Privacy Statement

Version 1.0 – November 11, 2025

About us This Privacy Policy (“Privacy Policy”) explains how we collect, use, and protect your personal data when you use the Enhancer website or any related applications and services (collectively, the “Services”). The Services are operated by the Enhancer DAO, orchestrated through the Enhancer Association (referred to as “Enhancer”, “we”, “us”, or “our”). For purposes of data protection law, the Association is the controller of your personal data processed via the Services. We are committed to respecting your privacy and protecting your personal information.

1. Personal data we collect

We may collect or receive certain personal data about you in connection with your use of Enhancer’s Services. The types of personal data we process include:

Wallet and Financial Information: Public blockchain addresses you connect to our Platform, transaction records (such as your deposits and withdrawals on partner protocols), and balances related to campaigns. While blockchain data is, by nature, public and pseudonymous, if it can be linked to you it may be considered personal data. We do not ask for private keys or any access to your funds.
Website Usage Data: When you visit our website, we may automatically collect technical data including your IP address, browser type, operating system, referring URLs, and timestamps. We also gather information on how you navigate and interact with our site (e.g., pages viewed, links clicked).
Contact Information (if provided): If you choose to contact us or fill out any form, we may collect identifiers like your name, email address, or social media handle, along with the content of your communications.
Geolocation Data: We might infer your general location (country or region) from your IP address or from information you provide, in order to enforce geographic restrictions on our Services (for example, if certain campaigns are not available in your jurisdiction). We do not track precise GPS location without your explicit consent.
Cookies and Similar Technologies: We use cookies and similar tracking technologies (like web beacons) to collect information about your interactions on our site. This can include your preferences and session data. For more details, see the “Cookies” section below.

Please note that certain personal data is necessary for us to provide the Services. If you choose not to provide data that is marked as required, we may not be able to offer you full functionality of the platform (for example, if you decline to connect a wallet, you cannot participate in campaigns).

2. How we collect personal data

We collect personal data through various means:

Directly from You: You provide personal data when you connect your crypto wallet, complete any registration steps, fill in forms, or communicate with us. For instance, signing the terms with your wallet provides us your wallet address. If you submit a support request, we collect whatever information you include in that request.
Through Your Use of the Services: As you interact with the platform, data is passively collected (e.g., via cookies or API calls to the blockchain). For example, we automatically log on-chain events related to addresses that have agreed to our terms, so we know how to calculate your rewards. We also log website interactions as described above (IP, device info, etc.).
From Third Parties: We may receive information from third-party sources to supplement our data. For example:
- If you engage with our community on Discord or Twitter, we might indirectly learn your username or feedback (though we don’t actively combine this with your platform usage unless necessary).
- If a partner protocol provides data (like a whitelist of addresses eligible for a campaign or KYC verification results for a restricted campaign), we will collect that to enforce eligibility.
- Publicly available data on blockchains: We retrieve data from public blockchain nodes or explorers about transactions and balances (this is not “third-party disclosure” in the traditional sense, since blockchain data is open, but we mention it here for transparency).

We do not purchase personal data from data brokers. Any indirect collection is generally limited to the context of operating the Services (e.g., ensuring an address is not sanctioned by cross-referencing public sanctions lists).

3. Legal Basis and Purposes

Our legal basis for processing personal data (under applicable laws such as the EU’s GDPR) includes:

