Privacy Policy
Built By DAO collects and processes personal data to operate the platform, track contributions, and enable governance. This policy explains what data we collect, how we use it, how we protect it, and your rights regarding your information.
Profile, activity, wallet
Encrypted at rest & transit
Access, correct, delete
On-chain data is permanent
π― Purpose: Transparent data handling that respects member privacy while enabling contribution tracking and governance
π Jurisdiction: Wyoming, USA (Built By DAO LLC)
π What We Collect
We collect data in several categories, each serving specific functions within the platform and DAO operations.
Profile Information
When you join Built By DAO, we collect personal information:
π± Phone
+1 (555) 123-4567
Two-factor authentication
π€ Name
Full legal name
Membership records, legal agreements
π Location
City, state, country
Geographic compliance, housing eligibility
πͺͺ Identity info
Date of birth, government ID
KYC/AML verification for investors
Onboarding Data
During the onboarding process, you provide additional information:
πΌ Skills
Carpentry, electrical, design
Task matching and role placement
β° Availability
Full-time, part-time, hours/week
Workload planning
π Housing interest
Interested in equity-building lease
Property matching
πΈ Group photo consent
Opt-in/out
Community materials, documentation
π€ Named likeness consent
Opt-in/out
Public promotion materials, announcements
π¬ Communication preferences
Email, SMS, Discord
How we contact you
Wallet & Blockchain Data
You connect a cryptocurrency wallet to interact with the DAO:
π³ Wallet address
0x1234...abcd
Identity on blockchain, NFT ownership, token transfers
π Connected networks
Base, Ethereum, others
Multi-chain transaction tracking
Activity Data
The platform tracks your contributions and participation:
π¨ Tasks completed
Task ID, duration, compensation
EQTBLT earning, rank progression
π Work hours
Hours logged, time entries
Contribution tracking, activity multiplier
π Rent payments
Payment date, amount, EQTBLT conversion
Equity building, income tracking
π³οΈ Governance participation
Proposals viewed, votes cast, weight
Activity-based voting multiplier
π Training & certifications
Courses completed, scores
Skill tracking, EQTBLT rewards
π¬ Communication
Discord messages, forum posts (optional)
Community engagement metrics
Technical Data
When you use the platform, we collect technical information:
π₯οΈ Device info
Browser, OS, device type
Platform compatibility, usability
π IP address
Session IP during login
Security, fraud detection
π Connection logs
Login times, session duration
Account security, API monitoring
πͺ Cookies & tokens
Session ID, authentication tokens
User authentication, preferences
π Analytics
Page views, feature usage, errors
Platform improvement, debugging
Payment & Financial Data
For investors and renters, we collect additional information:
π³ Payment info
Wallet address for funds transfer
Investment processing, rent collection
π° Investment amount
Amount invested, tier qualification
Investor NFT minting, multiplier calculation
π Bank details
For fiat on/off ramps (processed by third-party)
KYC compliance, fund transfers
Note: We do NOT store bank account numbers or credit card details. Payment processing is handled by third-party providers with their own privacy policies.
Consent Data
We track your explicit consent decisions:
β Consent records
Terms acceptance, privacy policy, NDA
Legal compliance, audit trail
π Timestamp
Date/time of consent
Regulatory documentation
π Data Uses & Purposes
Your data enables core platform functionality and governance operations. We use data only for the purposes listed here.
