Privacy Policy
What we collect, how we use it, who we share it with, and the controls you have.
1. Who we are
“Momintz,” “we,” and “us” mean the operators of the Momintz platform at momintz.world. This policy explains how we handle personal information when you use the platform.
2. What we collect
The platform collects only the data necessary to operate:
- Wallet address. Your Solana public address identifies your account. We never collect or store your private keys.
- Profile information you provide. Display name, username, bio, avatar, location, the impact categories you tag yourself with, and (optionally) whether you self-identify as a philanthropist.
- Content you post. Photos, videos, titles, descriptions, hashtags, comments, replies, and direct messages.
- Activity and interactions. Likes, tips, views, follows, validation requests, validation votes, mission responses, mint events, reports filed, and the trust events those actions generate.
- On-chain readings. When you open the app, we read your wallet's on-chain SOL, USDC, and BAWLS balances from a Solana RPC provider in order to display them and derive your non-custodial supporter tier. The balance reads are cached briefly server-side; the keys themselves stay in your wallet.
- KYC information (mainnet only). If you choose to verify your identity for the verified badge or for higher-value actions, our KYC provider (currently planned to be Persona) will collect identity documents and biometric data. We receive a pass / fail result and the minimum metadata needed to apply the verified badge to your account.
- Session data. A signed HTTP-only session cookie used to authenticate you on the platform; basic request metadata (IP, user agent) for security and abuse prevention.
We do not collect your email address, phone number, or device contacts. We do not run third-party tracking pixels or behavioral advertising.
3. How we use it
- Operate the platform. Authenticate you, show you your feed, deliver tips and messages, run validation, mint NFTs you ask us to mint, surface your supporter tier and trust score.
- Keep the platform safe. Detect and prevent fraud, abuse, manipulation of validation or trust, and violations of our Terms of Service.
- Improve the product. Aggregate, anonymized metrics about feature usage so we know what to invest in.
- Communicate with you about the service. In-app notifications and (if you opt in at a later date) email about account or platform changes. We do not send marketing email without your opt-in.
4. Who we share it with
We share personal data only with service providers that need it to operate the platform on our behalf, under contractual obligations to protect it:
- Cloud hosting — Vercel (application hosting), our managed Postgres provider (primary database).
- Media storage and delivery — Cloudflare R2 (image storage), Cloudflare Stream (video transcoding and HLS delivery).
- Solana RPC providers — Helius (or equivalent) for reading on-chain balances and submitting transactions when you ask us to.
- KYC provider (mainnet) — Persona, if you choose to verify. Their handling of your identity documents is governed by their privacy policy.
We do not sell personal information. We do not share it for third-party advertising. We may disclose information when legally required (subpoena, court order, regulatory request) after reviewing the request for validity.
5. On-chain data is public
Everything that happens on Solana is permanently public. Your wallet address, your transaction history, your NFTs, and your token holdings can be read by anyone with the address. This is the nature of public blockchains and is outside our control.
When deciding what to post or transact, treat the wallet address you sign in with as a public identifier.
6. Cookies and similar technologies
We use a single HTTP-only session cookie to authenticate you after wallet sign-in. We do not use third-party tracking cookies, analytics pixels, or session replay tools. Your browser's localStorage may temporarily hold UI state (e.g. dismissed banners) that never leaves your device.
7. Account deletion and data retention
You can permanently delete your account at any time from Settings → Privacy. Deletion takes effect immediately and cannot be undone. When you delete your account:
- Your profile is erased. Your display name, username, bio, avatar, location, and tags are removed and your wallet is unlinked, so the account can no longer be identified as you or signed into. Your wallet is freed to start fresh.
- Your content and media are erased. Your moments — including the underlying image and video files in our storage (Cloudflare R2 / Stream) — and the direct messages you sent are deleted and removed from other people's threads.
- NFTs you've sold or transferred are kept. A moment you minted and no longer hold on-chain is now owned by someone else; erasing its media would break the owner's asset, so we preserve those moments and their files. NFTs you minted but still hold are erased like any other content.
- What others earned stays, de-identified. Tips, validations, votes, and the trust or rewards other people gained by engaging with you are retained but no longer linked to an identifiable profile — so deleting your account never strips value from other users.
- Request logs and security records. Retained for up to 12 months for fraud prevention and security.
On-chain data cannot be deleted by us or anyone — your wallet address, transactions, NFTs, and token holdings live on Solana permanently and are outside our control.
8. Your rights
You have the right to:
- Access the personal data we hold about you.
- Correct inaccurate information (most fields are editable in Profile → Edit; for others, contact us).
- Delete your account and associated personal data at any time from Settings → Privacy (see “Account deletion” above).
- Export the platform-side data we hold about you in a portable format, on request.
- Object to processing, restrict certain uses, or withdraw consent — where local law (e.g. GDPR, CCPA) grants those rights.
On-chain data (transactions, NFTs, tokens) cannot be deleted by us or anyone — it lives on Solana permanently.
To exercise any of these rights, contact legal@momintz.world.
9. Children
Momintz is not directed to children under 18. We do not knowingly collect personal data from anyone under 18. If you believe we have, contact us and we will delete it.
10. International transfers
Our service providers may store and process your data in countries other than the one you're in. Where required, we rely on appropriate transfer mechanisms (Standard Contractual Clauses or equivalent) to protect your data.
[Counsel: specify storage regions and transfer mechanisms after the production deployment topology is final.]
11. Security
We protect personal data with industry-standard practices: HTTPS in transit, encrypted storage at rest, rate-limited APIs, HttpOnly signed session cookies, and least-privilege access. No system is perfectly secure; you also play a role by protecting your wallet credentials.
12. Changes
We may update this Privacy Policy. When we do, we'll update the “Last updated” date at the top and, for material changes, notify you in-app.
13. Contact
Questions or requests? legal@momintz.world