Privacy Policy

We collect the following types of information:

• Account Information: Email address, password (encrypted)
• Interest Registrations: Email, country, wallet address (optional), expected participation level (optional)
• Consent Data: Email opt-in consent, timestamp, IP address
• Technical Data: Browser type, IP address, device information, cookies
• Usage Data: Pages visited, time spent, interactions with the platform

We use your personal data for the following purposes:

• Account Management: To create and manage your account
• Project Updates: To send you emails about projects you've shown interest in (only if you opt in)
• Platform Operation: To provide and improve our services
• Compliance: To comply with legal obligations and prevent fraud
• Analytics: To understand how users interact with our platform

Under GDPR, we process your data based on:

• Consent: You explicitly consent to receive marketing emails (you can withdraw consent anytime)
• Contractual Necessity: Processing is necessary to provide our services
• Legal Obligation: We must comply with financial regulations and anti-fraud laws
• Legitimate Interests: To improve our platform and detect fraud

You have the following rights under GDPR:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data
• Right to Restrict Processing: Request temporary suspension of processing
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Unsubscribe from emails anytime

To exercise these rights: Visit your account settings or contact us at privacy@tokenplatform.com

We retain your data for the following periods:

• Active Accounts: As long as your account is active
• Deleted Accounts: Anonymized after 30 days (soft delete)
• Email Opt-out: Permanently removed from marketing lists immediately
• Legal Requirements: Some data may be retained longer for compliance (e.g., 6 years for financial records)

We do NOT sell your personal data. We may share data with:

• Service Providers: Email service providers (e.g., SendGrid), hosting providers
• Legal Authorities: When required by law or to prevent fraud
• Project Owners: Aggregated, anonymized data about interest registrations (never individual emails)

We use cookies for:

• Essential Cookies: Required for authentication and security
• Analytics Cookies: To understand usage patterns (you can opt out)
• Preference Cookies: To remember your settings

You can disable cookies in your browser settings, but some features may not work properly.

We implement industry-standard security measures:

• Encryption: Passwords are hashed using bcrypt; data transmitted over HTTPS
• Access Controls: Role-based access with JWT tokens
• Regular Audits: Security reviews and vulnerability scans
• Secure Storage: Data stored on secure servers with backups

Note: No method of transmission over the internet is 100% secure. We strive to protect your data but cannot guarantee absolute security.

Your data may be transferred to and processed in countries outside the EEA. We ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for countries with equivalent data protection laws
• Service providers certified under the EU-US Data Privacy Framework (where applicable)

For privacy-related questions or to exercise your GDPR rights, contact us:

• Email: privacy@tokenplatform.com
• Data Protection Officer: dpo@tokenplatform.com
• Response Time: We will respond within 30 days (as required by GDPR)