Privacy Policy

1. Introduction

Welcome to Support Buying Black ("SBB," "we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our decentralized autonomous organization (DAO) platform, including our website, mobile application, and related services (collectively, the "Platform").

SBB operates a community-driven platform that combines social networking, e-commerce marketplace features, event management, messaging, and blockchain-based governance tools. We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

By using the Platform, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use the Platform.

2. Information We Collect

2.1 Information You Provide to Us

Account Information

• Email address
• Username and display name
• Password (encrypted and hashed)
• Profile information (bio, location, profile picture)
• Phone number (optional)
• User type (Community Supporter, Business Owner, Community Organization)

Profile and Content Data

• Posts, comments, and replies
• Photos, videos, and other media uploads
• Stories and story reactions
• Event creation and RSVP information
• Marketplace listings and product information
• Messages and conversation data
• Course enrollment and progress data
• Community group memberships and activity

Commerce and Transaction Data

• Marketplace purchase and sale history
• Payment information (processed securely through Stripe)
• Shipping and billing addresses
• Order history and preferences
• Cart information
• Product reviews and ratings

DAO Governance Data

• Token holdings and balances
• Voting history and preferences
• Proposal submissions and comments
• Staking activity
• Treasury transaction history
• Reputation scores and badges

2.2 Blockchain and Wallet Information

Cryptocurrency Wallet Data

• Public wallet addresses
• Token balances (on-chain)
• Transaction hashes
• Smart contract interactions
• Staking and governance activities

Important Notice About Blockchain Data: Information recorded on public blockchains is permanent, transparent, and cannot be modified or deleted. This includes token transactions, voting records, and smart contract interactions. While we can remove your off-chain data from our Platform, on-chain data will remain permanently visible on the blockchain.

2.3 Information We Collect Automatically

Usage Information

• Pages viewed and features accessed
• Time spent on the Platform
• Click patterns and navigation paths
• Search queries
• Posts and content you interact with (likes, bookmarks, shares)
• Following and follower relationships

Device and Technical Information

• IP address
• Browser type and version
• Device type and operating system
• Mobile device identifiers
• Screen resolution
• Time zone and language preferences
• Referral source

2.4 Information from Third Parties

• Public profile information from connected social accounts
• Transaction confirmation data from Stripe
• On-chain transaction data from blockchain networks
• Aggregated usage statistics from analytics providers

3. How We Use Your Information

3.1 Platform Operation and Improvement

• Provide, operate, and maintain the Platform
• Process your transactions and fulfill orders
• Enable messaging and real-time communication
• Facilitate DAO governance and voting
• Manage your account and preferences
• Authenticate users and prevent fraud
• Improve and optimize Platform performance
• Develop new features and services

3.2 Personalization

• Customize your feed and content recommendations
• Suggest relevant users to follow
• Recommend events, products, and communities
• Display personalized marketplace listings
• Tailor notifications to your interests

3.3 Communication

• Send transactional emails (order confirmations, RSVP confirmations)
• Provide customer support
• Send notifications about Platform activity
• Communicate about DAO proposals and governance
• Share Platform updates and announcements (with your consent)
• Respond to your inquiries and requests

3.4 Security and Legal Compliance

• Detect and prevent fraud, abuse, and security threats
• Enforce our Terms of Service and policies
• Comply with legal obligations
• Protect our rights and the rights of others
• Investigate violations and disputes

4. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

4.1 Public Information

The following information is public by default and visible to other Platform users:

• Profile information (username, display name, bio, profile picture)
• Posts, comments, and replies
• Stories (visible for 24 hours)
• Marketplace listings and reviews
• DAO proposals and votes (for transparency)
• Community memberships (depending on community settings)
• Reputation scores and badges

4.2 Service Providers

We share information with trusted service providers who assist us in operating the Platform:

• Supabase (database and authentication services)
• Stripe (payment processing)
• Bunny CDN (content delivery and media storage)
• Vercel (hosting and infrastructure)
• Sentry (error monitoring)
• Analytics providers (usage analytics)

All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.3 Blockchain Networks

Certain information is shared with blockchain networks for DAO governance:

• Public wallet addresses
• Token transactions
• Voting records
• Proposal submissions
• Staking activities

This information becomes part of the public blockchain ledger and cannot be deleted.

