KIDBUU

Privacy Policy

How we collect, use, share, and protect information across the platform, including token features, the promotional giveaway (AMOE), and the community airdrop.

PRIVACY POLICY

Kid Buu Platform, Token, Promotional Giveaway & Community Airdrop
Last Updated: October 13, 2025

0. Preamble; Controller; Scope; Incorporation

  1. This Privacy Policy (“Policy”) describes how the anonymous Sponsor (the party organizing and administering the Platform, Token, Promotion, and Airdrop) (“Sponsor,” “we,” “our,” or “us”) collects, uses, shares, and safeguards information relating to users of (i) the website(s) at kidbuumeme.com and associated subdomains, applications, and pages (the “Platform”); (ii) the $KIDBUU token on Solana (the “Token”); (iii) any Sponsor-administered tokenized promotional giveaway (the “Promotion”); and (iv) any community airdrop (the “Airdrop”).
  2. For purposes of GDPR/UK GDPR, Sponsor acts as a data controller for personal data processed via the Platform, the Promotion AMOE form, and customer support/communications. For on-chain activities, certain data (e.g., wallet address, transactions) may be processed as part of decentralized infrastructure we do not control.
  3. This Policy is incorporated into the Terms & Conditions. Capitalized terms not defined here have the meanings given in the Terms.

1. Information We Collect

  1. Information You Provide
    • Account / Forms. Name, email, address, city, state/province, postal code, country, wallet address, age confirmation (18+), and any other information you submit (e.g., AMOE entries, support requests).
    • KYC/Verification (if required). To comply with eligibility, sanctions, or tax rules, we may request government ID or similar verification data via trusted providers (details furnished at time of collection).
  2. Automatic/Device Information
    • Usage & Device. IP address, user agent, device type, OS/browser, language, referrer/exit pages, pages viewed, links clicked, time on page, approximate geolocation (derived from IP), and similar telemetry.
    • Cookies/Local Storage. Session tokens, preferences, analytics identifiers, and anti-abuse signals. See §7 for Cookie/Tracking technologies.
  3. Blockchain/On-Chain Data
    • Public Ledger. Wallet addresses, balances, token/NFT holdings, and transactions on Solana are publicly available and may be used for eligibility checks, fraud prevention, and entries calculation (§11 of Terms).
  4. Third-Party Sources
    • Wallet Adapters. If you connect a wallet (e.g., Phantom/Solflare), we may receive your public key and connection state from the adapter.
    • Anti-abuse & Security. Cloudflare Turnstile verification tokens and related diagnostic signals; threat intelligence providers; chain-analysis vendors for sanctions/abuse screening.
    • Maps/Autocomplete. If you use Google Places Autocomplete, Google may collect/receive data per its policies.
    • Analytics & Email. Basic engagement analytics and email delivery/metrics through our service providers.

We process data for the purposes below and, where applicable, under these legal bases:

  1. Provide the Platform & Features (create/manage forms, wallet connects, entries computation, support, content delivery).
    Legal bases: performance of a contract; legitimate interests.
  2. Promotion/Airdrop Administration (eligibility checks, random selection, notification/verification, prize fulfillment, publication of winners where required by law).
    Legal bases: performance of a contract; legal obligation; legitimate interests.
  3. Anti-Fraud, Security & Integrity (Turnstile anti-bot, rate-limiting, chain-analysis, abuse detection).
    Legal bases: legitimate interests; legal obligation.
  4. Compliance & Tax (sanctions/export controls, KYC, AML, skill-testing for Canada, tax reporting).
    Legal bases: legal obligation; legitimate interests.
  5. Communications (transactional emails, service notices, legal updates; optional marketing with consent).
    Legal bases: performance of a contract; legitimate interests; consent (where required).
  6. Analytics & Product Improvement (measure usage, improve UX, troubleshoot).
    Legal bases: legitimate interests; consent (for non-essential cookies/identifiers where required).

