GetCULTD Privacy Policy

Last updated: September 19, 2025

1. Who we are

This Privacy Policy explains how GetCULTD ("GetCULTD", "we", "us", "our") collects, uses, and protects your personal data.

  • Headquarters: Dubai, United Arab Emirates
  • Legal entity: GetCULTD, licensed under Dubai freezone authority
  • Supervisory authorities:
    • Dubai: Virtual Assets Regulatory Authority (VARA), and where applicable, DIFC/ADGM Data Protection Regulations.
    • UK/EU: We comply with UK GDPR / EU GDPR for users in those regions.
    • US: We comply with CCPA/CPRA for California residents.
  • Contact: team@getcultd.com

2. Scope

This Policy applies to all individuals using our Services, including:

  • Grinders / community members participating in GrindFi campaigns.
  • KOLs / CT influencers using our CRM and Influence Score.
  • Business clients / prospects accessing our platform.
  • Visitors to our websites and dApp.

All are treated as data subjects with rights under GDPR-equivalent principles, regardless of payment status.

3. Data we collect

  • Identity & contact: name, email, phone/messenger.
  • Account: login details (hashed), campaign participation, referrals.
  • Wallet & blockchain: wallet addresses, transaction hashes, token allocations. We never request or store private keys. Wallet addresses linked to email are treated as personal data.
  • Social media (X/Twitter): handle, engagement stats, public posts, followers (via official APIs or other lawful sources).
  • Usage data: IP address, device/browser, session logs, cookies.
  • Billing (B2B): company info, VAT/tax ID, limited payment metadata (via PCI-compliant processors).

We do not intentionally collect special category data (health, beliefs, etc.). Please do not provide this.

4. Why we process your data

We process personal data to:

  • Deliver Services: GrindFi campaigns, KOL CRM, Influence Scores, referrals, Auto growth tools.
  • Reward allocation: distributing tokens (including $CULTD).
  • Fraud prevention: detecting bots, fake engagement, duplicate accounts.
  • Communications: transactional notices, service updates, and where consented marketing.
  • Analytics & improvement: product optimisation and performance monitoring.
  • Legal compliance: to meet obligations under UAE, EU/UK, and US law.

5. Legal bases

Depending on your location:

  • Contract: to provide Services you sign up for.
  • Legitimate interests: fraud prevention, analytics, transparency to clients.
  • Consent: for marketing, cookies, and optional features.
  • Legal obligation: where law requires (Dubai, EU/UK, US).

6. Profiling & automated decisions

We use automated tools (including AI) to:

  • Calculate Influence Scores.
  • Allocate campaign rewards.
  • Detect fraudulent/botted activity.

Because these may affect financial outcomes (e.g., tokens earned), they may constitute significant effects under GDPR.

You have the right to:

  • Request a meaningful explanation of the logic involved.
  • Object to profiling.
  • Request human review of decisions.
  • Appeal reward or scoring outcomes.

Appeals: team@getcultd.com.

7. Wallets & blockchain immutability

  • On-chain interactions are public and permanent.
  • GetCULTD cannot alter blockchain data.
  • Where wallet addresses are linked to your identity, we treat them as personal data.
  • If you exercise rights (e.g., erasure), we will restrict use in our systems but cannot erase blockchain records.

8. Children

Our Services are not intended for under-16s. We implement age-assurance measures including:

  • requiring wallet or X verification,
  • monitoring suspicious participation patterns,
  • rejecting accounts flagged as underage.

If we discover under-16 data, we will delete it promptly.

9. Sharing your data

We share data only with:

  • Service providers / sub-processors: hosting (AWS, GCP), payments (Stripe), analytics, CRM, messaging.
  • Clients/brands: for campaign validation and influencer vetting.
  • Affiliates/partners: for referrals and collaborations.
  • Legal authorities: where required.
  • Business transfers: mergers, acquisitions, restructuring.

We do not sell personal data.

10. International transfers

We transfer data across borders (Dubai, EU, US, etc.). Safeguards include:

  • SCCs for EU transfers.
  • UK IDTA Addendum for UK transfers.
  • Contractual safeguards with US vendors.

Our current vendors and locations: [link or annex with list].

11. Retention

  • Accounts: life of account + 24 months.
  • Campaign logs: 24–36 months (fraud prevention/audit).
  • Marketing contacts: until unsubscribed.
  • Blockchain records: permanent, outside our control.

We periodically review retention to ensure compliance with data minimisation.

12. Security

We implement: encryption, access controls, monitoring, regular audits, and vendor due diligence. Users remain responsible for wallet security and strong passwords.

13. Your rights

EU/UK (GDPR)

Access, rectification, erasure (where possible), restriction, portability, objection, withdraw consent.

Complaint: ICO (UK), CNIL (France), etc.

US (CCPA/CPRA)

Right to know, delete, correct, opt-out of sale/sharing, limit sensitive data use, non-discrimination.

UAE (VARA / DIFC / ADGM)

Rights broadly similar to GDPR: access, correction, deletion, portability, restriction.

Requests: team@getcultd.com.

14. Marketing & consent

  • Marketing only sent with provable consent (logged & timestamped).
  • EU/UK: double opt-in applies.
  • You can unsubscribe at any time via email link or by contacting us.
  • Requests processed within 48 hours.

15. Liability & reward disclaimer

  • Rewards are distributed per campaign rules and smart contracts.
  • Tokens are not financial instruments, securities, or deposits.
  • GetCULTD is not liable for:
    • token price volatility,
    • network delays,
    • smart contract bugs,
    • client refusal to honour third-party reward promises.
  • Tokens are earned only when finalised by campaign rules. Participation does not guarantee payout.

16. Cookies & tracking

We use cookies and similar tools for sessions, analytics, and marketing attribution. Where law requires, we collect consent (Consent Mode v2). See our Cookie Notice.

17. Complaints & dispute resolution

  • Contact us: team@getcultd.com.
  • We acknowledge within 7 days, respond within 30.
  • If unresolved:
    • Dubai residents: VARA / freezone regulator.
    • EU/UK residents: local Data Protection Authority.
    • US residents: state authority or AG office.

We also maintain an internal complaints register to track and resolve cases.

18. Changes to this Policy

We may update this Policy. The current version is always on our website. Significant changes will be notified in advance.

19. Contact

📧 team@getcultd.com

📍 GetCULTD, Dubai, United Arab Emirates