Privacy Policy for Heroes of Penta

Last Updated: 2025/2/21

Welcome to heroesofpenta.com (the “Website”). We value your privacy and strive to protect your personal data. This Privacy Policy explains what information we collect about you, how we use it, and your rights regarding that information. By using or accessing this Website, you agree to the terms of this Privacy Policy. If you do not agree, please do not use or access our Website or services.

1. Who We Are

• Website: heroesofpenta.com
• Data Controller: Heroes of Penta (“we,” “us,” or “our”) is the entity responsible for processing your personal data.
• Contact Information: For any privacy-related questions or requests, please contact privacy@heroesofpenta.com.

2. Data We Collect and How We Collect It

2.1. Registration Data

1. Newsletter Registration:
   • Data Collected: Email address.
   • Purpose: To send you updates, news, and promotional materials about Heroes of Penta.
   • How to Unsubscribe: You can unsubscribe at any time via heroesofpenta.com/unsubscribe. Each newsletter will also contain an unsubscribe link.
2. Account Registration (Web3 Wallet, Instagram, and TikTok):
   • Data Collected:
     • Web3 wallet address
     • Instagram account username (optional)
     • TikTok account username (optional)
   • Purpose:
     • To create and maintain your account.
     • Allow you to interact with Heroes of Penta’s Web3 features (e.g., minting NFTs, XP tracking, hero training).
   • Storage: This information is stored in our local database on a Hostinger server located in Germany.

2.2. NFT and Hero Data

• Data Collected:
  • Information on minted Heroes-of-Penta-Hero-NFTs linked to your Web3 wallet.
  • Primary hero selection (if any) for training.
• Purpose:
  • To track hero ownership and allow you to designate a primary hero for training.
  • To award experience points (XP) to your selected hero based on certain social media activities (Instagram or TikTok mentions, see below).

2.3. Social Media Mentions (Instagram & TikTok) and Media Analysis

• Data Collected:
  • Posts, images, or videos in which our Instagram or TikTok account is mentioned (via mention/tag).
  • A hash of the media (to prevent duplicate submissions).
• Purpose:
  • We analyze the media with OpenAI services to determine XP eligibility.
  • We award XP to your primary hero NFT, which is then stored on-chain on Scroll.
• Retention:
  • We do not store the media itself or other post details after the analysis is complete, aside from a hashed version of the media.
  • The hashed media data is periodically deleted to avoid excessive database clutter.

2.4. Automatically Collected Data

When you visit our Website, we may automatically collect certain information through cookies or similar technologies (e.g., IP address, browser type, pages visited). For more details, please refer to our Cookie Policy (if available on the site). This data is used to improve user experience and site functionality.

3. How We Use Your Data

• Service Provision: To provide our services, including newsletter subscription, hero minting, and hero training functionality.
• Communication: To send transactional emails, such as account confirmations and service-related notifications.
• Analysis:
  • To analyze Instagram or TikTok posts/mentions tagging our account.
  • To assess awarding of XP to your primary hero NFT.
• Security & Fraud Prevention:
  • To verify user authenticity and prevent misuse or duplicate submissions of the same content.
• Compliance:
  • To comply with legal obligations (e.g., law enforcement requests, regulatory requirements).

4. Legal Basis for Processing (GDPR Notice)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data based on the following legal grounds under the General Data Protection Regulation (GDPR):

• Consent (Article 6(1)(a) GDPR): Where you have provided your consent (e.g., newsletter subscription).
• Contract (Article 6(1)(b) GDPR): To perform our contract with you, such as maintaining your account and enabling NFT-related services.
• Legitimate Interests (Article 6(1)(f) GDPR): For security, fraud prevention, and improving our services, provided these interests are not overridden by your data-protection interests.

5. Data Sharing and Disclosure

We do not sell or rent your personal data. We only share your data in the following situations:

1. Service Providers:
   • We may share data with trusted third parties who assist us in operating our Website and services (e.g., OpenAI for media analysis, hosting providers). These parties are contractually obligated to keep your information confidential and secure.
2. Legal Compliance:
   • We may share data when required by law or court order, or if necessary to exercise or defend legal claims.
3. Business Transfers:
   • In the event of a merger, acquisition, or asset sale, your data may be transferred to the acquiring entity.

6. Data Retention

• Account Data: Retained for as long as your account is active or as needed to provide services.
• Newsletter Data: Retained until you unsubscribe.
• Hashed Media: Retained for a limited period to prevent duplicate submissions, then deleted.
• Deleted Accounts: If you request deletion of your account, all associated personal data in our database will be removed. However, XP stored on-chain remains on the blockchain and cannot be deleted.

7. User Rights

Depending on your jurisdiction (e.g., GDPR in the EEA, CCPA in California), you may have the following rights:

• Access: You can request a copy of the personal data we hold about you.
• Rectification: You can request correction of any inaccurate personal data.
• Erasure (Right to be Forgotten): You can request deletion of your personal data.
• Restriction of Processing: You can request a limit on how your data is processed.
• Data Portability: You can request a copy of your data in a structured, commonly used format.
• Object: You can object to the processing of your data under certain conditions.
• Withdrawal of Consent: Where we rely on your consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at privacy@heroesofpenta.com. We will respond to your request in accordance with applicable law.

8. How We Protect Your Data

We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage. These measures include:

• Encrypted connections (HTTPS/SSL) for data transmission.
• Secure hosting environment on a Hostinger server in Germany.
• Restricted access to personal data to only authorized personnel.

9. International Transfers

Our primary data storage is in Germany. If we transfer your data outside of the EEA or other regions with data protection laws, we ensure an adequate level of protection for your personal data in compliance with GDPR or other applicable legislation.

10. Third-Party Links

Our Website may contain links to third-party sites. This Privacy Policy does not apply to such sites. We encourage you to review the privacy policies of any third-party sites you visit.

11. Children’s Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us so we can delete that information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date at the top of this page. Any changes will be effective immediately upon posting the revised Privacy Policy on the Website. Your continued use of the Website after any changes indicates your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

• Email: privacy@heroesofpenta.com

Thank you for using heroesofpenta.com. We appreciate your trust in us to protect your data.