Back to CypherPit

Privacy Policy

Effective Date: March 1, 2026 · Last Updated: March 2, 2026

CypherPit LLC ("CypherPit," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you access or use the CypherPit website at www.cypherpit.com and all related applications, features, and services (the "Platform").

By using the Platform, you consent to the data practices described in this policy. If you do not agree, please do not use the Platform.

1. Information We Collect

1.1 Information You Provide

  • Account information: Email address, username, display name, profile picture
  • Payment information: Payment method details processed securely by Stripe. We do not store your credit card numbers, bank account numbers, or other financial account information on our servers.
  • Identity verification (KYC): Full legal name, date of birth, government-issued ID, selfie image, and address — collected and processed by Stripe Identity for SC redemption eligibility
  • Communications: Emails, support requests, chat messages, and any other content you submit
  • AMOE requests: Name, email, and mailing address submitted for free Sweeps Coins
  • Third-party login data: If you sign in via Google, Discord, or Spotify, we receive your name, email, and profile picture from those services

1.2 Information Collected Automatically

  • Device information: Browser type, operating system, device type, screen resolution
  • Usage data: Pages visited, features used, battle participation, wagering activity, timestamps
  • IP address and geolocation: Used for geographic restriction enforcement, fraud prevention, and analytics. Region-level geolocation is determined via Vercel Edge Network headers.
  • Cookies and local storage: Session tokens, authentication cookies, and user preferences (see Section 5)
  • Referral data: How you arrived at the Platform (referring URL, UTM parameters)

1.3 Information from Third Parties

  • Spotify: Publicly available artist data (name, images, track metadata) used for battle content. We do not access your personal Spotify listening history.
  • YouTube: Publicly available video metadata (title, duration, channel) for embedded playback
  • Stripe: Payment confirmation, subscription status, KYC verification results
  • Authentication providers: Basic profile information (name, email, avatar) from Google, Discord, or Spotify when used for sign-in

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Platform operation: To create and manage your account, process GC purchases and SC redemptions, execute wagers, and deliver Platform features
  • Identity verification: To verify your identity for KYC compliance as required for SC redemptions
  • Legal compliance: To comply with applicable laws, regulations, and legal obligations, including tax reporting (1099-MISC), anti-money laundering (AML), and geographic restrictions
  • Security & fraud prevention: To detect, investigate, and prevent fraudulent, unauthorized, or illegal activity, including multi-accounting, collusion, and bot usage
  • Responsible gaming: To enforce deposit limits, loss limits, cool-off periods, and self-exclusion requests
  • Communications: To send transactional emails (purchase confirmations, redemption updates, account alerts) and, with your consent, promotional communications
  • Analytics & improvement: To understand how users interact with the Platform, identify bugs, and improve features and performance
  • Customer support: To respond to your inquiries and resolve issues

3. Legal Basis for Processing

We process your personal information on the following legal bases:

  • Contract performance: Processing necessary to provide the Platform and fulfill our obligations under the Terms of Service
  • Legal obligation: Processing required to comply with applicable laws (tax reporting, KYC/AML, geographic restrictions)
  • Legitimate interest: Processing for fraud prevention, security, analytics, and Platform improvement, balanced against your privacy rights
  • Consent: Processing based on your explicit consent (e.g., marketing communications), which you may withdraw at any time

4. How We Share Your Information

We do not sell your personal information to third parties. We may share your information in the following circumstances:

4.1 Service Providers

We share information with trusted third-party service providers who assist in operating the Platform:

  • Supabase — Database hosting, authentication, and real-time infrastructure
  • Stripe — Payment processing, subscription billing, and identity verification (KYC). Stripe is PCI DSS Level 1 certified.
  • Vercel — Website hosting, CDN, and edge computing
  • Upstash — Redis caching and rate limiting
  • LiveKit — Real-time audio/video infrastructure

These providers are contractually obligated to use your information only for the purposes of providing their services to us and in accordance with applicable data protection laws.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal process, including subpoenas, court orders, or government requests. We may also disclose information to protect the rights, property, or safety of CypherPit, our users, or the public.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

4.4 Aggregated or De-identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for analytics, research, or business purposes.

5. Cookies & Tracking Technologies

We use cookies and similar technologies to operate and improve the Platform:

  • Essential cookies: Required for authentication, session management, and security. These cannot be disabled without breaking Platform functionality.
  • Functional cookies: Store your preferences (e.g., music source selection, theme settings) to improve your experience.
  • Analytics cookies: Help us understand Platform usage patterns to improve features and performance. We use Vercel Analytics, which collects anonymized usage data.

