What we store, what we don’t.

The protocol stores your Solana wallet address (public key), your optional social handle, and your Telegram ID when you opt in to DMs. Wallet addresses are public by nature; Telegram IDs are treated as semi-sensitive and only used for outbound System messages.

Photos you submit for verification are stored in Supabase Storage and processed by Anthropic Claude vision. We retain a perceptual hash (image_dhash) for 14 days to detect duplicate submissions; raw image files are kept as long as the related cohort or quest entry is live.

We do not store payment card numbers, IP-based location histories, or the raw text of System chat sessions beyond the wallet-scoped persistence table (system_messages). Derived stats (Power, Rank, Gates) are computed at read time — never persisted.

Webhooks fire to partner endpoints with HMAC-signed payloads. The payload includes wallet, quest id, and confidence — never raw images, never your Telegram ID, never the System chat transcript. Partner integrations are gated by the system_webhooks table; you can request removal at any time by emailing operatoruplift@gmail.com.

Toggle every notification channel (push, telegram, email, morning dispatch) at /settings. Request full deletion by emailing operatoruplift@gmail.com — we remove the wallet’s row from users and all child tables within 30 days, except where on-chain transactions make removal cryptographically impossible.