Privacy Policy

This Privacy Policy explains how Gatoll ("Gatoll", "we", "our", or "us") collects, uses, discloses, and protects personal information in connection with our website and services that enable creators and brands to launch on‑chain Reward Drops and community interactions. We operate with a privacy‑by‑design approach and comply with applicable data protection laws, including the EU/UK GDPR where they apply.

Who we are (Data Controller)

Gatoll acts as the data controller for off‑chain personal information we collect via our website and services. Contact: [email protected].

Where our services are available

Gatoll is intended for residents of jurisdictions that permit blockchain‑based transactions and digital asset activities. We do not offer services to, and may geo‑restrict or deny access from, the following countries/regions:

• Mainland China, Nepal, Algeria, Bangladesh, Bolivia, Qatar, Kuwait, Iraq, Afghanistan, Egypt, Morocco, Cuba, Iran, North Korea, Syria
• Russia, Belarus, Venezuela, Myanmar, Sudan, Pakistan, India, Indonesia, Türkiye, Vietnam, Jordan, North Macedonia, Tunisia
• Ukraine regions under Russian occupation: Crimea, Donetsk, Luhansk, Zaporizhzhia, Kherson

If you are located in a restricted location, you must not use Gatoll. We may implement compliance checks such as IP geolocation, sanctions screening, or other measures to meet legal obligations.

Information we collect

• Account & profile: display name, avatar, optional bio and contact details you choose to provide.
• Social login data: identifiers and public profile data obtained with your consent from X (Twitter) or similar providers.
• Wallet identifiers: blockchain addresses you connect or bind to your account (addresses themselves are generally public on‑chain).
• Operational data: session tokens, device/OS/browser info, IP (approximate geolocation), logs for security and fraud prevention.
• Usage data: pages viewed, referral links, campaign interactions, Drop participation metadata, aggregated analytics.
• Cookies and similar: essential cookies for session integrity; optional analytics/functional cookies with consent where required.

How we use personal information (Purposes & lawful bases)

• Provide and operate the service (account, sessions, Drops, community features) — performance of a contract.
• Security and anti‑sybil/abuse operations (rate limiting, anomaly detection, eligibility checks) — legitimate interests and legal obligations.
• Customer support and communications — legitimate interests and/or consent where applicable.
• Analytics and product improvement (aggregated metrics, UX diagnostics) — legitimate interests or consent if required.
• Compliance (sanctions, geographic restrictions, record keeping) — legal obligations.
• Marketing (opt‑in updates) — consent, with the right to withdraw anytime.

Sharing of information

We may share limited personal information with trusted service providers (e.g., hosting, analytics, security, customer support) under data processing agreements, and with competent authorities when legally required. In a corporate transaction (merger, acquisition), data may transfer subject to this Policy and applicable laws.

International transfers

Where we transfer personal information outside of the EU/UK, we rely on appropriate safeguards such as the EU/UK Standard Contractual Clauses (SCCs) or adequacy decisions, and we assess risk consistent with GDPR requirements.

Data retention

We keep personal information only as long as necessary for the purposes above, including legal, accounting, and security requirements. Session cookies are typically short‑lived; operational logs are retained for a limited period to detect abuse and ensure integrity. On request, we will delete or anonymize data unless we must retain it by law.

Your rights (EU/UK GDPR)

Depending on your location, you may have the right to request access, rectification, erasure, restriction, portability, and to object to certain processing, as well as the right to withdraw consent at any time (without affecting prior lawful processing). You also have the right to lodge a complaint with your local supervisory authority.

Cookies

We use essential cookies to maintain secure sessions and prevent fraud. With your consent where required, we may use functional or analytics cookies to improve the experience. You can adjust cookie preferences in your browser or device settings. Blocking essential cookies may impact core functionality.

Children

Gatoll is intended for adults and is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us data, please contact us to remove it.

Security

We implement reasonable organizational and technical measures to protect personal information against unauthorized access, loss, misuse, or alteration. No method of transmission or storage is 100% secure; risk cannot be fully eliminated.

Third‑party links and blockchain data

Our site may include links to third‑party sites and wallets. Their privacy practices are not governed by this Policy. Blockchain transactions (including addresses and events) are public and beyond our control.

Changes to this Policy

We may update this Policy from time to time. We will post the updated version with a new effective date. Material changes may be communicated via our website or email notifications where appropriate.

Contact

For questions or requests about this Policy or your personal information, contact us at [email protected].

This document is provided in US English for clarity across jurisdictions commonly engaged in digital asset activities. It does not constitute legal advice. Your use of Gatoll also remains subject to our Terms of Service.