Onsend

Privacy Policy

Last updated: 2026-05-20

1. Data we collect

  • Admin account data — name, email, hashed password, session tokens, audit log of admin actions.
  • End-user identity — wallet address, optional linked social handles (Twitter, Discord, Telegram), display name and avatar URL if provided.
  • Quest activity — completion records, XP awarded, referral relationships, multiplier history.
  • Anti-sybil signals — IP address (hashed after 90 days per GDPR retention), ASN / data-centre flags, device fingerprint hash, referral graph patterns.
  • On-chain reads — token balances and stake positions inspected for quest verification. We do not write to chain on your behalf.
  • Rewards-economy activity — coin balances and transactions, rewards-shop redemptions, and randomized reward-box outcomes, where a tenant enables these features. [Draft — pending legal review.]
  • Competitive-feature data — participation and results in head-to-head challenges and community prediction pools. To confirm eligibility for these features we may also collect age or age-confirmation and approximate location / country (derived from IP). [Draft — pending legal review; eligibility gating not yet enforced.]
  • Cross-tenant anti-sybil network — to detect coordinated fraud, hashed device-fingerprint and hashed IP signals, together with wallet addresses (which are public on-chain), may be matched against equivalent signals contributed by other tenants that participate in the network. Tenant participation is opt-in (default-on for new tenants) with a per-tenant opt-out. [Draft — pending legal review.]

2. How we use your data

  • To verify quest completions and award XP.
  • To prevent fraud via the anti-sybil engine.
  • To generate analytics for tenant admins.
  • To share aggregated, identifier-free signals with the Vandergrid Terminal data layer (per-tenant opt-out available in admin settings).
  • To operate the rewards economy — coin balances, the rewards shop, and reward boxes — where a tenant enables it. [Draft — pending legal review.]
  • To determine eligibility for and operate competitive features (head-to-head challenges and prediction pools), including age and jurisdiction eligibility checks. [Draft — pending legal review.]
  • To evaluate anti-sybil signals across tenants — not merely as aggregate analytics — in order to identify wallets and devices engaged in coordinated fraud, for tenants participating in the cross-tenant anti-sybil network. [Draft — pending legal review.]

3. Retention

  • Raw IP addresses are SHA-256 hashed after 90 days.
  • Audit log entries are retained for 1 year.
  • Billing records are retained per Stripe’s data policies.
  • On account deletion, identifiers are anonymised; numeric counts (XP, completion counts) are retained for analytics integrity.

4. Your rights

End users may request a data export via POST /api/me/export-data while signed in. Account deletion is available via POST /api/me/delete-account. Tenant admins can initiate user-level forgetting from the admin user detail page.

5. Third parties

We use the following processors:

  • AWS (hosting, S3, SES email delivery)
  • Neon (managed Postgres)
  • Upstash (Redis cache + queue)
  • Stripe (payment processing)
  • Cloudflare (DNS, edge networking)
  • Optional OFAC screening providers — currently the public OFAC SDN list; future versions may add Chainalysis.

6. Contact

Privacy questions: info@vandergrid.com.