Deca Privacy Policy

Last Updated:

Pattern Engine, Inc. dba Deca (“Deca”, “we”, “us”, “our”) is a platform for non-fungible token (NFT) art. This Privacy Policy applies to personal data we process relating to our online visitors and users of our website, apps, products and services (collectively, the “Services”). Any capitalized terms or other terms not defined herein shall have the meaning given to them elsewhere in our Privacy Policy, or if not defined herein, in the European Union (EU) General Data Protection Regulation (“GDPR”). GDPR references to the GDPR will be construed as also including the GDPR as it is incorporated into the law of the United Kingdom (UK), commonly referred to as the “UK GDPR”.

We have adopted this Privacy Policy to inform you about how we gather, use, store, disclose, and otherwise process your information, including personal data, in conjunction with your use of our Services. Please read this Privacy Policy carefully to understand our views and practices regarding your personal data and how we will treat it.


Information we collect from you or that you provide us directly through our Services may include:

  • Identity data: e.g., name and username.
  • Registration or Account Information: information you use to register for our Services such as email address, username, password, blockchain address, and the cryptocurrency wallet address.
  • Linked Account: When creating your Services account, you may opt to link an existing account of a third-party to create your account to use the Services, for example your cryptocurrency wallet address. Please note that we will use the personal data made available to us from the third-party profile that we deem necessary for the creation of the account and for the best experience when using the Services. If you would like to delete any of this information, you can do so within your account, to the extent the information is not mandatory to your account.
  • When you do Business with Us: If you are a vendor, service provider, or business partner of ours, we may collect information about you and the services you provide, including your or your employees' business contact information and other information you or your employees provide to us as part of the services you may provide and our agreement with you.
  • Communications: We collect information you provide when you contact us, for example regarding customer support inquiries or other inquiries related to your account, or to provide us with feedback on the Services or to report a problem.
  • Marketing Information: We will process the information you provide on your preferences regarding any marketing communications you wish to receive from us, and will collect information on how you engage with such communications.

Information we collect automatically:

We may automatically collect certain information that identifies you or the device you are using to access the Services, such as your computer or mobile device. Generally, this information relates to your use of the Services and your preferences, such as the types of Service you view or engage with, the NFTs you view and how long for, the features you use, the actions you take, the people or accounts you interact with, and the time, frequency and duration of your activities:

  • Technical and usage data: internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.


Deca may use your personal data, subject to applicable laws and your choices and controls, for the following purposes:

  • Services. To provide you with the Services you request, including to create and manage your account, and provide you with customized Services and experiences based on your preferences.
  • Improve Our Services. To develop and test our Services and operations to optimize and improve our Services and operations.
  • Service Communications. To communicate with you about your account or transactions with us, or other Service-related announcements regarding features on our Services or changes to our policies or terms.
  • Marketing Communications. To send you offers and promotions for our Services or, as permitted, third-party products and services, via email, mobile or browser push notifications.
  • Other Communications. To respond to any question, inquiry, or concern you submit to us.
  • Advertising. To provide you or serve you with advertising or information based on your activity on our Services and on third-party sites and applications.
  • Violations or Illegal Acts. To detect, investigate and prevent activities on our Services that may violate our policies (including any applicable terms of service or terms of use) or be illegal or harmful in any way.
  • Verification and Monitoring. To verify accounts and monitor activities within our Services to promote safety and security of our Services and properties.
  • Compliance. To comply with applicable laws and regulations and any lawful requests from regulators, governmental bodies or other authorities.


We will not share your personal data with any third party except in limited circumstances and where permitted by applicable law, including:

  • When you consent to us sharing your personal data with another company or direct us to share your personal data with third-party sites or platforms (e.g., social networking sites). Please note that once we share your personal data with another company, the information received by such other company becomes subject to such other company's privacy policy and practices and such other company is responsible for your personal data;
  • When companies perform services on our behalf, including those who help us provide our Services (such as hosting/storage, anti-fraud functions, collections, registration, customer support, e-mail delivery, or other operations). Note that these companies are prohibited from using your personal data for purposes other than those requested by us or as required by law;
  • In connection with the sale of any of our Services, assets and/or businesses, or when the ownership or control of all or part of our Services changes;
  • To enforce our Terms of Use or other rules or policies, to ensure the safety and security of our users and third parties, to respond to requests from law enforcement, officials, regulatory agencies and other lawful requests or legal processes, or to comply with a legal obligation to which we are subject, or other legal process or in other cases if we believe in good faith that disclosure is required by law.


The Services are not directed to children under 18. If you are a parent or guardian and believe that your child has provided personal data to us without your consent, you may contact us as described below. If we become aware that a child has provided us with personal data in violation of applicable law, we will delete any personal data we have collected, unless we have a legal obligation to keep it.


“Shine the Light” and “Eraser” Laws. Residents of the State of California may request a list of all third parties to which we have disclosed certain information during the preceding year for those third parties' direct marketing purposes. If you are a California resident under the age of 18, and a registered user of the website where this policy is posted, you may request removal of content or information you have publicly posted. Please be aware that such a request does not ensure complete removal from the Internet of the content or information you posted, and there may be circumstances in which the law does not require or allow removal. If you wish to exercise these rights, please see section “Your Controls, Rights and Choices”.

Do Not Track Signals: We currently do not respond to Do Not Track signals or similar signals. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.


Pursuant to EU and UK law, we are required to provide the following additional information to you:

A. Controller

The controller of your personal data is Deca of P.O. Box 410751, San Francisco, CA 94141. You may contact the controller using the details given in “Comments and Questions” below.

