FightForFunds

Privacy Policy

DRAFT — pending counsel review, not yet in force

1. What we collect

Account: OAuth identity (email) and your derived Sui wallet address. Donations: amounts, chosen side, optional display name, and coarse location (state level, derived from IP, never stored more precisely). Compliance: identity verification data is processed by Persona and not stored on our servers. Operations: standard logs and error telemetry.

2. What is public

Donation amounts and transaction digests are public on the Sui blockchain by design — that transparency is how anyone can verify a Fight. Your legal name is never published. Display names appear only where you opt in, and any donation can be made anonymously.

3. What we never do

We do not sell personal data. We do not display precise locations. We do not send push notifications without explicit opt-in. We do not use donation history for advertising.

4. Processors

Supabase (database), Persona (KYC), Coinbase (fiat onramp), Mysten Labs Enoki (wallet infrastructure), Sentry (errors), PostHog (product analytics). Each receives only what its function requires.

5. Retention and deletion

Off-chain personal data is retained while your account is active and for the period required by financial-compliance law, then deleted. On-chain records are permanent and outside any party's control — this is disclosed before your first donation.

6. Your rights

Access, correction, deletion of off-chain data, and California privacy rights where applicable: privacy@fightforfunds.example.