Privacy Policy

Preamble

Purpose and scope. This Privacy Policy explains how Digital Gas Management Limited and its affiliates (“ETHGas”, “we”, “us”, “our”) collect, use, disclose, and safeguard Personal Data across our websites, trading platform, and community features (including leaderboards, referrals, and quests) (collectively, the “Services”). It applies to all users of the Services and should be read together with any product‑specific terms and program rules that reference this Policy.

Controller. Digital Gas Management Limited, a company incorporated in the British Virgin Islands (BVI) with BVI company number 2144149, is the data controller for the Services. Our affiliates, representatives, and authorized service providers may process Personal Data on our behalf according to our instructions and this Policy.

Relationship to other consents. This Policy supplements (and does not supersede) any consents you have previously provided to us. Those consents remain valid in addition to our rights at law to collect, use, disclose, and/or process Personal Data.

Changes to this Policy. We may revise this Policy from time to time. We will post updates on this page and may place notices on other pages of our site so you are aware of how we handle Personal Data. Subject to your rights at law, your continued use of the Services after the “Last Updated” date constitutes your acknowledgment of the revised Policy.

1. Definitions
   • “Personal Data” means information that identifies, relates to, describes, or is reasonably capable of being associated with an identified or identifiable individual, as defined under applicable data protection laws (“Data Protection Laws”).
2. What We Collect
   • Depending on how you interact with the Services, we may collect:
     • Identifiers and profile data: cryptocurrency wallet address(es); X (Twitter) user ID, handle, and avatar URL; referral codes; quest/referral participation metadata; newsletter email address if you subscribe.
     • Device/telemetry: IP address, device and browser identifiers, user agent, referrer, timestamps, and approximate geolocation, including via analytics SDKs/tags and session replay where enabled.
     • Usage and events: page views and in‑app actions (for example, Onboarding Completed, Share Link Quest Completed), auto‑captured interactions from analytics SDKs, and interaction records we create during your use of the Platform.
     • On‑chain data: mappings or associations between wallet addresses and social handles as necessary for service functionality and transparency in community features.
     • Support and program data: information you provide when contacting support or participating in programs, surveys, or promotions.We do not collect government‑issued identification, biometric liveness/selfie, or proof‑of‑address as part of the Services unless we notify you otherwise.
3. How We Collect Personal Data
   • Directly from you when you connect a wallet or X account, participate in community features, subscribe to newsletters, or contact us.
   • Automatically via cookies, pixels, SDKs, tags, and similar technologies on our websites and apps (see Section 7).
   • From public sources or third parties, where permitted by law or where you have made information publicly available.
4. Purposes of Processing
   • We process Personal Data to:
     • Provide, operate, maintain, secure, and improve the Services and ensure access to the Platform.
     • Enable community features (including leaderboards, referrals, and quests) and attribute participation and rewards.
     • Authenticate users; prevent, detect, and investigate fraud, abuse, and security incidents; and protect accounts and funds.
     • Comply with legal obligations, manage disputes, and enforce terms.
     • Communicate service updates, confirmations, security alerts, and administrative messages.
     • Conduct analytics, market research, and product development to understand usage and improve user experience.
5. Legal Bases (where applicable)
   • Contract necessity: providing the Services and community features that rely on social identity and public display (e.g., leaderboards and referral graphs).
   • Legitimate interests: service integrity, security, fraud prevention, debugging, and certain analytics where permitted.
   • Consent: non‑essential cookies/SDKs (including analytics and session replay) in jurisdictions requiring prior consent; newsletter marketing via double opt‑in.
   • Legal obligation: compliance with laws and lawful requests.
6. Community Features and Public Display
   • Leaderboard: Your X handle and avatar may be publicly displayed by default to all users, together with community metrics (e.g., rank and Beans).
   • Referrals: Referrers can view referees’ X handles/avatars and join dates by default.
   • Wallet display: We may display a truncated wallet address alongside your social identity for transparency.
   • X linkage and updates: If your X handle or avatar changes, displays update automatically. If you unlink X, your community profile remains but the X linkage is removed.
