Sabacini

Privacy Policy

EU / GDPR Compliant

Last updated: [DD Month YYYY]
Controller: [Company Name], [Address], [Company ID if any]
Contact (privacy): [Contact Email]
EU Representative (if controller is non-EU): [Rep Name/Company], [Rep Address], [Rep Email]

1. Scope & Who We Are

This Privacy Policy explains how [Company Name] ("we", "us", "our") processes personal data when you use:

  • The Sabacini website and landing pages;
  • The Telegram Mini App (Tap-to-Earn, surveys/RSVP, DAO voting UX);
  • Related services (newsletters, event registrations, support).

We act as a data controller under the EU General Data Protection Regulation (GDPR).

2. What Data We Process

We aim to minimize personal data. Depending on your use, we may process:

Account & Contact

  • Name/alias, email, country/region (optional), language.
  • Telegram user ID/handle (from Telegram login to the Mini App).
  • Wallet public address(es) and on-chain transaction metadata you choose to link.

Usage & Technical

  • Device/browser data, IP address (truncated where feasible), timezone, referral, pages/events viewed.
  • In-app actions (e.g., taps, RSVPs, vote participation).
  • Cookies and similar technologies (see Cookies).

Event & Community

  • RSVP preferences, attendance confirmations.
  • Survey answers, preferences (topics, speakers, location interest).

Support

Messages you send to us, including attachments or screenshots.

Blockchain notice:

Public blockchains are by design public and immutable. On-chain data (e.g., transfers, votes) may be accessible to anyone and not subject to erasure. We store only what is necessary off-chain and pseudonymize where possible.

We do not intentionally collect special category data (GDPR Art. 9) or data from children under 16. If you believe a minor has provided data, contact [Contact Email].

3. Purposes & Legal Bases (GDPR Art. 6)

We process your data for:

Providing the service

Website, Mini App, RSVP/votes, newsletters you request — Art. 6(1)(b) contract.

Research & feature usage (Scout Token)

Recording intent signals (surveys/RSVP), anti-bot, and aggregate analytics — Art. 6(1)(f) legitimate interests; where required, Art. 6(1)(a) consent.

DAO governance UX

Enabling wallet connection, displaying off-chain proposals/results, linking to on-chain actions — Art. 6(1)(b) contract / 6(1)(f).

Security & fraud prevention

Rate-limiting, abuse detection, safeguarding wallets and accounts — Art. 6(1)(f).

Communications & updates

Service emails/notifications; marketing only with your opt-in — Art. 6(1)(b) / 6(1)(a).

Compliance

Responding to lawful requests, tax/accounting, record-keeping — Art. 6(1)(c) legal obligation.

Where processing relies on consent, you can withdraw it at any time via settings or [Contact Email] (does not affect prior lawful processing).

4. Cookies & Similar Technologies

We use essential cookies for security and session management and (with consent) analytics cookies to improve the service.

Essential (required)

Authentication, load balancing, anti-abuse.

Analytics (consent)

Aggregated traffic, feature usage (no sensitive categories).

You can manage preferences via our Cookie Banner and browser settings. Blocking essential cookies may impair functionality.

5. Disclosures & Processors

We do not sell personal data. We may share limited data with:

  • Processors (under GDPR Art. 28) for hosting, analytics, support, email delivery, and security (e.g., cloud hosting, email/SMS providers, analytics).
  • Partners strictly for event logistics or discounted bookings you opt into (e.g., hotels, tour operators).
  • Compliance recipients where required by law or to protect rights/safety.

We sign Data Processing Agreements (DPAs) with processors and require appropriate safeguards.

6. International Transfers

Where data is transferred outside the EEA/UK, we rely on:

  • Adequacy decisions (GDPR Art. 45), or
  • Standard Contractual Clauses (SCCs, Art. 46) with supplementary measures.

You may request a copy of relevant transfer safeguards at [Contact Email] (commercially reasonable redactions may apply).

7. Retention

We keep personal data only as long as necessary for the purposes above:

Account & contactWhile active + up to 24 months after last activity
RSVP/votes/surveys (off-chain)12–24 months (aggregated/anonymized thereafter)
Logs & security eventsUp to 12 months (unless extended for investigations)
Marketing consent recordsUntil withdrawn + minimal audit trail
On-chain dataPermanent by blockchain design (we do not control erasure)

We periodically review and delete or anonymize data that is no longer needed.

8. Your Rights (GDPR Arts. 12–22)

You have the right to:

Access your data and obtain a copy

Rectify inaccurate or incomplete data

Erase (right to be forgotten) where applicable

Restrict or object to processing (incl. profiling)

Data portability in a structured format

Withdraw consent at any time

Lodge a complaint with your local supervisory authority

How to exercise:

Email [Contact Email]. We may verify identity before actioning requests.

Note on blockchain: on-chain records cannot be altered/erased by us; we will explain feasible alternatives (e.g., key-unlinking, off-chain deletion, tokenization hygiene).

9. Security

We apply administrative, technical, and organizational measures, including:

  • Encryption in transit, hardened configurations, least-privilege access
  • Multisig and segregation for treasury operations
  • Rate limiting, bot mitigation, and abuse monitoring
  • Vendor risk assessments and DPAs
  • Incident response procedures

No system is 100% secure. If we detect a data breach likely to result in a high risk to your rights and freedoms, we will notify you and the competent authority as required (GDPR Arts. 33–34).

10. Telegram Mini App & Wallets

  • We receive your Telegram user ID/handle only after your explicit login/authorization.
  • Wallet addresses are pseudonymous; linking a wallet to your profile is optional but may be required for on-chain actions.
  • The Scout Token ($0.01) is used for research/RSVP and anti-bot; it is not an investment or governance token.
  • Push/notifications are opt-in and can be turned off at any time.

11. Children's Data

Our services are not directed to individuals under 16. If you are a parent or guardian and believe your child provided data, contact us at [Contact Email] for prompt deletion (to the extent technically feasible).

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be highlighted on this page and, where appropriate, notified to you (e.g., email or in-app). Continued use after the effective date constitutes acceptance of the revised policy.

13. Contact & Complaints

Data protection contact: [Contact Email]
Postal: [Company Name], [Address]
Supervisory authority (example): If you reside in [EU Country], you may contact [Supervisory Authority Name / URL]. You may also contact your local authority in the EEA/UK.

Annex: Summary of Lawful Bases

Contract

To deliver services you requested (Mini App, RSVP, DAO UX).

Consent

Analytics cookies, marketing emails, optional features.

Legitimate interests

Research (Scout Token usage analytics), service improvement, security/fraud prevention.

Legal obligation

Bookkeeping, regulatory requests.

Back to Home