Contractual Necessity: We process certain data because it is necessary to provide our Services under our Terms of Use (contract) with you. For example, we use your wallet address to track your contributions and compute rewards – without processing that, we couldn’t deliver the service of rewarding you. Similarly, if you provide an email for support, we use it to respond as part of fulfilling your request.
Legitimate Interests: We rely on legitimate interests to process data in ways that are expected and have minimal privacy impact, in order to run and improve our Services. This includes:
- Maintaining and improving the platform’s functionality and security (e.g., using IP addresses to prevent fraud or abuse, debugging issues by analyzing log data)docs.turtle.xyz docs.turtle.xyz.
- Analyzing usage trends and campaign performance, so we can enhance user experience and optimize incentive models (aggregation of user behavior helps us decide new features or detect inefficiencies).
- Communicating with our user community, sending service-related updates, or informing you of new opportunities on the platform (within reasonable bounds and, where required, with your consent for marketing communications). Our assessment is that these interests are balanced with your rights – we handle data in a way that is proportionate and respectful (e.g., pseudonymous analytics where possible, quick opt-outs for communications).
Legal Obligation: In some cases, we must process data to comply with laws and regulationsdocs.turtle.xyz. For example:
- If we detect activity that might violate anti-money laundering (AML) laws or economic sanctions, we may need to retain and report certain information.
- Tax and accounting laws might require us to keep records of transactions or payments.
- If authorities lawfully require information (e.g., a subpoena), we might process data to comply.
Consent: Where we ask for your consent, we will use data based on that consent. For instance, if we ever introduce an email newsletter, we would only send it if you consent to receive it. You can withdraw consent at any time, and we will stop the processing that was based on consent.
Public Interest or Other: In very limited situations, we might process data if it’s in the vital interest of someone (e.g., safety concerns) or another lawful basis under local law. Generally, this is not typical for Enhancer’s operations.

We use the personal data we collect for purposes such as: providing and maintaining the Services, enabling reward calculations and transfers, personalizing your experience (like remembering preferences), safeguarding against fraudulent or illegal activity, complying with legal requirements, and informing development of new platform features.

4. Data retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected, or as required by law or legitimate business needs. How this plays out:

Usage Data (web logs, etc.): Kept for a short period (e.g., 90 days) unless needed longer for security analysis. Aggregate data (stripped of personal identifiers) may be kept longer for analytical purposes.
Wallet and Transaction Data: As this ties into financial records and potential legal obligations, we may keep records of rewards distributions and related addresses for a longer duration, often at least 5 years (common regulatory minimum in some jurisdictions). Blockchain data itself is immutable and public, but our association of it with your account (post-whitelisting) is stored in our databases; we’ll purge or anonymize it when it’s no longer needed. If you remove your address from our platform or it’s been inactive for years, we might archive it.
Contact info and communications: If you communicate with us, we may retain those communications for a period to manage our relationship (for example, to refer back to a support issue). Generally, emails or tickets are kept for a couple of years at most, unless they contain information we’re legally required to hold longer.
KYC or Whitelist data: If a campaign required you to go through KYC (Know Your Customer) verification via a third-party provider, the data might be held by that provider. We would only keep a flag that you are verified or not, and perhaps an expiration of that status. Such flags we keep as long as the campaign or legal requirement is relevant (e.g., if a law says we must note who passed KYC for 5 years).
Deleted/withdrawn data: If you withdraw consent for a certain processing or ask us to delete your data, we will do so for the data not needed to retain. Some data we may need to keep even if you request deletion – for instance, we can delete your contact info but might keep a record that an address was once whitelisted and then removed, to maintain the integrity of our reward logs.

After the retention period expires, we will either securely delete your personal data or anonymize it (so it can no longer be associated with you) in our systems. Please note that data stored on the blockchain (like transaction details) cannot be deleted by us; it remains public, but it’s not under our control.

5. Data recipients

We treat your personal data with care and confidentiality. However, we may share data with certain third parties in the following scenarios:

Service Providers: We employ trusted third-party companies to perform tasks on our behalf in order to run the Services (“Service Providers”). This includes, for example: cloud hosting providers (where our databases or backend may be stored), analytics providers (to help us understand usage patterns), customer support software, and smart contract auditors/security firms (if they need data to analyze an incident). These service providers are given access only to the data necessary to perform their functions and are obligated to protect it and use it only for our specified purposes

