Privacy Policy

Version 1.0

Last Updated: 2025-12-20

1. California Privacy Rights (CCPA)

If you are a California resident, you have these rights:

Right to Know

Request what personal data we collect and how we use it

Right to Delete

Request deletion of your personal data (subject to legal exceptions)

Right to Opt-Out

Opt out of data "sales" (we don't sell data, but you can opt out of sharing)

Right to Non-Discrimination

We won't discriminate against you for exercising your rights

To exercise these rights, email privacy@yibbles.com with "CCPA Request" in the subject line.

We'll respond within 45 days.

2. What Data We Collect

Account Data

  • Solana wallet address (public blockchain data)
  • Email address (if provided, optional)
  • Username (chosen by you)

Usage Data

  • Pages visited, features used
  • Device type, browser type
  • IP address (for security and fraud prevention)

AI Interaction Data

  • Messages sent to yibbles (chat feature)
  • Voting actions (community shaping)
  • Visit timestamps (care mechanics)

Blockchain Data

  • All transactions are public on Solana blockchain
  • We cannot delete blockchain data (it's immutable)

We do NOT collect:

  • Private keys or seed phrases
  • Financial account information (bank accounts, credit cards)
  • Government IDs or SSNs

3. Third-Party Services We Use

We share data with these service providers:

ServicePurposeData Shared
SupabaseDatabase, authEmail, username, usage data
OpenAIAI text generationChat messages, prompts
ReplicateAI image generationVisual prompts, metadata
Gemini (Google)Visual design AIDesign specs, mockups
VercelHosting, deploymentUsage data, IP addresses
HeliusSolana RPCWallet addresses, transactions

We have Data Processing Agreements (DPAs) with all third parties ensuring they:

  • Use data only for our specified purposes
  • Maintain security standards
  • Delete data when we request it
  • Comply with GDPR/CCPA requirements

4. Your Privacy Rights

Data Export (Right to Portability)

  • Request a copy of your data in JSON format
  • Email privacy@yibbles.com with "Data Export Request"
  • We'll provide your data within 30 days

Data Deletion (Right to Erasure)

  • Request deletion of your account and associated data
  • Email privacy@yibbles.com with "Deletion Request"
  • We'll delete within 30 days (see exceptions below)

What We CANNOT Delete:

  • Blockchain transactions (immutable public ledger)
  • Data required for legal/regulatory compliance (7 years)
  • Aggregated/anonymized analytics data

Marketing Opt-Out

  • Unsubscribe from emails via link in every message
  • Disable push notifications in your device settings
  • Opt out of analytics cookies via cookie banner

You can also manage your privacy preferences in Privacy Settings.

5. How Long We Keep Your Data

Data TypeRetention PeriodReason
Account dataUntil deletion requested + 30 daysUser access, legal compliance
Chat messages90 daysAI training, abuse prevention
Transaction records7 yearsTax/legal requirements
Usage analytics2 yearsProduct improvement
Moderation logs3 yearsSafety, legal defense
Deleted account data30 days (soft delete)Account recovery window

Automated Deletion: We automatically delete data when retention periods expire (no manual action needed).

6. Cookie Usage

We use cookies for:

Essential Cookies (Required)

Authentication, security (required for platform to work)

Analytics Cookies (Optional)

Understanding how users interact with features (optional)

Preferences Cookies (Optional)

Saving your settings (optional)

You can control cookies:

  • Essential cookies: Cannot be disabled (platform won't work)
  • Analytics cookies: Disable via cookie banner or browser settings
  • Third-party cookies: See third-party privacy policies

Cookie Consent: On your first visit, we'll ask for consent for non-essential cookies. You can change your choice anytime.

7. Data Security

We protect your data with:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for sensitive data
  • Row-level security (RLS) in our database
  • Regular security audits and penetration testing
  • Access controls and authentication requirements

However, no system is 100% secure. You are responsible for keeping your wallet private keys secure.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or platform notification at least 30 days before taking effect.

9. Contact Us

For questions about this Privacy Policy or to exercise your rights:

Email: privacy@yibbles.com

Privacy Settings: /settings/privacy