Privacy Policy
Effective July 11, 2026 · Last updated July 11, 2026
1. Data we collect
- Identity and account: wallet address, embedded-wallet identifier, authentication session, username, linked-account equality labels, and signatures used to prove wallet control.
- Gameplay: commands, timestamps, inventory, balances, scores, PvP events, challenges, eligibility, receipts, logs, rankings, claims, and support activity.
- Blockchain: transaction hashes, token balances at eligibility checkpoints, wallet activity needed to verify deposits or claims, and public-chain records.
- Device and security: IP address, user agent, approximate network location, rate-limit data, Turnstile results, error and security logs.
- Notifications: browser push endpoint, encryption keys, delivery status, and device metadata.
- X integration: verified X user ID and username, encrypted OAuth access and refresh tokens, consent timestamp, automatic-post status and post ID. We do not receive your X password.
- Purchases and routes: requested amounts, quotes, wallet addresses, transaction results, and provider identifiers. Card and identity-verification data are handled by the selected on-ramp, not HRG.
2. How and why we use data
We use data to authenticate users; operate and audit seasons; process eligibility, RE-UP, rankings, challenges, refunds and claims; deliver notifications; publish consented X posts; prevent fraud, bots, collusion, abuse and sanctions violations; provide support; comply with law; and improve reliability. Depending on context, processing is based on contract performance, consent, legal obligations, protection of users, and legitimate interests in operating and securing the Service.
3. Public information
Wallet addresses, blockchain transactions, token transfers, usernames, leaderboard positions, gameplay events, audit artifacts and X posts may be public and may be copied by others. Public blockchains cannot generally be altered or erased by HRG. Do not use a username that reveals information you do not want public.
4. Service providers and disclosures
We disclose data as needed to Cloudflare (hosting, security, storage, queues), thirdweb (embedded wallets and on-ramp interface), LI.FI and route providers (bridging), blockchain/RPC providers, X (connected posting), fiat/on-ramp providers selected by users, professional advisers, auditors, authorities, and successor operators. Providers process data under their own terms or on our instructions. We do not sell personal data for money.
5. International transfers
The Service is global and providers may process data outside Panama or your country. We use reasonable contractual, technical, and organizational safeguards appropriate to the transfer and provider.
6. Retention
OAuth state is designed to expire after ten minutes. X tokens remain until disconnection, revocation, replacement, or operational deletion. Push subscriptions remain until disabled or invalid. Authentication, security, gameplay, settlement, blockchain-verification and audit records are retained for as long as necessary to operate seasons, resolve disputes, demonstrate fairness, prevent fraud, and meet legal, tax and accounting duties. Public-chain and published audit artifacts may be permanent. We delete or de-identify data when no longer reasonably required.
7. Your choices and rights
You may disconnect X and push notifications in the Service, revoke X access through X, delete your own X posts, and stop using the Service. Subject to applicable law, you may request access, correction, deletion, restriction, objection, portability, or withdrawal of consent. Withdrawal does not invalidate prior lawful processing and may disable features that require the data. Requests may require wallet-signature verification. You may also contact Panama's Autoridad Nacional de Transparencia y Acceso a la Información (ANTAI).
8. Cookies and local storage
We use essential session cookies and browser storage for authentication, security, wallet restoration, notification state, PWA operation, and preferences. The Service currently does not use behavioral advertising cookies. Third-party wallet, on-ramp, X, Turnstile, or payment interfaces may use their own storage under their policies.
9. Security
We use access controls, signed wallet authentication, rate limits, encrypted X tokens, secrets management, audit logs, and transport encryption. No system is perfectly secure. Protect your device, wallet, passkeys, email, and recovery methods.
10. Children
The Service is not directed to anyone under 18. We do not knowingly permit minors to play. Contact us if you believe a minor supplied personal data.
11. Updates and contact
We may update this Policy as services or law change. Material changes will be posted with a revised date. Privacy requests: legal@hoodrich.wtf. HRG Ventures, Republic of Panama. Support: @hoodrichwtf or t.me/hoodrichwtf.