We do not use third-party advertising cookies or cross-site tracking technologies. Most browsers allow you to control cookies through their settings. Disabling essential cookies may prevent you from using the Platform.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this policy:

  • Active account data: Retained for the duration of your account's existence
  • Transaction and financial records: Retained for seven (7) years after the transaction date, as required for tax compliance and audit purposes
  • KYC verification data: Retained by Stripe Identity in accordance with their data retention policy. We store only the verification result (pass/fail), not the underlying identity documents.
  • Chat messages and user-generated content: Retained for up to one (1) year after creation, unless earlier deletion is requested
  • Server logs and analytics: Retained for ninety (90) days
  • Deleted accounts: Core account data is deleted within thirty (30) days of account deletion. Transaction records are retained as required by law.

7. Data Security

We implement industry-standard security measures to protect your personal information:

  • Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS 1.3
  • Encryption at rest: Database contents are encrypted at rest using AES-256 encryption
  • Access controls: Row-level security (RLS) policies on all database tables ensure users can only access their own data
  • Payment security: All payment processing is handled by Stripe, which is PCI DSS Level 1 certified. We never store or process credit card numbers.
  • Authentication: Secure session management via Supabase Auth with HTTP-only cookies
  • Infrastructure: Hosted on Vercel with automatic security patches, DDoS protection, and edge-level firewalling

While we take reasonable precautions to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete personal information
  • Deletion: Request deletion of your personal information, subject to legal retention requirements
  • Portability: Request a machine-readable copy of your data
  • Restriction: Request that we limit how we use your data
  • Objection: Object to processing based on our legitimate interests
  • Withdraw consent: Withdraw previously given consent at any time

To exercise these rights, contact us at privacy@cypherpit.com. We will respond to your request within thirty (30) days. We may require identity verification before processing your request.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected, the sources of collection, the business purposes, and the categories of third parties with whom we share it.
  • Right to Delete: You may request deletion of your personal information, subject to exceptions (e.g., legal obligations, fraud prevention).
  • Right to Correct: You may request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. No opt-out is necessary.
  • Right to Limit Use of Sensitive Information: You may request that we limit the use of sensitive personal information to purposes necessary to provide the Platform.
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To submit a CCPA/CPRA request, email privacy@cypherpit.com with the subject line "CCPA Request." We will verify your identity and respond within forty-five (45) days. You may designate an authorized agent to submit a request on your behalf.

Categories of Personal Information Collected (Last 12 Months)

CategoryExamplesSold?
IdentifiersEmail, username, IP addressNo
Financial informationPurchase history, redemption recordsNo
Internet activityPages visited, features usedNo
GeolocationState/region (from IP)No
Sensitive personal infoGovernment ID (for KYC, via Stripe)No

10. Children's Privacy

The Platform is not directed to, and we do not knowingly collect personal information from, children under the age of thirteen (13). If you are under 13, do not use the Platform or provide any personal information.

If we learn that we have collected personal information from a child under 13, we will promptly delete that information. If you believe a child under 13 has provided us with personal information, please contact us at privacy@cypherpit.com.

Users must be at least 18 years old (21 in Florida) to use the Platform. See our Terms of Service for full eligibility requirements.

11. Data Breach Notification

In the event of a data breach that compromises the security, confidentiality, or integrity of your personal information, we will:

  • Investigate and contain the breach promptly
  • Notify affected users via email within seventy-two (72) hours of discovery, where feasible
  • Notify relevant regulatory authorities as required by applicable law
  • Provide a description of the breach, the types of information involved, steps taken to address it, and recommended actions you can take to protect yourself

12. International Data Transfers

The Platform is operated from the United States. If you access the Platform from outside the U.S., your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

By using the Platform, you consent to the transfer of your information to the United States. We take appropriate safeguards to ensure that your personal information receives an adequate level of protection in accordance with applicable data protection laws.

13. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. There is currently no universally accepted standard for how to respond to DNT signals. We do not currently respond to DNT signals. However, we do not engage in cross-site tracking or sell your personal information for advertising purposes.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. Material changes will be communicated via email or a prominent notice on the Platform at least fourteen (14) days before taking effect.

The "Last Updated" date at the top of this policy indicates when it was most recently revised. Your continued use of the Platform after any changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

CypherPit LLC · Privacy Policy · Effective March 1, 2026
We do not sell your personal information. For entertainment purposes only.