Privacy Policy

We collect the minimum necessary information to run our Services, protect safety, and improve what we build.

We do not allow doxxing.

You can use many parts anonymously.

When you share data, we use it to provide features, secure the platform, communicate, and (if you opt in) send updates.

You can access, correct, or delete your data, and (where applicable) opt out of targeted ads or the “sale”/“sharing” of personal information. We respect lawful requests and your rights in the U.S., EU/UK, and elsewhere.

This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use the Services. It is part of our Terms of Service, which also govern your use of the Services.

We collect information in three ways: (a) you provide it; (b) it is collected automatically; (c) we receive it from third parties.

‍Account & Profile: username (which may be a pseudonym), email, display name, avatar, timezone, role, preferences.

‍Web3 Identifiers: wallet address(es), ENS or other naming systems, transaction references. We never ask for your seed phrase or private keys.

‍Content & Communications: posts, messages, uploads, code contributions, form entries, feedback, survey responses.

‍Payment & Fulfillment: name, email, shipping address, phone, transaction details (processed by third parties). We do not store full payment card numbers.

‍Support & Safety Reports: messages to support, incident reports, moderation flags.

Device/Log Data: IP address, device type, OS, browser, language, referring/exit pages, timestamps, crash/diagnostic logs.

‍Usage & Analytics: feature interactions, pages viewed, session duration, campaign attribution.

‍Cookies & Similar Technologies: cookies, local storage, pixels. See Cookies below.

Auth & Community Platforms: (e.g., OAuth, Discord, GitHub, Google, Patreon).

‍Payments & Merch: (e.g., Stripe, Patreon, PayPal, Shopify).

‍Analytics/Marketing: (e.g., Plausible, Google Analytics) if enabled.

‍Public Sources: public blockchains, public profiles, or posts you make public elsewhere.

We may combine information from these sources.

Anonymity: You may participate under a pseudonym. We do not require your legal name except where necessary to process payments, shipping, or legal compliance.

‍No Doxxing: Publishing or soliciting private, identifying information about others is prohibited by our Terms. We may redact or remove such content and enforce account actions.

‍Web3 Realities: Public blockchains are immutable and transparent. On‑chain activity may be linkable to your wallet address by anyone. We cannot delete or alter blockchain records. We can, however, delete our off‑chain records that reference your wallet, subject to legal obligations.

Provide the Services: account creation, features, personalization, content hosting, and collaboration tools.

‍Safety & Integrity: moderation, fraud/spam prevention, abuse detection, legal compliance, and network security.

‍Communications: service messages, transaction confirmations, security alerts; with consent or as permitted by law, newsletters and product updates (you can unsubscribe).

‍Payments & Fulfillment: process orders, subscriptions, and deliveries via third‑party processors.

‍Research & Improvement: analytics, testing, debugging, and developing new features.

‍Compliance & Defense: comply with laws, respond to lawful requests, and defend legal claims.

Where GDPR or similar laws apply, we rely on one or more of the following: performance of a contract, legitimate interests (e.g., to secure and improve Services), consent (e.g., marketing, certain cookies), and legal obligations.

We use:

‍Strictly Necessary (e.g., login, security, load balancing).

‍Functional (e.g., preferences).

‍Analytics (e.g., traffic measurement).

‍Advertising/Attribution (only if enabled and with appropriate disclosures/consents).

You can manage preferences via our Cookie Settings control and your browser. Blocking some cookies may limit functionality.

We do not sell your personal information in the traditional sense.

We may disclose information to:

‍Service Providers/Processors: hosting, storage, analytics, payments, email/SMS, customer support, shipping, security (bound by contract to use it only for us).

‍Community/Integration Partners: where you choose to link accounts or interact (e.g., Discord, GitHub).

‍Public or Shared Content: content you post to public areas is visible to others and may be indexed.

‍Legal, Safety, & Rights Protection: to comply with law, enforce our Terms, or protect people.

‍Business Transfers: in connection with a merger, acquisition, or asset sale, with appropriate safeguards.

