Privacy Policy

This Privacy Policy ("Policy") describes how CryptoBattle ("we", "us", or "our") collects, uses, and shares information when you use our decentralized voting platform, website, and related services (collectively, the "Services").

By using CryptoBattle, you agree to the collection and use of information in accordance with this Policy. If you do not agree with our practices, please do not use our Services.

1. Information We Collect

1.1 Information You Provide

• Wallet Address: When you connect your cryptocurrency wallet (MetaMask, WalletConnect, etc.), we receive your public wallet address
• Chat Messages: Messages sent in per-round WebSocket chat, including timestamp and associated wallet address
• Support Communications: Any information you provide when contacting us for support or feedback

1.2 Automatically Collected Information

• Device Information: Browser type and version, operating system, device identifiers, screen resolution, language preferences
• Network Information: IP address, approximate geolocation (inferred from IP), session duration, pages visited
• Blockchain Data: Transaction hashes, gas fees paid, round participation history, vote commitments and reveals

1.3 Information from Third Parties

• Wallet Providers: MetaMask, WalletConnect, and other wallet providers may share information according to their privacy policies
• Analytics Services: If used, analytics platforms may collect IP address, user agent, session data, and feature usage
• RPC Providers: Blockchain node providers may log IP addresses and transaction data

1.4 What We Do NOT Collect

• Personal identification (name, email, phone) — unless voluntarily provided for support
• Date of birth or government ID
• Payment methods or banking information
• Private keys or seed phrases

2. On-Chain vs. Off-Chain Data

2.1 On-Chain Data (Public Blockchain)

The following data is permanently recorded on the public blockchain:

• Your wallet address
• Vote commitments (cryptographic hashes)
• Vote reveals (side chosen)
• Transaction hashes and timestamps
• Gas paid and rewards claimed
• All participation history in rounds

2.2 Off-Chain Data (Our Servers)

The following data is stored on our servers and is subject to our data retention policies:

• Chat messages and communications
• IP address logs
• Device/browser information
• Analytics data
• Support correspondence

Off-chain data can be deleted upon valid request, subject to legal requirements.

2.3 Local Storage (Your Device)

Voting salts for the commit-reveal mechanism are stored only on your device's localStorage. We have no access to this data and it is never transmitted to our servers.

3. How We Use Your Information

3.1 Service Operations

• Processing and executing your transactions on smart contracts
• Facilitating round commitments, reveals, and claims
• Providing real-time WebSocket chat functionality
• Maintaining the dApp interface

3.2 Security & Fraud Prevention

• Detecting and preventing fraudulent activity
• Screening wallet addresses against sanctions lists
• Protecting against denial-of-service attacks
• Enforcing terms of service compliance

3.3 Improvement & Analytics

• Understanding how users interact with the platform
• Improving user experience and interface design
• Identifying and fixing bugs
• Developing new features

3.4 What We Do NOT Do

• We do NOT sell your data to third parties
• We do NOT use your data for targeted advertising
• We do NOT share wallet addresses with marketing companies

4. Data Sharing

We may share your information with:

4.1 Service Providers

• Cloud hosting providers (infrastructure)
• Analytics services (if used)
• Error tracking services
• RPC providers for blockchain access

4.2 Legal Requirements

We may disclose information if required by law, court order, or subpoena, or if necessary to protect against fraud, security threats, or enforce our terms of service.

4.3 Business Transfers

If CryptoBattle is acquired, merged, or sold, your information may be transferred to the acquiring company. You will be notified of any change in ownership.

5. Data Retention

• On-Chain Data: Retained permanently on the blockchain (immutable)
• Chat Messages: Retained for 90 days, then automatically deleted
• Analytics Data: Retained for 12 months
• IP Address Logs: Retained for 30 days
• Support Correspondence: Retained for 2 years after last interaction
• LocalStorage Data (Salts): Stored on your device; you can delete by clearing browser cache

We may retain data longer if required by law, ongoing investigation, or for fraud prevention.