Partner Protocols: If you participate in a specific campaign, we might share aggregated statistics or reports with that partner protocol (e.g., how many unique users participated, total volume, etc.). This typically wouldn’t include your personal identifiers – mostly aggregated data. We do not share individual user identities with a partner without consent, unless it’s necessary for a campaign’s operation (for instance, if a campaign has off-chain rewards to send, a partner might need your wallet address to distribute a prize, in which case they already see it on-chain). If KYC is required, a partner might require confirmation that you passed – we’d share that status, not your full documents.
Legal and Compliance: We may disclose personal data to external parties if required by law or legal process, or if we have a good-faith belief that such disclosure is necessary to: comply with a legal obligation (like a court order or regulatory request)docs.turtle.xyz; protect our rights, property, or safety, or that of our users or the public; or detect, prevent, or otherwise address fraud, security, or technical issues. This could mean providing information to law enforcement or regulators. We will strive to limit the data shared to what is strictly necessary.
Corporate Transactions: If the Enhancer Association (or DAO structure) is involved in a potential or actual merger, acquisition, investor due diligence, or asset sale, personal data may be disclosed to the parties involved (e.g., to auditors or potential acquiring entities) as part of that process. We will ensure such parties are bound by confidentiality and privacy obligations. If a change of ownership happens, we’ll notify users as required and ensure the successor continues to honor privacy commitments.
Professional Advisors: We might share information with our lawyers, accountants, insurers, and other professional advisors to the extent necessary to obtain advice or protect our legal interests. For example, sharing certain records with an auditor to validate our financial or compliance reports.

We do not sell personal information to third parties. We also do not share data for third-party advertising purposes. Any third parties that process data on our behalf are subject to data processing agreements that align with privacy laws and this policy.

6. Data transfers

Enhancer is a global platform. The personal data we collect may be transferred to and stored on servers in various countries, including those outside of your home country. In particular, if you are located in the European Economic Area (EEA) or United Kingdom, please note:

Our core infrastructure may be in cloud servers that are in the USA or other jurisdictions.
Team members or service providers might operate from Switzerland, the EU, the USA, or other countries.

We take steps to ensure that international data transfers comply with applicable laws. If personal data is transferred from the EEA/UK to a country that hasn’t been deemed by regulators to have an adequate level of data protection, we will implement appropriate safeguards. Typically, this means using Standard Contractual Clauses (SCCs) approved by the European Commission, or ensuring the recipient is certified under frameworks like the EU-US Data Privacy Framework, if applicable, or binding corporate rules. We also assess on a case-by-case basis whether additional technical, contractual, or organizational measures are needed to protect data in transit and at the destination.

For example, our cloud hosting provider in the US would be under an agreement with SCCs and we may apply encryption to personal data stored there. By using our Services, you understand that your personal data may be processed in countries with different data protection standards than your own. However, we remain committed to protecting your privacy and will ensure any transfer is subject to appropriate safeguards as required by law.

If you have questions about our international transfer mechanisms or want to obtain a copy of relevant contractual safeguards, you can contact us (see the Contact section below).

7. Data disclosure

We treat your data as confidential within our organization. That said, in running a decentralized platform, some data might become public by design (for instance, if you earn rewards, your blockchain address and the amounts are visible on-chain to anyone). Beyond those inherent disclosures, we outline how and why we might disclose personal data under certain conditions in section 5 (Data recipients) and reiterate key points here:

