identifiable characteristics with a label to prevent identification of the individual by unauthorized parties or to render such identification substantially difficult.

“Service” means the distributed computing service provided by DCP plus the Distributive’s website, consulting functions, and any other interactions where financial value is exchanged with any Users.

“Worker Metrics” means metadata pertaining to a DCP Worker’s performance or that is directly relevant to operations, such as workload scheduling and routing, that is collected, processed, or otherwise stored by Distributive.

“Usage Data” is data collected automatically either generated by the use of the Service or from the Service infrastructure itself.

Data Collection

We collect data to provide and improve our services while complying with applicable Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations.

Our primary data categories:

1. Worker Metrics – Operational metadata from DCP Workers.
2. Job Metrics – Execution performance data for workload scheduling.
3. Usage Data – Data automatically collected during service interactions.
4. Personal Data – User-specific data required for service access.

Other secondary data may be collected as necessary. Additionally, some customer and supplier data is managed by third-party Data Controllers.

Scope

Distributive complies with privacy laws in all jurisdictions where it operates. Data collection and disclosures to authorities occur only under legal obligations.

This Policy does not cover DCP Job Data, as Users control where their workloads are executed, including potentially in other jurisdictions when using public DCP Compute Groups.

Applicable Law

This Policy is governed by the laws of Ontario, Canada.

If you use our services from outside Canada, your data will be transferred, processed, and stored in Canada under its privacy laws. By using our services, you consent to this transfer.

Data Collected

Worker Metrics

We collect pseudonymized Worker Metrics essential for scheduling, routing, and pricing DCP Jobs. Data may be gathered through direct interactions or digital analytics. Examples include:

• CPU and GPU specifications
• Memory resources (RAM, SRAM, DRAM)
• Bandwidth and latency
• Host reliability (e.g., uptime, frequency of dropped job slices)

Job Metrics

We collect pseudonymized Job Metrics to optimize workload scheduling, routing, and pricing. Examples include:

• DCP Job execution statistics
• Benchmark-adjusted CPU/GPU time per Job Slice
• Input and output data sizes per Job Slice
• Dependency and module usage metrics

Usage Data

We collect pseudonymized data on general DCP usage patterns to maintain functionality, improve development, and support business decisions. Examples include:

• Active Users, Jobs, and Workers on DCP
• Job deployment activity and frequency
• Compute Credit usage statistics

Personal Data

We may collect Personal Data to identify Users, contact them, or comply with data residency requirements. Examples include:

• Email address
• Full name
• IP address
• DCP Login ID
• Communications within the Service
• Optional Personal Data voluntarily provided by Users

Additional data may be collected through interactions such as support requests, site visits, and service usage. This includes:

• Pages viewed, visit duration, and interaction patterns
• Referral sources (e.g., search terms, ads)
• Website latency on User devices

Cookies & Tracking Data

We collect tracking data through Cookies to enhance functionality and analyze Service usage. Types include:

• Functional Cookies – Ensure proper Service operation and prevent fraud
• Preference Cookies – Remember User settings
• Performance Cookies – Measure Service efficiency
• Advertising Cookies – Enable personalized ads

Cookies may be persistent or non-persistent. Users can manage them via browser settings, though some Service features may be affected.

Much of this data is pseudonymized or anonymized through third-party services. Regardless of its category, all data is handled under strict security measures outlined in this Policy.

Other Data

Beyond the primary data categories, we may collect additional secondary data from User interactions, third-party sources, or social media. All such data is governed by the same strict privacy controls.

Data Collected by Other Data Controllers

Some Services may require Users to provide additional data directly to third-party partners (“External Operators”). Distributive ensures these partners adhere to privacy best practices but cannot be held liable for their data handling.

Payment Processors

Certain External Operators function as Payment Processors, adhering to PCI-DSS and international payment regulations. Distributive does not store sensitive payment data such as:

• Credit card details
• Bank account numbers (IBAN)
• Security codes (CVV, passwords)
• Personal details of corporate executives

However, we may collect relevant billing-related data from these operators, including:

• Billing history (payment dates, amounts)
• Customer Acceptance Policy (CAP) status
• Payment method (e.g., credit card, ACH, SEPA)
• Tokenized references to payment data
• Recurring billing preferences
• Anonymized data for tax, analytics, and compliance

Other External Operators

We may use External Operators for analytics, marketing, or related purposes. These partners comply with privacy best practices, but their data collection is subject to their own privacy policies. Users should refer to their respective policies for further details.

External Operators Acting as Data Controllers:

• Braintree (PayPal service): Processes payments for purchasing DCP Compute Credits. Privacy Policy
• PayPal: Manages funds in the DCP Bank and processes payouts. Privacy Policy
• Google Analytics (Google LLC): Tracks Service usage and may use data for personalized ads. Privacy Policy

Methods of Data Collection

Distributive collects data through regular operation of its Services and other interactions with Users. These fall into several categories, all considered collected with your Consent upon confirming this Agreement and using our Services.

Information You Provide

We may collect data directly from Users via web forms, digital interfaces, email, or other direct interactions. This information is essential to provide our Services and fulfill legal obligations. Without it, some Services may be unavailable.

Users may also voluntarily provide additional data to enhance our service offerings, such as computational skills, accreditations, and research interests. While not required for accessing the DCP Network, we encourage Users to share relevant details that may improve our Services.

Information Collected Automatically

We may automatically collect data (“Passive Data”) via digital systems that support our Services. Unlike third-party data collection, Distributive is the exclusive Data Controller of this information, bound by Canadian law.

By using our Services, you permit this data collection. Users may opt out via browser settings (e.g., enabling Do Not Track), though some Services may be limited or provide less relevant content as a result.