Membership & Identity
π« Membership verification
Confirm you're a member for access control
π₯οΈ NFT minting
Create your soul-bound membership NFT on Base blockchain
ποΈ Rank management
Track rank progression, promotions, demotions
π Credential verification
Validate membership status for governance voting
Contribution Tracking
π¨ Task assignment
Match you with tasks based on skills and availability
β±οΈ Hours logging
Record contribution time for compensation and progression
π Performance tracking
Monitor work quality, completion rates, feedback
π EQTBLT calculation
Determine equity token awards based on contributions
π Rank progression
Assess advancement eligibility with evidence-based reviews
Governance & Voting
π³οΈ Voting power calculation
Compute EQTBLT balance, rank multiplier, activity weight
π Activity multiplier
Track 30/90/180 day activity windows for voting modifier
πͺ Voting eligibility
Verify membership status and voting rights for proposals
π Proposal participation
Record votes on-chain for governance transparency
Communication
π§ Notifications
Send task assignments, payment confirmations, announcements
π¬ Community updates
Share governance proposals, voting deadlines, DAO news
π Support requests
Answer questions, resolve issues via email/chat
π’ Community outreach
Marketing materials based on consent preferences
Platform Operations
π Security & fraud detection
Monitor for suspicious activity, unauthorized access
π‘οΈ Account protection
Verify transactions, prevent account takeover
π§ Technical support
Debug issues, resolve errors, improve stability
π Analytics & improvement
Analyze feature usage, identify bottlenecks, plan updates
Legal & Compliance
π KYC/AML verification
Comply with regulatory requirements for investors and renters
π° Tax reporting
Document income for 1099 reporting and member records
βοΈ Legal obligations
Respond to legal requests, maintain audit trails
π Contract enforcement
Verify terms compliance, track agreement acceptance
Housing & Equity-Building Leases
π Lease administration
Process lease agreements, track rent payments
π΅ Equity conversion
Calculate EQTBLT earnings from rent (7-12% conversion)
π Payment tracking
Record rent history, payment status, late notices
ποΈ Property management
Assign units, manage maintenance requests, coordinate repairs
What We DON'T Use Data For
We explicitly do NOT:
π« Sell personal data to third parties
π« Use data for targeted advertising
π« Share contact information for marketing without consent
π« Build profiles for discrimination
π« Use data for surveillance beyond platform operations
π How We Protect Your Data
Security is foundational. We implement multiple layers of protection.
Encryption
π In Transit
TLS 1.2+ (HTTPS)
All connections encrypted
π At Rest
AES-256
Database encryption, file storage encryption
π Key management
AWS KMS
Secure key rotation and storage
Infrastructure Security
ποΈ Cloud hosting
AWS Lightsail (US-East region)
π¦ Database
PostgreSQL (encrypted)
ποΈ File storage
S3 with encryption
π₯ Firewall
Security groups, WAF rules
π‘οΈ DDoS protection
CloudFront edge distribution
Access Control
π Role-based access
Only authorized staff access sensitive data
π Authentication
Multi-factor authentication for admin accounts
π Access logs
All data access tracked and audited
π« Principle of least privilege
Employees access only necessary data
Application Security
π§ͺ Security testing
Regular penetration tests and vulnerability scans
π Input validation
Prevent injection attacks, XSS, malicious input
π Secure coding
Code review, security-focused development practices
π¦ Dependency updates
Keep libraries patched against known vulnerabilities
Monitoring & Incident Response
π Activity monitoring
Real-time logs of access and transactions
π¨ Anomaly detection
Alerts on suspicious patterns
β‘ Incident response plan
Documented procedures for security events
π Breach notification
Members notified within 72 hours of confirmed breaches
Limitations
Despite our security measures, no system is 100% secure. Risks include:
π« Sophisticated hacking
π« Insider threats
π« Zero-day exploits
π« Supply chain attacks
π« Third-party service compromises
We maintain cyber liability insurance and follow industry best practices to minimize these risks.
π Third-Party Services
We use external services to provide platform functionality. These vendors process your data under their own privacy policies.
Authentication & Identity
π Google OAuth
Optional login method
Email, name, Google ID
π Coinbase OnchainKit
Wallet connection, SIWE
Wallet address
π Reown AppKit
Multi-wallet support
Wallet address, chain ID
Email & Communication
π§ AWS SES
Transaction emails (notifications, confirmations)
Email address, subject, content
π¬ Discord (optional)
Community channels, announcements
Discord username, messages
Blockchain & Web3
βοΈ Base (Ethereum L2)
Smart contract execution, token minting, voting
Wallet address, transaction data (permanently public)
π Block explorers
Transaction verification (Basescan)
All on-chain activity (permanently public)
π± DEX services
Optional token trading (user-initiated)
Wallet address, amounts (public on blockchain)
Payment Processing
π¦ Stripe or similar
Fiat on/off ramps (investor tier)
Payment info (processed by third party, not stored by us)
π³ Bank transfers
Wire transfers for investments
KYC info, investment amount
Important: We do NOT store credit card or bank account numbers. Payment processors handle sensitive financial data under their own security.
Analytics & Monitoring
π Sentry
Error tracking, debugging
Error logs, stack traces (no PII unless included)
π Mixpanel or similar
Platform analytics, feature usage
Anonymized usage data, feature interactions
KYC/AML Verification
π Third-party KYC provider
Identity verification for investors/renters
Name, ID, address, photos
Note: KYC providers are regulated entities with legal obligations to protect your information.
Data Processor Agreements
All third-party vendors sign Data Processing Agreements (DPAs) that:
π Limit data use to contracted services only
π Require equivalent security standards
π Restrict data location to US
π¨ Mandate breach notification
π Allow audits of their practices
Your Third-Party Rights
You can:
π§ Contact vendors directly with privacy requests
ποΈ Request data deletion from integrated services
π Review vendor policies before using features
β Decline optional services (e.g., Discord integration)
πͺ Cookies, Local Storage & Tokens
The platform uses browser storage to enhance functionality and security.
Session Management
π Session token
Keep you logged in
Browser session (cleared on logout)
π Auth cookie
Authentication persistence
30 days or logout
π CSRF token
Prevent cross-site attacks
Session duration
User Preferences
π¨ UI preferences
Dark mode, sidebar state, language
Until cleared
π Notification settings
Email frequency, SMS opt-out
Until changed
πΎ Draft saves
Incomplete proposals, form data
Until submission
Analytics
π Analytics ID
Unique visitor tracking for aggregate metrics
2 years
π Referrer tracking
Where you came from
Session
Wallet & Blockchain
π³ Wallet address
Remember your connected wallet
Browser session or until cleared
π Network preference
Which blockchain you're using
Until changed
Your Cookie Control
You can:
π« Disable cookies in browser settings (may break functionality)
ποΈ Clear cookies anytime (will log you out)
π Block third-party cookies (prevents some integrations)
π± Use private browsing (no persistent storage)
Note: Some cookies are essential for security and cannot be disabled without breaking the platform.
localStorage & IndexedDB
The app may use browser storage for:
π Wallet connection state
Remember wallet choice
π UI state
Sidebar, modals, panels
πΎ Offline caching
Load platform without network
You can clear this data in browser DevTools β Application tab.
π¬ Communication Preferences
You control how we contact you.
Opt-In Consent
During onboarding, you explicitly choose communication channels:
π§ Email
All, essential only, none
π± SMS
All, essential only, none
π¬ Discord
Join community, decline
π In-app notifications
All, essential only, none
Email Categories
We send emails in these categories:
π Security
As needed
β No (essential)
π Account
As needed
β No (essential)
πΌ Task assigned
When matched
β Yes
π° Payment received
When paid
β Yes
π³οΈ Governance
Per proposal
β Yes
π’ Community
Weekly digest
β Yes
π° Marketing
Monthly newsletter
β Yes
Unsubscribe & Manage Preferences
You can:
π Update preferences in app settings β Communications
π Click unsubscribe links in any email
π§ Email [email protected] to modify preferences
π« Request removal from all non-essential lists
Changes take effect within 24 hours.
Discord & Community Channels
Discord is optional and run by Discord Inc., not Built By DAO:
π Consent required to join community channels
π Discord privacy policy governs Discord data
π« You can leave anytime
π Channel activity visible to members only
We do NOT harvest Discord data without explicit consent.
Media Consent (Photos & Likeness)
You control use of your image:
β Photo consent granted
Can appear in group photos for docs, social, announcements
β Photo consent declined
Excluded from photos, blurred, or not included
β Named likeness consent
Name/likeness can be used in promotion materials
β Named likeness declined
Only identified as "community member"
Consent Changes
You can update consent preferences anytime:
π± In app
My Profile β Privacy & Consent
π§ Email
[email protected] with preferred settings
π In writing
Mail to registered office (see contact info)
Changes apply to future communications only. Past uses remain valid.
βοΈ On-Chain Data Transparency
Some of your data is permanently recorded on the Base blockchain and cannot be deleted.
What Goes On-Chain
π³ Wallet address
Public
Permanent
π Token balances
Public
Permanent (history visible)
π³οΈ Governance votes
Public
Permanent
π« NFT ownership
Public (address is pseudonymous)
Permanent
π Proposals
Public
Permanent
π° Transactions
Public
Permanent
Pseudonymity vs. Privacy
On-chain data is pseudonymous, not anonymous:
Your wallet address is a string like
0x1234...abcdA blockchain analyst can link your address to your identity
DAO members know your address and can view your vote history
Block explorers (Basescan) make transactions searchable
Consequence: Once you connect your wallet to your Built By DAO identity, your voting and transaction history becomes linkable to you.
Data You Cannot Delete
These on-chain records are immutable:
π³οΈ Every vote you've cast
π° Every transaction you've made
π« NFTs you've received or transferred
π Proposals you've submitted
ποΈ Properties your address holds equity in
You cannot ask the blockchain to "forget" you. This is fundamental to blockchain technology.
Linking Your Wallet
When you:
Complete onboarding and connect your wallet
Reveal your wallet address in the app
Receive onboarding email to your address
Sign governance transactions
Your wallet address becomes linkable to your identity. Consider:
π§ Use a dedicated wallet for DAO activity if privacy matters
π Don't reuse wallets with personal identifying info
π Assume link analysis will connect your address to you
π Plan for permanent record of your votes and contributions
Public Query Rights
Because governance data is on-chain, anyone can query:
Your total EQTBLT balance
Your voting history (wallet address + vote choice)
Your rank and membership status
Properties you own equity in
Investment amounts (investor tier)
This is by designβgovernance transparency requires public records. To verify: visit Basescan.org and search your wallet address.
Off-Chain Data Still Private
Data NOT on the blockchain remains confidential:
π Email address
π± Phone number
π Physical address (not for blockchain analysis)
π¬ Internal messages
π Performance reviews
π° Bank account details (for payment processing)
Only on-chain data is publicly queryable.
π€ Your Privacy Rights
You have specific legal rights regarding your personal data.
Right to Access
You can request all data we hold about you.
π Access request
Email [email protected] with "Data Access Request"
β±οΈ Timeline
Response within 30 days
π Format
Receive data in machine-readable format (CSV, JSON, XML)
π Cost
Free (one request per year)
Right to Correction
You can correct inaccurate data.
βοΈ Update profile
Change name, email, location in app settings
π§ Correct records
Email [email protected] with corrections
β±οΈ Timeline
Update immediately (or within 30 days if disputed)
Right to Deletion
You can request data deletion (with limits).
π§ Email address
β
Not needed after account closure
π± Phone number
β
Not needed after account closure
π Location
β
Can be removed from public profile
π¨ Task history
β
Permanent record for rank/contribution proof
π EQTBLT earned
β
Represents ownership, cannot be erased
π³οΈ Governance votes
β
On-chain, immutable by design
π« Membership NFT
β
Proof of membership, cannot be deleted
π Legal records
β
Required for compliance (7 year retention)
Note: We cannot delete on-chain data. It's permanent on the blockchain.
Right to Data Portability
You can request your data in portable format.
π All personal data
CSV, JSON
Import to another service
πΎ Transaction history
CSV
Download for tax purposes
π Contribution records
Portfolio documentation
Email [email protected] to request.
Right to Opt-Out
You can withdraw consent for certain uses.
π§ Marketing emails
Click unsubscribe link or update settings
π± SMS notifications
Reply "STOP" or update settings
π Analytics tracking
Opt-out in privacy settings
π¬ Discord integration
Don't join community channel
πΈ Photo/likeness use
Update consent in My Profile
Cannot opt-out of:
Security communications (essential)
Legal compliance data retention
On-chain governance records
Right to Complaint
You can file a complaint with regulators.
If you believe we've violated your privacy rights:
πͺπΊ GDPR Authority
If applicable
Your member state's DPA
How to Exercise Your Rights
For any privacy request:
π§ Email
[email protected] (include "Privacy Request" in subject)
π Include
Your name, email, wallet address, specific request
β±οΈ Timeline
Response within 30 days
We will verify your identity before processing sensitive requests.
No Discrimination
We will NOT:
π« Deny service for privacy requests
π« Charge extra fees for exercising rights
π« Degrade service quality
π« Retaliate against requests
Your privacy rights come without penalty.
π How Long We Keep Data
We retain data only as long as necessary for the stated purposes.
Active Member Data
While you're an active member:
π Profile info
Duration of membership + 30 days after departure
π¨ Task history
Permanent (proof of contribution)
π EQTBLT earned
Permanent (represents ownership)
π³οΈ Governance votes
Permanent (on-chain immutable)
π¬ Communications
Duration of membership + 30 days
After You Leave
If you depart the DAO:
π€ Personal info
30 days
Account shutdown, data deletion requests
π¨ Contribution history
Permanent
Proof of work for references
π EQTBLT
Permanent
You retain ownership
π Legal records
7 years
Tax, compliance, audit
π Security logs
1 year
Fraud investigation
Investor & Financial Data
Special retention for compliance:
π° Investment records
7 years
Tax law (IRS requirement)
π KYC information
5 years + 7 years after termination
FinCEN, AML regulations
π³ Payment records
7 years
Tax documentation
π Agreements
7 years
Legal compliance
Automatic Deletion
After retention periods end:
π§ Email addresses deleted
π± Phone numbers deleted
π Password hashes deleted
πͺ Cookies and tokens cleared
Permanent Records
These cannot be deleted:
βοΈ On-chain blockchain data
ποΈ Your rank and title history
π³οΈ Governance participation record
π EQTBLT balance and history
Data Deletion Request
You can request earlier deletion of non-essential data:
Email [email protected] with:
Your name and wallet address
Specific data to delete
Reason for request
We'll delete non-essential data within 30 days if legal obligations allow.
Backups & Archival
Note: Data may persist in:
π Database backups (retained 90 days)
π Archival systems (for regulatory compliance)
πΎ Disaster recovery copies
These follow the same retention schedules but may take longer to purge.
πΆ Children's Privacy
Built By DAO is not intended for children.
Age Requirement
β Minimum age
Must be 18+ to join
π Age verification
Verified during KYC (investors) or onboarding
π« No minors
We do not knowingly collect data from children under 13
For Parents/Guardians
If your child under 18 creates an account:
π§ Contact us immediately at [email protected]
π Provide proof that you are the guardian
ποΈ Request deletion of all data
We will delete the account and data within 30 days.
COPPA Compliance (USA)
For users under 13 in the USA:
π« We do not collect personal information
π« We do not create tracking profiles
π« We do not use targeting or cookies
This complies with the Children's Online Privacy Protection Act (COPPA).
Teen Users (13-17)
Built By DAO is designed for adults. Teens should:
π§ Ask a parent or guardian before joining
π Understand blockchain data is permanent
β οΈ Recognize this is not a social network
Parents can request account deletion at any time.
π Policy Changes & Updates
This policy may change as the DAO evolves. We notify members of significant changes.
How We Update Policy
When the policy changes:
π’ Clarifications
Updated quietly, no action needed
π‘ Minor changes
Email notification, 14-day notice
π΄ Major changes
Email + in-app notice, 30-day notice, consent re-required
Example major changes: New data sharing, retention policy overhaul, new purposes.
What "Significant" Means
You'll receive notice for changes that:
Expand data collection beyond originally disclosed
Change how we use existing data
Share data with new third parties
Reduce your privacy protections
Affect payment/housing data
You will NOT get notice for:
Security updates or improvements
Typo fixes or clarifications
Changes that increase privacy protection
Your Options When Policy Changes
If we make a major change and you disagree:
π Review new policy (30-day notice period)
β Reject the change by contacting [email protected]
ποΈ Request account deletion if unwilling to continue
Continued use of the platform after the notice period constitutes acceptance.
Version History
1.0
2025-02-23
Initial policy
See header of this document for Last Updated date.
Policy Archive
Previous versions of this policy are available at:
Email: [email protected] with "Privacy Policy Archive" in subject
We maintain version history for 7 years.
β οΈ Critical: Blockchain Data is Permanent
When you interact with Built By DAO governance and tokens on Base blockchain:
π Your wallet address is linked to you forever
π³οΈ Every vote you cast is recorded permanently on the blockchain
π Your EQTBLT holdings and history are publicly viewable
π Anyone can analyze transaction data to identify you
You cannot delete on-chain data. Design your privacy approach accordingly:
Use a dedicated wallet for DAO activity
Understand your address may be deanonymized through analysis
Plan for permanent records of your governance participation
Review Governance documentation for details on public voting records
π Sensitive Data Handling
What We NEVER Do
We explicitly do NOT:
π« Store passwords in plain text
Hashed with bcrypt + salt
π« Store credit card numbers
Third-party payment processors
π« Store API keys in databases
Managed separately via secrets vault
π« Log sensitive data
Redacted from logs automatically
π« Email passwords
Password reset links only
π« Share data with ad networks
No behavioral advertising
π« Sell member lists
Data is for DAO operations only
Wallet Private Keys
IMPORTANT: We NEVER have access to your wallet private keys.
π You own and control your private keys
πΎ Keys are stored on your device, not our servers
π« We cannot access, recover, or reset your keys
π If you lose keys, the wallet is permanently inaccessible
Protect your private keys like you would protect your house keys. We cannot help if they're stolen or lost.
πΊπΈ Geographic & Regulatory Notes
Jurisdiction
Built By DAO is a Wyoming DAO LLC. This policy is governed by:
Wyoming law (primary)
Federal law (USA laws apply)
Base blockchain (Ethereum L2, decentralized)
For EU Residents (GDPR)
If you're in the EU, you have additional rights under GDPR:
π Right to access (as described above)
βοΈ Right to rectification
ποΈ Right to erasure ("right to be forgotten")
β οΈ Right to restrict processing
π€ Right to data portability
π« Right to object
π€ Right regarding automated decision-making
Note: On-chain blockchain data falls outside GDPR erasure rights (immutable by design). For questions: [email protected]
For California Residents (CCPA)
California Consumer Privacy Act rights:
π Know: Request what data we hold
ποΈ Delete: Request data deletion (with legal exceptions)
β οΈ Opt-out: Decline sales of personal information (we don't sell)
π Know recipients: Learn who we share data with
Contact: [email protected] for CCPA requests.
For Wyoming Residents
Wyoming has no state privacy law equivalent to CCPA/GDPR, but Wyoming DAO LLC structure provides statutory liability protection.
π Contact Information
Privacy Inquiries
Email: [email protected]
Address: Built By DAO LLC Registered Office: [Wyoming registered address]
Response Time: 30 days for formal requests
Other Legal Contacts
π Data security issues
βοΈ Legal questions
πΌ Compliance questions
π General support
Report a Privacy Violation
If you believe we've violated your privacy:
π§ Email [email protected] with:
Description of violation
Date it occurred
Data affected
What you'd like corrected
β±οΈ Timeline: We respond within 30 days
π Investigation: We investigate and remediate
π¬ Communication: You receive status updates
Escalation
If unsatisfied with our response:
π File complaint with Wyoming Attorney General
πͺπΊ GDPR complaint (if EU resident) with your data protection authority
βοΈ Legal action under applicable law
π Privacy Summary
π We collect data to operate the platform and track contributions
π Data is encrypted and protected with industry standards
βοΈ Governance and token data lives permanently on blockchain
π₯ You have rights to access, correct, and delete personal data
π« On-chain data cannot be deleted (fundamental to blockchain)
π¬ You control communication preferences and consent
π We comply with Wyoming law and applicable regulations
Questions? Email [email protected]
π Related Pages
βοΈLegalNDA & IP AssignmentComplianceπ―Member OnboardingKYC & Complianceπ»Overviewπ³οΈOverviewπͺOverviewLast updated