Public Blockchain: Transactions you perform (deposits, claims, etc.) are posted on public blockchains. This is not a “disclosure” by us per se (it’s how blockchains work), but it means information like your wallet address and interactions are publicly visible and cannot be erased. Users and third-party blockchain explorers can analyze that data. Enhancer cannot control that, but we want you to be aware: your use of a blockchain service is pseudo-anonymous, not completely anonymous. If your address is linked to your identity elsewhere (say, you publicly posted it on a forum as yours), then your Enhancer-related actions could be connected to you by others. See “Data on the blockchain” below for more on this.
Legal Requests: If we are asked by a competent authority to disclose certain data, and the request is lawful and necessary, we will comply. We will attempt to notify you of such requests when allowed, unless it’s an emergency or legally prohibited. We will also narrowly scope what is disclosed (for example, if asked for an address’s transaction history on Enhancer, we might provide the records of that address’s participation rather than our entire database).
Enforcing Our Rights: If a user violates our Terms of Use or is involved in malicious activity (like trying to hack the platform), we may disclose information to investigators or take legal action. In such scenarios, personal data could be provided to our lawyers or to courts as evidence, for instance.
Consentful Sharing: Apart from mandatory or protective disclosures, we may share data with your consent. If, in the future, we partner with another service and you opt-in to share data with them (perhaps to streamline a cross-platform experience), we will do so only with your clear consent.

We do not disclose personal data to third parties except as outlined in this Privacy Policy. If in doubt, assume that outside of the platform’s operational needs and legal obligations, we are not handing out your info.

8. Data on the blockchain

A unique aspect of Enhancer is that it interacts with blockchain technology. It’s important to understand that any transaction or interaction you do on a public blockchain (Ethereum, etc.) is permanently recorded on that blockchain and available to anyone. This includes:

When you provide liquidity to a protocol, that act (and your address, and amounts) is on-chain.
When Enhancer distributes rewards to you, that token transfer appears on-chain (from Enhancer’s reward wallet to your wallet).
If a campaign uses an NFT or a smart contract to whitelist you, that too might be on-chain.

We cannot erase or modify blockchain records. They are, by design, immutable. Even if in our own systems we were to delete personal data, the fact that certain transactions occurred cannot be undone. Also, on-chain data may be out of scope of data protection laws in some contexts because it’s not controlled by us – it’s decentralized.

Furthermore, on-chain data is pseudonymous but can sometimes be de-anonymized. For example, if your Ethereum address is ever linked to an identity (via an exchange KYC or by association with your ENS domain or participation in a public forum), then activities tied to that address (including Enhancer-related ones) become linked to you.

By using Enhancer, you acknowledge that blockchain transactions and addresses are public, and that Enhancer has no ability to limit the processing (including collection, use, and sharing) of that public on-chain data. This is a fundamental feature of blockchain technology. We recommend you take steps to protect your privacy on-chain if that is a concern, such as using fresh addresses not linked to your personal identity for different activities, and being cautious about where you share your address.

9. Data Security

We implement a variety of technical and organizational security measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. These measures include:

Encryption: We use encryption in transit (HTTPS, TLS) for all communications between your browser and our servers. Within our systems, sensitive data may be encrypted at rest as well, especially any secret keys or confidential info. Note that most user data (like addresses) are not secret, but we treat our databases with care regardless.
Access Controls: Only authorized team members and service providers have access to personal data, and only on a need-to-know basis. Access to production databases, for example, is limited and protected by multi-factor authentication (MFA). We regularly review who has access to what.
Security Testing: Our smart contracts are audited by security professionals to ensure the integrity of on-chain operations. We also undergo periodic penetration testing of our web platform. We monitor for suspicious activities and have alerts for potential security events.
Data Minimization: We strive to not collect more personal data than necessary. By keeping the scope limited, we reduce risk. For instance, we generally avoid collecting plain-text personal identifiers unless needed; much logic relies on wallet addresses and cryptographic proof rather than names or IDs.
Backup and Recovery: We maintain secure backups of critical data to ensure continuity. These backups are protected and stored separately, with restricted access.
Training and Policies: Our team is educated on best practices for data protection. We have internal policies governing how to handle user data, and we treat violations of these policies seriously.

However, no system is 100% secure. Blockchain interactions, in particular, have unique risks (like private key compromise which is outside our platform’s control). You are responsible for securing your blockchain accounts (e.g., using hardware wallets or safe custody of seed phrases). If you believe your Enhancer account or wallet has been compromised, please notify us immediately so we can help mitigate any damage.