6. Your Privacy Rights

6.1 General Rights (All Users)

• Access: Request what data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of off-chain data (with limitations)
• Portability: Request data in portable format
• Withdraw Consent: Withdraw consent for non-essential processing

6.2 GDPR Rights (European Users)

If you are in the EU/EEA, you have full GDPR rights including all the above, plus rights to restrict processing, object to processing, and automated decision-making rights. We will respond to requests within 30 days.

Limitation: GDPR's "right to be forgotten" does NOT apply to blockchain data, which is immutable and outside our control.

6.3 CCPA Rights (California Residents)

California residents have the right to know what data is collected, request deletion, opt-out of data sharing, and non-discrimination for exercising rights.

Our CCPA Disclosure: We do NOT "sell" or "share" personal information as defined by CCPA.

6.4 Exercising Your Rights

To submit a privacy request, contact us at cryptobattlegg@gmail.com. Include your wallet address and description of your request. We will respond within 30 days.

6.5 What We Cannot Delete

• On-chain transaction data (blockchain immutable)
• Data required by law (compliance, fraud investigation)
• Data already anonymized

7. Commit-Reveal Mechanism Privacy

7.1 Salt Storage

Your voting salt is stored only in your browser's localStorage. We have NO access to your salt. It is never transmitted to our servers. You are solely responsible for protecting your salt.

7.2 Commitment Phase

A hash of (address + roundId + side + salt) is sent to the smart contract. The hash is public but does not reveal your vote or salt. Only you know the salt, making your vote private during this phase.

7.3 Reveal Phase

When you reveal, you submit (side + salt) to verify your commitment. After reveal, your vote becomes public and permanently recorded on the blockchain.

8. WebSocket Chat Privacy

Per-round chat messages are:

• Temporarily stored on our servers
• Retained for 90 days
• Encrypted in transit (WSS protocol)
• NOT end-to-end encrypted by default
• Associated with your wallet address

Your Responsibility: Do NOT share private keys, seed phrases, or sensitive personal information in chat. Messages are stored on servers and may be moderated.

9. Third-Party Services

We use third-party services that have their own privacy policies:

• Wallet Providers: MetaMask, WalletConnect — review their privacy policies before connecting
• RPC Providers: May see your IP address when making blockchain queries
• Cloud Infrastructure: Hosting providers for the platform
• CDN Providers: For serving images and static content

We recommend using a VPN or running your own Ethereum node to minimize IP exposure to third parties.

10. International Data Transfers

Your data may be processed in multiple countries. By using CryptoBattle, you consent to:

• Transfer of your data internationally
• Processing in jurisdictions outside your country
• Blockchain data being globally distributed

For EU/EEA users, we use Standard Contractual Clauses to ensure adequate protection for data transfers.

11. Security Measures

We implement industry-standard security measures:

• HTTPS/TLS encryption for all data in transit
• Encryption at rest for sensitive data
• Role-based access control for admin functions
• Real-time security monitoring
• Smart contract security (ReentrancyGuard, input validation)

Limitations: Internet transmission is never 100% secure. Your private key/seed phrase security is YOUR responsibility.

12. Children's Privacy

CryptoBattle is NOT directed to children under 18 years of age. We do not knowingly collect personal information from users under 18. If we discover a minor has provided information, we will delete it immediately.

Important: Blockchain data recorded by users under 18 cannot be deleted due to immutability. Parents and guardians should understand this before allowing minors to participate in blockchain activities.

13. Cookies and Tracking

We use cookies and similar technologies. For detailed information, please see our Cookie Policy.

Key Points:

• Essential cookies required for service function
• Preference cookies for theme and settings
• Analytics cookies (can be disabled)
• LocalStorage for voting salts (stored on your device only)

14. Changes to This Policy

We may update this Policy to reflect new features, legal requirements, or clarifications. Material changes will be announced through prominent notice on the website or in-app notification.

Continued use of CryptoBattle after changes constitutes acceptance of the updated Policy. If you disagree, please discontinue use.

15. Contact Us

For privacy questions, data requests, or concerns:

• Email: cryptobattlegg@gmail.com
• Twitter: @CryptoBattle_GG
• Telegram: t.me/cryptobattle_GG

Response Time: We will acknowledge privacy requests within 5 business days and respond within 30 days.