4.4 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal process (subpoenas, court orders)
• Enforce our Terms of Service
• Protect our rights, property, and safety
• Protect the rights and safety of our users
• Prevent fraud or security threats
• Cooperate with law enforcement

5. Data Retention

5.1 Account Data

We retain your account information for as long as your account is active or as needed to provide services. When you delete your account, we will delete or anonymize your personal information within 90 days, except where we are required to retain it for legal or regulatory purposes.

5.2 Blockchain Data

Information recorded on blockchain networks is permanent and cannot be deleted. This includes:

• Token transactions
• Voting records
• Proposal submissions
• Smart contract interactions

5.3 Legal and Regulatory Requirements

We may retain certain information for longer periods when required by law, including:

• Financial transaction records (7 years)
• Tax-related information (as required by law)
• Legal dispute documentation
• Fraud prevention records

6. Your Rights and Choices

6.1 Access and Portability

You have the right to:

• Access your personal information
• Request a copy of your data in a portable format
• Review information we have collected about you

To request your data, visit Settings > Privacy > Download Your Data.

6.2 Correction and Update

You can update most of your information directly in your account settings. For assistance, contact us at privacy@supportbuyingblack.com.

6.3 Deletion and Right to Be Forgotten

You have the right to request deletion of your personal information. Note:

• Account deletion removes most personal data from our Platform
• Public posts may be archived for platform integrity
• Blockchain data cannot be deleted
• Some information may be retained for legal compliance

To delete your account, visit Settings > Account > Delete Account.

6.4 California Privacy Rights (CCPA)

California residents have additional rights:

• Right to know what personal information is collected
• Right to know if personal information is sold or shared
• Right to opt-out of sale of personal information
• Right to deletion of personal information
• Right to non-discrimination for exercising privacy rights

6.5 European Privacy Rights (GDPR)

European Union residents have additional rights:

• Right to access
• Right to rectification
• Right to erasure (right to be forgotten)
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

7. Security

We implement industry-standard security measures to protect your information:

7.1 Technical Safeguards

• End-to-end encryption for sensitive data
• TLS/SSL encryption for data in transit
• Encryption at rest for stored data
• Secure authentication (password hashing, MFA)
• Regular security audits and penetration testing
• Intrusion detection and prevention systems

7.2 Your Responsibility

• Use strong, unique passwords
• Enable two-factor authentication
• Keep your wallet private keys secure
• Do not share account credentials
• Report suspicious activity immediately

Important: No method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Blockchain and Decentralization Considerations

8.1 Immutability

Blockchain data is permanent and cannot be modified or deleted. This conflicts with "right to be forgotten" requirements under GDPR. We minimize personal data on-chain and maintain off-chain records that can be deleted.

8.2 Transparency vs. Privacy

DAO governance requires transparency (voting records, proposal authorship), which may conflict with privacy preferences. We use wallet addresses instead of personal identifiers on-chain.

8.3 Hybrid Approach

We use a hybrid model:

• On-chain: Token balances, votes, transactions (public, immutable)
• Off-chain: Personal profiles, messages, content (can be deleted)

9. Children's Privacy

The Platform is not intended for users under 13 years of age (or 16 in the EU). We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us immediately at privacy@supportbuyingblack.com, and we will take steps to delete such information.

10. International Data Transfers

SBB is based in the United States. If you access the Platform from outside the U.S., your information may be transferred to, stored, and processed in the U.S. and other countries where our service providers operate.

We take steps to ensure adequate protection for international data transfers, including:

• Standard Contractual Clauses (SCCs) for EU data transfers
• Adequacy decisions where available
• Other lawful transfer mechanisms

By using the Platform, you consent to the transfer of your information to the U.S. and other countries.

11. Third-Party Links and Services

The Platform may contain links to third-party websites, services, or applications. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting a notice on the Platform
• Sending an email to your registered address
• Displaying an in-app notification

Your continued use of the Platform after changes become effective constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

• Email: privacy@supportbuyingblack.com
• Support: support@supportbuyingblack.com
• Data Protection Officer: dpo@supportbuyingblack.com

Response Time: We aim to respond to all privacy inquiries within 30 days.