In the event of a data breach that affects your personal data, we will follow applicable laws in notifying you and authorities of the breach, and will take necessary steps to address it.

10. Your rights

Depending on your jurisdiction, you may have certain legal rights with respect to your personal data. We are committed to honoring applicable rights requests. These rights may include:

Access: You have the right to request a copy of the personal data we hold about you, and to obtain information about how we process it
This is often called a Subject Access Request. We’ll provide the data in a commonly used format. Note: Much of the data (like your transaction history) you can already see via your dashboard or the blockchain, but we will compile what we have internally too.
Rectification: If you believe the personal data we hold about you is inaccurate or incomplete, you can request that we correct or update it. Given the limited data we keep (often just an address and records of activity), this mostly would apply to contact info or something you provided. We’ll make corrections where applicable.
Erasure: You can ask us to delete your personal data. This is sometimes known as the “right to be forgotten.” We will honor such requests to the extent possible: we can delete data from our live systems, but remember that we cannot remove blockchain records, and we might need to retain certain data for legal reasons (we will inform you if so). If you request deletion, we’ll explain what we can erase and ensure any retained data is only kept as long as necessary under those exceptions.
Restriction of Processing: You have the right to request that we limit the processing of your data in certain circumstances – for example, if you contest its accuracy or object to our processing. This could mean we keep the data but don’t use it until resolved.
Data Portability: For data you provided to us, you may have the right to receive it in a structured, commonly used, machine-readable format, and to have it transmitted to another controller where technically feasible. In practice, this might apply if we had profile data or such, but since Enhancer mostly deals in on-chain records (which are already portable by nature), it’s not typical. Still, we’ll accommodate by providing data in CSV/JSON or other formats as requested.
Objection: You can object to our processing of your personal data when we rely on legitimate interests as the legal basis (see Section 3). If you object, we will evaluate whether our legitimate grounds override your rights and freedoms. If you object to marketing messages, we will cease processing your data for those purposes immediately (you can always unsubscribe from non-essential communications).
Automated Decision-Making: Enhancer doesn’t really use automated decisions that produce legal effects (like credit scoring or such). If that were to occur, you’d have rights not to be subject to a purely automated decision without human intervention. Currently, any “decisions” (like eligibility) are based on rules you know (like did you deposit > min amount) or legal necessity (sanctions checks), not opaque algorithmic decisions.
Withdraw Consent: If we are processing any data based on your consent, you have the right to withdraw that consent at any time. For example, if you consented to share certain info in a campaign or to receive a newsletter, you can change your mind. This will not affect the lawfulness of processing before the withdrawal.

To exercise any of these rights, please contact us using the information in the Contact section. We may need to verify your identity (for instance, by having you sign a message with your wallet or provide some identifying info) to ensure that the person making the request is you. We will respond to requests within the timeframe required by law (typically within 30 days for many jurisdictions).

Please note that some requests might be limited by technical feasibility or legal obligations: e.g., we cannot delete data that has been written to a blockchain, and we might refuse a deletion request if the data is necessary to comply with an anti-fraud obligation or if it’s fundamental to providing the service you’ve asked for (except by closing your account). We will explain any refusals or exemptions applied.

If you feel we have not addressed your privacy concerns adequately, you also have the right to lodge a complaint with a supervisory authority (such as a Data Protection Authority in the EU or the ICO in the UK). We encourage you to contact us first, so we can try to resolve the issue.

11. Cookies

Enhancer uses cookies and similar technologies to enhance user experience and analyze platform usage. Cookies are small text files stored on your device by websites you visit. We use both session cookies (which expire when you close your browser) and persistent cookies (which stay on your device for a set period or until deleted).