B. Your Rights

For information on the rights exercisable by EU or UK individuals, please see the section titled “Your Controls, Rights and Choices”. In addition to those listed below, EU and UK individuals also have the right, at any time, to submit a complaint to a data protection authority. We would however appreciate the opportunity to resolve your issue before you do so.

C. International Transfers

Your personal data may be transferred and stored outside of the country from which it was collected. The laws of such countries may not provide for the same levels of protection as the GDPR, however we will take all reasonable steps to ensure that your data is adequately protected in accordance with applicable laws. Please contact us if you would like further information on this at hello@deca.xyz.

As an organization operating globally, we may be required to transfer your personal data to countries other than that from which it was collected. Whenever your personal data is transferred, stored or processed by us, we will take reasonable steps to safeguard the privacy of your personal data in accordance with applicable law. In particular, when transferring EU or UK personal data, we will either only transfer your personal data to a country which has been deemed by the European Commission to be adequate or we will ensure the appropriate measures are in place so your personal data is treated by the recipients in a way that is equivalent to, and/or which respects, the EU and UK laws on data protection and your rights as an EU or UK data subject.

If you require further information about the protective measures in place or international transfers more broadly, please contact us using the details provided in section “Comments and Questions”.

D. Lawful Basis for Processing

We will only collect, use, process and store your personal data where we have a valid lawful basis. Our lawful bases include:

  • Consent (you have given Deca consent, for example to receive marketing communications, which you can revoke at any time);
  • Performance of a contract (our processing is necessary for the performance of a contract we have with you or to take specific steps before entering into a contract with you. This may be a contract to receive Services from us);
  • Legal obligation (processing is necessary for Deca to comply with laws, regulations and regulatory authorities, court orders or law enforcement requests); and
  • Legitimate interest (processing is necessary for ours, or a third party's, legitimate interests. The legitimate interests pursued by us are to improve our business or customer relationships, market and advertise, resolve disputes, prevent fraud and abuse, analyze and improve safety and security of our Services, and enforce our Terms of Use. You have the right to object to our processing based on legitimate interests).

E. Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. For example, we retain your personal data while each of your accounts is in existence or as needed to provide you with Services.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.


In certain jurisdictions, we will need your explicit consent to obtain and process personal data. We will collect and process information in those jurisdictions only where we are legally able to do so or if you have explicitly consented to the same.

To the extent required, your use of the Services will be deemed your explicit consent for us to process and share your personal data for the purposes described in this Privacy Policy. All such processing will be carried out in line with this Privacy Policy.


In certain circumstances, you may have the right to:

  • Correct or Update: You may correct or update your account registration or your personal data or you may also ask us to change or update your information in certain cases, particularly if it is inaccurate;
  • Delete: You may delete your account or ask us to erase or delete all or some your personal data (for example, if it is no longer necessary to provide Services to you);
  • Object to processing: You may object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes;
  • Limit or Restrict use of Personal data: You may ask us to stop or suspend using all or some your personal data in certain scenarios (for example, if we have no legal right to keep using it) or to limit our use of it (for example, if your personal data is inaccurate or unlawfully held);
  • Withdraw Consent: You may withdraw consent at any time where we are relying on consent to process your personal data, and you may change your choices for newsletters and alerts (for example, you may choose whether to receive marketing from us for our products and Services, or products and services that we think may be of interest to you);
  • Right to Access and/or Take Your Data: You may request access to the personal data we hold about you and you may ask for a copy of your personal data in machine-readable form (commonly known as a “data subject access request”).

To exercise any of the above rights, please contact us by emailing: hello@deca.xyz.

You may submit a request on your own behalf or on behalf of someone else. If you are acting on someone else’s behalf, we will need to verify your authority to do so.

We will consider your request in accordance with applicable laws. We may need to request specific information from you to help us confirm your identity and ensure your right to exercise the right. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within the timeframe required by applicable law. Occasionally it could take us longer than this if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Push Notifications

When you use any of our Services that send push notifications or offers to your mobile device, you can change your preferences at any time through the settings on your mobile device.


We have implemented technical, physical and organizational security safeguards designed to protect your personal data from loss, misuse and unauthorized access and disclosure. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We regularly monitor our systems for possible vulnerabilities and attacks. However, given the nature of electronic communications and information processing technologies, we cannot guarantee the security or safety of any information that is send to us, transmitted through the Internet or stored on our systems. There is no guarantee that information will not be accessed, disclosed, altered, or destroyed by a breach, notwithstanding our physical, technical, or organizational safeguards. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.


We operate globally and may transfer your personal data to other Deca companies or third parties in locations around the world for the purposes described in this Privacy Policy. When we do this, we take reasonable steps to ensure an appropriate level of protection for your information, in compliance with applicable law.


Our Services may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy statements. When you leave our Services, we encourage you to read the privacy policy and terms of use of every website you visit.


We keep our Privacy Policy and practices under review. This Privacy Policy was last updated on the date indicated above. From time to time, we may amend this Privacy Policy to accommodate new technologies, industry practices, regulatory requirements, or for other purposes. Any changes to this Privacy Policy will be posted online and we will provide notice to you through our Services if these changes are material and, where required by applicable law, we will obtain your consent. If you object to any changes, you may close your Deca account.


If you have a comment or question about this Privacy Policy or our privacy practices, please e-mail hello@deca.xyz.

© 2023 Pattern Engine, Inc.