Privacy Policy
Last updated: June 2026
This Privacy Policy explains how Nexduel collects, uses, shares and protects your personal data when you use the Platform. It forms an integral part of the Terms of Service.
1. Data controller
The controller of the processing of your personal data is Nexduel, a company domiciled in the Republic of Panama ("Nexduel", "we").
For any matter related to your personal data, you may contact us at [email protected].
2. What personal data we collect and how
We collect the following data, directly from you or automatically through your use of the Platform:
Registration data: username and email address.
Credentials: your password, which is stored exclusively encrypted using robust hash functions (Argon2id). Nexduel does not retain and cannot read your password in plain text.
Technical and session data: IP address, user agent (browser and device) and data associated with session security.
Duel data: moves, times, results and ratings of your matches.
Financial data: deposits, withdrawals, balances and USDT transaction records.
Identity-verification data (KYC): verification data is processed by our provider Sumsub starting at the moment you request your first withdrawal (approved KYC is mandatory for any withdrawal pursuant to the Terms of Service, Section 6). Nexduel does not directly store your identity documents or biometric data; it only receives the result of the verification and the data strictly necessary for its legal obligations.
Usage analytics data: information about how you interact with the Platform, collected via PostHog.
Technical error data: diagnostic information of errors, collected via Sentry, to maintain service stability.
3. Purposes of the processing
We process your data to:
Operate the service: create and manage your account, match Duels, process deposits, Stakes, Prizes and withdrawals, and maintain your rankings.
Security and integrity: authenticate access, prevent fraud, collusion, multi-accounting and the use of external assistance, and protect the competitive integrity of the Platform.
Legal compliance: comply with money-laundering prevention obligations, identity verification and retention of financial records.
Transactional communications: send you operational messages (for example, confirmations, security alerts and account notifications) via Resend.
Product improvement: analyze the use of the Platform to improve its operation, performance and experience.
4. Legal bases of the processing
We process your data on the following legal bases, as appropriate:
Contract performance: to provide you with the service pursuant to the Terms (for example, manage Duels, payments and withdrawals).
Compliance with legal obligations: for KYC, money-laundering prevention and record retention.
Legitimate interest: to ensure security, prevent fraud and improve the product, provided your rights and freedoms do not prevail.
Consent: where appropriate (for example, for certain cookies or non-essential analytics technologies). You may withdraw your consent at any time, without affecting the lawfulness of prior processing.
5. Sharing data with third parties
We do not sell your personal data. We share it only with the providers necessary to operate the Platform, who act as processors or, where applicable, controllers of their own services:
NOWPayments — processing of USDT deposits and withdrawals (TRC20, BEP20, ERC20 networks).
Sumsub — identity verification (KYC) when applicable.
Resend — delivery of transactional emails.
Sentry — monitoring and diagnosis of technical errors.
Better Stack — service availability monitoring.
PostHog — product usage analytics.
Cloudflare — protection, content-delivery network (CDN) and email routing.
Neon (Postgres) and Upstash (Redis) — database and storage services.
Competent authorities — when the law so requires or to protect rights, security or integrity of the Platform and of third parties.
Each provider processes the data under its own policies and the processing agreements signed with Nexduel, and limited to the purposes described.
6. International data transfers
Some of our providers process data in countries other than your country of residence, including countries outside your jurisdiction that may not offer an equivalent level of protection.
When we make international transfers, we adopt adequate safeguards, such as contractual clauses imposing data-protection obligations on the providers, recognized adequacy mechanisms where applicable, and data-minimization principles.
You may request more information about the applicable safeguards by writing to [email protected].
7. Data retention
We keep your data while your account is active and for the time necessary to fulfill the purposes described in this Policy.
After closing the account, we keep certain data for the period required by applicable law, particularly financial records and money-laundering prevention records, which may require retention for several years.
Duel audit records are kept for the time necessary to resolve disputes and ensure competitive integrity.
Once applicable deadlines and purposes are met, the data is deleted or anonymized securely.
8. Your rights
Under applicable legislation, you have the right to:
Access: obtain confirmation of whether we process your data and access it.
Rectification: request the correction of inaccurate or incomplete data.
Erasure: request the deletion of your account and your data, subject to legal obligations to retain financial and compliance records.
Objection and limitation: object to certain processing based on legitimate interest, or request its limitation, in the cases provided by law.
Portability: receive your data in a structured and commonly-used format, or request its transmission where technically feasible.
Withdrawal of consent: withdraw consent where the processing is based on it, without retroactive effect.
9. How to exercise your rights
To exercise any of these rights, write to us at [email protected], indicating your username and the right you wish to exercise.
We may request reasonable information to verify your identity before attending to the request, in order to protect your account.
We will attend to your request within the timeframes provided by applicable law.
10. Data security
We apply reasonable technical and organizational measures to protect your data, including: password encryption via Argon2id hash; encryption of communications in transit; access controls; two-factor authentication (2FA) available for all accounts and mandatory for withdrawals; security monitoring; and periodic security audits of the Platform.
No system is completely infallible. It is up to you to protect your credentials and activate the available security measures. Remember that Nexduel will never ask you for your password or private keys by email or other means.
11. Cookies and similar technologies
We use cookies and similar technologies strictly necessary for the operation and security of the Platform (for example, to keep your session logged in and to protect against unauthorized access, including Cloudflare security features).
We use analytics cookies (via PostHog) to understand the use of the Platform and improve it. Where the law so requires, we will request your consent for non-essential cookies and you may manage it at any time.
We maintain a limited use of cookies oriented toward functionality and security.
12. Data of minors
The Platform is reserved for persons over 18 years of age, or the legal age of majority of their jurisdiction if higher. We do not knowingly collect data from minors.
If we detect that an account belongs to a minor, we will proceed to close it and delete the associated data in accordance with the law.
13. Changes to this Policy
We may update this Policy to reflect legal, technical or business changes. We will publish the current version on the Platform with its update date.
When the changes are substantial, we will notify them by a reasonable means. Continued use of the Platform after their entry into force implies knowledge of the updated Policy.
14. Supervisory authorities and complaints
If you consider that the processing of your data does not comply with the law, you have the right to file a complaint with the competent data-protection authority of your jurisdiction.
We will appreciate it if, where possible, you contact us first at [email protected] to try to resolve your concern directly.
15. Contact of the data controller
For any inquiry about privacy or about the processing of your data, write to us at [email protected].