The types of cookies we may use include:

Necessary Cookies: These are essential for the operation of our website. For example, they might enable core functionality like security, authentication (e.g., remembering that you signed the terms so you don’t see the popup each time), and network management. You cannot opt out of these cookies as the site won’t function properly without them.
Preferences Cookies: These cookies allow our site to remember choices you make (such as your language or region, or whether you dismissed a notice already) to provide a more personalized experience.
Analytics Cookies: We use these to collect information about how users interact with our site – which pages are visited, how long is spent on certain pages, which features are used, etc. This helps us improve the platform. We might use third-party analytics tools (like Google Analytics or an open-source alternative) that set their own cookies. The data collected is usually aggregated and anonymized. You can often opt out of analytics cookies by using browser settings or ad-blockers.
Marketing Cookies: At present, Enhancer does not host third-party ads, so we don’t use marketing cookies for advertising. If in future we ever do promotional campaigns, we might use cookies to track referrals or campaign performance, but we will update this policy accordingly. For now, you won’t see third-party advertising cookies on Enhancer.

By using our Services, you consent to the placement of cookies on your browser (where consent is required by law). On your first visit, you may see a cookie notice; you can choose to accept all, or customize if we provide that option. Even after accepting, you can manage cookies via your browser settings. Most web browsers allow you to control cookies through their settings preferences, including blocking or deleting cookies. However, please note that if you disable cookies entirely, some parts of our Services may not function correctly (for example, your preferences might not be saved, or you might have to re-acknowledge terms repeatedly).

For more details on specific cookies we use, you could refer to a cookie policy or list typically provided on our site (if available). As of the writing of this policy, we primarily use minimal first-party cookies and standard analytics.

Enhancer’s documentation and app might contain links to third-party websites or services, including partner protocols’ sites, blog posts, or social media pages (like Twitter, Discord). If you follow a link to any of these external sites, please note that they have their own privacy policies and we do not control their content or privacy practices. We encourage you to review the privacy policy of any site you visit.

For example:

If you click a link to “Project X’s Dashboard” or “Join our Discord”, you will be directed outside our platform. Any data you provide to those sites (such as logging into a Discord server, or interacting on Twitter) is governed by those platforms’ policies, not Enhancer’s.
If a partner integrates a widget or plugin from Enhancer on their site, and you interact with it there, some data may flow between us and that partner. We ensure our part of that data handling is secure and per this policy, but the partner’s site might also be collecting data on its own.

Enhancer might also maintain official pages on social media platforms (like an official Twitter handle or a Medium blog). If you visit or interact with those pages, be aware that personal data might be collected by the platform (e.g., Twitter’s analytics on engagements) and possibly made available to us in aggregate form. We use such information to gauge our reach and community interest. However, any direct communication or posting you make on social channels is public. Please refrain from sharing sensitive personal information in such public forums.

We may occasionally embed content from third parties in our documentation (like a YouTube video or a Medium article embed). These embedded contents act as if you visited that third-party site, meaning they could collect data (cookies, your IP) as well. We try to minimize this and will often just link rather than embed, but where embedding is used, it’s typically for user convenience. For instance, an embedded how-to video. We will make sure to use privacy-enhanced embed modes if available (like YouTube’s privacy mode).

In summary, once you leave Enhancer’s domain or interact with third-party features, those third parties’ privacy terms apply. We aren’t responsible for how they handle your data, but we welcome feedback if you find any linked content to be problematic.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. If we make material changes, we will notify users by posting a notice on our website or within the app, and/or by other communication channels (for example, if we have your email, we might send an update notice). The “Version” and date at the top will always indicate when it was last revised.

Material changes might include things like: expanding the types of data we collect, changing how or why we use data, or instituting new third-party partnerships that affect personal data.

We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting your information. Your continued use of the Services after any changes to this Privacy Policy constitutes acceptance of the updated terms (to the extent permitted by law). If you do not agree with any updates, you should discontinue use of the Services.

If we were to merge or be acquired such that a new entity will handle your personal data, we will ensure you are informed of your choices.

PreviousOur Value-Added NextTerms

Last updated 23 days ago

Good night