Privacy Policy

1. Who We Are

RepScore ("we", "us", "our") is a product of Super Dev Labs. We operate the website repscore.xyz and associated services including the scoring API at repscore-engine.onrender.com.

Contact: privacy@repscore.xyz

2. What Data We Collect

2.1 Data you provide directly

• Email address — when you join the waitlist or add wallets to your watchlist
• Solana wallet address — when you look up a score or add to watchlist
• Payment transaction signature — when you complete wallet verification (0.01 SOL)

2.2 Data collected automatically

• IP address — logged with each wallet lookup for fraud prevention and analytics
• Browser fingerprint — canvas rendering, WebGL renderer, screen resolution, installed fonts, hardware specs, audio context signature. Used to detect patterns across sessions without requiring login.
• Cookie (rs_vid) — a randomly generated visitor ID stored in your browser for 90 days. Used to associate sessions without personal identification.
• User agent — browser and OS type, logged with lookups
• Wallet lookup history — which wallet addresses were searched, when, and from which IP/fingerprint

2.3 On-chain data (public)

RepScore reads publicly available Solana blockchain data — transaction history, token launches, liquidity events, holder data. This data is already public on-chain and not collected from you directly.

3. Why We Collect This Data

• Wallet lookups + IP + fingerprint — fraud detection, rate limiting, and analytics to improve scoring accuracy
• Email — to send score change alerts for wallets you're watching, and waitlist notifications
• Cookies — to provide a consistent experience across sessions without requiring login
• Payment signature — to verify on-chain payment for wallet verification feature

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area, our legal bases for processing are:

• Legitimate interests — analytics, fraud prevention, security (IP, fingerprint, lookup logs)
• Contract performance — providing the score lookup service you requested
• Consent — email alerts (you opt in by adding to watchlist)

5. Data Sharing

We do not sell your personal data. We do not share your data with advertisers. We use the following service providers as data processors:

• Supabase — database storage (wallet lookups, watchlist, score history). Data stored in US region.
• Helius — Solana RPC provider. Wallet addresses are sent to Helius to fetch on-chain data.
• Render — API hosting. Logs may include IP addresses.
• Hostinger — website hosting.

All service providers are bound by data processing agreements and applicable privacy laws.

6. Data Retention

• Wallet lookup logs — retained for 12 months then deleted
• Score history — retained indefinitely (used to show score trends)
• Email + watchlist — retained until you remove yourself or request deletion
• Verification records — retained indefinitely (on-chain payment record)
• Cookies — expire after 90 days

7. Your Rights

Everyone

• Right to know what data we hold about you
• Right to request deletion of your data
• Right to opt out of email communications

European Users (GDPR)

• Right of access — request a copy of your data
• Right to rectification — correct inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing based on legitimate interests
• Right to lodge a complaint with your local supervisory authority

California Users (CCPA)

• Right to know what personal information is collected
• Right to know whether personal information is sold or disclosed
• Right to opt out of sale of personal information (we do not sell data)
• Right to deletion of personal information
• Right to non-discrimination for exercising CCPA rights

To exercise any of these rights, email us at privacy@repscore.xyz. We will respond within 30 days.

8. Cookies

We use one first-party cookie:

• rs_vid — a randomly generated visitor ID. No personal information. Expires after 90 days. Used for analytics and session consistency.

We do not use advertising cookies, third-party tracking cookies, or analytics platforms like Google Analytics.

9. Browser Fingerprinting

We collect a browser fingerprint using canvas rendering, WebGL, audio context, screen specs, and font detection. This fingerprint is hashed and stored alongside wallet lookup records. It is used to detect patterns across sessions for fraud prevention and analytics — not to identify you personally. We do not share fingerprint data with third parties.

10. Children's Privacy

RepScore is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe we have collected data from a child, contact us at privacy@repscore.xyz.

11. International Data Transfers

Your data may be processed in the United States where our service providers are located. For EEA users, transfers are covered by standard contractual clauses or adequacy decisions where applicable.

12. Security

We use industry-standard security measures including encrypted connections (HTTPS), environment variable secrets management, and access controls. No system is 100% secure — if you believe your data has been compromised, contact us immediately.

13. Changes to This Policy

We may update this policy. Material changes will be noted by updating the "Last updated" date above. Continued use of RepScore after changes constitutes acceptance.

14. Contact

For privacy requests, questions, or complaints:

• Email: privacy@repscore.xyz
• Website: repscore.xyz
• Operated by: Super Dev Labs

This privacy policy applies to repscore.xyz and associated services. It does not apply to third-party services linked from our site.