Legal

Privacy Policy

This Privacy Policy explains how Community GreenToken (“we”, “our”, “us”) collects, uses, and protects your personal information when you use our platform.

1. Data We Collect

  • Account info: name, email address, and wallet public key (G... address).
  • Usage data: eco-actions submitted, tokens earned, leaderboard rankings, and donation records.
  • Billing data: processed by Stripe. We never store card numbers — only a Stripe Customer ID reference.
  • Blockchain data: every verified action and token transaction is publicly visible on the Stellar blockchain by design.

2. How We Use Your Data

  • Provide, improve, and secure the GreenToken platform.
  • Process token rewards and redemptions.
  • Send transactional emails (action confirmed, trial expiring, payment receipts).
  • Comply with applicable legal obligations.

3. Data Sharing

  • Supabase: database and authentication hosting. Supabase processes data under its own DPA.
  • Stripe: payment processing. Stripe has its own privacy policy and DPA.
  • Stellar Network: action verification and token records are on-chain (public by nature).
  • We never sell personal data to third parties.

4. Data Retention

  • Active account data is retained while your account exists.
  • Deleted organization data is purged within 30 days of deletion request.
  • Blockchain records are immutable and cannot be deleted by nature.

5. Your Rights (POPIA / GDPR)

  • Access: Request a copy of your personal data.
  • Correction: Request corrections to inaccurate data.
  • Deletion: Request deletion of your data (subject to blockchain immutability).
  • Portability: Export your data as CSV from your account settings.
  • Object: Object to certain processing activities.

6. Cookies

  • Session cookies for authentication only — no advertising or tracking cookies.
  • Analytics (if enabled) use privacy-preserving aggregate data only.

7. Security

  • All data is encrypted at rest and in transit (TLS 1.3).
  • Supabase Row-Level Security enforces data isolation per organization.
  • Smart contracts are audited before mainnet deployment.

8. Contact

  • Privacy questions: privacy@greentoken.app
  • Data Protection Officer: [Name], [Country]

⚠️ This is a template privacy policy for hackathon purposes. Have a qualified legal professional review before production launch, especially for POPIA (South Africa) and GDPR (EU) compliance.

Back to Home · Terms of Service