Privacy Policy

1. Introduction

VeriMint ("we," "our," or "us") operates the VeriMint browser extension and website at verimintapp.com (the "Service"). This Privacy Policy describes how we collect, use, and protect your personal information when you use our Service.

By using VeriMint, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Information You Provide

• Wallet address — your public Ethereum-compatible wallet address, used to authenticate you, mint NFTs, and track $VERI rewards
• Email address — provided during beta application or waitlist signup, used for notifications and updates
• Social handles — Discord, Twitter/X, and Telegram usernames provided during beta application, used for identity verification and communication
• Application details — referral codes, reasons for applying, and other optional information submitted during beta enrollment
• Bug reports — descriptions and details you submit when reporting issues

Information Collected Automatically

• IP address — collected during uploads and beta applications for fraud prevention and abuse detection. IP addresses are hashed (SHA-256) before long-term storage
• Browser user agent — collected during beta applications as part of anti-sybil verification
• Mint activity — records of certificates you mint including chain, token ID, IPFS hash, and timestamp
• Image data — images you choose to upload for minting are transmitted to our servers for IPFS pinning and AI-detection analysis. We do not capture or store images you do not explicitly select for minting

3. How We Use Your Information

• Generating Certificates — uploading your images to IPFS and recording on-chain transactions
• Rewards tracking — calculating and recording $VERI token rewards, tier progress, and referral bonuses
• Beta program management — processing applications, verifying identity, preventing duplicate accounts, and distributing beta rewards
• Fraud prevention — detecting VPN/proxy usage, sybil attacks, and abusive behavior through IP analysis and behavioral signals
• AI image detection — analyzing uploaded images to verify they are AI-generated before minting (processed locally on our servers, not sent to third parties)
• Service improvement — understanding usage patterns to improve the product
• Communication — sending beta approval notifications, product updates, and announcements (email only, no spam)

4. Blockchain Data

When you mint a certificate, the following information is recorded permanently on public blockchains (Polygon, Base, Arbitrum, and/or Optimism):

• Your wallet address
• The transaction token ID and metadata URI (IPFS link)
• Transaction hash and timestamp
• Smart contract interactions

5. Data Storage and Security

• Server infrastructure — hosted on AWS (Amazon Web Services) with encrypted connections (HTTPS/TLS)
• Database — MySQL with access restricted to application-level queries only
• Image storage — uploaded to IPFS (decentralized, permanent storage) via Pinata pinning service
• IP addresses — hashed using SHA-256 for long-term storage; raw IPs are only held transiently for rate limiting
• API security — HMAC signature verification, rate limiting, and CORS restrictions protect all endpoints

We implement industry-standard security measures but cannot guarantee absolute security. No internet transmission or electronic storage method is 100% secure.

6. Third-Party Services

We use the following third-party services:

• Pinata — IPFS pinning service for decentralized image storage (Pinata Privacy Policy)
• CoinGecko API — cryptocurrency price data for fee calculations (no personal data shared)
• Blockchain RPCs — Alchemy and public RPC providers for on-chain interactions (only wallet addresses and transaction data)

We do not sell, rent, or share your personal information with advertisers or data brokers.

7. IP Blocklist Data

To prevent abuse, we maintain blocklists of IP ranges associated with VPNs, datacenters, and Tor exit nodes. These lists are sourced from publicly available databases and are used solely to enforce our fee and access policies. We do not collect or store individual user browsing data from these sources.

8. Data Retention

• Wallet and mint data — retained for the lifetime of the service (required for $VERI reward tracking and on-chain verification)
• Beta applications — retained for the duration of the beta program and token distribution period
• Email addresses — retained until you request removal or unsubscribe
• IP hashes — retained for fraud analysis; raw IPs are not stored long-term
• Bug reports — retained for the duration of the beta program

9. Your Rights

You have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate data
• Deletion — request deletion of your off-chain data (email, social handles, application data). Note: on-chain data and IPFS-pinned images cannot be deleted
• Withdrawal — withdraw from the beta program at any time
• Portability — request your data in a machine-readable format

To exercise any of these rights, contact us at the email listed below.

10. Children's Privacy

VeriMint is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a minor, we will take steps to delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

12. Contact

If you have questions about this Privacy Policy or want to exercise your data rights, you can reach us at:

• Twitter/X: @VeriMintApp
• Discord: discord.gg/pHH6DAFj
• Support: support@verimintapp.com