3. How We Share Information

  1. Service Providers / Processors. We engage vendors to host the Platform, provide security (e.g., Cloudflare Turnstile), analytics, email delivery, forms processing, KYC/AML (if used), and audits. They may access personal data strictly to perform services for us, under contracts with confidentiality and data protection obligations.
  2. Compliance, Safety, Legal Rights. We may disclose data to competent authorities, courts, or third parties: (a) to comply with law, regulation, legal process, or government request; (b) to protect rights, property, users, or the public; (c) to enforce Terms; or (d) to detect/prevent security, fraud, or technical issues.
  3. Corporate Events. In connection with a corporate transaction (e.g., formation of a legal entity, reorganization, financing, merger, sale), data may be transferred subject to this Policy.
  4. Public/On-Chain. Wallet addresses and on-chain activity are inherently public on Solana and may be linked to entries or winners as described in the Terms (§28).
  5. No Sale of Personal Information. We do not “sell” personal information as defined by CCPA/CPRA. We do not knowingly “share” personal information for cross-context behavioral advertising. If that changes, we will provide required notices and a right to opt out.

4. Cookies & Tracking Technologies

  1. Types. We use (a) strictly necessary cookies/identifiers for security (e.g., Turnstile token), platform functionality, and session management; (b) performance/analytics (aggregated usage metrics); and (c) preference storage (e.g., UI settings).
  2. Controls. Most browsers allow you to block/delete cookies. Blocking essential cookies may break the Platform. Where required, we will provide consent banners for non-essential cookies.

5. Data Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this Policy, including legal, tax, accounting, and audit obligations, fraud prevention, and dispute resolution. Retention periods vary by category and purpose. Public on-chain data persists independently on the blockchain.

6. Security

We implement administrative, technical, and physical safeguards designed to protect personal data (e.g., encryption in transit, least-privilege access, monitoring). No method of transmission or storage is 100% secure; we cannot guarantee absolute security. Users are responsible for securing wallets, private keys, devices, and accounts.

7. International Transfers

We may process data in jurisdictions different from your own (including outside the EU/UK/Canada). Where required, we use appropriate safeguards (e.g., EU Standard Contractual Clauses, UK IDTA/Addendum) for transfers to processors. Public on-chain transactions are globally distributed by design.

8. Your Rights & Choices

  1. GDPR/UK GDPR. Subject to exemptions, you may have the right to access, correct, delete, restrict, or object to processing, and to data portability. Where processing relies on consent, you may withdraw consent at any time without affecting prior lawful processing.
  2. CCPA/CPRA (California). California residents may have rights to know/access, correct, delete, and limit use of sensitive personal information, and to be free from discrimination for exercising rights. We do not sell or share personal information as defined by CPRA.
  3. Other Regions. Depending on your location (e.g., Canada, Australia, certain U.S. states), you may have similar rights. We will honor requests as required by applicable law.
  4. Exercising Rights. Submit requests to privacy@kidbuumeme.com. We may need to verify your identity (and, where applicable, request additional information). If we are unable to locate you in our systems, we may ask for more detail to identify your records.
  5. Do Not Track. The Platform does not respond to Do Not Track signals. You can use browser settings to limit certain tracking.
  6. Marketing. You can opt out of marketing emails via the unsubscribe link; we may still send transactional/service messages.

9. Children’s Privacy

The Platform, Token, Promotion, and Airdrop are intended for individuals 18+ (or the age of majority in your jurisdiction). We do not knowingly collect personal data from minors. If you believe a minor provided data, contact us to request deletion.

10. Third-Party Services

The Platform integrates third-party services that may collect or process data under their own privacy terms, including:

  • Cloudflare Turnstile (anti-bot verification) — collects security signals to assess risk; provides a token we verify.
  • Google Maps/Places Autocomplete (if used) — may collect usage data when you interact with address autocomplete.
  • Wallet Adapters (e.g., Phantom, Solflare) — handle wallet connections and may process telemetry and device signals.
  • Email/Form Providers — process submissions and deliver communications.
  • Analytics/Monitoring — measure performance and error telemetry.

