HOFFUN← Back to app
Legal · Privacy

Privacy Policy

This Privacy Policy explains how HOFFUN collects, uses, shares, and safeguards personal data when you use our website, applications, and APIs (the “Service”). It is written to align with the EU/UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and equivalent frameworks.

Last updated
June 11, 2026
01

Data controller

HOFFUN is the controller of personal data processed via the Service. To exercise any right described below, or to raise a privacy question, open Help inside the app and pick the Privacy topic. Routing requests through the app lets us authenticate you and keep the conversation in one place.

02

Data we collect

  • · Account data: email address, display name, password hash.
  • · Wallet data: public wallet address and on-chain activity you choose to associate with your account.
  • · Content: posts, comments, uploads, and AI prompts you submit.
  • · Usage data: device, browser, approximate location (from IP), interaction events.
  • · Support data: messages you send to us via in-app Help and any attachments.

We do not knowingly collect data from children under 13.

03

How we use data

  • · To provide, secure, and improve the Service.
  • · To authenticate accounts and verify wallet ownership.
  • · To meter AI generation credits and prevent abuse.
  • · To send essential service communications.
  • · To comply with legal obligations and enforce our Terms.
04

Legal bases (GDPR / UK GDPR)

We process personal data on the bases of (a) performance of a contract with you, (b) our legitimate interests in operating and securing the Service, (c) your consent where required (e.g. marketing emails, non-essential cookies), and (d) compliance with legal obligations.

05

Sharing

We share data with vetted processors who help us run the Service — hosting and database infrastructure, authentication, AI model providers, email delivery, and analytics. We do not sell personal data. We may disclose data to comply with law, enforce our Terms, or protect the rights, property, or safety of our users.

06

International transfers

Personal data may be processed outside your country of residence. Where required, we rely on Standard Contractual Clauses, the UK International Data Transfer Addendum, or equivalent safeguards.

07

Retention

We retain personal data for as long as your account is active and for a limited period thereafter to meet legal, accounting, or security obligations. On-chain records (e.g. mints, transfers) are immutable and cannot be deleted by us.

08

Your rights

Subject to applicable law, you have the right to access, rectify, erase, restrict, port, and object to processing of your personal data, and to withdraw consent at any time. California residents additionally have the rights to know, delete, correct, and limit use of sensitive personal information, and to opt out of “sharing” for cross-context behavioural advertising (we do not do this). Submit requests via Help inside the app — we verify your identity before acting on the request.

09

Security

We use industry-standard safeguards including encryption in transit, encryption at rest for sensitive fields, scoped API keys, row-level security on user data, and least-privilege access for staff. No system is fully secure; you should use a unique strong password and enable any available account protections.

10

Cookies

We use strictly necessary cookies to operate the Service and, with your consent where required, analytics cookies to understand usage. You can manage cookies in your browser settings.

11

Changes

We will update this policy as our practices evolve. Material changes will be notified in-app or by email at least 14 days before they take effect.