Privacy Policy

Section 02

What Information We Collect

• —Identity data: your first name and phone number provided during onboarding.
• —Authentication data: your Google account email address and unique identifier, used solely to secure your account.
• —Role data: the role you joined as (Supa, KIN, Beacon, or Vault) and your invite chain — who invited you and who you invite.
• —Transaction data: delivery records, order history, poke activity, $SUPA wallet movements, Vault charges and withdrawals.
• —Progression data: your rank, reliability score, streak, badges, milestones, and protocol history.
• —Device data: device type and push notification token, used only to deliver notifications to your device.
• —Location data: GPS coordinates at the moment of delivery confirmation, used solely for fraud detection. We do not track your location continuously.
• —Support data: any information you provide when submitting a problem report through the app.

Section 03

How We Use Your Information

• —To operate the protocol: process orders, calculate fees, manage your $SUPA wallet, and facilitate deliveries.
• —To maintain the integrity of the network: detect fraud, flag impossible delivery times, and validate $SUPA circulation.
• —To personalise your experience: display your rank, portfolio, squadron, and progression milestones.
• —To send you notifications: order updates, rank promotions, streak alerts, gifts, and protocol events. You may manage notification preferences in your Profile.
• —To provide support: respond to problem reports and account requests.
• —To comply with legal obligations where applicable.

We do not use your data for advertising. We do not sell your data to third parties. We do not use your data to train machine learning models.

Section 04

The $SUPA Wallet and Transaction Records

$SUPA is the internal protocol credit. All $SUPA movements — earnings, spending, gifts, transfers, Vault charges and withdrawals — are recorded permanently in the protocol ledger. This ledger is append-only and cannot be deleted, including after account deletion.

Transaction records are anonymised on account deletion — your name and contact details are removed but the financial record remains for protocol integrity purposes.

Section 05

The Invite Chain

Supaverse is invite-only. Your invite record — the code used to join, the role it was generated for, and the identity of the person who invited you — is stored permanently. This record is the trust foundation of the protocol. It is visible to protocol administrators and cannot be removed.

Section 06

Data Sharing

• —With other participants in a transaction: your first name and delivery status are visible to the other party in an active order.
• —With Supaverse regional operators: operators in your country have access to the admin dashboard which shows network-wide activity including your role, rank, and transaction history.
• —With infrastructure providers: we use Supabase for database and authentication services and Google for authentication. These providers process data on our behalf under their own privacy terms.
• —When required by law: we will disclose information if compelled by a valid legal order.

Section 07

Data Retention

We retain your personal data for as long as your account is active. If you delete your account your name, phone number, and email are removed from our systems within 30 days. Transaction records, protocol history entries, and invite chain records are retained indefinitely in anonymised form for protocol integrity.

Section 08

Your Rights

• —Access the personal data we hold about you.
• —Correct inaccurate data — use the Modify account section in your Profile.
• —Delete your account and associated personal data — use the Delete account option in your Profile.
• —Object to processing — contact us at the address below.

Note that some data — transaction ledger entries, protocol history, invite chain records — cannot be deleted as they form the integrity layer of the protocol. These records are anonymised on account deletion.

Section 09

Security

All data is stored in Supabase with row-level security enforced on every table. No user can access another user's data through the app. Financial operations are executed server-side only — never client-side.

Authentication is handled by Google OAuth and Supabase Auth. We do not store passwords.

Section 10

Children

Supaverse is not intended for use by anyone under the age of 18. We do not knowingly collect data from minors. If you believe a minor has registered, contact us immediately.

Section 11

Changes to This Policy

We may update this policy as the protocol evolves. When we make material changes we will notify you via the app. Continued use of Supaverse after notification constitutes acceptance of the updated policy.