7. Cookies, SDKs, and Similar Technologies (Cookie Policy)
   • 7.1 What are cookies and similar technologiesCookies are small text files placed on your device when you visit our websites or use the Platform. They are read by your browser and returned to the website or element that set the cookie on subsequent visits. We also use related technologies including web beacons (pixel tags/clear GIFs), tracking links, and SDKs in our apps.
   • 7.2 Why we use them
     • We use these technologies to:
       • Track information such as visitor counts, visit frequency, and general usage patterns.
       • Make our Sites and Platform easier and faster to use (for example, remembering preferences and speeding up interactions).
       • Better tailor our products and Services to your interests and needs, including generating insights with our vendors and business partners.
       • Collate information on browsing and search history related to the Services.
       • Automatically receive and record information on our server logs (e.g., device data, referrer, timestamps) for analysis, statistics, and site management.
       • Perform statistical analysis, measure the effectiveness of our communications, and understand whether emails are received/opened and whether recipients have taken action.
   • 7.3 Third‑party cookies and analytics
     • Some cookies are set by third‑party service providers to deliver web analytics and intelligence about our Sites and Platform. These partners collect information about your interactions with our Services, which we use to compile aggregate statistics, gauge communications effectiveness, improve structure/content, and provide more relevant information to our users.
   • 7.4 How we categorize cookies
     • Strictly Necessary: required for core functionality, security, and network management.
     • Functional/Performance: help us remember preferences and improve performance.
     • Analytics: help us understand usage and improve the Services.
     • Marketing/Communication measurement: help us measure and improve communications and campaigns.
   • 7.5 Your choices and controls
     • Consent: In regions that require it (e.g., EU/UK), we will seek consent before placing non‑essential cookies/SDKs (such as analytics or session replay).
     • Browser controls: You can manage or block cookies in your browser settings. Unless you have configured your browser to block cookies, our system will set cookies when you visit our Sites or click on a link in a targeted email, even if you previously deleted our cookies.
     • Consequences of disabling: If you delete or disable cookies, some parts of our Sites/Platform may not function properly or may be inaccessible.
   • 7.6 Managing cookies in your browser
     • Instructions are available from major browsers:
       • Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
       • Mozilla Firefox: https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop
       • Internet Explorer: http://windows.microsoft.com/en-SG/internet-explorer/delete-manage-cookies#ie=ie-9
       • Safari (macOS): https://support.apple.com/en-sg/guide/safari/sfri11471/mac
       • Safari for iPhone/iPad/iPod touch: https://support.apple.com/en-us/105082
8. X (Twitter) Connection
   • OAuth permissions: When you connect X, you authorize our app to remain connected until you revoke access and, based on permissions, to read content you can view for the limited purpose of providing the Services.
   • Stored data: We store your X user ID, handle, avatar URL, and tokens/credentials necessary to maintain the connection and update displays.
9. On‑Chain Transparency and Immutability
   • Public blockchains (e.g., Ethereum) are transparent and may be effectively immutable. Personal Data written on‑chain (including any linkages between wallets and social handles) can be publicly viewable and may be indexed indefinitely by third parties. We cannot alter or delete on‑chain records. Where feasible, we will delink, minimize, or pseudonymize off‑chain references upon verified request and cease further off‑chain processing.
10. Disclosures and Recipients
    • We may disclose Personal Data to:
      • Service providers/contractors (e.g., analytics, hosting/CDN, email delivery, support) and our group affiliates acting under our instructions.
      • Other users as part of community features (e.g., public leaderboards and referral views).
      • Business partners in lawful initiatives where you have agreed, and in connection with contests, surveys, or promotions.
      • Law enforcement, regulators, courts, or third parties to comply with legal obligations or protect rights and safety.
      • Parties to corporate transactions (e.g., mergers, financings, asset transfers).We may share information in aggregate or anonymized form consistent with this Policy.
11. Analytics and Communications
