Privacy Policy

What we collect

• Account info: email address (for login/recovery), an optional display name, and a hashed password. If you sign in with a wallet, we store the wallet address and a signed nonce.
• Public contributions: anything you post (project data, tokenomics edits, comments, votes) is publicly visible by design. Edit history is permanently retained as part of the wiki audit trail.
• Server logs: standard web server logs (IP address, user-agent, request path, timestamp) are retained for up to 30 days for security and debugging purposes.
• No analytics tracking: we do not use Google Analytics, Facebook Pixel, or any third-party behavioral tracker.

What we do NOT collect

• Your wallet balance or transaction history
• Your physical location (we don't use geolocation APIs)
• Cross-site browsing behavior
• Biometric or device fingerprint data

Cookies and storage

We use only strictly-necessary cookies:

• Session cookie (NextAuth): keeps you signed in. Expires when you log out or after 30 days of inactivity.
• CSRF token cookie: protects against cross-site request forgery on form submissions. Expires with the session.
• Cookie consent flag (localStorage, not a cookie): records whether you've dismissed the cookie notice.

We do not use analytics, advertising, or social-media tracking cookies. If we ever add them, this policy will be updated and you will be asked to consent before they are set.

Where your data lives

• Database: managed by Supabase (PostgreSQL), hosted in the Asia-Pacific (Singapore) region.
• Application servers: Vercel global edge network (production deployment).
• Error monitoring (when configured): Sentry, with PII fields scrubbed before transmission.

We do not sell, rent, or share your personal data with third parties for advertising or marketing.

Your rights

You can, at any time:

• Access your account data via your profile page.
• Edit or delete your contributions. Deletion is tombstoned in the wiki audit trail (the contribution is removed from public view, but the audit row recording "X deleted their contribution at time T" persists — required for the integrity of the wiki).
• Export all your account data as JSON. Visit Profile Settings → Privacy & Data and click Download JSON. The file contains every database row linked to your account; auth credentials are excluded for security.
• Delete your account entirely. Visit Profile Settings → Privacy & Data, type the confirmation phrase, and your account is anonymized in one transaction. Login credentials, sessions, and notifications are erased; public wiki contributions stay under the attribution "Deleted user" per the wiki audit-trail model.

If you encounter problems exercising any of these rights, file a GitHub issue and we will execute manually within 30 days.

Public contribution permanence

By contributing tokenomics data, comments, or votes, you understand that this content is public and that the audit trail (recording who edited what and when) is permanent — analogous to Wikipedia. You can delete a contribution from public view, but the fact that you made the edit will remain in the revision log under your username (or anonymized identifier if you delete your account). This permanence is a core integrity guarantee of the wiki and cannot be opted out of.

Children

TokenForum is not intended for users under 18. We do not knowingly collect data from children. If you believe a child has created an account, please contact us via the GitHub issues link above and we will remove the account.

Changes to this policy

When this policy changes, the "Last updated" date at the top of this page changes, and a notice will appear at the top of the homepage for 7 days. Continued use of the platform after the change constitutes acceptance.

Contact

Privacy questions, data requests, or concerns: github.com/kutttub/kutt/issues