Privacy Policy

Last updated: February 14, 2026

1. Introduction

XNET CORE SL ("Company", "we", "us", or "our") operates ip4.market. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

3. Information We Collect

3.1 Personal Information

We collect information you provide directly to us, including:

  • Name and contact information (email, phone number)
  • Company information (company name, registration number, VAT ID)
  • Billing and payment information
  • Identity verification documents (for KYC compliance)
  • RIPE NCC account credentials (with your consent)

3.2 Technical Information

We automatically collect certain information when you use our Service:

  • IP address and browser type
  • Device information and operating system
  • Usage data and access times
  • Pages visited and actions taken

3.3 IP Address Data

As an IP address marketplace, we process information about:

  • IPv4 subnets listed or leased through our platform
  • RIPE database object information
  • IP reputation and blacklist status
  • Letters of Authorization (LOA)

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our services and fulfill lease agreements
  • Legal Obligation: Processing required for KYC/AML compliance and tax reporting
  • Legitimate Interest: Processing for fraud prevention, security, and service improvement
  • Consent: Processing for marketing communications (where applicable)

5. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve our Service
  • Process transactions and manage lease agreements
  • Verify your identity and comply with KYC requirements
  • Manage RIPE database objects on your behalf
  • Generate Letters of Authorization
  • Send transactional and service-related communications
  • Detect and prevent fraud and abuse
  • Comply with legal obligations
  • Respond to your inquiries and support requests

6. Information Sharing

We may share your information with:

  • RIPE NCC: For database object management (contact information in inetnum, route, and role objects)
  • Payment Processors: Stripe for payment processing
  • Other Users: Limited information shared between lessors and lessees as necessary for transactions
  • Service Providers: Third parties who assist in operating our platform
  • Legal Authorities: When required by law or to protect our rights

7. RIPE Database Considerations

Please note that certain information submitted to RIPE NCC databases becomes publicly accessible:

  • Contact information in person/role objects may be visible via WHOIS
  • Abuse contact information is publicly available
  • Organization information linked to IP addresses is public

By using our RIPE management features, you consent to this public disclosure as required by RIPE NCC policies.

8. Data Retention

We retain your personal data for as long as necessary to:

  • Provide our services and maintain your account
  • Comply with legal obligations (tax records: 7 years, KYC documents: 5 years after relationship ends)
  • Resolve disputes and enforce agreements

Inactive accounts may be deleted after 3 years of inactivity, with prior notice.

9. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (subject to legal retention requirements)
  • Restriction: Request limitation of processing
  • Portability: Receive your data in a machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at [email protected].

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Access controls and authentication requirements
  • Regular security assessments and updates
  • Employee training on data protection
  • Secure storage of KYC documents

11. International Transfers

Your data is primarily processed within the European Economic Area (EEA). If data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission

12. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Required for the Service to function (authentication, security)
  • Functional Cookies: Remember your preferences (language, timezone)
  • Analytics Cookies: Understand how users interact with our Service

You can manage cookie preferences through your browser settings.

13. Third-Party Services

Our Service integrates with third-party services:

14. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.

15. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the Service. Your continued use after changes constitutes acceptance.

16. Contact Us

For privacy-related inquiries or to exercise your rights:

17. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD):