Privacy Policy

• Account data — your email address and basic profile info from your sign-in provider (e.g. Google).
• Wallet data — your TXC wallet address. Private keys are stored encrypted; we do not access them in the clear.
• Location data — when you scan an event QR, your device's geolocation at that moment, used solely to verify you are within the event geofence.
• Event activity — which events you've claimed POP for, timestamps, and the resulting on-chain transaction IDs.
• Technical data — IP address, browser/device info, and error logs needed to operate and secure the service.

• To create and operate your wallet and process POP grants.
• To verify event attendance via geofence and time window.
• To prevent fraud, abuse, and Sybil attacks.
• To respond to support requests and communicate service updates.
• To comply with legal obligations under Singapore law.

POP transactions live on the public TXC blockchain. Wallet addresses, transaction amounts, timestamps, and any on-chain memos are visible to anyone, forever, and cannot be deleted by us. Do not put information on-chain that you wouldn't want made public.

We share personal data only with:

• Service providers we rely on to run CryptoPOP (authentication, database hosting, error monitoring), bound by confidentiality and processing agreements.
• Event organisers — aggregate counts of POP claimed at their events. We do not share your email or wallet address with organisers unless you explicitly opt in.
• Authorities when required by Singapore law or a valid legal process.

We do not sell personal data.

Some of our infrastructure providers are located outside Singapore. When we transfer personal data overseas, we take reasonable steps to ensure recipients provide a standard of protection comparable to the PDPA.

We retain personal data only as long as needed for the purposes above or as required by law. Account and event activity are retained while your account is active and for a reasonable period after closure for audit and fraud prevention. On-chain records cannot be deleted.

We use industry-standard safeguards including TLS in transit, encryption at rest for wallet keys, row-level access controls on our database, and least-privilege server credentials. No system is perfectly secure; please report suspected vulnerabilities to security@cryptopop.sg.

You have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Withdraw consent for our processing (which may end the service).
• Request deletion of off-chain data, subject to legal exceptions.

To exercise these rights, email our Data Protection Officer at dpo@cryptopop.sg. If you're unsatisfied with our response, you may contact the Personal Data Protection Commission of Singapore.

We use only the cookies and local storage strictly necessary to keep you signed in and to remember your preferences. We do not use third-party advertising or cross-site tracking cookies.

CryptoPOP is not directed to children under 13 and we do not knowingly collect their personal data.

We may update this policy. Material changes will be posted here with a new "Last updated" date.

Data Protection Officer · CryptoPOP · Singapore · dpo@cryptopop.sg