    • Amplitude (US region): We use the SDK for analytics and, where enabled, session replay. Data collected may include IP address, device IDs, user agent, referrer, approximate geolocation, wallet and/or X identifiers, event names/properties, and replay metadata. Certain user properties may auto‑delete after periods of inactivity per vendor defaults.
    • Google Analytics: We use web analytics to measure and improve site performance. Data may include page usage, referrer, device/telemetry, and similar information.
    • Newsletters: If you subscribe, we process your email address via our email service provider using double opt‑in; you may unsubscribe at any time via the link in the email footer.
12. Hosting, Security, and Monitoring
    • Transport security and key/secret management
      • Encryption: All Services are configured to use HTTPS, with HTTP requests upgraded to HTTPS where applicable.
      • Key management: Encryption keys are managed in AWS Key Management Service (KMS).
      • Secret management: Application secrets are stored in AWS Secrets Manager.
    • Access controls and network security
      • IAM: Strict AWS IAM role policies restrict access based on least privilege.
      • IP controls: External and internal access is restricted by IP allow/deny rules so that systems only communicate when explicitly permitted.
    • Logging, retention, and observability
      • Logs: We log to AWS CloudWatch, Amazon S3, and Grafana dashboards.
      • Retention: Operational logs are typically retained between 7 days and 1 month for debugging and are then purged based on lifecycle rules.
    • Monitoring and incident alerting
      • Monitoring: We use Prometheus and custom monitoring code for metrics and health checks.
      • Alerts: Alerts are configured via Alertmanager with notifications delivered through Twilio and other channels as needed.
    • Incident acknowledgment targets: We intend to acknowledge major issues within 1 hour of detection and all other issues within 24 hours.These measures complement the purposes for security, fraud prevention, and service integrity described elsewhere in this Policy.
13. International Data Transfers
    • Your data may be processed in locations outside your jurisdiction. Where required, we implement appropriate safeguards for international transfers, and we will take steps designed to ensure an adequate level of protection consistent with applicable law.
14. Your Rights and Choices
    • Depending on your location, you may have rights to access, correct, delete, port, object to, or restrict processing, and to withdraw consent without affecting the lawfulness of prior processing. To exercise rights, contact info@ethgas.com.
      • Verification: We may ask you to sign a message from your linked wallet and/or re‑authenticate via your linked X account, and provide additional details to verify your identity.
      • Consequences of withdrawal: Withdrawing consent may prevent us from providing some or all Services and could result in termination of participation; our legal rights and remedies are reserved.
15. Data Retention
    • We retain Personal Data only as long as necessary for the purposes described or as required by law.
      • Community profile (wallet/X identifiers, referral graph): retained while the account is active; upon verified deletion, we remove public display and then delete or pseudonymize within a reasonable period.
      • Analytics: Vendor defaults may include limited retention for raw session replay data and auto‑deletion of certain user properties after periods of inactivity (subject to configuration).
      • Newsletter: retained until you unsubscribe; we may retain suppression records to honor opt‑outs.
      • Operational logs: typically 7–30 days, then purged per lifecycle rules.
      • Backups: deletions cascade via normal rotation; some data may persist in backups for a limited period before being overwritten.We will publish or update a retention schedule once final values are confirmed.
16. Accuracy of Personal Data
    • Please ensure that Personal Data you provide is complete and accurate; otherwise, we may be unable to provide the Services you request.
17. Third‑Party Sites
    • Our Services may contain links to third‑party or co‑branded websites whose privacy practices are not governed by this Policy. Please review their privacy policies before providing Personal Data.
18. Children
    • The Services are intended for individuals aged 18 and over. If we learn that we have collected Personal Data from someone under 18, we will take appropriate steps to delete such data and terminate access.
19. Contacting Us
    • For questions, feedback, withdrawal of consent, or requests to access or correct your Personal Data, contact info@ethgas.com. If your Personal Data was provided to us by a third party, please submit your request through that party where applicable.
20. Governing Law
    • This Privacy Policy is governed by the laws of the British Virgin Islands. Nothing in this section limits any non‑waivable rights you may have under applicable Data Protection Laws.

‍

‍