CULTD.
Legal

CULTD dApp - Privacy Policy

Privacy Policy and Data Protection

Effective Date: January 20, 2026
Platform: https://dapp.getcultd.com

1. Scope and Nature of Service

CULTD is a B2B Performance Attribution platform. We process data to help professional marketing partners (Creators) and Campaign Hosts (Clients) verify the impact of marketing activities. This policy applies to all users who link social or wallet accounts to our attribution engine.

We comply with UK/EU GDPR, UAE VARA/DIFC/ADGM, and US CCPA/CPRA principles for all users.

2. Data We Collect

We collect data necessary to verify marketing performance and prevent fraud:

  • Attribution Identifiers: Wallet addresses, transaction hashes, and hashed conversion signals (e.g., anonymized confirmation of a signup on a client platform).
  • Social Data: X/Twitter handles, LinkedIn profile metrics, and public engagement data.
  • Growth Metrics: Verification of "Qualified New User" status and activity milestones provided by the Campaign Host.
  • Technical & Anti-Fraud Data: IP addresses, device types, and approximate regions to detect Sybil attacks and automated bot behavior.

3. How We Use Data (Processing Purposes)

  • Performance Scoring: To calculate Average Daily Balance (ADB) and "Sticky TVL" scores for reward eligibility.
  • Conversion Verification: To track successful user signups and "activity milestones" for growth-based campaigns.
  • Lead Integrity & Anti-Fraud: To identify and disqualify "account farming" or artificial engagement that undermines campaign value.
  • Professional Analytics: To generate aggregate performance reports for Clients and Creators.
  • Performance of a Contract: To operate the dApp and facilitate rewards based on your voluntary participation in campaign briefs.
  • Legitimate Interests: To prevent fraud, maintain fair scoring, and provide attribution security.
  • Consent: When you explicitly choose to link a specific social account or participate in a tracking-enabled campaign.

5. Conversion Attribution & Privacy Standards

In alignment with Google Ads Consent Mode v2 and LinkedIn Lead Gen standards:

  • First-Party Attribution: We prioritize first-party data and "cookieless pings" to protect user privacy while ensuring high attribution accuracy.
  • Data Minimization: We only receive hashed confirmation of signups. CULTD does not store raw passwords or unhashed PII from third-party protocols.
  • Consent Synchronization: We respect user consent signals (GPC) and only track conversions where the end-user has accepted the relevant tracking on the Client's site.

6. Data Sharing & Joint Controllership

  • Campaign Hosts: We share participation and attribution data with the Client hosting the campaign (e.g., IPOR) to verify reward distribution.
  • Joint Controllership: For growth campaigns, CULTD and the Client act as "Joint Controllers" of the conversion data to ensure global compliance accountability.
  • Technical Partners: Data may be processed by security and analytics partners (e.g., AWS, fraud detection APIs) under strict confidentiality.

7. Data Retention

  • Attribution Records: Retained for 24–36 months for audit and clawback purposes.
  • Blockchain Data: On-chain activity (wallet addresses/hashes) is public and permanent by nature; CULTD has no control over its existence on the ledger.

8. Your Rights

You have the right to access, rectify, or request the deletion of your off-chain data. You may also request a CSV export of your participation history by emailing team@getcultd.com.