WES — Privacy Notice

Last updated: 2026-05-11 · v1.0

Data we collect

Category	Source	Retention	Purpose
Wallet address (BSC)	User-connected wallet (MetaMask / WalletConnect)	Indefinite (linked to on-chain identity)	Authentication, revenue distribution, MLM tree
IP hash (SHA-256, salted)	Captive portal connection	12 months	Sybil detection (Phase 1 risk signal)
Device fingerprint hash (SHA-256, opaque)	Browser navigator + screen + canvas signals	12 months	Sybil detection (Phase 1 risk signal)
AP MAC address (hashed)	UniFi controller + MikroTik DHCP lease	1 hour epoch (rotated)	Captive auth + ad impression attribution
Ad watch events	WiFi captive flow (Slot A/B/C)	Indefinite (revenue ledger)	Off-chain reward calculation

Sybil detection signals (Phase 1)

To prevent fraudulent reward farming, WES processes opaque hashed risk signals derived from your IP and device fingerprint. These hashes are irreversible — we cannot recover your IP or device identity from them. Hashes are kept for 12 months, then automatically deleted.

What we do NOT collect

Browsing history outside the captive portal
Personal identifiers (name, email, phone) unless you submit them
Real device MAC (we hash before storage)
Cleartext passwords (wallet signatures only)

Your rights

Access — request a dump of all data linked to your wallet
Erasure — request deletion (excludes on-chain history)
Portability — export your reward ledger

Contact: [email protected]

Compliance

GDPR (EU) — Articles 13/14 disclosure, 12-month retention
PDPL (Vietnam) — Personal Data Protection Law 2023
CCPA (California) — opt-out via wallet disconnect

Version history

v1.0 — 2026-05-11 — live release, supports airdrop quest action recording (genesis signup).
v0 — 2026-05-07 — initial scaffold.