Legal

Privacy Policy

What we collect, why we collect it, and the part of your data that lives on a public blockchain.

Last updated: July 10, 2026

1. Overview

This Privacy Policy explains how the 0deg team (“0deg”, “we”, “us”) handles personal data when you use the 0deg website, web application, and APIs (the “Service”). 0deg is designed to be data-minimal: there are no passwords, no email sign-up, and no custodial accounts. Your Stellar wallet is your identity.

2. Data We Collect

2.1 Data you provide

  • Profile data: your Stellar public address (your account identifier), and optionally a username and avatar image.
  • Quest content: Quest titles, descriptions, categories, coordinates, and reward parameters you set as a Navigator.
  • Proof submissions: photos, videos, or documents you upload as a Scout, plus optional notes. Media files may contain embedded metadata (such as EXIF data) you include when uploading.

2.2 Data collected automatically

  • Device location when you use location features (see §3).
  • Technical logs: IP address, user-agent, and request metadata generated when your browser talks to our API, used for security and debugging.

We do not run third-party advertising or cross-site tracking, and we do not sell personal data.

3. Location Data

  • Your device location is requested only when you trigger a location feature, such as centering the map on you or taking a Quest (where being inside the Quest radius is a protocol rule).
  • Location is checked at the moment of the action. We do not track your location in the background and do not build movement profiles.
  • Your coordinates are never published on-chain. Quest locations chosen by Navigators are public by design; Scout locations are not.
  • You can deny location permission at any time; location-gated actions will simply be unavailable.

4. Blockchain Data

Quest settlement happens on the Stellar network, a public, permanent ledger. When you create, take, or settle a Quest, your wallet address, transaction details, Quest identifiers, and amounts are recorded on-chain and become publicly visible and permanently immutable. This is inherent to how blockchains work: we cannot edit or delete on-chain data, and neither can you. If you do not want an address publicly associated with Quest activity, use a dedicated wallet.

5. How We Use Data

  • Operate the Service: match Quests to maps, validate take-radius rules, show proof to the reviewing Navigator, compute reputation and leaderboards.
  • Secure the Service: rate limiting, abuse prevention, debugging, and incident response.
  • Communicate with you when you contact us.

We process this data because it is necessary to provide the Service you request, to pursue our legitimate interests in securing it, and to comply with legal obligations.

6. Sharing & Third Parties

We share data only with processors needed to run the Service:

  • Object storage (Cloudflare R2): proof files and avatars are stored in private buckets and served only through the application: proof files to the parties of the Quest, avatars publicly as part of your profile.
  • Map and place services (Google Maps, OpenStreetMap tiles): map tiles and place search send standard web requests (including IP address) to these providers, subject to their own privacy policies.
  • Stellar infrastructure (RPC and Horizon providers): transactions you sign are submitted to the network; balance and trustline lookups query public network data.
  • Hosting and database providers that run our API and store indexed Quest data.

We may disclose data if required by law, or to protect the rights, safety, and integrity of the Service and its users. Public data (profiles, Quest listings, reputation, leaderboard, on-chain activity) is visible to anyone by design.

7. Retention & Deletion

  • Profile data is kept while your account is active. Replaced avatars are deleted from storage immediately.
  • Proof files are retained while the related Quest and its history remain part of the Service, since they document the basis of a settled payment.
  • Technical logs are retained for a limited period for security and then rotated out.
  • On-chain data cannot be deleted by anyone (see §4).

You may request deletion of off-chain data we hold (profile, proof files, logs) via the contact below. We will honor requests except where retention is required for legal compliance, dispute integrity, or security.

8. Security

Proof files and avatars live in private storage accessed only through the application; authentication uses wallet signatures rather than stored credentials; and the protocol is non-custodial, so we hold no funds or keys that could be stolen from us. No system is perfectly secure, so report suspected vulnerabilities to the contact below and we will respond promptly.

9. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or port your personal data, and to object to certain processing. You can exercise these rights for off-chain data by contacting us. Note that these rights cannot override the immutability of the public ledger (§4). We will respond to verified requests within the timeframe required by applicable law.

10. Children

The Service is not directed to children and may not be used by anyone under 18. We do not knowingly collect data from children; if you believe a child has used the Service, contact us and we will delete the associated off-chain data.

11. Changes to This Policy

We may update this Policy as the Service evolves. Material changes will be indicated by updating the “Last updated” date on this page and, where practical, by notice in the app. Continued use after changes take effect constitutes acceptance.

12. Contact

Privacy questions and requests, reach us on X: @0degorigin.