Privacy Policy

This Privacy Policy explains how Blockestate (“Blockestate”, “we”, “us”, “our”) collects, uses, discloses, and protects personal information in connection with our website and pre‑launch services. We take a privacy‑first approach, minimize personal data collection, and use privacy‑friendly vendors.

Controller and Contact

Data Controller: Blockestate. For privacy requests, contact us at
privacy@blockestate.info or use our contact page.

Scope

This Policy covers our website and related pre‑launch activities, including waitlist, contact forms, community onboarding (e.g., Discord invites), analytics, and error telemetry. If you later use a third‑party platform to complete transactions, that platform’s privacy and terms will apply in addition to ours.

Information We Collect

• Information you provide: email (waitlist/newsletters), name and contact details (contact form), messages, preferences and consent. Optional fields may include company and phone.
• Technical and usage information: device/browser type, pages viewed, events (e.g., button clicks), approximate location inferred from IP, performance/error telemetry (stack traces, page URL) for reliability.
• Referral and campaign data: UTM parameters and ref data stored in cookies when present (e.g., utm_source, utm_medium, utm_campaign, utm_term, utm_content, ref).
• Community onboarding: if you purchase or join Premium, we may generate single‑use Discord invite links and store the invite URL on your subscriber profile with our email vendor.

Sources of Data

• Directly from you (forms, emails, community onboarding).
• Automatically through your device/browser when you use our site (analytics, telemetry, cookies).
• From service providers that help us operate the site (e.g., email, analytics, error monitoring).

Purposes and Legal Bases (GDPR)

• Provide and improve services: operate the site, deliver features, maintain security and reliability. Legal basis: legitimate interests (Art. 6(1)(f)).
• Communications: send updates you request (e.g., waitlist confirmations, onboarding emails) and respond to inquiries. Legal basis: consent (Art. 6(1)(a)) and/or legitimate interests; withdrawal does not affect prior processing.
• Analytics and performance: understand usage to improve usability and performance using privacy‑friendly tools. Legal basis: legitimate interests; we avoid invasive tracking.
• Security, fraud and abuse prevention: rate limiting, spam deterrence, and incident response. Legal basis: legitimate interests and compliance with legal obligations.

Cookies and Similar Technologies

We keep cookies minimal. Our middleware may set UTM/ref cookies to remember campaign attribution for up to 90 days and an A/B variant cookie for up to 30 days. We do not use invasive third‑party advertising trackers. Our analytics (Plausible) is privacy‑friendly and does not use cross‑site tracking cookies. Some features may use local storage to remember preferences.

Data Sharing

We share limited data with service providers to operate the site:

• Analytics: Plausible (privacy‑friendly). We send only aggregate event data. See plausible.io/privacy.
• Error/performance monitoring: Sentry. Technical telemetry (e.g., stack traces) helps us fix issues. See sentry.io/privacy.
• Email: MailerLite. Waitlist/newsletter emails and subscriber fields (e.g., Discord invite URL). See mailerlite.com/legal/privacy-policy.
• Rate limiting: Upstash (Redis) if configured, otherwise in‑memory limiter. IP address may be processed to prevent abuse.
• Community: Discord. We create single‑use invites via Discord’s API; your use of Discord is subject to Discord’s terms and privacy.

We do not sell or share personal information for cross‑context behavioral advertising. We disclose data only as necessary to operate the service, comply with law, protect rights, or with your consent.

Retention

• UTM/ref cookies: up to 90 days. A/B variant cookie: up to 30 days.
• Contact submissions: generally up to 24 months for support and recordkeeping.
• Telemetry and logs: limited retention sufficient for debugging and security (typically up to 30–90 days).
• Subscriber records with MailerLite: until you unsubscribe or request deletion, subject to legal obligations.

International Transfers

Depending on your location and our providers, data may be processed outside your country. When applicable, we rely on appropriate safeguards such as Standard Contractual Clauses and vendor compliance documentation.

Your Rights

If you are in the EU/EEA/UK, you have rights under GDPR including access, rectification, erasure, restriction, portability, and objection to processing. If you are in California, you have rights under CCPA/CPRA including right to know, delete, correct, and to opt‑out of sale/share (we do not sell/share), and to limit the use of sensitive information. We do not knowingly process sensitive information.

To exercise rights, contact privacy@blockestate.info. We will verify your request and respond within applicable timelines. You may also unsubscribe from marketing emails via the link in any email.

Security

We use technical and organizational measures to protect personal data, including a strict Content Security Policy (CSP), rate limiting, minimal third‑party scripts, and secure configuration. No system is perfectly secure, but we continuously improve our posture.

Children

Our site is not directed to children, and we do not knowingly collect personal information from individuals under the age of 16 (or as otherwise defined by local law). If you believe a minor has provided us information, please contact us and we will delete it.

Changes to This Policy

We may update this Policy from time to time. Material changes will be posted on this page with an updated date.

Pre‑launch content is informational only and not an offer to sell or solicit investments. See Terms.