We do not knowingly allow third parties to use precise geolocation or sensitive categories without explicit consent.

If you use the Services from outside the U.S., your information may be transferred to the United States and other jurisdictions that may not provide the same level of data protection.

Where required, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) and supplementary measures. For UK/EU, we may also use the UK IDTA/Addendum. Details are available upon request.

We retain information only as long as needed for the purposes above, including to comply with legal obligations and resolve disputes.

Example guidelines:

‍Account data: for the life of the account and up to 24 months after closure (unless law requires longer/shorter).

‍Content & logs: operational logs 12–24 months; security logs up to 36 months.

‍Payments & tax records: 7 years (or as required by law).

‍Marketing preferences: until you opt out or your account is deleted.

We may anonymize or aggregate data for analytics and retain that in de‑identified form.

Your rights vary by region. Subject to legal limits, you may request:

‍Access to your personal data.

‍Correction of inaccurate data.

‍Deletion of personal data (“right to be forgotten”).

‍Portability in a machine‑readable format.

‍Restriction or Objection to certain processing.

‍Withdraw Consent where processing is based on consent.

‍Opt‑out of targeted advertising or of “sale”/“sharing” of personal information (as defined by state laws).

‍Appeal a decision if we deny your request (where required by law).

‍How to submit: Email mail@demorats.org.

We may ask you to verify your identity and jurisdiction. You may use an authorized agent where your law permits (we may require proof of authority).

Where required (e.g., in California), we treat a valid GPC signal as a request to opt out of “sale”/“sharing” for that browser.

Industry Do Not Track (DNT) signals are not standardized; we do not respond to DNT alone.

You can unsubscribe from marketing emails at any time. Service and transactional emails are necessary for your account.

If SMS is offered, you can opt out by replying STOP.

Notice at Collection (Categories): identifiers (e.g., IP, email, wallet address); commercial information (transactions); internet/network activity (logs, analytics); geolocation (approximate IP‑based); user‑generated content; inferences (limited, for safety/anti‑abuse).

We do not intentionally collect sensitive personal information unless necessary for specific features (e.g., verifying eligibility for a program) and with appropriate disclosures.

‍Purposes: see Section 4 above.

‍Retention: see Section 8 above.

‍“Sale”/“Sharing”/Targeted Advertising: We do not sell personal information for money. If we use ad or analytics partners that could constitute “sale”/“sharing” or targeted advertising under state laws, you can opt out via Your Privacy Choices and GPC.

‍Right to Know/Delete/Correct: You may request access to specific pieces/categories, ask for deletion, or corrections.

‍Right to Opt‑Out: of “sale”/“sharing”/targeted advertising via Your Privacy Choices.

‍Right to Limit Use of Sensitive PI: If we process sensitive categories, you may limit as provided by law.

‍Non‑Discrimination: We will not discriminate against you for exercising your rights.

Provide or manage these rights by emailing us at mail@demorats.org.

The Services are not directed to children under 13 (or under 16 where GDPR applies).

We do not knowingly collect personal information from children.

If you believe a child has provided personal information, contact us at mail@demorats.org to request deletion.

We use administrative, technical, and physical safeguards designed to protect information, including encryption in transit (TLS) and, where appropriate, encryption at rest.

No system is 100% secure. Please use a strong, unique password; enable available security features; and never share private keys or recovery phrases.

Information you post in public areas (forums, repositories, social feeds) is public. Avoid sharing personal or sensitive information you would not want widely known.

We may moderate to protect safety and enforce our Terms, including redacting doxxing attempts.

Our Services may link to or integrate third‑party services (e.g., Discord, GitHub, Patreon, Zora, Shopify, Stripe).

Their privacy practices are governed by their own policies. Review them before connecting accounts or using integrations.

We do not engage in fully automated decisions that have legal or similarly significant effects without human review.

We may use limited profiling for spam/abuse detection, account security, or basic personalization.

We may update this Policy from time to time. The “Effective Date” at the top shows the latest version.

Material changes will be announced via the Services or by email where appropriate.

Continued use after changes means you accept the updated Policy.