Privacy Policy
Last updated: March 20, 2026
1. Who we are
Verse Impact Hub ("the Hub," "we," "us") is operated by the Verse Community. The Hub is accessible at hub.vgdh.io. For data protection inquiries, contact us at joel@bitcoin.com.
2. What data we collect
Account data
When you register, we collect your email address and authentication credentials via Supabase Auth. This information is stored encrypted on Supabase's managed infrastructure and is never shared with third parties.
Credential verification data
When you link social accounts or wallets, we store a one-way hash of the data in the database, not the data itself. This means we can verify that a credential was linked without retaining your original account information. The exception is your rewards wallet address, which we store in plain text so we can send reward distributions to you.
Trust score and tier data
We calculate a verification tier (0-3) and total credential points based on the credentials you have linked. This data is derived from your credential records.
Anti-fraud signals
To detect coordinated fraud and protect reward pool integrity, we collect the following when you interact with the Hub:
- IP address and derived geolocation (country, approximate city)
- Browser user agent string
- Device fingerprint data (screen resolution, timezone, hardware characteristics)
Analytics
We use Plausible Analytics (self-hosted) for privacy-friendly, cookie-free website analytics. Plausible does not collect personal data or use cookies. No data is shared with third parties.
3. Why we collect it (legal basis)
| Data category | Purpose | Legal basis (GDPR) |
|---|---|---|
| Account data (email) | Authentication, account management | Contract performance (Art. 6(1)(b)) |
| Credential verification (stored as one-way hashes, not raw data) | Trust tier calculation, Sybil resistance | Contract performance (Art. 6(1)(b)) |
| Anti-fraud signals | Fraud detection, reward pool protection | Legitimate interest (Art. 6(1)(f)) |
| Wallet hash | Wallet age verification, uniqueness | Contract performance (Art. 6(1)(b)) |
4. How long we keep it
| Data category | Retention period |
|---|---|
| Account data | Until you delete your account |
| Credential records (one-way hashes only) | Until you delete your account or revoke the credential |
| Anti-fraud signals | 90 days, then automatically deleted |
| Twitter verification challenges | 24 hours |
5. Third-party processors
We share data with the following processors, only as needed to operate the Hub:
- Supabase (database and authentication hosting)
- MaxMind (IP geolocation for fraud detection)
- Ankr (blockchain RPC for wallet age verification)
- OAuth providers (GitHub, Discord, LinkedIn, Twitter/X, Telegram) for credential verification. We receive only your public profile information during the OAuth flow.
We do not sell your data. We do not share data with advertisers.
6. Your rights
Under GDPR and applicable data protection law, you have the right to:
- Access your data. Contact joel@bitcoin.com to request a copy of all data we hold about you.
- Rectify inaccurate data by updating your linked credentials.
- Delete your account and all associated data. Contact joel@bitcoin.com to request deletion. We will process requests within 30 days.
- Object to processing based on legitimate interest (anti-fraud signals).
- Data portability. Request your data in a machine-readable format.
- Lodge a complaint with your local data protection authority.
7. Cookies
The Hub uses only strictly necessary cookies for authentication session management (Supabase auth tokens). We do not use advertising, tracking, or analytics cookies. Plausible Analytics operates without cookies.
8. Data security
All data is transmitted over TLS. Database access is protected by row-level security policies ensuring users can only access their own records. Wallet addresses are stored as one-way hashes. Authentication tokens are stored in secure, httpOnly cookies.
9. International transfers
Our database is hosted by Supabase. If your data is transferred outside your jurisdiction, it is protected by Standard Contractual Clauses or equivalent safeguards as required by applicable law.
10. Changes to this policy
We will update this page when our data practices change. Material changes will be communicated through the Hub interface. The "last updated" date at the top of this page reflects the most recent revision.
11. Contact
For questions about this policy or to exercise your rights, email joel@bitcoin.com.