[TCC]
Back to Home

PRIVACY POLICY

Last Updated: January 25, 2026

INTRODUCTION

The Carbon Club ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

This policy complies with the European Union General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

DATA CONTROLLER

The Carbon Club acts as the data controller for personal information collected through our platform. For questions about this policy or your data rights, contact us at: privacy@thecarbonclub.xyz

INFORMATION WE COLLECT

1. Account Information

  • Username (chosen by you)
  • Email address (collected during payment)
  • Profile photo (captured during verification)
  • Verification timestamp
  • Referral information (parent_id)

2. Biometric Data

⚠️ IMPORTANT NOTICE

We use FaceIO, a third-party biometric authentication service, to perform one-time liveness verification. This verification confirms you are a real human being and not a bot or automated system.

We do NOT store raw biometric data, facial templates, or facial recognition models.

FaceIO processes your facial scan in real-time and returns only a unique identifier (facialId) to confirm successful verification. The actual biometric processing occurs on FaceIO's secure servers and is subject to their privacy policy.

Learn more: FaceIO Privacy Policy

3. Payment Information

Payment processing is handled entirely by Stripe, a PCI-DSS Level 1 certified payment processor. We never receive, store, or have access to your:

  • Credit/debit card numbers
  • Bank account details
  • CVV/security codes

Learn more: Stripe Privacy Policy

4. Blockchain Data

Upon successful verification and payment, we record a hash of your verification data on the Base blockchain network. This includes your username, rank, and a hash of your verification metadata. Blockchain records are public and immutable.

5. Technical Data

  • IP address
  • Browser type and version
  • Device information
  • Cookies and session data

HOW WE USE YOUR INFORMATION

  • Identity Verification: To confirm you are a unique human being
  • Account Creation: To create and manage your Carbon Club membership
  • Payment Processing: To process your one-time Carbon Tax payment
  • Blockchain Recording: To create an immutable record of your verification
  • Communication: To send important updates about your account
  • Legal Compliance: To comply with applicable laws and regulations
  • Fraud Prevention: To detect and prevent fraudulent activity

LEGAL BASIS FOR PROCESSING (GDPR)

  • Consent: You provide explicit consent for biometric verification
  • Contract: Processing necessary to fulfill your membership request
  • Legal Obligation: Compliance with tax, fraud prevention, and other laws
  • Legitimate Interest: Security, fraud prevention, and service improvement

DATA RETENTION

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law.

  • Account Data: Retained for the lifetime of your membership
  • Verification Photos: Retained indefinitely as proof of verification
  • Blockchain Records: Permanent and immutable by nature
  • Payment Records: Retained for 7 years for tax/legal purposes

YOUR RIGHTS (GDPR/CCPA)

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data (with limitations*)
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

*Important Limitation

Due to the nature of blockchain technology, data recorded on-chain (including your username, rank, and verification hash) cannot be modified or deleted. This is a fundamental property of blockchain systems.

COOKIES

We use essential cookies required for the operation of our service:

  • Session Cookies: Maintain your session during verification
  • Authentication Cookies: Remember your login state
  • Referral Cookies: Track referral relationships (stored in localStorage)

We do not use advertising, tracking, or analytics cookies.

THIRD-PARTY SERVICES

FaceIO (Biometric Verification)

Provides real-time facial liveness detection. Processes biometric data under their own privacy policy. We only receive a confirmation identifier.

Stripe (Payments)

Handles all payment processing. PCI-DSS Level 1 compliant. We never handle or store your payment card details.

Supabase (Database)

Stores account data and verification records. Hosted on secure, GDPR-compliant infrastructure.

Base Network (Blockchain)

Public blockchain for permanent verification records. Data recorded on-chain is public and immutable.

INTERNATIONAL DATA TRANSFERS

Your data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

DATA SECURITY

We implement industry-standard security measures to protect your data:

  • TLS/SSL encryption for all data in transit
  • Encrypted database storage
  • Row-Level Security (RLS) policies
  • Regular security audits
  • Limited employee access to personal data

CHILDREN'S PRIVACY

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a minor, please contact us immediately.

CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. Your continued use of the service after changes constitutes acceptance of the updated policy.

CONTACT US

For questions, concerns, or to exercise your data rights, contact us at:

The Carbon Club

privacy@thecarbonclub.xyz

EU residents may also lodge a complaint with your local data protection authority.

≡≡≡ THE CARBON CLUB — PRIVACY PROTECTED ≡≡≡