← Home

Privacy Policy

Last updated: March 2026

What We Collect

We collect the following information when you use Giveaway Manager:

  • X (Twitter) OAuth identity data: handle, display name, profile picture URL, and user ID
  • X OAuth tokens (encrypted at rest) — retained only to enable the auto-post feature for operators
  • Solana wallet addresses submitted by giveaway participants (entered publicly as replies on X)
  • Solana transaction hashes (public blockchain data)
  • USDC payment transaction hashes for subscription payments (public blockchain data)

What We Do NOT Collect

  • Government IDs or Social Security Numbers
  • Email addresses (unless an operator provides one for alert emails)
  • Phone numbers
  • IP addresses beyond what our infrastructure provider logs automatically

How We Use Your Information

We use collected information solely to operate the Giveaway Manager platform: authenticating operators, running on-chain giveaways, detecting ineligible entries (via OFAC sanctions screening), and delivering prizes through smart contracts.

We do not sell, rent, or share your personal information with third parties for marketing purposes.

Data Retention

  • Operator accounts: retained until an account deletion request is submitted. Upon deletion, accounts are soft-deleted (access revoked immediately); records are hard-deleted after 90 days.
  • Participant entries: retained indefinitely as part of the public giveaway record (consistent with the public nature of X replies).
  • X OAuth tokens: deleted immediately upon account deletion.

Third-Party Processors

We use the following service providers to operate the platform. Each processes data only as necessary to provide their service:

  • Railway — PostgreSQL database and Redis hosting (US-based)
  • Helius — Solana RPC and webhook delivery (US-based)
  • Sentry — Error tracking; personally identifiable information is scrubbed before transmission (US-based)
  • X (Twitter) — OAuth authentication; governed by X’s own Privacy Policy

Security

OAuth tokens are encrypted at rest using AES-256-GCM. We do not log wallet addresses or authentication tokens. Error reports are scrubbed of personally identifiable information before being sent to Sentry.

Users in the European Union

If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR), including the right to access, correct, delete, and port your personal data. To exercise these rights, contact us. Full GDPR compliance documentation will be published in a future update.

Contact

If you have questions about this Privacy Policy or wish to request deletion of your data, contact us through the platform’s support channel.

Privacy Policy — Giveaway Manager | Giveaway Manager