Otaku AI

Data Deletion and Retention Policy

Last Updated: May 28, 2026

At our startup, we prioritize the privacy and security of your personal and wallet data. This Data Deletion and Retention Policy outlines how we collect, retain, and permanently dispose of your data when you request the deletion of your account or wallet.

Our practices are designed to fully comply with international privacy standards, including the General Data Protection Regulation (GDPR) (Right to Erasure / "Right to be Forgotten") and the California Consumer Privacy Act (CCPA/CPRA) (Right to Delete).

1. Scope of This Policy

This policy applies to all registered accounts, connected wallets, associated transaction histories, and user profile data managed by our platform.

2. What Data We Collect & Store

To provide our decentralized ecosystem and transaction-monitoring services, we store minimal personal and operational information:

  • Public Wallet AddressesUsed to identify your account and process transactions.
  • User Profile InformationAny custom username, profile metadata, or preferences associated with your public key.
  • Device Push Notification TokensUsed exclusively to deliver real-time on-chain alerts.
  • Referral & Loyalty DataReferral codes and associated gamification/stats.
  • Operational & Security LogsStandard request logs kept for rate limiting, threat prevention, and debugging.

3. How to Request Account Deletion

Within the Mobile / Web Application

  1. Navigate to the Settings or Profile menu in the application.
  2. Select Delete Account or Delete Wallet.
  3. Confirm the action. Your active credentials and tokens are immediately revoked.

Via Customer Support

If you are unable to access the application, you can submit a formal deletion request by contacting our Privacy and Support team at privacy@hellootaku.io. We will verify your identity and process the deletion within the legally mandated timeframes (typically within 30 days under GDPR/CCPA).

4. The Deletion & Purging Process (What Happens Behind the Scenes)

Stage 1: Immediate Invalidation & Disconnect (Real-time)

  • Session Revocation: All active user sessions, refresh tokens, and authentication nonces are immediately blacklisted and invalidated. You are logged out across all devices instantly.
  • Primary Data Deletion: Your wallet profile, linked push notification tokens, custom usernames, and referral associations are instantly unlinked and removed from our active database.

Stage 2: Temporary Archival for Security & Recovery (7 Days)

To protect our users and system integrity, a secure, cryptographic snapshot of your primary registration data is archived in a highly restricted, isolated archive for exactly 7 days.

  • Why we do this: This temporary window is a critical security measure to prevent immediate re-registration abuse, mitigate on-chain fraud, deter blind-signing attacks, and allow our support team to assist with accidental self-deletion recovery.
  • Access Control: This archive is strictly isolated. No regular application services can read or query this data, and it is entirely invisible to the front-facing platform.

Stage 3: Permanent and Irreversible Erasure (After 7 Days)

Once the 7-day security window expires, an automated, performant background cleanup job permanently and irreversibly purges the archived snapshot from our physical servers and database backups.

Once this stage is complete:

  • Your data cannot be recovered by any means.
  • Your public wallet address is treated as completely new if you ever choose to register on our platform again.

5. Exceptions to Deletion Requests

Consistent with applicable legal requirements, we may retain certain data points even after a deletion request under the following limited circumstances:

  • Public Blockchain Ledger Data: We do not own, control, or have the ability to modify or delete data written to public, decentralized blockchains (e.g., Solana). Any transaction signatures, smart contract interactions, or balances written to the blockchain are immutable and remain public.
  • Legal Compliance & Auditing: Financial transactions, regulatory records, or items under active legal holds or ongoing litigation will be preserved in accordance with applicable local and federal laws.
  • Anonymized/Aggregated Data: We may retain highly aggregated, non-identifiable statistical metadata (such as overall volume processed) for business analytical purposes. This data contains no personal identifiers.

6. Security of Data Disposal

We utilize industry-standard cryptographic erasure and secure database purges to ensure that deleted records are rendered completely unrecoverable by third parties. Our automated sweeps run daily to maintain server hygiene and guarantee prompt compliance.

7. Policy Updates

We may update this Data Deletion and Retention Policy from time to time to reflect changes in our services, system architectures, or evolving legal requirements. The "Last Updated" date at the top of this document will be updated accordingly.

8. Contact Us

If you have any questions about this policy, your data privacy rights, or need assistance deleting your account, please reach out to us:

Email: support@hellootaku.io