Interactions with these services are governed by their respective policies in addition to this Policy.

11. Promotion/Airdrop-Specific Notices

  1. Eligibility & Verification. To confirm eligibility or deliver prizes/airdrops, we may collect or request information (e.g., identity, address, age, wallet ownership proof). Canadian residents must also answer a skill-testing question to qualify for a prize (Terms §11.10).
  2. Publication of Winners. Where required by law or for transparency, we may publish identifiers of potential winners (e.g., abbreviated wallet address, handle, name/initials) on the Platform or official social channels (§28 of Terms).
  3. Anti-Fraud & Chain-Analysis. We may use device fingerprinting, IP reputation, on-chain analysis, and other anti-abuse signals to detect manipulation, Sybil behavior, sanctions risk, or prohibited conduct (§22 of Terms).

12. Data Minimization & Accuracy

We seek to collect only what we need for stated purposes and to keep data accurate and up to date. You are responsible for providing current, accurate information and for notifying us of changes.

13. Changes to This Policy

We may update this Policy from time to time. The “Last Updated” date indicates the latest revision. Material changes will be posted on the Platform and, where required by law, we will seek consent or provide notice.

14. Contact

Until Sponsor publishes formal entity details, privacy inquiries and rights requests should be sent to privacy@kidbuumeme.com. For general legal notices, see the contact details in the Terms.

15. Region-Specific Disclosures

  1. EEA/UK
    • Controller. Sponsor (anonymous at this time; to be updated if/when a legal entity is published).
    • Data Protection Rights. See §8. You may lodge a complaint with your local supervisory authority.
    • Transfers. Where applicable, we rely on SCCs/UK addendum for processor transfers outside the EEA/UK.
  2. California (CCPA/CPRA)
    • Categories Collected. Identifiers (name, email, wallet address, IP), commercial/interaction information (pages, actions), geolocation (approximate), internet activity (logs), inferences (anti-abuse risk scores), and, if required, verification data for compliance (KYC).
    • Sources. You, your devices/browsers, service providers, blockchain networks, verification vendors.
    • Purposes/Disclosures. As described in §§2–3. We do not sell/share personal information as defined by CPRA.
    • Rights. Access/Know, Correct, Delete, Limit use of sensitive personal information (where applicable). Submit requests to privacy@kidbuumeme.com.
  3. Canada
    • Consent. By using the Platform and participating in the Promotion/Airdrop, you consent to processing for stated purposes. Additional consent may be requested for specific uses (e.g., marketing). Skill-testing and KYC may be required for prize eligibility.
    • Access/Correction. You may request access to or correction of your personal information subject to legal exceptions.
  4. Australia
    • We comply with applicable Australian privacy principles to the extent required. You may contact us to access/correct your information or submit a complaint. We will respond within a reasonable timeframe.

16. Additional Notices

  1. Wallet Ownership & On-Chain Persistence. Public keys and transactions are public and immutable; deletion requests cannot alter on-chain records. We may, however, delete or pseudonymize corresponding off-chain records we control where legally feasible.
  2. Automated Decision-Making. We may use automated anti-abuse signals (e.g., Turnstile) to allow/deny access. You may contact us to request human review where required by law.
  3. Links & Social Media. The Platform may link to third-party sites or embeds (e.g., X/Twitter). Their privacy practices are governed by their own policies.

Short-Form Plain-English Disclosures (for UI tooltips; not a contract)

  • We collect what you give us (e.g., name, email, address, wallet) + basic device/usage data.
  • Security first: Turnstile/anti-bot checks; fraud & sanctions screening if needed.
  • No sale of personal info and no cross-context ad “sharing.”
  • On-chain is public: wallet activity is visible and not erasable by us.
  • Rights vary by region; email privacy@kidbuumeme.com for requests.