Information from Third Parties

Distributive may use third-party services and External Operators to collect or process User data, including payment processors and analytics software. In some cases, we only receive aggregate reports rather than individual data. For instance, we may store payment amounts but not financial details.

Each External Operator adheres to its own policies and regulations, detailed in the "List of External Operators Acting as Data Controllers."

Data Protection

Storage and Encryption

All data transferred over the open internet is encrypted via SSH tunneling. Backups contain transient customer data (e.g., active worker IPs, job IDs, progress data) inherent in system snapshots.

Backend storage is regularly backed up (daily) and transmitted securely. While file systems are not encrypted, server and storage access is restricted to internal security personnel via Key-only SSH access. Critical backend services are isolated from the internet, accessible only through portal and scheduler hosts.

Access to Data

Authorized system administrators and development team members may access data for support, debugging, and Service improvements. Access is granted through Key-only SSH for tasks such as customer support, dispute resolution, and performance optimization. Anonymized, aggregated data is used for analytics and system improvements.

Data Breach Protocols

Distributive actively monitors system status and data integrity. In case of a Personal Data Breach, we assess severity, determine necessary actions, and mitigate risks. If required, we may temporarily halt the system to resolve vulnerabilities.

For serious breaches, we notify relevant Data Protection Authorities within 72 hours and inform affected Users if there is a high risk to their rights and freedoms. Users may request a list of past breaches by contacting privacy@distributive.network.

Business Transfers

In the event of a merger, acquisition, reorganization, or insolvency, your data may be transferred as part of due diligence. You will be notified before any transfer occurs and will retain all rights outlined in this Policy, including the right to access, erase, or restrict data processing.

Legal Disclosures

Distributive may disclose Personal Data in good faith when necessary to:

• Comply with legal obligations
• Protect the rights or property of Distributive
• Investigate wrongdoing with competent authorities under due process
• Ensure user or public safety
• Defend against legal liability

Customer Data Rights

As your Data Controller, we are committed to global best practices for handling and storing your information. You may exercise any of the rights below by emailing privacy@distributive.network. To process your request, we may ask you to verify your identity. Once confirmed, we will take action within 72 hours or sooner if required by GDPR.

By using our Services and confirming this Agreement, you consent to data collection. If you refuse all data collection, you cannot use our Services.

Right to Be Informed

You have the right to know what data we collect, how we store and use it, and which entities may access it. You also have the right to know how to dispute this agreement or file a complaint with a Data Protection Authority (DPA).

Right of Access

You may request access to your data and details about its usage. These requests, considered "Subject Access Requests" under GDPR, will be processed accordingly.

Right to Rectification

You have the right to request corrections to any inaccurate information we hold and to have erroneous data permanently erased.

Right to Erasure

You may request the deletion of all data we hold on you or withdraw consent for future data collection. This may limit or remove your ability to access our Services.

Right to Restrict Processing & Right to Object

You may limit the purposes for which we process your data. Restricted data will be segregated, and if legal obligations require us to process it, we will notify you. You may also object to any form of data processing, though this may affect your access to our Services.

Right to Data Portability

You may request a secure, easily transferable copy of your data to use in another IT environment.

Rights in Relation to Automated Decision-Making & Profiling

You have the right not to be subject to significant decisions based solely on automated processing. You may request details on how such processing is implemented, seek human intervention, express your viewpoint, obtain explanations, and challenge decisions made in this manner.

Geographic & Legislative Compliance

GDPR (EU)

We process and store Personal Data under four legal bases:

• Your explicit consent via Service usage and agreement confirmation.
• Contractual necessity to fulfill our obligations to you.
• Compliance with legal obligations, particularly Cloud Compliance Standards.
• Legitimate interest in providing and maintaining our Service.

We are not required to appoint a Data Protection Officer (DPO) or EU representative as we process data only occasionally, do not handle special categories of Personal Data, and pose no significant risk to user rights. Customer Data Rights in this Agreement apply to both EU citizens and non-citizens using our Services.

PIPEDA (Canada)

We adhere to the 10 Fair Information Principles under PIPEDA, ensuring accountability through our appointed Canadian Privacy Officer. Users can challenge compliance by contacting our Privacy Officer at privacy@distributive.network.

CalOPPA (California)

We comply with the California Online Privacy Protection Act, ensuring transparency in data practices and clear policy visibility on our website. We support Do Not Track (DNT) requests, which can be enabled in your browser settings.

APPI (Japan)

As a Foreign Business Operator (FBO), we comply with APPI regulations. We do not collect highly sensitive data such as medical history, criminal records, or racial information ("Special-Care Required Personal Information").

APP (Australia)

While not strictly regulated under the Australian Privacy Principles (APPs), we voluntarily comply with all 13 principles.

DPA (UK)

We comply with the UK Data Protection Act 2018, which aligns with GDPR. We do not collect sensitive data as defined under the DPA.

Data Collection of Minors

Our Service is not intended for users under 13. We do not knowingly collect their data. If a child has provided data, contact us immediately, and we will securely delete it.

Policy Disputes & Compliance

If you have a dispute or believe we are non-compliant, contact us first. We will investigate and attempt resolution per this Policy and applicable laws. If unresolved, you may file a complaint with your jurisdiction’s data authority.

Company Rights & Updates

• Privacy Policy Updates: We may update this policy and will notify users via email, our website, and an updated "effective date."
• Data Deletion: We may remove misleading, false, or misrepresentative data at our discretion, which may result in revoked Service privileges.

• Email: privacy@distributive.network
• Mail: 403-303 Bagot St, Kingston, Ontario K7K 5W7 Canada