1. Introduction
This Privacy Policy describes how Tidemint S.L. ("we," "us," or "our") handles information when you use the Tidemint interface (the "Service") to interact with the SAT Protocol on the Ethereum/Optimism Mainnet blockchain. We are committed to protecting your privacy while being transparent about the unique data implications of public blockchains.
2. Data Controller
Tidemint S.L. [Registered Address - TBD] Barcelona, Spain [CIF Number - TBD]
Data Protection Officer Contact: [email protected]
3. Our Core Privacy Commitments
Your privacy is fundamental to our mission. We make the following commitments:
- We will NEVER sell your data. We will not sell, rent, trade, or otherwise share your personal data with any third party for marketing or commercial purposes.
- Tracking is for Security ONLY. We only collect minimal technical data (like server logs) for the essential purposes of maintaining the security, stability, and performance of our Service. This helps us prevent attacks and debug critical errors.
- Analytics are Strictly OPT-IN. We will not perform any analytics tracking on your usage of the Service without your explicit, freely-given consent. If we introduce analytics in the future, you will be presented with a clear choice, and the Service will remain fully functional even if you decline.
- No Ad Trackers. Our Service is, and will remain, free of third-party advertising cookies and tracking pixels.
4. The Two Types of Data: On-Chain vs. Off-Chain
It is crucial to understand the difference between data on our servers (Off-Chain) and data on the blockchain (On-Chain).
4.1 On-Chain Data (Public, Permanent, Not Controlled by Us)
When you interact with the SAT Protocol, your actions generate data that is permanently and publicly recorded on the Optimism blockchain. This includes:
- Your public wallet address.
- Transaction history (minting, buying, selling, SAV updates).
- Content hashes and metadata of your SATs.
- Historical SAVs and royalty payments.
- Governance votes.
This data is public, immutable, and cannot be altered or deleted by anyone, including us.
4.2 Off-Chain Data (Private, Temporary, Controlled by Us)
We collect minimal data on our servers to operate the Service:
- Log Data: IP addresses (anonymized where possible), browser type, access times for security and debugging.
- Cookie Data: Essential cookies for session management and interface preferences.
- Support Communications: Any emails or messages you send to us.
- Moderation Records: Internal records of content reports and moderation actions.
5. Legal Basis for Processing (GDPR)
We process your data based on the following legal grounds:
| Purpose | Data Type | Legal Basis (GDPR Article 6) |
|---|---|---|
| Displaying blockchain data | On-chain data | Legitimate Interest (to provide the core Service) |
| Website functionality & security | Log & Cookie data | Legitimate Interest (to operate a secure, functional site) |
| Content moderation | Wallet addresses, reports | Legal Obligation (DSA) & Legitimate Interest (safety) |
| Responding to your inquiries | Communication data | Performance of a Contract (implicit in your request) |
| Service analytics & improvement | Aggregated usage data | Consent (Strictly opt-in only) |
6. Your GDPR Rights and Their Blockchain Limitations
You have rights over your personal data under GDPR. However, the immutable nature of the blockchain creates fundamental limitations.
The Right to Erasure ("Right to be Forgotten")
- What we CAN do (Off-Chain): Upon a verified request, we can delete all off-chain data associated with your wallet address from our servers, such as logs and support tickets. We can also de-index your content from our interface, effectively hiding it from view on our Service.
- What we CANNOT do (On-Chain): We have absolutely no ability to delete your transaction history, wallet address, or SAT content from the blockchain itself. This data is permanent.
The Right to Rectification
- Off-Chain: We can correct any inaccurate off-chain data we hold.
- On-Chain: Data recorded on the blockchain cannot be changed.
How to Exercise Your Rights
To exercise your rights regarding the off-chain data we control, please email our Data Protection Officer at [email protected]. We will require you to sign a message with your wallet to verify your identity. We will respond within 30 days.
7. Data Sharing and Transfers
- We Do Not Sell Your Data.
- Service Providers: We may use third-party service providers for cloud hosting (e.g., AWS, Google Cloud) and security. They are contractually bound to protect your data and use it only for the essential operational purposes we specify.
- Legal Requirements: We may disclose data if required by a court order or other binding legal request.
- International Transfers: If we transfer data outside the EEA, we use appropriate safeguards like Standard Contractual Clauses (SCCs).
8. Data Retention
- On-Chain Data: Retained permanently on the blockchain.
- Off-Chain Data: We retain off-chain data only as long as necessary:
- Log Data: Up to 90 days for security analysis.
- Support Communications: Up to 3 years.
- Moderation Records: As required by law (e.g., under the DSA).
9. Data Security
We implement appropriate technical and organizational measures to protect the off-chain data we control, including encryption, access controls, and regular security audits. You are responsible for the security of your own wallet and private keys.
10. Cookies and Tracking Technologies
We use a minimal number of cookies to run the Service.
- Essential Cookies: We use strictly necessary cookies for core functionality like session management and security. These do not track you and are essential for the site to work.
- Analytics Cookies (Opt-in Only): We do not use analytics cookies by default. If we offer analytics in the future, we will only place these cookies on your device after you have given your explicit, affirmative consent.
- No Third-Party Ad Cookies: We do not use any third-party advertising or tracking cookies.
11. Supervisory Authority
You have the right to lodge a complaint with a data protection authority. Our lead supervisory authority is the Agencia Espanola de Proteccion de Datos (AEPD).
- Website: www.aepd.es
12. Updates to This Policy
We may update this policy from time to time. We will notify you of material changes via the Service interface.